Tuneups and Tweaks for the Better Spam-Trap - Page 2

 By Carla Schroder
Page 2 of 2   |  Back to Page 1
Print Article

Continued From Page 1

Just for fun, you may customize the spam subject header to suit yourself. The default is this:

$sa_spam_subject_tag = '***SPAM*** ';

Feel free to use words like "loathsome", "parasitical", "evil", "steaming heap", whatever you need to express your true feelings.

Logging Fun

Every piece of this puzzle has its own logfile. These are the logfiles to pay the most attention to:
  • /var/log/syslog
  • /var/log/amavis.log
  • /var/log/mail.log

Refer to /etc/syslog.conf to find the locations for your various syslogs. Amavisd-new should be configured to have its own logfile, instead of dumping everything into /var/log/syslog. See Section III in amavisd.conf:

# true (e.g. 1) => syslog;  false (e.g. 0) => logging to file
$DO_SYSLOG = 0;                 # (defaults to false)

# Log file (if not using syslog)
$LOGFILE = "/var/log/amavis.log"; 
$log_level =0;

The higher the log level, the more verbose. If you are having problems, kick it up to level 3 for debugging. It goes all the way up to level 5, if you really get stuck. Once everything is working smoothly, level 0 is fine. This records startup, exit, and failure messages, and lists viruses detected. You don't want to leave the log level high, unless you enjoy rapidly filling your drives, and generating oceans of output to wade through.

/var/log/mail.log is for Postfix. The different Postfix processes each generate their own log entries: master, smtpd, cleanup, qmgr, cleanup, postfix-script, and smtp. Here's snippet showing Amavisd-new and ClamAV starting up:

Aug 21 12:54:25 windbag amavis[973]: Using internal av scanner code for (primary) Clam Antivirus-clamd
Aug 21 12:54:25 windbag amavis[973]: Found secondary av scanner Clam Antivirus - clamscan at /usr/bin/clamscan
Aug 21 12:54:39 windbag postfix/postfix-script: starting the Postfix mail system
Aug 21 12:54:39 windbag postfix/master[1195]: daemon started -- version 2.1.3

Postfix has the loveliest way of setting your logging levels: if you have problems with a particular domain, you can increase the log level for that domain only. Let's say that mail from a user with a yahoo.com address is not getting through. In main.cf , use the debug_peer_level directive :

debug_peer_list = yahoo.com
debug_peer_level = 3

Run postfix reload, then send messages to your server from yahoo.com and see what happens. Use this simple regexp to quickly find errors in the Postfix log:

$ egrep '(reject|warning|error|fatal|panic):' /var/log/mail.log

See Postfix's DEBUG_README for a complete debugging howto.


This article was originally published on Sep 7, 2004
Get the Latest Scoop with Networking Update Newsletter