From MailScanner at ecs.soton.ac.uk Tue Apr 1 15:31:33 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 1 15:33:19 2008 Subject: MailScanner ANNOUNCE: 4.68.8 stable released Message-ID: <47F24745.2090703@ecs.soton.ac.uk> Folks, I have just released the latest stable release of MailScanner version 4.68.8. This is *not* an April Fool's joke :-) Major new improvements this month are: - Support for the *very fast* fpscand daemon supplied with F-Prot version 6. - New method of updating bad phishing sites configuration list to use major new fireproof delivery system. Many thanks to Matt Hampton for all his help with this. - filename.rules.conf and filetype.rules.conf can now list email addresses. Emails containing attachments matching these names or types will be diverted to these addresses instead of the original recipients. - New "Automatic Syntax Check" option (on by default) to check your configuration is syntactically correct before trying to start up. Download as usual from www.mailscanner.info. The full Change Log is this: * New Features and Improvements * 1 Support for the Fpscand daemon that is supplied with F-Prot version 6. Add this line to your virus.scanners.conf f-protd-6 /bin/false /usr/local/f-prot and set "Virus Scanners = f-protd-6" in your MailScanner.conf. This is very much faster than the f-prot-6 command-line scanner. 3 Improved the list of ignored web-bug filenames. 3 New update_bad_phishing_sites script to use major new fireproof delivery system. Many thanks to Matt Hampton for all his time and support with this. 3 Updated to Catalan translation. 3 Updated support for Vexira "vascan" virus scanner. 3 Changed location of Web-Bug Replacement image. upgrade_MailScanner_conf will put in the new URL. This will give significantly better response to your users. 3 Added new option "Log SpamAssassin Rule Actions" so that you can see exactly what actions fire on what messages from the "SpamAssassin Rule Actions" setting. 3 Added new option to the filename.rules.conf and filetype.rules.conf files. Instead of "allow", "deny" or "deny+delete", you can now specify a space or comma-separated list of email addresses. If the filename or filetype rule is matched, the message is sent to these new addresses instead of the ones given in the original email address. 3 Updated support for latest versions of Esets virus scanner from Nod32. 4 Added Net-DNS and Digest-SHA1 to the main MailScanner distributions so that they are installed appropriately ready for when you install Razor. This way they are installed as RPMs and not just plain Perl modules, as the RPM of Razor requires them to have been installed as RPMs. 4 New configuration option "Automatic Syntax Check" added, default is "yes", which causes a quick syntax check of the MailScanner.conf file and the other configuration files, printing out errors on the console, instead of just logging them to your system's mail log as it did before. This will hopefully make it easier for novices to get going successfully. 5 SpamAssassin Cache will no longer cache "timed out" responses. 5 Upgraded to perl-Digest-SHA1 version 2.11. 6 Added SpamAssassin MCP patch for 3.2.4. 7 Changed default supplied High-Scoring Spam Actions to "store". That way users don't have to work out how to change it, to reduce their spam a lot. * Fixes * 2 Improved MakeNameSafe() to fix problems caused by f-protd-6 working with filenames containing spaces (which it cannot handle!). 2-2 Fixed error in --lint support for F-Protd-6. 2-3 Typo, missed out a "$" :-( 3 Fixed important bug in f-protd handling code. 4 Fixes to Ruleset-From-Function.pm Custom Function code. 5 Fixed various issues with new automatic syntax check (--lintlite) code. 6 Fixed IPBlock problem with MailScanner --lintlite. 6 Fixed Postfix milter problem (thanks Glenn!). 7 Fixed problem with Inline images in HTML signatures. Now works with nested multiple replies. 8 Fixed bug where original unsafe filename wasn't used correctly when auto- replacing attachments with zipped copies to save space in mail stores. Thanks to Armand Leroux at Capgemini for finding this one. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Apr 22 21:06:25 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 22 21:11:26 2008 Subject: MailScanner ANNOUNCE: ac.uk users of Spamhaus zones Message-ID: <480E4541.8040306@ecs.soton.ac.uk> This is only relevant to users of the Spamhaus zones (i.e. anyone using SpamAssassin or MailScanner) who are connected to JANet. The JANet mail team already have a subscription to the Spamhaus zones, which they provide under different names on their own DNS servers, which are accessible to all JANet sites. However, the problem with that is that you have to redefine all the SpamAssassin rules that use these zones in order to use their different names. This totally breaks the ability to use sa-update every night (and update_spamassassin) in order to automatically fetch new rulesets. Which is a real pain. So I asked them to provide the zones under their original names as well, so all we needed were 4 entries in our named.conf files to forward the zones to the JANet servers instead of the original Spamhaus servers which it will do by default. My request has been answered :-) So now they have 6 DNS servers (which are all listed in the A records for ns.mail-abuse.ja.net.) which provide the 4 main spamhaus zones under their original names. So you can put your SpamAssassin rules back to how they were by default, and just tweak your named.conf by adding this: zone "sbl.spamhaus.org" { type forward; forward only; // JKF 2008-04-22 Using Janet-provided copy of the zone. forwarders { 194.82.174.182; 194.83.56.228; 194.83.56.244; 128.86.8.85; 128.86.8.120; 128.86.8.245; }; }; zone "pbl.spamhaus.org" { type forward; forward only; // JKF 2008-04-22 Using Janet-provided copy of the zone. forwarders { 194.82.174.182; 194.83.56.228; 194.83.56.244; 128.86.8.85; 128.86.8.120; 128.86.8.245; }; }; zone "xbl.spamhaus.org" { type forward; forward only; // JKF 2008-04-22 Using Janet-provided copy of the zone. forwarders { 194.82.174.182; 194.83.56.228; 194.83.56.244; 128.86.8.85; 128.86.8.120; 128.86.8.245; }; }; zone "zen.spamhaus.org" { type forward; forward only; // JKF 2008-04-22 Using Janet-provided copy of the zone. forwarders { 194.82.174.182; 194.83.56.228; 194.83.56.244; 128.86.8.85; 128.86.8.120; 128.86.8.245; }; }; Once a month or so, you should check the list of IP addresses you give in the lines above against what you get from the command dig ns.mail-abuse.ja.net. A to make sure your list of IP addresses is up to date. I have asked them to set up an announcements mailing list for us to join so that we get notification of any changes to the list of IP addresses. I'll let you know what I hear about this. They will shortly update their web pages to reflect this new service. I hope this is useful to all the ac.uk sites out there! Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.