From MailScanner at ecs.soton.ac.uk Mon Jun 1 10:00:20 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 1 11:25:52 2009 Subject: MailScanner ANNOUNCE: Stable 4.77 released References: <4A2398A4.8000209@ecs.soton.ac.uk> Message-ID: Morning all! (If you are not already following me on twitter, then feel free to do so, I announce all new features and so on there to help you keep up to date: twitter.com/JulesFM) I have just released a new stable version of MailScanner, 4.77. The most important new features this month include: - You can finally use hostname, domain name, partial domain names including wildcards and Perl regular expressions to make a ruleset line apply to the name of the host the message came from, instead of having to just use the numerical IP address. You just put in ruleset lines that look like those below: From: host:mail.mydomain.com yes From: host:mail*.mydomain.com yes From: host:mydomain.com yes From: host:julianfield.* yes From: host:/(de|dk|es)$/ yes As you can see from the examples above, you have to put in the keyword "host:" at the start of the hostname, domain name, or regular expression. Regular expressions must be surrounded by "/" characters. Note that using this feature will require one extra DNS hostname lookup per message (but only if you use this feature), so there is a small performance hit. It is documented more fully in the etc/rules/README and etc/rules/EXAMPLES files. - MailScanner can now *unzip* small zip files and other archives. We have systems that mail us zipped files automatically, and we wanted to save the step of unzipping each attachment to get the small log file inside. This feature is supported by some new configuration settings: Unzip Maximum Files Per Archive = 4 Unzip Maximum File Size = 50k Unzip Filenames = *.txt *.ini *.log *.csv Unzip MimeType = text/plain - The "Read IP Address From Received Header" setting has been extended so it can now take a number as well as just "yes" or "no". This is so you can choose the IP address from the n-th "Received:" header in the message, which fetchmail users will find useful. Download it as usual from www.mailscanner.info Here is the full ChangeLog for this month: * New Features and Improvements * 1 Can now automatically unzip small zip files and other archives. This is very useful if you have some service automatically mailing you log files, which zips up the logfiles to save space. It will unpack them if there only a few of them, they are fairly small and they match a list of filename patterns. Unzip Maximum Files Per Archive = 4 Unzip Maximum File Size = 50k Unzip Filenames = *.txt *.ini *.log *.csv Unzip MimeType = text/plain 1 Hourly cron job about messages being processed only sends a message if 'Send Notices = yes' is set in MailScanner.conf. 1 "Read IP Address From Received Header" has been extended, so it will now take a number instead of yes or no. "yes"=1 and "no"=0. If it is set to "yes" or a number, then the SMTP client IP address is taken from the "Received:" header. For example, setting it to 2 will cause the IP address to be taken from the 2nd Received: header. Users of BarricadeMX might want to set this to 2, to get the real SMTP client IP address from the 2nd Received: header, and not the 127.0.0.1 address that BarricadeMX put in the headers. Users of fetchmail might want to set this to 1 or 2 to skip over the 127.0.0.1 address which will be inserted by fetchmail. 5 Set up Antiword to always return UTF-8 characters and use that in the attachment it creates. 6 Removed co.dk from country.domains.conf as it's not an official 2nd level domain. 6-2 Upgraded DBD-SQLite to 1.25 to avoid RedHat 4 build problems. 6-3 Improved detection of some x86_64 systems. 6-4 Corrected DBD-SQLite packaging error. 7 Improved --lint checking of "Processing Attempts Database" and improved logging related to that database. Also improved documentation about the two SQLite databases in MailScanner.conf. 8 Implemented a new type of line in rulesets. When you specify a "From:" rule, you can use a syntax like "host:hostname.domain.com" to use the SMTP client's hostname instead of the numerical IP address. This can also be partial hostnames or domain names, such as "host:domain.com" or include wildcards anywhere, such as "host:mail*.dom*ain.com", or even Perl regular expressions such as "host:/(de|dk)$/". This goes where the numerical IP address would go in the rule, after the "From:" and before the value to return. Note that these are slightly slower than using the IP address as they involve a DNS lookup (maximum of once per message), but that value should be in your DNS cache as other things will have already had to look it up anyway. They are described in more detail in the etc/rules/README and etc/rules/EXAMPLES files. * Fixes * 3 Fixed problem where Unzip functions would not be found. Set default to off. 4 Fixed issue with Postfix not scanning some messages in 4.77.3. 5 Fixed issue with Postfix scanning too many messages in 4.77.4. :-) 6 Fixed issue with extra character on the front of files created by antiword. 7 Fixed UTF-8 character in Perl source code in Esets output parser. 7 Fixed issue with encapsulating messages containing silent whole-message infections. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.