From benjamin.mercusot at SOPHOS.FR Mon Oct 1 00:00:53 2001 From: benjamin.mercusot at SOPHOS.FR (Benjamin MERCUSOT) Date: Thu Jan 12 21:14:03 2006 Subject: Benjamin Mercusot/Support/FR/Sophos est absent(e). Message-ID: Je serai absent(e) du 28/09/2001 au 22/10/2001. Je serais en vacances pour la p?riode du 28 septembre au 22 octobre 2001. Je r?pondrai ? votre message d?s mon retour. En cas d'urgence, veuillez contacter le support technique de Sophos ? l'adresse : Support@Sophos.Fr Cordialement, From LISTSERV at JISCMAIL.AC.UK Mon Oct 1 15:04:22 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:03 2006 Subject: MAILSCANNER: joi@SEWANEE.EDU requested to join Message-ID: <200110011404.PAA29221@magpie.ecs.soton.ac.uk> Mon, 1 Oct 2001 15:04:22 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Joi Johannsson You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER joi@SEWANEE.EDU Joi Johannsson PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER joi@SEWANEE.EDU Joi Johannsson // EOJ From jkf at ecs.soton.ac.uk Mon Oct 1 20:37:54 2001 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:03 2006 Subject: Version 2.50 released Message-ID: <5.1.0.14.2.20011001202751.00afe4d0@hawk.ecs.soton.ac.uk> Hi folks! I have just released version 2.50. New features in this release include: - Denial Of Service attacks handled using timeouts on the virus scanner and the TNEF decoder, and a maximum size limit on TNEF attachments. - Much better handling of unparsable TNEF attachments. - Strict date-order processing of incoming mail queue. - Ability to switch off virus scanning. - Ability to switch off delivery of messages with viruses removed. (Can be useful in big SirCam outbreaks) - Creation of a "spam white list" containing email addresses and domains that will not be marked as spam. - Removal of /etc/sendmail.cf from Linux RPM distribution. All downloadable from the website at http://www.sng.ecs.soton.ac.uk/mailscanner Any problems, give me a shout! Before upgrading, be sure to save your /etc/sendmail.cf file and MailScanner configuration files. Compare your old files with the new ones to include the new features in your configuration. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From michael at ERG.ABDN.AC.UK Mon Oct 1 23:13:24 2001 From: michael at ERG.ABDN.AC.UK (Michael Forrest) Date: Thu Jan 12 21:14:03 2006 Subject: Possible Silly Question Message-ID: Hi Julian, Just finished installing the new version of mailscanner and I've got a question. What is the default action for when a mail message or batch of messages exceed the timeouts? For example, the Virus Scanner Timeout is 5mins....after this timeout, do the messages held within the batch get bounced back to the senders or are they allowed to pass through (if bounced back, what message or alteration to the message is returned to the sender). I guess am asking a similar question for the TNEF expander timeouts as well. Thanks, Michael. -- Michael Forrest, Electronics Research Group, Department of Engineering, University of Aberdeen, King's College, Aberdeen AB24 3UE. Tel: +44-1224-282817 Fax: +44-1224-272497 Email: michael@erg.abdn.ac.uk From michael at ERG.ABDN.AC.UK Mon Oct 1 23:36:34 2001 From: michael at ERG.ABDN.AC.UK (Michael Forrest) Date: Thu Jan 12 21:14:03 2006 Subject: Timeouts Message-ID: Hi Julian, Just ran a test of the new timeouts, a 600k file that expands out into a few hundred megabytes. The "Commerical scanner timed out!" message appeared in the syslog after 5mins, although the sweep process is still thrashing away on the same message? (its been going now for 26mins on the one file, and the mail queue is at a complete stand still and growing by the second with other mail hotfooting it into the queue). I thought the idea of the timeout was to kill/stop the daemon from carrying on with the scanning past the threshold timeout value. Have just manually shut down the mail processes and deleted my offending mail from the queue to get things moving again. Any info/suggestions is greatly appreciated? Thanks, Michael. -- Michael Forrest, Electronics Research Group, Department of Engineering, University of Aberdeen, King's College, Aberdeen AB24 3UE. Tel: +44-1224-282817 Fax: +44-1224-272497 Email: michael@erg.abdn.ac.uk From jkf at ecs.soton.ac.uk Tue Oct 2 08:41:11 2001 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:03 2006 Subject: Possible Silly Question In-Reply-To: Message-ID: <5.1.0.14.2.20011002083933.02945a28@hawk.ecs.soton.ac.uk> At 23:13 01/10/2001, you wrote: >Just finished installing the new version of mailscanner and I've got a >question. What is the default action for when a mail message or batch of >messages exceed the timeouts? For example, the Virus Scanner Timeout is >5mins....after this timeout, do the messages held within the batch get >bounced back to the senders or are they allowed to pass through (if bounced >back, what message or alteration to the message is returned to the sender). >I guess am asking a similar question for the TNEF expander timeouts as well. Any message that fails the TNEF timeout is considered an unparsable TNEF attachment and is quarantined. When a batch of messages exceeds the Virus Scanner Timeout, the messages are scanned individually (with the same timeout value) to see if one of them on its own causes a timeout. If there is one (or more) individual messages found to cause a timeout, these are marked as "Denial Of Service Attacks" and are quarantined. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jkf at ecs.soton.ac.uk Tue Oct 2 08:44:00 2001 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:03 2006 Subject: Timeouts In-Reply-To: Message-ID: <5.1.0.14.2.20011002084143.039e2ed0@hawk.ecs.soton.ac.uk> At 23:36 01/10/2001, you wrote: >Just ran a test of the new timeouts, a 600k file that expands out into a few >hundred megabytes. The "Commerical scanner timed out!" message appeared in >the syslog after 5mins, although the sweep process is still thrashing away >on the same message? (its been going now for 26mins on the one file, and the >mail queue is at a complete stand still and growing by the second with other >mail hotfooting it into the queue). It will unfortunately try to run the timeout value twice: once to try to scan the message, the second time in an attempt to disinfect any macro viruses it can from the message. If you had left it for 10 minutes, you should have found it would have been killed. The first scan was killed after 5 mins, you were seeing the disinfection pass that takes another 5 mins. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From LISTSERV at JISCMAIL.AC.UK Tue Oct 2 10:56:57 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:03 2006 Subject: MAILSCANNER: luka@FFZD.HR requested to join Message-ID: <200110020956.KAA13766@magpie.ecs.soton.ac.uk> Tue, 2 Oct 2001 10:56:57 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Luka Kolanovic You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER luka@FFZD.HR Luka Kolanovic PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER luka@FFZD.HR Luka Kolanovic // EOJ From m.sapsed at BANGOR.AC.UK Tue Oct 2 13:35:55 2001 From: m.sapsed at BANGOR.AC.UK (Martin Sapsed) Date: Thu Jan 12 21:14:03 2006 Subject: Version 2.50 released References: <5.1.0.14.2.20011001202751.00afe4d0@hawk.ecs.soton.ac.uk> Message-ID: <3BB9B4AB.43D7F69D@bangor.ac.uk> Julian Field wrote: > > Hi folks! > > I have just released version 2.50. I installed on Linux from the rpm version and noticed quite a few errors flying by, in a section ending with Base64.o if I caught it right - are these expected? Cheers, Martin -- Martin Sapsed To have no errors Information Services Would be life without meaning University of Wales, Bangor, LL57 2UX No struggle, no joy. Fax: +44 (0)1248 383826 From LISTSERV at JISCMAIL.AC.UK Tue Oct 2 13:06:39 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:03 2006 Subject: MAILSCANNER: yhodso01@BCUC.AC.UK requested to join Message-ID: <200110021206.NAA20024@magpie.ecs.soton.ac.uk> Tue, 2 Oct 2001 13:06:39 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Yvonne Hodson You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER yhodso01@BCUC.AC.UK Yvonne Hodson PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER yhodso01@BCUC.AC.UK Yvonne Hodson // EOJ From jkf at ecs.soton.ac.uk Tue Oct 2 15:11:27 2001 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:03 2006 Subject: Version 2.50 released In-Reply-To: <3BB9B4AB.43D7F69D@bangor.ac.uk> References: <5.1.0.14.2.20011001202751.00afe4d0@hawk.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20011002150638.028e2ae8@hawk.ecs.soton.ac.uk> At 13:35 02/10/2001, you wrote: >I installed on Linux from the rpm version and noticed quite a few errors >flying by, in a section ending with Base64.o if I caught it right - are >these expected? This is from a RedHat 7.1 system. Here is the output from doing a "make" on the MIME-Base64 package. You should just get this (if you look in /tmp/MailScanner* you will find the source for the perl modules. [sysjkf@sailor MIME-Base64-2.11]$ make mkdir blib mkdir blib/lib mkdir blib/lib/MIME mkdir blib/arch mkdir blib/arch/auto mkdir blib/arch/auto/MIME mkdir blib/arch/auto/MIME/Base64 mkdir blib/lib/auto mkdir blib/lib/auto/MIME mkdir blib/lib/auto/MIME/Base64 mkdir blib/man3 cp Base64.pm blib/lib/MIME/Base64.pm cp QuotedPrint.pm blib/lib/MIME/QuotedPrint.pm /usr/bin/perl -I/usr/lib/perl5/5.6.0/i386-linux -I/usr/lib/perl5/5.6.0 /usr/lib/perl5/5.6.0/ExtUtils/xsubpp -typemap /usr/lib/perl5/5.6.0/ExtUtils/typemap Base64.xs > Base64.xsc && mv Base64.xsc Base64.c gcc -c -fno-strict-aliasing -O2 -march=i386 -mcpu=i686 -DVERSION=\"2.11\" -DXS_VERSION=\"2.11\" -fPIC -I/usr/lib/perl5/5.6.0/i386-linux/CORE Base64.c Running Mkbootstrap for MIME::Base64 () chmod 644 Base64.bs LD_RUN_PATH="" gcc -o blib/arch/auto/MIME/Base64/Base64.so -shared -L/usr/local/lib Base64.o chmod 755 blib/arch/auto/MIME/Base64/Base64.so cp Base64.bs blib/arch/auto/MIME/Base64/Base64.bs chmod 644 blib/arch/auto/MIME/Base64/Base64.bs Manifying blib/man3/MIME::Base64.3pm Manifying blib/man3/MIME::QuotedPrint.3pm [sysjkf@sailor MIME-Base64-2.11]$ I would expect your output to be very similar to this. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jkf at ecs.soton.ac.uk Tue Oct 2 15:22:27 2001 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:03 2006 Subject: Timeouts In-Reply-To: Message-ID: <5.1.0.14.2.20011002152009.043f2c20@hawk.ecs.soton.ac.uk> At 23:36 01/10/2001, you wrote: >Just ran a test of the new timeouts, a 600k file that expands out into a few >hundred megabytes. The "Commerical scanner timed out!" message appeared in >the syslog after 5mins, although the sweep process is still thrashing away >on the same message? (its been going now for 26mins on the one file, and the >mail queue is at a complete stand still and growing by the second with other >mail hotfooting it into the queue). I have just tried this on a Solaris 8 system and the timeouts worked nicely. It did scan the same thing 3 times (once as part of batch scan, next as part of individual message scan, third time to attempt disinfection), but that's as expected. If you do: while : do ps -fe | grep sweep done and watch the total CPU time of the sweep processes, do they ever exceed the value set in the timeout setting in the mailscanner.conf file? -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From michael at ERG.ABDN.AC.UK Tue Oct 2 16:27:43 2001 From: michael at ERG.ABDN.AC.UK (Michael Forrest) Date: Thu Jan 12 21:14:03 2006 Subject: Timeouts In-Reply-To: <5.1.0.14.2.20011002152009.043f2c20@hawk.ecs.soton.ac.uk> Message-ID: root 22786 22768 66 15:46:26 ? 23:49 /opt/sophos/bin/sweep -p=/tmp/outputlog -sc -f -all -rec -ss -archive -loopback Total CPU time is 23:49 This was a 800k file that expands out to 800MB, my tmp space on the mail server is only 600MB. So it fills it up and then sits and does nothing...the tmp space sits at 99% The total cpu time above, seems well in excess of the timeout settings in the mailscanner.conf file? Any suggestions? Michael. > At 23:36 01/10/2001, you wrote: >> Just ran a test of the new timeouts, a 600k file that expands out into a few >> hundred megabytes. The "Commerical scanner timed out!" message appeared in >> the syslog after 5mins, although the sweep process is still thrashing away >> on the same message? (its been going now for 26mins on the one file, and the >> mail queue is at a complete stand still and growing by the second with other >> mail hotfooting it into the queue). > > I have just tried this on a Solaris 8 system and the timeouts worked > nicely. It did scan the same thing 3 times (once as part of batch scan, > next as part of individual message scan, third time to attempt > disinfection), but that's as expected. > > If you do: > while : > do > ps -fe | grep sweep > done > and watch the total CPU time of the sweep processes, do they ever exceed > the value set in the timeout setting in the mailscanner.conf file? > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ > From jkf at ecs.soton.ac.uk Tue Oct 2 16:35:56 2001 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:03 2006 Subject: Timeouts In-Reply-To: References: <5.1.0.14.2.20011002152009.043f2c20@hawk.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20011002163417.044799b8@hawk.ecs.soton.ac.uk> At 16:27 02/10/2001, you wrote: >root 22786 22768 66 15:46:26 ? 23:49 /opt/sophos/bin/sweep >-p=/tmp/outputlog -sc -f -all -rec -ss -archive -loopback > >Total CPU time is 23:49 > >This was a 800k file that expands out to 800MB, my tmp space on the mail >server is only 600MB. So it fills it up and then sits and does nothing...the >tmp space sits at 99% > >The total cpu time above, seems well in excess of the timeout settings in >the mailscanner.conf file? > >Any suggestions? Not immediately, no. I tested with a genuine Zip Of Death file, not just a large zip file, so I'm not sure what happens when it just runs out of space. It should still die though. It gets killed -9 after being given 10 seconds to respond to a normal kill. Try it with a real Zip Of Death and let me know what happens... > > At 23:36 01/10/2001, you wrote: > >> Just ran a test of the new timeouts, a 600k file that expands out into > a few > >> hundred megabytes. The "Commerical scanner timed out!" message appeared in > >> the syslog after 5mins, although the sweep process is still thrashing away > >> on the same message? (its been going now for 26mins on the one file, > and the > >> mail queue is at a complete stand still and growing by the second with > other > >> mail hotfooting it into the queue). > > > > I have just tried this on a Solaris 8 system and the timeouts worked > > nicely. It did scan the same thing 3 times (once as part of batch scan, > > next as part of individual message scan, third time to attempt > > disinfection), but that's as expected. > > > > If you do: > > while : > > do > > ps -fe | grep sweep > > done > > and watch the total CPU time of the sweep processes, do they ever exceed > > the value set in the timeout setting in the mailscanner.conf file? > > -- > > Julian Field Teaching Systems Manager > > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > > Tel. 023 8059 2817 University of Southampton > > Southampton SO17 1BJ > > -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From michael at ERG.ABDN.AC.UK Tue Oct 2 16:54:48 2001 From: michael at ERG.ABDN.AC.UK (Michael Forrest) Date: Thu Jan 12 21:14:03 2006 Subject: Timeouts In-Reply-To: <5.1.0.14.2.20011002163417.044799b8@hawk.ecs.soton.ac.uk> Message-ID: Ok, On testing an authentic ZipOfDeath file, it seems that the logs showed the following Oct 2 16:43:47 diesel mailscanner[23447]: Commercial scanner timed out! Oct 2 16:43:49 diesel mailscanner[23447]: Denial Of Service attack detected! Which is what you've been saying, but this only seems to work for this specific case. What criteria are you using to determine whether its a Denial of Service attack or not. Since my tiny zip file that expands to a HUGE file is the same, just another way of doing it. Where as my test file, only showed the first msg and then blindly carried on till the machine swap filled up and the machine went belly up. I thought the timeouts were generic and meant to cap the sweep process from going on for too long on the same file. Michael. > At 16:27 02/10/2001, you wrote: >> root 22786 22768 66 15:46:26 ? 23:49 /opt/sophos/bin/sweep >> -p=/tmp/outputlog -sc -f -all -rec -ss -archive -loopback >> >> Total CPU time is 23:49 >> >> This was a 800k file that expands out to 800MB, my tmp space on the mail >> server is only 600MB. So it fills it up and then sits and does nothing...the >> tmp space sits at 99% >> >> The total cpu time above, seems well in excess of the timeout settings in >> the mailscanner.conf file? >> >> Any suggestions? > > Not immediately, no. I tested with a genuine Zip Of Death file, not just a > large zip file, so I'm not sure what happens when it just runs out of > space. It should still die though. It gets killed -9 after being given 10 > seconds to respond to a normal kill. > > Try it with a real Zip Of Death and let me know what happens... > >>> At 23:36 01/10/2001, you wrote: >>>> Just ran a test of the new timeouts, a 600k file that expands out into >> a few >>>> hundred megabytes. The "Commerical scanner timed out!" message appeared in >>>> the syslog after 5mins, although the sweep process is still thrashing away >>>> on the same message? (its been going now for 26mins on the one file, >> and the >>>> mail queue is at a complete stand still and growing by the second with >> other >>>> mail hotfooting it into the queue). >>> >>> I have just tried this on a Solaris 8 system and the timeouts worked >>> nicely. It did scan the same thing 3 times (once as part of batch scan, >>> next as part of individual message scan, third time to attempt >>> disinfection), but that's as expected. >>> >>> If you do: >>> while : >>> do >>> ps -fe | grep sweep >>> done >>> and watch the total CPU time of the sweep processes, do they ever exceed >>> the value set in the timeout setting in the mailscanner.conf file? >>> -- >>> Julian Field Teaching Systems Manager >>> jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science >>> Tel. 023 8059 2817 University of Southampton >>> Southampton SO17 1BJ >>> > > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ > From jkf at ecs.soton.ac.uk Tue Oct 2 16:58:12 2001 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:03 2006 Subject: Timeouts In-Reply-To: References: <5.1.0.14.2.20011002163417.044799b8@hawk.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20011002165717.04479808@hawk.ecs.soton.ac.uk> At 16:54 02/10/2001, you wrote: >Which is what you've been saying, but this only seems to work for this >specific case. What criteria are you using to determine whether its a Denial >of Service attack or not. Since my tiny zip file that expands to a HUGE file >is the same, just another way of doing it. Where as my test file, only >showed the first msg and then blindly carried on till the machine swap >filled up and the machine went belly up. > >I thought the timeouts were generic and meant to cap the sweep process from >going on for too long on the same file. I set an alarm to go off. If the alarm ever happens, it kills the process. Let me ask around here and see if anyone has any ideas... > > At 16:27 02/10/2001, you wrote: > >> root 22786 22768 66 15:46:26 ? 23:49 /opt/sophos/bin/sweep > >> -p=/tmp/outputlog -sc -f -all -rec -ss -archive -loopback > >> > >> Total CPU time is 23:49 > >> > >> This was a 800k file that expands out to 800MB, my tmp space on the mail > >> server is only 600MB. So it fills it up and then sits and does > nothing...the > >> tmp space sits at 99% > >> > >> The total cpu time above, seems well in excess of the timeout settings in > >> the mailscanner.conf file? > >> > >> Any suggestions? > > > > Not immediately, no. I tested with a genuine Zip Of Death file, not just a > > large zip file, so I'm not sure what happens when it just runs out of > > space. It should still die though. It gets killed -9 after being given 10 > > seconds to respond to a normal kill. > > > > Try it with a real Zip Of Death and let me know what happens... > > > >>> At 23:36 01/10/2001, you wrote: > >>>> Just ran a test of the new timeouts, a 600k file that expands out into > >> a few > >>>> hundred megabytes. The "Commerical scanner timed out!" message > appeared in > >>>> the syslog after 5mins, although the sweep process is still > thrashing away > >>>> on the same message? (its been going now for 26mins on the one file, > >> and the > >>>> mail queue is at a complete stand still and growing by the second with > >> other > >>>> mail hotfooting it into the queue). > >>> > >>> I have just tried this on a Solaris 8 system and the timeouts worked > >>> nicely. It did scan the same thing 3 times (once as part of batch scan, > >>> next as part of individual message scan, third time to attempt > >>> disinfection), but that's as expected. > >>> > >>> If you do: > >>> while : > >>> do > >>> ps -fe | grep sweep > >>> done > >>> and watch the total CPU time of the sweep processes, do they ever exceed > >>> the value set in the timeout setting in the mailscanner.conf file? > >>> -- > >>> Julian Field Teaching Systems Manager > >>> jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > >>> Tel. 023 8059 2817 University of Southampton > >>> Southampton SO17 1BJ > >>> > > > > -- > > Julian Field Teaching Systems Manager > > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > > Tel. 023 8059 2817 University of Southampton > > Southampton SO17 1BJ > > -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jkf at ecs.soton.ac.uk Tue Oct 2 17:05:26 2001 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:03 2006 Subject: Timeouts In-Reply-To: References: <5.1.0.14.2.20011002163417.044799b8@hawk.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20011002170403.05bf2ed8@hawk.ecs.soton.ac.uk> Try applying these 2 small changes to sweep.pl and tell me if it helps at all: *** sweep.pl Tue Oct 2 08:51:22 2001 --- sweep.pl.new Tue Oct 2 17:08:28 2001 *************** *** 223,229 **** for ($i=0; $i<10; $i++) { sleep 1; ($pid=0),last if kill(0, $pid); ! #kill 'TERM', $pid; } # And if it didn't respond to 15 nice kills, we kill -9 it kill 'KILL', $pid if $pid; --- 223,229 ---- for ($i=0; $i<10; $i++) { sleep 1; ($pid=0),last if kill(0, $pid); ! kill 'TERM', $pid; } # And if it didn't respond to 15 nice kills, we kill -9 it kill 'KILL', $pid if $pid; *************** *** 426,432 **** for ($i=0; $i<10; $i++) { sleep 1; ($pid=0),last if kill(0, $pid); ! #kill 'TERM', $pid; } # And if it didn't respond to 15 nice kills, we kill -9 it kill 'KILL', $pid if $pid; --- 426,432 ---- for ($i=0; $i<10; $i++) { sleep 1; ($pid=0),last if kill(0, $pid); ! kill 'TERM', $pid; } # And if it didn't respond to 15 nice kills, we kill -9 it kill 'KILL', $pid if $pid; In other words, uncomment the 2 "kill" statements inside the little "for" loops. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From Q.G.Campbell at NEWCASTLE.AC.UK Wed Oct 3 09:02:05 2001 From: Q.G.Campbell at NEWCASTLE.AC.UK (Q G Campbell) Date: Thu Jan 12 21:14:03 2006 Subject: FW: Re: dw_sta.zip Message-ID: I guess some of you will have been following on the UK-SECURITY@JISCMAIL.AC.UK list the thread about the security implications of "Zip od Death" file expansions. For those who have not I include a message below. In essence it is saying that in order to prevent file/swap space filling up and bringing a machine to a halt, a number of sites use software that limits the size to which a file can expand. This may be a relative measure expressed as a multiple of the size of the source file or it may be an absolute limit. Could Mailscanner provide a configurable option that would limit the size to which an attachment can expand? This would be an addition to the timeout controls. Quentin --- PHONE: +44 191 222 8209 Computing Service, University of Newcastle FAX: +44 191 222 8765 Newcastle upon Tyne, United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." -----Original Message----- From: Dennis Davis [mailto:D.H.Davis@BATH.AC.UK] Sent: 02 October 2001 16:43 To: UK-SECURITY@JISCMAIL.AC.UK Subject: Re: dw_sta.zip >Date: Tue, 2 Oct 2001 15:54:30 +0100 >Sender: UK Security >From: Simon Baker >Subject: Re: dw_sta.zip >To: UK-SECURITY@jiscmail.ac.uk > >At 15:32 02/10/01 +0100, you wrote: >>The other thing to watch for are "zip of death" files that either >>unpack ad infinitum (to many 100's of terabytes if allowed), or that >>loop while producing no output. > >Yeah, dd if=/dev/zero of=myhugefile can create these.... gzip -9'ing >them gets them down to a *v* small size, using a block sorting >algorithm compressor such as bzip2 can provide amazing results... > >e.g. >c0ke# dd if=/dev/zero of=112M bs=512 count=229500 >229500+0 records in >229500+0 records out >117504000 bytes transferred in 49 secs (2398040 bytes/sec) c0ke# bzip2 >112M >bzip2: --repetitive-best is redundant in versions 0.9.5 and above > 112M: > block 1: crc = 0x e09e2df, combined CRC = 0x e09e2df, size = 899985 > too repetitive; using fallback sorting algorithm > block 2: crc = 0x e09e2df, combined CRC = 0x121a2761, size = 899985 > too repetitive; using fallback sorting algorithm > block 3: crc = 0x8796ae9b, combined CRC = 0xa3a2e059, size = 504030 > too repetitive; using fallback sorting algorithm > final combined CRC = 0xa3a2e059 > 1068218.182:1, 0.000 bits/byte, 100.00% saved, 117504000 in, 110 >out. c0ke# ll 112M.bz2 >-rw-r--r-- 1 root wheel 110 Oct 2 15:48 112M.bz2 > > >So, 110bytes isn't too bad... is it?!?!?! Quite. An ex-colleague, Mark Hindess, and I were discussing this problems about a year or more ago. The example that Mark came up with was: dd if=/dev/zero bs=1048576 count=1024|bzip2 >1gigunpacked.bz2 This produces a compressed file of just some 785 bytes which expands to a gigabyte of zeroes on disc. Chaos can result if a devious mutant throws such a file at a mail server which attempts to exand all email and scan it for viruses. You can almost hear the solids hitting the air-conditioning :-( Fortunately help is at hand. Dan Bernstein has a nifty little program, softlimit, which is part of his daemontools package. Just run your file expansion under the control of softlimit. And set the output file size limit to a suitable multiple of the input file size. A multiplier of 50 or so should be more than generous for "normal" files. The above may, of course, let through a few carefully contrived or pathological examples. And then possibly blow up an unfortunate user. But that's preferable to blowing up a much-prized mail server... ==== UK-Security is a closed mailing list for the discussion of issues relating to computer security. A related list, uk-security-announce, receives only the announcements sent to this list by JANET-CERT, and not the discussion. Subscribers may unsubscribe from the uk-security list by sending mail to JISCMAIL@JISCMAIL.AC.UK with leave uk-security as the *body* of the message. Questions about list policies should be sent to UK-SECURITY-REQUEST@JISCMAIL.AC.UK, NOT to the list address. ==== From jkf at ecs.soton.ac.uk Wed Oct 3 09:20:58 2001 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:03 2006 Subject: FW: Re: dw_sta.zip In-Reply-To: Message-ID: <5.1.0.14.2.20011003091842.03a21de8@hawk.ecs.soton.ac.uk> At 09:02 03/10/2001, you wrote: >Could Mailscanner provide a configurable option that would limit the >size to which an attachment can expand? This would be an addition to the >timeout controls. The zip and other archive expansion is done by the commercial virus checker, so it's down to them to impose limits like this. I don't actually unpack the zip file at all, I leave the job to the commercial checkers (which can all do it). >-----Original Message----- >From: Dennis Davis [mailto:D.H.Davis@BATH.AC.UK] >Sent: 02 October 2001 16:43 >To: UK-SECURITY@JISCMAIL.AC.UK >Subject: Re: dw_sta.zip > > > >Date: Tue, 2 Oct 2001 15:54:30 +0100 > >Sender: UK Security > >From: Simon Baker > >Subject: Re: dw_sta.zip > >To: UK-SECURITY@jiscmail.ac.uk > > > >At 15:32 02/10/01 +0100, you wrote: > >>The other thing to watch for are "zip of death" files that either > >>unpack ad infinitum (to many 100's of terabytes if allowed), or that > >>loop while producing no output. > > > >Yeah, dd if=/dev/zero of=myhugefile can create these.... gzip -9'ing > >them gets them down to a *v* small size, using a block sorting > >algorithm compressor such as bzip2 can provide amazing results... > > > >e.g. > >c0ke# dd if=/dev/zero of=112M bs=512 count=229500 > >229500+0 records in > >229500+0 records out > >117504000 bytes transferred in 49 secs (2398040 bytes/sec) c0ke# bzip2 > >112M > >bzip2: --repetitive-best is redundant in versions 0.9.5 and above > > 112M: > > block 1: crc = 0x e09e2df, combined CRC = 0x e09e2df, size = >899985 > > too repetitive; using fallback sorting algorithm > > block 2: crc = 0x e09e2df, combined CRC = 0x121a2761, size = >899985 > > too repetitive; using fallback sorting algorithm > > block 3: crc = 0x8796ae9b, combined CRC = 0xa3a2e059, size = >504030 > > too repetitive; using fallback sorting algorithm > > final combined CRC = 0xa3a2e059 > > 1068218.182:1, 0.000 bits/byte, 100.00% saved, 117504000 in, 110 > >out. c0ke# ll 112M.bz2 > >-rw-r--r-- 1 root wheel 110 Oct 2 15:48 112M.bz2 > > > > > >So, 110bytes isn't too bad... is it?!?!?! > >Quite. An ex-colleague, Mark Hindess, and I were discussing this >problems about a year or more ago. The example that Mark came up with >was: > >dd if=/dev/zero bs=1048576 count=1024|bzip2 >1gigunpacked.bz2 > >This produces a compressed file of just some 785 bytes which expands to >a gigabyte of zeroes on disc. > >Chaos can result if a devious mutant throws such a file at a mail server >which attempts to exand all email and scan it for viruses. You can >almost hear the solids hitting the air-conditioning :-( > >Fortunately help is at hand. Dan Bernstein has a nifty little program, >softlimit, which is part of his daemontools package. Just run your file >expansion under the control of softlimit. And set the output file size >limit to a suitable multiple of the input file size. A multiplier of 50 >or so should be more than generous for "normal" files. > >The above may, of course, let through a few carefully contrived or >pathological examples. And then possibly blow up an unfortunate user. >But that's preferable to blowing up a much-prized mail server... > >==== >UK-Security is a closed mailing list for the discussion of issues >relating to computer security. A related list, uk-security-announce, >receives only the announcements sent to this list by JANET-CERT, and not >the discussion. > >Subscribers may unsubscribe from the uk-security list by sending mail to >JISCMAIL@JISCMAIL.AC.UK with leave uk-security as the *body* of the >message. > >Questions about list policies should be sent to >UK-SECURITY-REQUEST@JISCMAIL.AC.UK, NOT to the list address. ==== -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From s.kelly at ayrcoll.ac.uk Wed Oct 3 10:15:12 2001 From: s.kelly at ayrcoll.ac.uk (Shane Kelly) Date: Thu Jan 12 21:14:03 2006 Subject: Bad Sophos Update ? Message-ID: <0110031015120D.01110@ned> Hi Julian, I am getting this message in the logs lately - could you shed some light please ? /etc/cron.daily/Sophos.autoupdate: [347_ides.zip] ? End-of-central-directory signature not found. ?Either this file is not ? a zipfile, or it constitutes one disk of a multi-part archive. ?In the ? latter case the central directory and zipfile comment will be found on ? the last disk(s) of this archive. unzip: ?cannot find zipfile directory in one of 347_ides.zip or ? ? ? ? 347_ides.zip.zip, and cannot find 347_ides.zip.ZIP, period. Unzip failed with error return 9 , Bad file descriptor at /usr/local/Sophos/bin/autoupdate line 81. I have checked the zip file and does seem to be valid, the file descriptor is being made correctly, so I really don't have a clue ? Many thanks for your time. Regards, Shane Kelly -- Shane Kelly Network Controller Ayr College 01292 265184 From LISTSERV at JISCMAIL.AC.UK Wed Oct 3 18:00:50 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:03 2006 Subject: MAILSCANNER: mailscanner@WEBENGR.COM requested to join Message-ID: <200110031700.SAA05479@magpie.ecs.soton.ac.uk> Wed, 3 Oct 2001 18:00:50 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Paul Pruett You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER mailscanner@WEBENGR.COM Paul Pruett PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER mailscanner@WEBENGR.COM Paul Pruett // EOJ From LISTSERV at JISCMAIL.AC.UK Wed Oct 3 18:41:28 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:03 2006 Subject: MAILSCANNER: mrl@GENSTEAM.COM left the JISCmail list Message-ID: <200110031741.SAA07305@magpie.ecs.soton.ac.uk> Wed, 3 Oct 2001 18:41:28 Mary Ross Lynch has just left the MAILSCANNER JISCmail list (MailScanner mailing list). From jkf at ecs.soton.ac.uk Thu Oct 4 01:09:43 2001 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:03 2006 Subject: Version 2.51 Message-ID: <5.1.0.14.2.20011004010522.00b01dd8@hawk.ecs.soton.ac.uk> I have just release version 2.51. This is a very minor enhancement, it has only 1 new (small) feature. There is now a configuration file switch Deliver Unparsable TNEF which you may set to "yes" to copy MailScanner's previous behaviour where it would still deliver Microsoft Outlook Rich Text Format attachments (winmail.dat) even if it couldn't 100% decode them. The default behaviour now is to not deliver the winmail.dat files unless they can be completely decoded, but this may cause a problem for some sites using this particular format a lot. So now you can switch the behaviour on or off as you choose. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From LISTSERV at JISCMAIL.AC.UK Thu Oct 4 09:05:15 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:03 2006 Subject: MAILSCANNER: rkunstnik@YAHOO.COM requested to join Message-ID: <200110040805.JAA08849@magpie.ecs.soton.ac.uk> Thu, 4 Oct 2001 09:05:15 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Robert Kunstnik You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER rkunstnik@YAHOO.COM Robert Kunstnik PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER rkunstnik@YAHOO.COM Robert Kunstnik // EOJ From jkha at HPLB.HPL.HP.COM Thu Oct 4 12:32:40 2001 From: jkha at HPLB.HPL.HP.COM (John Hawkes-Reed) Date: Thu Jan 12 21:14:03 2006 Subject: Delays in queue processing? Message-ID: <3BBC48D8.3F291734@hplb.hpl.hp.com> Some of our sodd^wsplendid users have noticed that Mailscanner can sometimes delay mail. (they noticed a five minute delay, but not the hour one last week...) I suspect that what's happening is that if Mailscanner fires off a set of messages to a sendmail process and some of those have dodgy DNS, it sits around waiting for the system("sendmail...") call to return. If this happens to co-incide with a bit of an incoming mail-flood (Sod's law being what it is), things seem to go rather non-linear. Is this likely to be what's happening? -- John Hawkes-Reed From LISTSERV at JISCMAIL.AC.UK Thu Oct 4 13:08:04 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:03 2006 Subject: MAILSCANNER: dns@QUARRYHOUSE.CO.UK requested to join Message-ID: <200110041208.NAA22036@magpie.ecs.soton.ac.uk> Thu, 4 Oct 2001 13:08:04 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Richard Sidlin You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER dns@QUARRYHOUSE.CO.UK Richard Sidlin PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER dns@QUARRYHOUSE.CO.UK Richard Sidlin // EOJ From jkf at ecs.soton.ac.uk Thu Oct 4 13:36:20 2001 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:03 2006 Subject: Delays in queue processing? In-Reply-To: <3BBC48D8.3F291734@hplb.hpl.hp.com> Message-ID: <5.1.0.14.2.20011004133343.04d30eb8@hawk.ecs.soton.ac.uk> At 12:32 04/10/2001, you wrote: >Some of our sodd^wsplendid users have noticed that Mailscanner can >sometimes delay mail. (they noticed a five minute delay, but not the >hour one last week...) > >I suspect that what's happening is that if Mailscanner fires off a set >of messages to a sendmail process and some of those have dodgy DNS, it >sits around waiting for the system("sendmail...") call to return. If >this happens to co-incide with a bit of an incoming mail-flood (Sod's >law being what it is), things seem to go rather non-linear. > >Is this likely to be what's happening? Yes it is. Well analysed. Suggest you read the Installation FAQ as it has a section about this. One change you might want to try (someone has done it and it worked much better than I expected) is to add an "&" on the end of the sendmail commands. You can do this by looking in "mta-specific.pl" for the 2 "KickMessage" functions and adding the "&" on the end of the string passed to "system()" in each copy of the function. I am considering this as an option for the next version, as it seems to work much better than I thought it would. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jkha at HPLB.HPL.HP.COM Thu Oct 4 14:57:34 2001 From: jkha at HPLB.HPL.HP.COM (John Hawkes-Reed) Date: Thu Jan 12 21:14:03 2006 Subject: Delays in queue processing? References: <5.1.0.14.2.20011004133343.04d30eb8@hawk.ecs.soton.ac.uk> Message-ID: <3BBC6ACE.89893029@hplb.hpl.hp.com> Julian Field wrote: [ ... ] > Yes it is. Well analysed. Suggest you read the Installation FAQ as it has a > section about this. [FX: Views it again] Yes. I'm not too keen to move to batch-only since most of the time it all goes like a train. > One change you might want to try (someone has done it and it worked much > better than I expected) is to add an "&" on the end of the sendmail commands. That was my plan, but it seemed far too simple. -- John Hawkes-Reed From jkf at ecs.soton.ac.uk Thu Oct 4 16:43:35 2001 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:03 2006 Subject: Delays in queue processing? In-Reply-To: <3BBC6ACE.89893029@hplb.hpl.hp.com> References: <5.1.0.14.2.20011004133343.04d30eb8@hawk.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20011004164244.04da7ac8@hawk.ecs.soton.ac.uk> At 14:57 04/10/2001, you wrote: >Julian Field wrote: > > One change you might want to try (someone has done it and it worked much > > better than I expected) is to add an "&" on the end of the sendmail > commands. > >That was my plan, but it seemed far too simple. I will be very interested to hear how well it solves the problem. If it turns out to work quite nicely, then it will become a config variable (another one!) in the next version. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From LISTSERV at JISCMAIL.AC.UK Thu Oct 4 15:10:09 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:03 2006 Subject: MAILSCANNER: cpd@UNIVAP.BR requested to join Message-ID: <200110041410.PAA28881@magpie.ecs.soton.ac.uk> Thu, 4 Oct 2001 15:10:09 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Vladimir M Costa The following membership options have been requested: NOMIME DIGEST. You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER cpd@UNIVAP.BR Vladimir M Costa PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER cpd@UNIVAP.BR Vladimir M Costa SET MAILSCANNER NOMIME DIGEST FOR cpd@UNIVAP.BR // EOJ From jkha at HPLB.HPL.HP.COM Thu Oct 4 17:10:13 2001 From: jkha at HPLB.HPL.HP.COM (John Hawkes-Reed) Date: Thu Jan 12 21:14:03 2006 Subject: Delays in queue processing? References: <5.1.0.14.2.20011004133343.04d30eb8@hawk.ecs.soton.ac.uk> <5.1.0.14.2.20011004164244.04da7ac8@hawk.ecs.soton.ac.uk> Message-ID: <3BBC89E5.77F4252C@hplb.hpl.hp.com> Julian Field wrote: > I will be very interested to hear how well it solves the problem. If it > turns out to work quite nicely, then it will become a config variable > (another one!) in the next version. Seems to be a runner thus far - I need to wait for shonky DNS and a corporate missive to appear at around the same time to be really sure. -- John Hawkes-Reed Unix hacker. RIT Bristol. T:(0117) 312-8787 From Olaf.Kaus at MAXPERT.DE Fri Oct 5 08:46:05 2001 From: Olaf.Kaus at MAXPERT.DE (Olaf Kaus) Date: Thu Jan 12 21:14:03 2006 Subject: AW: Delays in queue processing? Message-ID: Hi, > -----Urspr?ngliche Nachricht----- > Von: Julian Field [mailto:jkf@ECS.SOTON.AC.UK] > Gesendet: Donnerstag, 4. Oktober 2001 15:44 > An: MAILSCANNER@JISCMAIL.AC.UK > Betreff: Re: Delays in queue processing? > > > At 14:57 04/10/2001, you wrote: > >Julian Field wrote: > > > One change you might want to try (someone has done it and > it worked much > > > better than I expected) is to add an "&" on the end of > the sendmail > > commands. > > > >That was my plan, but it seemed far too simple. > > I will be very interested to hear how well it solves the > problem. If it > turns out to work quite nicely, then it will become a config variable > (another one!) in the next version. IMO it is a fine hack. I turned this on yesterday, because there were large delays (and up to 30 mails in mqueue). Todays morning there were only mails in the queue (same than yesterday :-) I will have a look at it further on... Regards...olf > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ > From LISTSERV at JISCMAIL.AC.UK Thu Oct 4 22:13:19 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:03 2006 Subject: MAILSCANNER: lawbar@NPCUSA.COM requested to join Message-ID: <200110042113.WAA21666@magpie.ecs.soton.ac.uk> Thu, 4 Oct 2001 22:13:19 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Lawrence Bartash You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER lawbar@NPCUSA.COM Lawrence Bartash PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER lawbar@NPCUSA.COM Lawrence Bartash // EOJ From jkf at ecs.soton.ac.uk Fri Oct 5 17:05:08 2001 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:03 2006 Subject: Solaris 2.7 users & 1 new feature Message-ID: <5.1.0.14.2.20011005170156.05991e50@hawk.ecs.soton.ac.uk> One user has been having trouble with the timeouts not working under Solaris 7 (they appear to work fine under Solaris 8). I have fixed this problem and the fix will be included in the next release which I intend to produce around the end of next week once I'm sure I don't want to add any new features for a while. The only new feature otherwise is the ability to trigger Sendmail to deliver outgoing messages in the background, rather than waiting for the sendmail processes to complete. This may improve the speed of response on some mail servers (but it may cause trouble on others). It is off by default, it is an option to try if you are having speed problems and are getting a large backlog of mail on your MailScanner server. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From LISTSERV at JISCMAIL.AC.UK Fri Oct 5 23:21:52 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:03 2006 Subject: MAILSCANNER: jerry@PRIMAL.UCDAVIS.EDU requested to join Message-ID: <200110052221.XAA25296@magpie.ecs.soton.ac.uk> Fri, 5 Oct 2001 23:21:52 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Jerry Nishimoto You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER jerry@PRIMAL.UCDAVIS.EDU Jerry Nishimoto PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER jerry@PRIMAL.UCDAVIS.EDU Jerry Nishimoto // EOJ From LISTSERV at JISCMAIL.AC.UK Sun Oct 7 23:04:58 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:03 2006 Subject: MAILSCANNER: ola.anfinsen@NETPOWER.NO requested to join Message-ID: <200110072204.XAA06439@magpie.ecs.soton.ac.uk> Sun, 7 Oct 2001 23:04:58 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Ola Anfinsen You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER ola.anfinsen@NETPOWER.NO Ola Anfinsen PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER ola.anfinsen@NETPOWER.NO Ola Anfinsen // EOJ From LISTSERV at JISCMAIL.AC.UK Mon Oct 8 10:24:32 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:03 2006 Subject: MAILSCANNER: tonyy@FOE.CO.UK requested to join Message-ID: <200110080924.KAA27622@magpie.ecs.soton.ac.uk> Mon, 8 Oct 2001 10:24:32 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Tony Yates You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER tonyy@FOE.CO.UK Tony Yates PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER tonyy@FOE.CO.UK Tony Yates // EOJ From oihmig at ASPERGER.DE Mon Oct 8 12:31:55 2001 From: oihmig at ASPERGER.DE (Olaf Ihmig) Date: Thu Jan 12 21:14:03 2006 Subject: autoupdate Message-ID: <41256ADF.0039AC18.00@aspkne01.asperger.de> Hi, if i started autoupdate, i got: Could not calculate Sophos version number, Bad file descriptor at /opt/sophos/bin/autoupdate line 81. What does it mean? Thanx. Olaf. From jkf at ecs.soton.ac.uk Mon Oct 8 14:14:58 2001 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:03 2006 Subject: autoupdate In-Reply-To: <41256ADF.0039AC18.00@aspkne01.asperger.de> Message-ID: <5.1.0.14.2.20011008141422.03d4e718@hawk.ecs.soton.ac.uk> At 12:31 08/10/2001, you wrote: >Hi, > >if i started autoupdate, i got: > >Could not calculate Sophos version number, Bad file descriptor at >/opt/sophos/bin/autoupdate line 81. > >What does it mean? Have you got Sophos installed in the location the script expects? Looks like it couldn't find the vdl-*.dat file. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From damin at NACS.NET Mon Oct 8 23:51:17 2001 From: damin at NACS.NET (Greg Boehnlein) Date: Thu Jan 12 21:14:03 2006 Subject: Mailscanner Newbie Questions In-Reply-To: <5.1.0.14.2.20010929172109.00af3828@hawk.ecs.soton.ac.uk> Message-ID: On Sat, 29 Sep 2001, Julian Field wrote: > One thing to note: MailScanner does not require any changes to your > /etc/sendmail.cf file. Make sure you (and MailScanner's RPM!) have not > changed your sendmail.cf file. This is something that will be corrected in > 2.50 (I'm removing the sendmail.cf file I currently provide, it causes more > trouble than it is worth). Julian, Alright.. I am a bit confused here. I installed a fresh RedHat 7.1 system today, added perl-libnet from the powertools directory and followed the installation steps for MailScanner: 1. Install mailscanner rpm 2. Run the Sophos.install script 3. Add "/usr/local/Sophos/lib" to /etc/ld.so.conf 4. Add 'PATH="$PATH:/usr/local/Sophos/bin"' to /etc/profile 5. Moved /etc/sendmail.cf to /etc/sendmail.cf.orig 6. Moved /etc/sendmail.cf.forwarder.mailscanner to /etc/sendmail.cf 7. Started mailscanner via /etc/rc.d/init.d/mailscanner Now.. When I start mailscanner, it moves a bunch of messages to /var/spool/MailScanner/incoming and delivers them, but mailscanner never seems to do anything else.. ever... -- Vice President of New Age Consulting Service, Inc. Cleveland Ohio http://www.nacs.net info@nacs.net (216)-619-2000 KP-216-121-ST From damin at NACS.NET Tue Oct 9 01:50:11 2001 From: damin at NACS.NET (Greg Boehnlein) Date: Thu Jan 12 21:14:04 2006 Subject: Mailscanner Newbie Questions In-Reply-To: <5.1.0.14.2.20010929172109.00af3828@hawk.ecs.soton.ac.uk> Message-ID: Julian, My understanding is that mailscanner goes ahead and starts up 2 sendmail processes as evidenced by the /etc/rc.d/init.d/mailscanner startup script: /usr/sbin/sendmail -bd -ODeliveryMode=queueonly \ -OQueueDirectory=/var/spool/mqueue.in and /usr/sbin/sendmail -q15m I assume the first one is for the incoming mail-queue, and that the second one is for the outgoing mail-queue. I am running a standard RedHat 7.1 sendmail.cf file, w/ the addition of RBL support. By default, this should disable open-relaying. However, when I connect to this system, I can relay. If I gank the sendmail.cf from my working mail-server which REJECTS relays unless added into the /etc/mail/access file, it STILL allows relay from anywhere on the mailscanner system. It has been a while since I have worked with Sendmail, but does the fact that you are specifying options on the command line override what is set in the /etc/sendmail.cf file? -- Vice President of New Age Consulting Service, Inc. Cleveland Ohio http://www.nacs.net info@nacs.net (216)-619-2000 KP-216-121-ST From LISTSERV at JISCMAIL.AC.UK Tue Oct 9 01:31:50 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:04 2006 Subject: MAILSCANNER: Jvanlowe@EMS.JSC.NASA.GOV requested to join Message-ID: <200110090031.BAA12699@magpie.ecs.soton.ac.uk> Tue, 9 Oct 2001 01:31:50 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from John Van Lowe You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER Jvanlowe@EMS.JSC.NASA.GOV John Van Lowe PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER Jvanlowe@EMS.JSC.NASA.GOV John Van Lowe // EOJ From jkf at ecs.soton.ac.uk Tue Oct 9 11:12:37 2001 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:04 2006 Subject: Mailscanner Newbie Questions In-Reply-To: References: <5.1.0.14.2.20010929172109.00af3828@hawk.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20011009110917.03b78b30@hawk.ecs.soton.ac.uk> At 23:51 08/10/2001, you wrote: >1. Install mailscanner rpm >2. Run the Sophos.install script Good so far >3. Add "/usr/local/Sophos/lib" to /etc/ld.so.conf >4. Add 'PATH="$PATH:/usr/local/Sophos/bin"' to /etc/profile Both unnecessary. That is why I provide a /usr/local/Sophos/bin/sophoswrapper script. >5. Moved /etc/sendmail.cf to /etc/sendmail.cf.orig >6. Moved /etc/sendmail.cf.forwarder.mailscanner to /etc/sendmail.cf What was wrong with your original sendmail.cf? You should use the original one unless you haven't got one and actively want to just forward mail to another machine. The supplied sendmail.cf.forwarder.mailscanner would still need editing (the DH and DM lines if I remember rightly) even so. >7. Started mailscanner via /etc/rc.d/init.d/mailscanner > >Now.. When I start mailscanner, it moves a bunch of messages to >/var/spool/MailScanner/incoming and delivers them, but mailscanner never >seems to do anything else.. ever... What does your /var/log/maillog say? What sendmail / mailscanner processes are running? What do you mean by it "delivers them", what do you think it is not doing? -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jkf at ecs.soton.ac.uk Tue Oct 9 11:14:58 2001 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:04 2006 Subject: Mailscanner Newbie Questions In-Reply-To: References: <5.1.0.14.2.20010929172109.00af3828@hawk.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20011009111243.062bb518@hawk.ecs.soton.ac.uk> At 01:50 09/10/2001, you wrote: > My understanding is that mailscanner goes ahead and starts up 2 >sendmail processes as evidenced by the /etc/rc.d/init.d/mailscanner >startup script: >/usr/sbin/sendmail -bd -ODeliveryMode=queueonly \ > -OQueueDirectory=/var/spool/mqueue.in >and >/usr/sbin/sendmail -q15m > >I assume the first one is for the incoming mail-queue, and that the second >one is for the outgoing mail-queue. Correct. >I am running a standard RedHat 7.1 sendmail.cf file, w/ the addition of >RBL support. But you just told me you overwrote your sendmail.cf file with one supplied with MailScanner! What sendmail.cf *are* you running with? > By default, this should disable open-relaying. However, when >I connect to this system, I can relay. If I gank the sendmail.cf from my >working mail-server which REJECTS relays unless added into the >/etc/mail/access file, it STILL allows relay from anywhere on the >mailscanner system. Define what you mean by "anywhere on the mailscanner system". >It has been a while since I have worked with Sendmail, but does the fact >that you are specifying options on the command line override what is set >in the /etc/sendmail.cf file? Yes. It overrides the options supplied, i.e. just the queue directory and the delivery mode. It has no effect on sendmail's relaying controls, that's a sendmail problem, nothing to do with MailScanner. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From damin at NACS.NET Tue Oct 9 11:50:06 2001 From: damin at NACS.NET (Greg Boehnlein) Date: Thu Jan 12 21:14:04 2006 Subject: Mailscanner Newbie Questions In-Reply-To: <5.1.0.14.2.20011009111243.062bb518@hawk.ecs.soton.ac.uk> Message-ID: On Tue, 9 Oct 2001, Julian Field wrote: > At 01:50 09/10/2001, you wrote: > > My understanding is that mailscanner goes ahead and starts up 2 > >sendmail processes as evidenced by the /etc/rc.d/init.d/mailscanner > >startup script: > >/usr/sbin/sendmail -bd -ODeliveryMode=queueonly \ > > -OQueueDirectory=/var/spool/mqueue.in > >and > >/usr/sbin/sendmail -q15m > > > >I assume the first one is for the incoming mail-queue, and that the second > >one is for the outgoing mail-queue. > > Correct. > > >I am running a standard RedHat 7.1 sendmail.cf file, w/ the addition of > >RBL support. > > But you just told me you overwrote your sendmail.cf file with one supplied > with MailScanner! What sendmail.cf *are* you running with? In the time that I had written that original message, I had gone back to the default sendmail.cf file. So, I am now using a sendmail.cf file that is a default redhat.mc + RBL support. What I believe is happening (correct me if I am wrong) is that the incoming QueueOnly sendmail process is using /etc/sendmail.cf, while the delivery sendmail process is using /etc/sendmail.cf.forwarder.mailscanner I do have the system working now. I.E. I am able to send, disinfect and quarantine messages. Mail is delivered properly over to the main incoming mail server. > > By default, this should disable open-relaying. However, when > >I connect to this system, I can relay. If I gank the sendmail.cf from my > >working mail-server which REJECTS relays unless added into the > >/etc/mail/access file, it STILL allows relay from anywhere on the > >mailscanner system. > > Define what you mean by "anywhere on the mailscanner system". Let me be more clear on that. ;) I have the domain nacs.net in /etc/mail/relay-domains. According to my sendmail.cf file this allows relaying from any nacs.net system. This works fine. Now that I have correct /etc/sendmail.cf files in place, RBL and AntiRelay support is working properly. Here is a copy of the .mc file that I am using for /etc/sendmail.cf.forwarder.mailscanner. It is a little overkill for just a forwarder, but what the hell.... divert(-1) define(`OldMXHost', `mail.nacs.net') include(`../m4/cf.m4') define(`confDEF_USER_ID',``8:12'') OSTYPE(linux) define(`confDONT_INIT_GROUPS', `True') define(`confAUTO_REBUILD') define(`confLOG_LEVEL', `14') FEATURE(nocanonify) FEATURE(nullclient, OldMXHost) undefine(`UUCP_RELAY')dnl undefine(`BITNET_RELAY')dnl define(`confTO_CONNECT', `1m')dnl define(`confTRY_NULL_MX_LIST',true)dnl define(`confDONT_PROBE_INTERFACES',true)dnl define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl dnl FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl define(`ALIAS_FILE', `/etc/aliases')dnl define(`UUCP_MAILER_MAX', `2000000')dnl define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl define(`confAUTH_OPTIONS', `A')dnl FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl FEATURE(redirect)dnl FEATURE(always_add_domain)dnl FEATURE(use_cw_file)dnl FEATURE(use_ct_file)dnl FEATURE(`access_db',`hash -o /etc/mail/access.db')dnl FEATURE(`blacklist_recipients')dnl EXPOSED_USER(`root')dnl FEATURE(`dnsbl',`rbl.maps.vix.com')dnl FEATURE(`dnsbl',`inputs.orbz.org')dnl FEATURE(`dnsbl',`outputs.orbz.org')dnl FEATURE(`dnsbl',`relays.mail-abuse.org')dnl MAILER(smtp)dnl Cwlocalhost.localdomain -- Vice President of New Age Consulting Service, Inc. Cleveland Ohio http://www.nacs.net info@nacs.net (216)-619-2000 KP-216-121-ST From jkf at ecs.soton.ac.uk Tue Oct 9 12:07:21 2001 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:04 2006 Subject: Mailscanner Newbie Questions In-Reply-To: References: <5.1.0.14.2.20011009111243.062bb518@hawk.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20011009120301.03b77dc8@hawk.ecs.soton.ac.uk> At 11:50 09/10/2001, you wrote: >On Tue, 9 Oct 2001, Julian Field wrote: > > At 01:50 09/10/2001, you wrote: > > > My understanding is that mailscanner goes ahead and starts up 2 > > >sendmail processes as evidenced by the /etc/rc.d/init.d/mailscanner > > >startup script: > > >/usr/sbin/sendmail -bd -ODeliveryMode=queueonly \ > > > -OQueueDirectory=/var/spool/mqueue.in > > >and > > >/usr/sbin/sendmail -q15m > > > > > >I assume the first one is for the incoming mail-queue, and that the second > > >one is for the outgoing mail-queue. > > > > Correct. > > > > >I am running a standard RedHat 7.1 sendmail.cf file, w/ the addition of > > >RBL support. > > > > But you just told me you overwrote your sendmail.cf file with one supplied > > with MailScanner! What sendmail.cf *are* you running with? > >In the time that I had written that original message, I had gone back to >the default sendmail.cf file. So, I am now using a sendmail.cf file that >is a default redhat.mc + RBL support. > >What I believe is happening (correct me if I am wrong) is that the >incoming QueueOnly sendmail process is using /etc/sendmail.cf, while the >delivery sendmail process is using /etc/sendmail.cf.forwarder.mailscanner Both sendmail processes are using the same sendmail.cf file (whatever location was compiled into your copy of sendmail), just the incoming one over-rides a couple of the options. >I do have the system working now. I.E. I am able to send, disinfect and >quarantine messages. Mail is delivered properly over to the main incoming >mail server. Yay! Good news. :-) > > > By default, this should disable open-relaying. However, when > > >I connect to this system, I can relay. If I gank the sendmail.cf from my > > >working mail-server which REJECTS relays unless added into the > > >/etc/mail/access file, it STILL allows relay from anywhere on the > > >mailscanner system. > > > > Define what you mean by "anywhere on the mailscanner system". > >Let me be more clear on that. ;) > >I have the domain nacs.net in /etc/mail/relay-domains. According to my >sendmail.cf file this allows relaying from any nacs.net system. This works >fine. Now that I have correct /etc/sendmail.cf files in place, RBL and >AntiRelay support is working properly. > >Here is a copy of the .mc file that I am using for >/etc/sendmail.cf.forwarder.mailscanner. It is a little overkill for just a >forwarder, but what the hell.... Nothing will be using actively /etc/sendmail.cf.forwarder.mailscanner, I just supply it as an example file that you might want to use as your sendmail.cf file unless you already have one. Sorry if I caused any confusion over that point, I think I'm going to remove the file from the distribution altogether. It was only ever intended as a sample but seems to cause endless confusion, sorry about that. You should just use the sendmail.cf file you already had on your (working) system before you started installing MailScanner. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From damin at NACS.NET Tue Oct 9 12:19:10 2001 From: damin at NACS.NET (Greg Boehnlein) Date: Thu Jan 12 21:14:04 2006 Subject: Mailscanner Newbie Questions In-Reply-To: <5.1.0.14.2.20011009120301.03b77dc8@hawk.ecs.soton.ac.uk> Message-ID: On Tue, 9 Oct 2001, Julian Field wrote: > >What I believe is happening (correct me if I am wrong) is that the > >incoming QueueOnly sendmail process is using /etc/sendmail.cf, while the > >delivery sendmail process is using /etc/sendmail.cf.forwarder.mailscanner > > Both sendmail processes are using the same sendmail.cf file (whatever > location was compiled into your copy of sendmail), just the incoming one > over-rides a couple of the options. I guess I am not clear at all, then, how mail delivered to my Primary MX (vscan.nacs.net) is then being turned around and delivered to my Secondary MX (mail.nacs.net). I realize it is a sendmail issue, but I'm stumped. I don't have anything in the /etc/sendmail.cw file. The /etc/sendmail.cf has a Cw entry of localhost.locadomain /etc/mail/relay-domains has "nacs.net" and "mail.nacs.net" in it. Care to shed any light? > >I do have the system working now. I.E. I am able to send, disinfect and > >quarantine messages. Mail is delivered properly over to the main incoming > >mail server. > > Yay! Good news. :-) Yes! It is.. but I'm still confused! ;) > >Let me be more clear on that. ;) > > > >I have the domain nacs.net in /etc/mail/relay-domains. According to my > >sendmail.cf file this allows relaying from any nacs.net system. This works > >fine. Now that I have correct /etc/sendmail.cf files in place, RBL and > >AntiRelay support is working properly. > > > >Here is a copy of the .mc file that I am using for > >/etc/sendmail.cf.forwarder.mailscanner. It is a little overkill for just a > >forwarder, but what the hell.... > > Nothing will be using actively /etc/sendmail.cf.forwarder.mailscanner, I > just supply it as an example file that you might want to use as your > sendmail.cf file unless you already have one. Sorry if I caused any > confusion over that point, I think I'm going to remove the file from the > distribution altogether. It was only ever intended as a sample but seems to > cause endless confusion, sorry about that. > > You should just use the sendmail.cf file you already had on your (working) > system before you started installing MailScanner. Alright.. I'll work with that... but please enlighten me as to the above question. ;) -- Vice President of New Age Consulting Service, Inc. Cleveland Ohio http://www.nacs.net info@nacs.net (216)-619-2000 KP-216-121-ST From jkf at ecs.soton.ac.uk Tue Oct 9 13:23:55 2001 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:04 2006 Subject: Mailscanner Newbie Questions In-Reply-To: References: <5.1.0.14.2.20011009120301.03b77dc8@hawk.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20011009132315.028d2ba8@hawk.ecs.soton.ac.uk> At 12:19 09/10/2001, you wrote: >I guess I am not clear at all, then, how mail delivered to my Primary MX >(vscan.nacs.net) is then being turned around and delivered to my Secondary >MX (mail.nacs.net). I realize it is a sendmail issue, but I'm stumped. >I don't have anything in the /etc/sendmail.cw file. >The /etc/sendmail.cf has a Cw entry of localhost.locadomain >/etc/mail/relay-domains has "nacs.net" and "mail.nacs.net" in it. > >Care to shed any light? Sorry, no ideas... -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jkf at ecs.soton.ac.uk Tue Oct 9 13:47:51 2001 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:04 2006 Subject: Version 2.52-1 released Message-ID: <5.1.0.14.2.20011009134419.03b40ec0@hawk.ecs.soton.ac.uk> I have just released 2.52-1. The new things are pretty much what I have already said on the web site, ie. - "Deliver In Background" configuration switch to avoid having to wait for sendmail processes to complete - Fixed remaining timeout bugs with Solaris 7 - Removed all traces of sendmail.cf files from the Linux distribution Downloadable, as per usual from the web site at http://www.sng.ecs.soton.ac.uk/mailscanner/ Jules. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From damin at NACS.NET Tue Oct 9 16:03:05 2001 From: damin at NACS.NET (Greg Boehnlein) Date: Thu Jan 12 21:14:04 2006 Subject: Version 2.52-1 released In-Reply-To: <5.1.0.14.2.20011009134419.03b40ec0@hawk.ecs.soton.ac.uk> Message-ID: On Tue, 9 Oct 2001, Julian Field wrote: > I have just released 2.52-1. > > The new things are pretty much what I have already said on the web site, ie. > - "Deliver In Background" configuration switch to avoid having to > wait for sendmail processes to complete > - Fixed remaining timeout bugs with Solaris 7 > - Removed all traces of sendmail.cf files from the Linux distribution > > Downloadable, as per usual from the web site at > http://www.sng.ecs.soton.ac.uk/mailscanner/ What does: ==== Stopping sendmail until you correct start of /etc/sendmail.cf file Actually mean? -- Vice President of New Age Consulting Service, Inc. Cleveland Ohio http://www.nacs.net info@nacs.net (216)-619-2000 KP-216-121-ST From damin at NACS.NET Tue Oct 9 16:04:27 2001 From: damin at NACS.NET (Greg Boehnlein) Date: Thu Jan 12 21:14:04 2006 Subject: Virus Scanner -- Mail Sent in Outlook Rich Text Format Message-ID: Something from one of my Administrators.. What should I tell him? -- Vice President of New Age Consulting Service, Inc. Cleveland Ohio http://www.nacs.net info@nacs.net (216)-619-2000 KP-216-121-ST ---------- Forwarded message ---------- Date: Tue, 9 Oct 2001 10:44:00 -0400 From: Chuck Liggett To: "Boehnlein, Greg" Subject: Virus Scanner -- Mail Sent in Outlook Rich Text Format Greg: All mail being sent in outlook Rich Text Format (an option in Outlook 97/2K/XP) is not scannable by the Mail Scanner and the mail scanner removes the Rich Text attachments from the message declaring them as follows: ======= This is a message from the MailScanner E-Mail Virus Protection Service ---------------------------------------------------------------------- The original e-mail attachment "WINMAIL.DAT" was believed to be infected by a virus and has been replaced by this warning message. If you wish to receive a copy of the *infected* attachment, please e-mail support and include this entire in your request. Alternatively, you can call the Help Desk at (216)-619-2000, with the contents of this message in hand. At Tue Oct 9 10:39:07 2001 the virus scanner said: Could not parse Outlook Rich Text attachment Note to Help Desk: Look on the MailScanner in /var/spool/MailScanner/quarantine (message f99Ecqc01648). -- Postmaster ======= This is probably going to be a problem. Any way we can have it ignore Rich Text attachments? (Unfortunately, Rich Text Attachments could contain viruses). Thanks, Chuck From jkf at ecs.soton.ac.uk Tue Oct 9 16:08:19 2001 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:04 2006 Subject: Version 2.52-1 released In-Reply-To: References: <5.1.0.14.2.20011009134419.03b40ec0@hawk.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20011009160802.028c2340@hawk.ecs.soton.ac.uk> At 16:03 09/10/2001, you wrote: >What does: > >==== Stopping sendmail until you correct start of /etc/sendmail.cf file > >Actually mean? It means I forgot to update the text printed by the RPM installation :-( -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jkf at ecs.soton.ac.uk Tue Oct 9 16:11:31 2001 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:04 2006 Subject: Virus Scanner -- Mail Sent in Outlook Rich Text Format In-Reply-To: Message-ID: <5.1.0.14.2.20011009160841.03aa1798@hawk.ecs.soton.ac.uk> At 16:04 09/10/2001, you wrote: >Something from one of my Administrators.. What should I tell him? *Some* winmail.dat attachments cannot be decoded and scanned. There is an option near the bottom of the mailscanner.conf configuration file to enable you to deliver these anyway. There are no better TNEF decoders in existence I'm afraid, unless someone wants to write me a better one. I have tried to get the file format spec out of Microsoft, but to no avail :-( >---------- Forwarded message ---------- >Date: Tue, 9 Oct 2001 10:44:00 -0400 >From: Chuck Liggett >To: "Boehnlein, Greg" >Subject: Virus Scanner -- Mail Sent in Outlook Rich Text Format > >Greg: > >All mail being sent in outlook Rich Text Format (an option in Outlook >97/2K/XP) >is not scannable by the Mail Scanner and the mail scanner removes the Rich >Text >attachments from the message declaring them as follows: > >======= > This is a message from the MailScanner E-Mail Virus Protection Service > ---------------------------------------------------------------------- > The original e-mail attachment "WINMAIL.DAT" > was believed to be infected by a virus and has been replaced by this > warning > message. > > If you wish to receive a copy of the *infected* attachment, please > e-mail support and include this entire in your request. Alternatively, you > can call the Help Desk at (216)-619-2000, with the contents of this > message in hand. > > At Tue Oct 9 10:39:07 2001 the virus scanner said: > Could not parse Outlook Rich Text attachment > Note to Help Desk: Look on the MailScanner in > /var/spool/MailScanner/quarantine (message f99Ecqc01648). > -- > Postmaster >======= > >This is probably going to be a problem. Any way we can have it ignore >Rich Text >attachments? (Unfortunately, Rich Text Attachments could contain viruses). > >Thanks, >Chuck -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From nwp at LEMON-COMPUTING.COM Tue Oct 9 16:15:14 2001 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:04 2006 Subject: Version 2.52-1 released In-Reply-To: ; from damin@NACS.NET on Tue, Oct 09, 2001 at 11:03:05AM -0400 References: <5.1.0.14.2.20011009134419.03b40ec0@hawk.ecs.soton.ac.uk> Message-ID: <20011009161514.L26755@lemon-computing.com> On Tue, Oct 09, 2001 at 11:03:05AM -0400, Greg Boehnlein wrote: > What does: > > ==== Stopping sendmail until you correct start of /etc/sendmail.cf file > > Actually mean? I would guess (I haven't looked at it yet) that it means that your sendmail will not run until you have corrected something found at the start of /etc/sendmail.cf Cheers, Nick -- Nick Phillips -- nwp@lemon-computing.com Beware of a dark-haired man with a loud tie. From m.sapsed at BANGOR.AC.UK Tue Oct 9 16:27:25 2001 From: m.sapsed at BANGOR.AC.UK (Martin Sapsed) Date: Thu Jan 12 21:14:04 2006 Subject: Virus Scanner -- Mail Sent in Outlook Rich Text Format In-Reply-To: <5.1.0.14.2.20011009160841.03aa1798@hawk.ecs.soton.ac.uk> Message-ID: On Tue, 9 Oct 2001, Julian Field wrote: > *Some* winmail.dat attachments cannot be decoded and scanned. There is an > option near the bottom of the mailscanner.conf configuration file to enable > you to deliver these anyway. There are no better TNEF decoders in existence > I'm afraid, unless someone wants to write me a better one. > > I have tried to get the file format spec out of Microsoft, but to no avail :-( What an opportunity to persuade the "customers" to use "standard" attachments rather than Microsoft Proprietary ones? Cheers, Martin -- Martin Sapsed To have no errors Information Services Would be life without meaning University of Wales, Bangor, LL57 2UX No struggle, no joy. Fax: +44 (0)1248 383826 From nwp at LEMON-COMPUTING.COM Tue Oct 9 16:30:20 2001 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:04 2006 Subject: Virus Scanner -- Mail Sent in Outlook Rich Text Format In-Reply-To: <5.1.0.14.2.20011009160841.03aa1798@hawk.ecs.soton.ac.uk>; from jkf@ECS.SOTON.AC.UK on Tue, Oct 09, 2001 at 04:11:31PM +0100 References: <5.1.0.14.2.20011009160841.03aa1798@hawk.ecs.soton.ac.uk> Message-ID: <20011009163020.M26755@lemon-computing.com> On Tue, Oct 09, 2001 at 04:11:31PM +0100, Julian Field wrote: > At 16:04 09/10/2001, you wrote: > >Something from one of my Administrators.. What should I tell him? That since the messages can not be checked unless they can be unpacked, they should really be blocked. If that is unacceptable, then users should be educated/forced not to use that ridiculous format. You could also try manually unpacking some of the attachments with the tnef decoder, to see whether it's working correctly (don't forget that you need different binaries on different systems), and if so, how much time + memory + CPU it is likely to take. > I have tried to get the file format spec out of Microsoft, but to no avail :-( Oh, I might also recommend that when a winmail.dat is blocked, a message explaining why should be returned to the sender. Possibly including a phone number for them to contact Microsoft and ask what they think they're playing at ;) Given the recent Gartner Group report that recommends businesses dump IIS because MS are incapable of securing it (see http://www.theregister.co.uk/content/archive/21853.html if it's working), maybe they'll start to take things like this a little more seriously. Some hopes. -- Nick Phillips -- nwp@lemon-computing.com You have been selected for a secret mission. From LISTSERV at JISCMAIL.AC.UK Tue Oct 9 16:48:48 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:04 2006 Subject: MAILSCANNER: bergo@SEUL.ORG requested to join Message-ID: <200110091548.QAA20166@magpie.ecs.soton.ac.uk> Tue, 9 Oct 2001 16:48:48 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Felipe Bergo You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER bergo@SEUL.ORG Felipe Bergo PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER bergo@SEUL.ORG Felipe Bergo // EOJ From LISTSERV at JISCMAIL.AC.UK Wed Oct 10 18:03:21 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:04 2006 Subject: MAILSCANNER: ibrahim@TRIDOR.COM requested to join Message-ID: <200110101703.SAA00100@magpie.ecs.soton.ac.uk> Wed, 10 Oct 2001 18:03:21 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Ibrahim Darwis You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER ibrahim@TRIDOR.COM Ibrahim Darwis PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER ibrahim@TRIDOR.COM Ibrahim Darwis // EOJ From dpalmer at SKIDMORE.EDU Thu Oct 11 14:59:24 2001 From: dpalmer at SKIDMORE.EDU (Deanne Palmer) Date: Thu Jan 12 21:14:04 2006 Subject: Version 2.52-1 released References: <5.1.0.14.2.20011009134419.03b40ec0@hawk.ecs.soton.ac.uk> Message-ID: <3BC5A5BC.2FE352F5@skidmore.edu> I upgraded to release 2.52-1 yesterday morning and love the new features. We're using the 'Deliver in Background' feature and it appears to be working very well. I also added check_mailscanner to the crontasks yesterday (every 20 minutes). However, twice within the past 24 hours, mailscanner has become hung. It's still running, but nothing is passing out of mqueue.in. The last time it looks like it restarted at midnight, but never processed anything after that. When I came in this morning there were over 7000 messages waiting in mqueue.in and only 70 in mqueue. I killed mailscanner and ran check_mailscanner to restart. Everything is moving right along now, although it will probably take a few hours to catch up. This is running on an E250 Solaris 8. Plenty of disk space available all around. Non-default options in the config : Deliver Method = queue rather than 'batch', Notify Senders= no, Notify Postmaster = no, Deliver in Background = yes. Any ideas regarding why mailscanner seems to be getting hung up? Anyone else having this problem? - Deanne Julian Field wrote: > > I have just released 2.52-1. > > The new things are pretty much what I have already said on the web site, ie. > - "Deliver In Background" configuration switch to avoid having to > wait for sendmail processes to complete > - Fixed remaining timeout bugs with Solaris 7 > - Removed all traces of sendmail.cf files from the Linux distribution > > Downloadable, as per usual from the web site at > http://www.sng.ecs.soton.ac.uk/mailscanner/ > > Jules. > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ -- --------------------------- Deanne Palmer dpalmer@skidmore.edu Systems Administrator phone: (518) 580-5914 CITS 580-5000 Skidmore College fax: (518) 580-5936 Saratoga Springs, NY 12866-1632 ------------------ End of network mail From nwp at LEMON-COMPUTING.COM Thu Oct 11 17:24:49 2001 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:04 2006 Subject: Packages of mailscanner Message-ID: <20011011172449.B7996@lemon-computing.com> We're just starting to work on automated installations of mailscanner. We reckon it'd be useful to have a downloadable package with a url something like mailscanner-current.tbz, which would be an automatically-updated-from-cvs tarball of the current release. Anyone else got any wishlists to do with available forms of packaging or installation systems? Not promising anything, but we will definitely be working on automating download + installation. Cheers, Nick -- Nick Phillips -- nwp@lemon-computing.com Good news. Ten weeks from Friday will be a pretty good day. From LISTSERV at JISCMAIL.AC.UK Thu Oct 11 17:26:53 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:04 2006 Subject: MAILSCANNER: rahenr@MERCURY.EPSIIA.COM requested to join Message-ID: <200110111626.RAA22077@magpie.ecs.soton.ac.uk> Thu, 11 Oct 2001 17:26:53 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Ryan Henry You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER rahenr@MERCURY.EPSIIA.COM Ryan Henry PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER rahenr@MERCURY.EPSIIA.COM Ryan Henry // EOJ From jkf at ecs.soton.ac.uk Thu Oct 11 17:31:26 2001 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:04 2006 Subject: Version 2.52-1 released In-Reply-To: <3BC5A5BC.2FE352F5@skidmore.edu> References: <5.1.0.14.2.20011009134419.03b40ec0@hawk.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20011011172631.03620008@hawk.ecs.soton.ac.uk> At 14:59 11/10/2001, you wrote: >However, twice within the past 24 hours, mailscanner has become hung. >It's still running, but nothing is passing out of mqueue.in. The last >time it looks like it restarted at midnight, but never processed >anything after that. >When I came in this morning there were over 7000 messages waiting in >mqueue.in and only 70 in mqueue. >I killed mailscanner and ran check_mailscanner to restart. Everything >is moving right along now, although it will probably take a few hours to >catch up. This is running on an E250 Solaris 8. >Plenty of disk space available all around. Non-default options in the >config : Deliver Method = queue rather than 'batch', Notify Senders= >no, Notify Postmaster = no, >Deliver in Background = yes. > Any ideas regarding why mailscanner seems to be getting hung up? >Anyone else having this problem? I have seen this problem myself this morning, though I don't yet know why. The last thing in my log was "Going to scan 1 message", but, as you also say, the mailscanner process was still alive, just not doing anything. I hope to have time to wade through the code myself tomorrow, I need to add more debugging info to it as I cannot yet see why it would just hang. As far as I know at the moment, there's no reason for any particular bit of the code to just not terminate. Restarting it with exactly the same message queue solves the problem, so it can't be anything caused by a particular message. What I'm wondering is whether there are bugs in the implementation of POSIX process group code that I now use (which I didn't before the latest version). This was the only way of avoiding a timeout-failing problem with one user of Solaris 2.7. If you see this problem a lot, back off to 2.51 (it's still on the web site, there just aren't any links to it) and see how you get on. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From damin at NACS.NET Thu Oct 11 18:48:45 2001 From: damin at NACS.NET (Greg Boehnlein) Date: Thu Jan 12 21:14:04 2006 Subject: Version 2.52-1 released In-Reply-To: <3BC5A5BC.2FE352F5@skidmore.edu> Message-ID: On Thu, 11 Oct 2001, Deanne Palmer wrote: > I upgraded to release 2.52-1 yesterday morning and love the new > features. We're using the 'Deliver in Background' feature and it > appears to be working very well. > I also added check_mailscanner to the crontasks yesterday (every 20 > minutes). > > However, twice within the past 24 hours, mailscanner has become hung. > It's still running, but nothing is passing out of mqueue.in. The last > time it looks like it restarted at midnight, but never processed > anything after that. > When I came in this morning there were over 7000 messages waiting in > mqueue.in and only 70 in mqueue. > I killed mailscanner and ran check_mailscanner to restart. Everything > is moving right along now, although it will probably take a few hours to > catch up. This is running on an E250 Solaris 8. > Plenty of disk space available all around. Non-default options in the > config : Deliver Method = queue rather than 'batch', Notify Senders= > no, Notify Postmaster = no, > Deliver in Background = yes. > Any ideas regarding why mailscanner seems to be getting hung up? > Anyone else having this problem? > - Deanne I have experienced this a couple times since I installed 2.52-1 on a Redhat 6.1 Linux box. I got a core dump once in the mqueue.in directory, and it looks like it was a malloc problem that caused it, but I didn't go into any detailed analysis. I just scheduled check_mailscanner to run every 15 minutes via cron. It is repeatable behavior, but I can't pinpoint when/where it is happening. I don't really want to point the finger at mailscanner, as this box is old, but pretty stable. It handles quite a bit of mail: Statistics from Sat Apr 14 14:58:07 2001 M msgsfr bytes_from msgsto bytes_to msgsrej msgsdis Mailer 0 0 0K 40562 4183530K 0 0 prog 4 2343781 47643017K 652351 30325034K 100279 0 esmtp 9 497392 29254335K 2663857 61160666K 57896 0 local ============================================================= T 2841173 76897352K 3356770 95669230K 158175 0 C 2841173 3356770 773599 -- Vice President of New Age Consulting Service, Inc. Cleveland Ohio http://www.nacs.net info@nacs.net (216)-619-2000 KP-216-121-ST From damin at NACS.NET Thu Oct 11 18:55:15 2001 From: damin at NACS.NET (Greg Boehnlein) Date: Thu Jan 12 21:14:04 2006 Subject: Version 2.52-1 released In-Reply-To: <5.1.0.14.2.20011011172631.03620008@hawk.ecs.soton.ac.uk> Message-ID: On Thu, 11 Oct 2001, Julian Field wrote: > I have seen this problem myself this morning, though I don't yet know why. > The last thing in my log was "Going to scan 1 message", but, as you also > say, the mailscanner process was still alive, just not doing anything. I > hope to have time to wade through the code myself tomorrow, I need to add > more debugging info to it as I cannot yet see why it would just hang. As > far as I know at the moment, there's no reason for any particular bit of > the code to just not terminate. Restarting it with exactly the same message > queue solves the problem, so it can't be anything caused by a particular > message. What I'm wondering is whether there are bugs in the implementation > of POSIX process group code that I now use (which I didn't before the > latest version). This was the only way of avoiding a timeout-failing > problem with one user of Solaris 2.7. > > If you see this problem a lot, back off to 2.51 (it's still on the web > site, there just aren't any links to it) and see how you get on. Speaking of debugging capabilities... I've tried running mailscanner in debug mode a couple of times to see if I can debug some of my issues. Is it supposed to log the debug messages to syslog or the console? Also, to get mailscanner working properly, I've had to make a couple of minor config changes to some files, hard-coding in the /usr/local/MailScanner directory. It seems that for some reason the config file isn't read in. Here is what I changed: In config.pl: config.pl:my $prefix = '/usr/local/MailScanner'; There seem to be some directories in some of the files that point to "/opt" locations, which makes MailScanner fail to run properly. Also, the RPM still references making the changes to the sendmail.cf file, and the sohpos install script still tells people to add /usr/local/Sophos to /etc/profile and ld.so.conf -- Vice President of New Age Consulting Service, Inc. Cleveland Ohio http://www.nacs.net info@nacs.net (216)-619-2000 KP-216-121-ST From damin at NACS.NET Thu Oct 11 18:56:42 2001 From: damin at NACS.NET (Greg Boehnlein) Date: Thu Jan 12 21:14:04 2006 Subject: Packages of mailscanner In-Reply-To: <20011011172449.B7996@lemon-computing.com> Message-ID: On Thu, 11 Oct 2001, Nick Phillips wrote: > We're just starting to work on automated installations of mailscanner. > > We reckon it'd be useful to have a downloadable package with a url > something like mailscanner-current.tbz, which would be an > automatically-updated-from-cvs tarball of the current release. > > Anyone else got any wishlists to do with available forms of packaging > or installation systems? > > Not promising anything, but we will definitely be working on automating > download + installation. Nick.. I can offer lots of help with the RPM packages, as I have done several thousans of them during our port of RedHat 6.2 to the Mips platform. I would be happy to contribute any way that I can.. -- Vice President of New Age Consulting Service, Inc. Cleveland Ohio http://www.nacs.net info@nacs.net (216)-619-2000 KP-216-121-ST From dpalmer at SKIDMORE.EDU Thu Oct 11 19:44:53 2001 From: dpalmer at SKIDMORE.EDU (Deanne Palmer) Date: Thu Jan 12 21:14:04 2006 Subject: Version 2.52-1 released References: <5.1.0.14.2.20011009134419.03b40ec0@hawk.ecs.soton.ac.uk> <5.1.0.14.2.20011011172631.03620008@hawk.ecs.soton.ac.uk> Message-ID: <3BC5E8A5.439C12FB@skidmore.edu> Afraid we had to back off to 2.51. Mailscanner was dying periodically - although I'm not certain that check_mailscanner wasn't precipitating the problem. MailScanner's been running fine since we reverted back to the prior release - still have 'check_mailscanner' cron. Julian Field wrote: > > At 14:59 11/10/2001, you wrote: > >However, twice within the past 24 hours, mailscanner has become hung. > >It's still running, but nothing is passing out of mqueue.in. The last > >time it looks like it restarted at midnight, but never processed > >anything after that. > >When I came in this morning there were over 7000 messages waiting in > >mqueue.in and only 70 in mqueue. > >I killed mailscanner and ran check_mailscanner to restart. Everything > >is moving right along now, although it will probably take a few hours to > >catch up. This is running on an E250 Solaris 8. > >Plenty of disk space available all around. Non-default options in the > >config : Deliver Method = queue rather than 'batch', Notify Senders= > >no, Notify Postmaster = no, > >Deliver in Background = yes. > > Any ideas regarding why mailscanner seems to be getting hung up? > >Anyone else having this problem? > > I have seen this problem myself this morning, though I don't yet know why. > The last thing in my log was "Going to scan 1 message", but, as you also > say, the mailscanner process was still alive, just not doing anything. I > hope to have time to wade through the code myself tomorrow, I need to add > more debugging info to it as I cannot yet see why it would just hang. As > far as I know at the moment, there's no reason for any particular bit of > the code to just not terminate. Restarting it with exactly the same message > queue solves the problem, so it can't be anything caused by a particular > message. What I'm wondering is whether there are bugs in the implementation > of POSIX process group code that I now use (which I didn't before the > latest version). This was the only way of avoiding a timeout-failing > problem with one user of Solaris 2.7. > > If you see this problem a lot, back off to 2.51 (it's still on the web > site, there just aren't any links to it) and see how you get on. > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ -- --------------------------- Deanne Palmer dpalmer@skidmore.edu Systems Administrator phone: (518) 580-5914 CITS 580-5000 Skidmore College fax: (518) 580-5936 Saratoga Springs, NY 12866-1632 ------------------ End of network mail From LISTSERV at JISCMAIL.AC.UK Thu Oct 11 21:01:54 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:04 2006 Subject: MAILSCANNER: dpowell@LSSI.NET requested to join Message-ID: <200110112001.VAA02468@magpie.ecs.soton.ac.uk> Thu, 11 Oct 2001 21:01:54 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Darrin Powell You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER dpowell@LSSI.NET Darrin Powell PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER dpowell@LSSI.NET Darrin Powell // EOJ From msheean at IDMICRO.COM Thu Oct 11 21:53:52 2001 From: msheean at IDMICRO.COM (Mitchell D. Sheean) Date: Thu Jan 12 21:14:04 2006 Subject: Version 2.52-1 released References: <5.1.0.14.2.20011009134419.03b40ec0@hawk.ecs.soton.ac.uk> <5.1.0.14.2.20011011172631.03620008@hawk.ecs.soton.ac.uk> <3BC5E8A5.439C12FB@skidmore.edu> Message-ID: <000601c15296$e4b8e8a0$8001a8c0@idmicro.com> I don't see that on your site. It's still 2.52. ----- Original Message ----- From: "Deanne Palmer" To: Sent: Thursday, October 11, 2001 11:44 AM Subject: Re: Version 2.52-1 released > Afraid we had to back off to 2.51. Mailscanner was dying periodically - > although I'm not certain that check_mailscanner wasn't precipitating the > problem. MailScanner's been running fine since we reverted back to the > prior release - still have 'check_mailscanner' cron. > > Julian Field wrote: > > > > At 14:59 11/10/2001, you wrote: > > >However, twice within the past 24 hours, mailscanner has become hung. > > >It's still running, but nothing is passing out of mqueue.in. The last > > >time it looks like it restarted at midnight, but never processed > > >anything after that. > > >When I came in this morning there were over 7000 messages waiting in > > >mqueue.in and only 70 in mqueue. > > >I killed mailscanner and ran check_mailscanner to restart. Everything > > >is moving right along now, although it will probably take a few hours to > > >catch up. This is running on an E250 Solaris 8. > > >Plenty of disk space available all around. Non-default options in the > > >config : Deliver Method = queue rather than 'batch', Notify Senders= > > >no, Notify Postmaster = no, > > >Deliver in Background = yes. > > > Any ideas regarding why mailscanner seems to be getting hung up? > > >Anyone else having this problem? > > > > I have seen this problem myself this morning, though I don't yet know why. > > The last thing in my log was "Going to scan 1 message", but, as you also > > say, the mailscanner process was still alive, just not doing anything. I > > hope to have time to wade through the code myself tomorrow, I need to add > > more debugging info to it as I cannot yet see why it would just hang. As > > far as I know at the moment, there's no reason for any particular bit of > > the code to just not terminate. Restarting it with exactly the same message > > queue solves the problem, so it can't be anything caused by a particular > > message. What I'm wondering is whether there are bugs in the implementation > > of POSIX process group code that I now use (which I didn't before the > > latest version). This was the only way of avoiding a timeout-failing > > problem with one user of Solaris 2.7. > > > > If you see this problem a lot, back off to 2.51 (it's still on the web > > site, there just aren't any links to it) and see how you get on. > > -- > > Julian Field Teaching Systems Manager > > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > > Tel. 023 8059 2817 University of Southampton > > Southampton SO17 1BJ > > -- > > > --------------------------- > Deanne Palmer dpalmer@skidmore.edu > Systems Administrator phone: (518) 580-5914 > CITS 580-5000 > Skidmore College fax: (518) 580-5936 > Saratoga Springs, NY > 12866-1632 > ------------------ > End of network mail From paul at CWIE.NET Thu Oct 11 21:59:50 2001 From: paul at CWIE.NET (Paul Fries (CWIE LLC)) Date: Thu Jan 12 21:14:04 2006 Subject: Version 2.52-1 released In-Reply-To: <000601c15296$e4b8e8a0$8001a8c0@idmicro.com> Message-ID: <001901c15297$ab0ba150$d900000a@paul01> FYI: I keep getting this error when using the new version (2.52-1) on a high volume server: After mailscanner runs for about 10 minutes, I get this message dumped to my shell, and mailscanner dies: perl in malloc(): warning: recursive call. Out of memory! perl in free(): warning: recursive call. perl in free(): warning: recursive call. perl in free(): warning: recursive call. perl in free(): warning: recursive call. perl in malloc(): warning: recursive call. Server is FreeBSD 4.3 running Perl v5.6.0. Paul -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mitchell D. Sheean Sent: Thursday, October 11, 2001 1:54 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Version 2.52-1 released I don't see that on your site. It's still 2.52. ----- Original Message ----- From: "Deanne Palmer" To: Sent: Thursday, October 11, 2001 11:44 AM Subject: Re: Version 2.52-1 released > Afraid we had to back off to 2.51. Mailscanner was dying periodically - > although I'm not certain that check_mailscanner wasn't precipitating the > problem. MailScanner's been running fine since we reverted back to the > prior release - still have 'check_mailscanner' cron. > > Julian Field wrote: > > > > At 14:59 11/10/2001, you wrote: > > >However, twice within the past 24 hours, mailscanner has become hung. > > >It's still running, but nothing is passing out of mqueue.in. The last > > >time it looks like it restarted at midnight, but never processed > > >anything after that. > > >When I came in this morning there were over 7000 messages waiting in > > >mqueue.in and only 70 in mqueue. > > >I killed mailscanner and ran check_mailscanner to restart. Everything > > >is moving right along now, although it will probably take a few hours to > > >catch up. This is running on an E250 Solaris 8. > > >Plenty of disk space available all around. Non-default options in the > > >config : Deliver Method = queue rather than 'batch', Notify Senders= > > >no, Notify Postmaster = no, > > >Deliver in Background = yes. > > > Any ideas regarding why mailscanner seems to be getting hung up? > > >Anyone else having this problem? > > > > I have seen this problem myself this morning, though I don't yet know why. > > The last thing in my log was "Going to scan 1 message", but, as you also > > say, the mailscanner process was still alive, just not doing anything. I > > hope to have time to wade through the code myself tomorrow, I need to add > > more debugging info to it as I cannot yet see why it would just hang. As > > far as I know at the moment, there's no reason for any particular bit of > > the code to just not terminate. Restarting it with exactly the same message > > queue solves the problem, so it can't be anything caused by a particular > > message. What I'm wondering is whether there are bugs in the implementation > > of POSIX process group code that I now use (which I didn't before the > > latest version). This was the only way of avoiding a timeout-failing > > problem with one user of Solaris 2.7. > > > > If you see this problem a lot, back off to 2.51 (it's still on the web > > site, there just aren't any links to it) and see how you get on. > > -- > > Julian Field Teaching Systems Manager > > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > > Tel. 023 8059 2817 University of Southampton > > Southampton SO17 1BJ > > -- > > > --------------------------- > Deanne Palmer dpalmer@skidmore.edu > Systems Administrator phone: (518) 580-5914 > CITS 580-5000 > Skidmore College fax: (518) 580-5936 > Saratoga Springs, NY > 12866-1632 > ------------------ > End of network mail From damin at NACS.NET Thu Oct 11 22:32:25 2001 From: damin at NACS.NET (Greg Boehnlein) Date: Thu Jan 12 21:14:04 2006 Subject: Version 2.52-1 released In-Reply-To: <001901c15297$ab0ba150$d900000a@paul01> Message-ID: On Thu, 11 Oct 2001, Paul Fries (CWIE LLC) wrote: > FYI: > I keep getting this error when using the new version (2.52-1) on a high > volume server: > > After mailscanner runs for about 10 minutes, I get this message dumped > to my shell, and mailscanner dies: > > > perl in malloc(): warning: recursive call. > Out of memory! > perl in free(): warning: recursive call. > perl in free(): warning: recursive call. > perl in free(): warning: recursive call. > perl in free(): warning: recursive call. > perl in malloc(): warning: recursive call. > > Server is FreeBSD 4.3 running Perl v5.6.0. Same thing on Linux RedHat Version 6.1 perl-5.00503-12 mailscanner-2.52-1 -- Vice President of New Age Consulting Service, Inc. Cleveland Ohio http://www.nacs.net info@nacs.net (216)-619-2000 KP-216-121-ST From damin at NACS.NET Thu Oct 11 22:36:29 2001 From: damin at NACS.NET (Greg Boehnlein) Date: Thu Jan 12 21:14:04 2006 Subject: Version 2.52-1 released In-Reply-To: <001901c15297$ab0ba150$d900000a@paul01> Message-ID: On Thu, 11 Oct 2001, Paul Fries (CWIE LLC) wrote: > FYI: > I keep getting this error when using the new version (2.52-1) on a high > volume server: > > After mailscanner runs for about 10 minutes, I get this message dumped > to my shell, and mailscanner dies: > > > perl in malloc(): warning: recursive call. > Out of memory! > perl in free(): warning: recursive call. > perl in free(): warning: recursive call. > perl in free(): warning: recursive call. > perl in free(): warning: recursive call. > perl in malloc(): warning: recursive call. > > Server is FreeBSD 4.3 running Perl v5.6.0. A little more info from my core file... [root@devel incoming]# file core core: ELF 32-bit LSB core file of 'mailscanner' (signal 11), Intel 80386, version 1 [root@devel incoming]# gdb -c core GNU gdb 4.18 Copyright 1998 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-redhat-linux". Core was generated by `perl /usr/local/MailScanner/bin/mailscanner /usr/local/MailScanner/etc/mailscan'. Program terminated with signal 11, Segmentation fault. #0 0x400a96e9 in ?? () (gdb) quit -- Vice President of New Age Consulting Service, Inc. Cleveland Ohio http://www.nacs.net info@nacs.net (216)-619-2000 KP-216-121-ST From martin.whinnery at SBIRMC.AC.UK Fri Oct 12 08:30:11 2001 From: martin.whinnery at SBIRMC.AC.UK (Martin Whinnery) Date: Thu Jan 12 21:14:04 2006 Subject: Explode.pl suddenly failing, HELP!! Message-ID: Er, I'm running bin/check_mailscanner from a cron job every 5 minutes. As of 8pm yesterday, I've started getting messages of the form: > Starting virus scanner... > Global symbol "@sbirmc" requires explicit package name at (eval 700) line 1, > chunk 10. > Can't call method "parts" on an undefined value at > /usr/local/MailScanner/bin/explode.pl line 197. Plain text mail gets through ok, but everything else appears to be sticking in the spool/MailScanner/incoming directory. I really don't understand. We have an OFSTED inspection starting on Monday, I'm very scared. Got any ideas? It's worked fine for the last 3 weeks. I'd much rather not turn the mailscanner off, as it's catching tens of viruses a day. Martin Whinnery From LISTSERV at JISCMAIL.AC.UK Fri Oct 12 00:01:33 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:04 2006 Subject: MAILSCANNER: Daily error monitoring report Message-ID: <200110112301.AAA10584@magpie.ecs.soton.ac.uk> The following 1 subscriber is currently being monitored: Err First Last Address --- ----- ----- ------- 2 10/11 10/11 Ian Beardsley Last error: Mailer mail-in.pol.net.UK said: "550 mail from 130.246.192.48 rejected: administrative prohibition (host is blacklisted)" Err= Number of delivery errors received thus far First= Date first delivery error was received (mm/dd) Last= Date of most current delivery error (mm/dd) Subscribers will be automatically deleted from the list when delivery errors have been reported for a period of 4 days or more, or when 100 delivery errors have been received, whichever occurs first. Monitoring will cease after 5 days without any reported error. Note: manually deleted subscribers may remain on the monitoring report under an alias address. Such entries will expire eventually; you do not need to do anything about them. From jkf at ecs.soton.ac.uk Fri Oct 12 09:03:46 2001 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:04 2006 Subject: Version 2.52-1 released In-Reply-To: <000601c15296$e4b8e8a0$8001a8c0@idmicro.com> References: <5.1.0.14.2.20011009134419.03b40ec0@hawk.ecs.soton.ac.uk> <5.1.0.14.2.20011011172631.03620008@hawk.ecs.soton.ac.uk> <3BC5E8A5.439C12FB@skidmore.edu> Message-ID: <5.1.0.14.2.20011012090326.0291efb8@hawk.ecs.soton.ac.uk> At 21:53 11/10/2001, you wrote: >I don't see that on your site. It's still 2.52. I've just added a link to 2.51-2 on the downloads page. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jkf at ecs.soton.ac.uk Fri Oct 12 09:07:04 2001 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:04 2006 Subject: Explode.pl suddenly failing, HELP!! In-Reply-To: Message-ID: <5.1.0.14.2.20011012090442.03bc0130@hawk.ecs.soton.ac.uk> At 08:30 12/10/2001, you wrote: > > Starting virus scanner... > > Global symbol "@sbirmc" requires explicit package name at (eval > 700) line 1, > > chunk 10. > > Can't call method "parts" on an undefined value at > > /usr/local/MailScanner/bin/explode.pl line 197. Check your *.txt files in /usr/local/MailScanner/etc for any @ signs. Change them to \@ (i.e. put a backslash before any @ signs in your *.txt files). -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From martin.whinnery at SBIRMC.AC.UK Fri Oct 12 09:41:22 2001 From: martin.whinnery at SBIRMC.AC.UK (Martin Whinnery) Date: Thu Jan 12 21:14:04 2006 Subject: Explode.pl suddenly failing, HELP!! Message-ID: Thanks Julian. That fixed the first error. Unfortunately, I'm still getting the other half, namely: > > Can't call method "parts" on an undefined value at > > /usr/local/MailScanner/bin/explode.pl line 197. Martin From jkf at ecs.soton.ac.uk Fri Oct 12 10:26:51 2001 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:04 2006 Subject: Explode.pl suddenly failing, HELP!! In-Reply-To: Message-ID: <5.1.0.14.2.20011012102514.03b1ae60@hawk.ecs.soton.ac.uk> At 09:41 12/10/2001, you wrote: >Thanks Julian. > >That fixed the first error. Unfortunately, I'm still getting the other >half, namely: > > > > Can't call method "parts" on an undefined value at > > > /usr/local/MailScanner/bin/explode.pl line 197. In which case, what version of MIME-tools are you using? I used the one available at http://www.sng.ecs.soton.ac.uk/mailscanner/install/perl.shtml I've seen this error when people are using dodgy versions of the Perl module. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From martin.whinnery at SBIRMC.AC.UK Fri Oct 12 11:26:31 2001 From: martin.whinnery at SBIRMC.AC.UK (Martin Whinnery) Date: Thu Jan 12 21:14:04 2006 Subject: Explode.pl suddenly failing, HELP!! Message-ID: Hokay, I reckon you got us on the 'duff perl' tack. It's all true. We do have a flaky perl install. We've got around this by moving back to the mcaffee dat download of two days ago. So I'm thinking that the duff virus scanner gave duff stuff back to mailscanner which wigged out 'cos we've got a duff perl install. I'm not sure if the mcaffee thing is just affecting us or not. We can't afford to fix perl right now (it ain't broke enough to justify taking it down) so we're gonna wait and see what happens when we update the dat files tonight. Again, thanks for your prompt support. I'm not as scared anymore. Martin From jkf at ecs.soton.ac.uk Fri Oct 12 12:19:50 2001 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:04 2006 Subject: Version 2.52-1 released In-Reply-To: References: <001901c15297$ab0ba150$d900000a@paul01> Message-ID: <5.1.0.14.2.20011012121608.03bce830@hawk.ecs.soton.ac.uk> I have just tweaked the code and will try it on our systems here for a while. I've increased the "Restart Every" time to try to encourage the code to fail if it's going to. If you want the latest sweep.pl and explode.pl to try them out (high load mail servers in particular) then please email me at mailscanner@ecs.soton.ac.uk and I'll send the files to you. At 22:32 11/10/2001, you wrote: >On Thu, 11 Oct 2001, Paul Fries (CWIE LLC) wrote: > > FYI: > > I keep getting this error when using the new version (2.52-1) on a high > > volume server: > > > > After mailscanner runs for about 10 minutes, I get this message dumped > > to my shell, and mailscanner dies: > > > > > > perl in malloc(): warning: recursive call. > > Out of memory! > > perl in free(): warning: recursive call. > > perl in free(): warning: recursive call. > > perl in free(): warning: recursive call. > > perl in free(): warning: recursive call. > > perl in malloc(): warning: recursive call. > > > > Server is FreeBSD 4.3 running Perl v5.6.0. > >Same thing on Linux >RedHat Version 6.1 >perl-5.00503-12 >mailscanner-2.52-1 -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From LISTSERV at JISCMAIL.AC.UK Sat Oct 13 00:01:35 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:04 2006 Subject: MAILSCANNER: Daily error monitoring report Message-ID: <200110122301.AAA14777@magpie.ecs.soton.ac.uk> The following 1 subscriber is currently being monitored: Err First Last Address --- ----- ----- ------- 2 10/11 10/11 Ian Beardsley Last error: Mailer mail-in.pol.net.UK said: "550 mail from 130.246.192.48 rejected: administrative prohibition (host is blacklisted)" Err= Number of delivery errors received thus far First= Date first delivery error was received (mm/dd) Last= Date of most current delivery error (mm/dd) Subscribers will be automatically deleted from the list when delivery errors have been reported for a period of 4 days or more, or when 100 delivery errors have been received, whichever occurs first. Monitoring will cease after 5 days without any reported error. Note: manually deleted subscribers may remain on the monitoring report under an alias address. Such entries will expire eventually; you do not need to do anything about them. From LISTSERV at JISCMAIL.AC.UK Sat Oct 13 20:01:19 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:04 2006 Subject: MAILSCANNER: dave@IPSMART.COM requested to join Message-ID: <200110131901.UAA13991@magpie.ecs.soton.ac.uk> Sat, 13 Oct 2001 20:01:19 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Dave Remien The following membership options have been requested: NOMIME DIGEST. You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER dave@IPSMART.COM Dave Remien PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER dave@IPSMART.COM Dave Remien SET MAILSCANNER NOMIME DIGEST FOR dave@IPSMART.COM // EOJ From LISTSERV at JISCMAIL.AC.UK Mon Oct 15 00:03:37 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:04 2006 Subject: MAILSCANNER: Daily error monitoring report Message-ID: <200110142303.AAA19993@magpie.ecs.soton.ac.uk> The following 1 subscriber is currently being monitored: Err First Last Address --- ----- ----- ------- 2 10/11 10/11 Ian Beardsley Last error: Mailer mail-in.pol.net.UK said: "550 mail from 130.246.192.48 rejected: administrative prohibition (host is blacklisted)" Err= Number of delivery errors received thus far First= Date first delivery error was received (mm/dd) Last= Date of most current delivery error (mm/dd) Subscribers will be automatically deleted from the list when delivery errors have been reported for a period of 4 days or more, or when 100 delivery errors have been received, whichever occurs first. Monitoring will cease after 5 days without any reported error. Note: manually deleted subscribers may remain on the monitoring report under an alias address. Such entries will expire eventually; you do not need to do anything about them. From Paul.Haldane at newcastle.ac.uk Mon Oct 15 14:58:16 2001 From: Paul.Haldane at newcastle.ac.uk (Paul Haldane) Date: Thu Jan 12 21:14:04 2006 Subject: Enhancement request In-Reply-To: <5.1.0.14.2.20010926171143.03b2fec8@hawk.ecs.soton.ac.uk> Message-ID: > -----Original Message----- > From: Julian Field > Sent: 26 September 2001 17:16 > To: MailScanner mailing list > Subject: Re: Enhancement request > > > At 11:47 24/09/2001, you wrote: > >One facility that our local stuff has that Mailscanner > >doesn't have (I > >think) is the ability to rename attachments as they pass > >through - for > >example we currently rename attachments such as "thing.exe" to > >"thing_exe". Idea being to make executable attachments > >non-executable > >(at least without a fair amount of effort by the recipient) > >even with > >files that have been passed as clean by the virus checker. > > Unfortunately, this is actually really hard to do. To keep > the load as light as possible (thereby making MailScanner as > fast as possible) I don't touch the body of messages without > viruses in them. Renaming attachments would entail rebuilding > the message body for all messages with attachments, which > would add significantly to the system load. That's not strictly true is it (or am I misunderstanding)? Any message that has an attachment whose file name matches one of the deny rules in the filename.rules.conf file well have to have its body munged as well won't it? We're only talking about renaming some attachments (*.exe for example) not all attachments. Paul From Paul.Haldane at newcastle.ac.uk Mon Oct 15 14:58:16 2001 From: Paul.Haldane at newcastle.ac.uk (Paul Haldane) Date: Thu Jan 12 21:14:04 2006 Subject: Enhancement request In-Reply-To: <5.1.0.14.2.20010926171143.03b2fec8@hawk.ecs.soton.ac.uk> Message-ID: > -----Original Message----- > From: Julian Field > Sent: 26 September 2001 17:16 > To: MailScanner mailing list > Subject: Re: Enhancement request > > > At 11:47 24/09/2001, you wrote: > >One facility that our local stuff has that Mailscanner > >doesn't have (I > >think) is the ability to rename attachments as they pass > >through - for > >example we currently rename attachments such as "thing.exe" to > >"thing_exe". Idea being to make executable attachments > >non-executable > >(at least without a fair amount of effort by the recipient) > >even with > >files that have been passed as clean by the virus checker. > > Unfortunately, this is actually really hard to do. To keep > the load as light as possible (thereby making MailScanner as > fast as possible) I don't touch the body of messages without > viruses in them. Renaming attachments would entail rebuilding > the message body for all messages with attachments, which > would add significantly to the system load. That's not strictly true is it (or am I misunderstanding)? Any message that has an attachment whose file name matches one of the deny rules in the filename.rules.conf file well have to have its body munged as well won't it? We're only talking about renaming some attachments (*.exe for example) not all attachments. Paul From LISTSERV at JISCMAIL.AC.UK Tue Oct 16 13:16:06 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:04 2006 Subject: MAILSCANNER: richard.bell@BREGENZ.AT requested to join Message-ID: <200110161216.NAA18020@magpie.ecs.soton.ac.uk> Tue, 16 Oct 2001 13:16:06 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Richard Bell You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER richard.bell@BREGENZ.AT Richard Bell PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER richard.bell@BREGENZ.AT Richard Bell // EOJ From LISTSERV at JISCMAIL.AC.UK Tue Oct 16 14:26:56 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:04 2006 Subject: MAILSCANNER: alan@ESSEX.AC.UK requested to join Message-ID: <200110161326.OAA21818@magpie.ecs.soton.ac.uk> Tue, 16 Oct 2001 14:26:56 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Alan Stanier You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER alan@ESSEX.AC.UK Alan Stanier PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER alan@ESSEX.AC.UK Alan Stanier // EOJ From LISTSERV at JISCMAIL.AC.UK Thu Oct 18 02:34:36 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:04 2006 Subject: MAILSCANNER: kjh@ISX.COM requested to join Message-ID: <200110180134.CAA04224@magpie.ecs.soton.ac.uk> Thu, 18 Oct 2001 02:34:36 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Khalid Hosein The following membership options have been requested: HTML DIGEST ACK NOREPRO NOMAIL CONCEAL. You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER kjh@ISX.COM Khalid Hosein PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER kjh@ISX.COM Khalid Hosein SET MAILSCANNER HTML DIGEST ACK NOREPRO NOMAIL CONCEAL FOR kjh@ISX.COM // EOJ From jkf at ecs.soton.ac.uk Thu Oct 18 16:36:58 2001 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:04 2006 Subject: Version 2.53-1 released Message-ID: <5.1.0.14.2.20011018163505.0507b160@hawk.ecs.soton.ac.uk> I have just release version 2.53-1. This is basically a bugfix release, sorting out any remaining timeout problems. I've also improved the handling of totally unparsable messages (it no longer just stops with an error message!). Expect to see some more on that front in the next release. Downloadable, as ever, from http://www.sng.ecs.soton.ac.uk/mailscanner -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jkf at ecs.soton.ac.uk Thu Oct 18 16:51:19 2001 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:04 2006 Subject: Version 2.53-1 released In-Reply-To: <5.1.0.14.2.20011018163505.0507b160@hawk.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20011018165030.050a6d88@hawk.ecs.soton.ac.uk> At 16:36 18/10/2001, you wrote: >I've also improved the handling of totally unparsable messages >(it no longer just stops with an error message!). Expect to see some more >on that front in the next release. As a quick followup, I would like to point out that I have only seen 2 unparsable messages in the last year (both of which occurred in the past fortnight!). -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From kjh at ISX.COM Thu Oct 18 19:23:24 2001 From: kjh at ISX.COM (Khalid Hosein) Date: Thu Jan 12 21:14:04 2006 Subject: Problem with explode.pl in mailscanner v.2.52-2 Message-ID: Hello, I just installed and configured mailscanner 2.52-2, but I've been getting the following error: Can't locate object method "new" via package "MIME::Parser::FileInto" at /usr/local/MailScanner/bin/explode.pl line 68. I've been pouring through my Perl Modules looking for the problem, but can't find anything. I'm running version 5.411 of MIME::Tools and version 5.6.0 of perl on Redhat 7.0 with a 2.4.2 kernel. Thanks for any help. _Khalid From jkf at ecs.soton.ac.uk Thu Oct 18 22:05:39 2001 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:04 2006 Subject: Problem with explode.pl in mailscanner v.2.52-2 In-Reply-To: Message-ID: <5.1.0.14.2.20011018220416.039857a0@hawk.ecs.soton.ac.uk> At 19:23 18/10/2001, you wrote: >Hello, I just installed and configured mailscanner 2.52-2, but I've been >getting the following error: >Can't locate object method "new" via package "MIME::Parser::FileInto" at > /usr/local/MailScanner/bin/explode.pl line 68. >I've been pouring through my Perl Modules looking for the problem, but can't >find anything. I'm running version 5.411 of MIME::Tools and version 5.6.0 of >perl on Redhat 7.0 with a 2.4.2 kernel. I would recommend you try using the versions of the perl modules I supply with the RPM distribution of MailScanner. Many versions of MIME-tools are a bit dodgy. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From kjh at ISX.COM Thu Oct 18 22:23:11 2001 From: kjh at ISX.COM (Khalid Hosein) Date: Thu Jan 12 21:14:04 2006 Subject: Problem with explode.pl in mailscanner v.2.52-2 Message-ID: On Thu, 18 Oct 2001 22:05:39 +0100, Julian Field wrote: >At 19:23 18/10/2001, you wrote: >>Hello, I just installed and configured mailscanner 2.52-2, but I've been >>getting the following error: >>Can't locate object method "new" via package "MIME::Parser::FileInto" at >> /usr/local/MailScanner/bin/explode.pl line 68. >>I've been pouring through my Perl Modules looking for the problem, but can't >>find anything. I'm running version 5.411 of MIME::Tools and version 5.6.0 of >>perl on Redhat 7.0 with a 2.4.2 kernel. > >I would recommend you try using the versions of the perl modules I supply >with the RPM distribution of MailScanner. Many versions of MIME-tools are a >bit dodgy. Yep, that's what I'm using. From Olaf.Kaus at MAXPERT.DE Fri Oct 19 08:50:53 2001 From: Olaf.Kaus at MAXPERT.DE (Olaf Kaus) Date: Thu Jan 12 21:14:04 2006 Subject: syntax check Message-ID: Hi all, is there an "sysntax" check for configuration files in the new realeases yet? I'm using Mailscanner version 2.21. Yesterday we had an NIMDA Attack und all the *.exe were going through Mailscanner. I have configured *\.exe in filename.rules.conf, but... ...i hadnt split the fields with TAB, but with SPACES (an had not seen it) %-(( Thats stupip or CUT & PASTE -- however it's *very* dangerous! Greetings...olf From LISTSERV at JISCMAIL.AC.UK Fri Oct 19 03:36:21 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:04 2006 Subject: MAILSCANNER: andrewh@CQG.COM requested to join Message-ID: <200110190236.DAA11782@magpie.ecs.soton.ac.uk> Fri, 19 Oct 2001 03:36:21 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Andrew Hoying You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER andrewh@CQG.COM Andrew Hoying PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER andrewh@CQG.COM Andrew Hoying // EOJ From nwp at LEMON-COMPUTING.COM Fri Oct 19 09:33:23 2001 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:04 2006 Subject: Problem with explode.pl in mailscanner v.2.52-2 In-Reply-To: <5.1.0.14.2.20011018220416.039857a0@hawk.ecs.soton.ac.uk>; from jkf@ECS.SOTON.AC.UK on Thu, Oct 18, 2001 at 10:05:39PM +0100 References: <5.1.0.14.2.20011018220416.039857a0@hawk.ecs.soton.ac.uk> Message-ID: <20011019093323.A25840@lemon-computing.com> On Thu, Oct 18, 2001 at 10:05:39PM +0100, Julian Field wrote: > I would recommend you try using the versions of the perl modules I supply > with the RPM distribution of MailScanner. Many versions of MIME-tools are a > bit dodgy. For anyone frustrated that Debian's stable distribution doesn't include an appropriate version of the Mime tools and IO-stringy libraries (libmime-perl and libio-stringy-perl in Debian), I've just repacked the versions from the testing distribution into a form that will install on stable systems. They're available from http://www.lemon-computing.com/debian/packages/ or using apt, with the line: deb http://debian.lemon-computing.com/lemon lemon main BUT BEWARE! there are also several other packages in that archive that you may or may not want installed. If you just add the above line and then "apt-get update; apt-get install libmime-perl libio-stringy-perl" and then comment out the line again & re-update, you should be OK. As usual, I don't guarantee anything about any of the content you find there; particularly not that it will work as expected ;) Cheers, Nick -- Nick Phillips -- nwp@lemon-computing.com You're being followed. Cut out the hanky-panky for a few days. From nwp at LEMON-COMPUTING.COM Fri Oct 19 09:39:15 2001 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:04 2006 Subject: Problem with explode.pl in mailscanner v.2.52-2 In-Reply-To: ; from kjh@ISX.COM on Thu, Oct 18, 2001 at 10:23:11PM +0100 References: Message-ID: <20011019093915.B25840@lemon-computing.com> On Thu, Oct 18, 2001 at 10:23:11PM +0100, Khalid Hosein wrote: > On Thu, 18 Oct 2001 22:05:39 +0100, Julian Field > wrote: > > >At 19:23 18/10/2001, you wrote: > >>Hello, I just installed and configured mailscanner 2.52-2, but I've been > >>getting the following error: > >>Can't locate object method "new" via package "MIME::Parser::FileInto" at > >> /usr/local/MailScanner/bin/explode.pl line 68. > >>I've been pouring through my Perl Modules looking for the problem, but > can't > >>find anything. I'm running version 5.411 of MIME::Tools and version 5.6.0 > of > >>perl on Redhat 7.0 with a 2.4.2 kernel. > > > >I would recommend you try using the versions of the perl modules I supply > >with the RPM distribution of MailScanner. Many versions of MIME-tools are a > >bit dodgy. > > Yep, that's what I'm using. Are you sure that that's the version that perl is actually picking up? I don't know where either Redhat or Julian's packages put the modules, but it could be that perl finds an older version from somewhere before getting to the correct version... Cheers, Nick -- Nick Phillips -- nwp@lemon-computing.com You will experience a strong urge to do good; but it will pass. From jkf at ecs.soton.ac.uk Fri Oct 19 09:45:00 2001 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:04 2006 Subject: syntax check In-Reply-To: Message-ID: <5.1.0.14.2.20011019094418.03c0be40@hawk.ecs.soton.ac.uk> At 08:50 19/10/2001, you wrote: >is there an "sysntax" check for configuration files in the new realeases >yet? Not yet, but given your report below I obviously need to write one! I will try to get it into the next version. >...i hadnt split the fields with TAB, but with SPACES (an had not seen it) -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From LISTSERV at JISCMAIL.AC.UK Fri Oct 19 14:12:44 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:04 2006 Subject: MAILSCANNER: n.blackaby@UMIST.AC.UK requested to join Message-ID: <200110191312.OAA12437@magpie.ecs.soton.ac.uk> Fri, 19 Oct 2001 14:12:44 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Nicholas Blackaby You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER n.blackaby@UMIST.AC.UK Nicholas Blackaby PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER n.blackaby@UMIST.AC.UK Nicholas Blackaby // EOJ From andrewh at CQG.COM Fri Oct 19 19:13:59 2001 From: andrewh at CQG.COM (Andrew Hoying) Date: Thu Jan 12 21:14:04 2006 Subject: BUG: File's not renamed when caught with the file extension checker In-Reply-To: <20011019093915.B25840@lemon-computing.com> Message-ID: Hello, I apologize if this has been mentioned before, but I am new to this list. During my testing of MailScanner 2.53-1 I've noticed that if I send a file through with the name test.vbs or test.jpg.vgs, which does not actually contain a virus, it does get quarantined, but the mail is sent on to the user with the virus warning named test.vbs or test.jpg.vbs. If I edit this file, I see the correct message, but of course people can't double click the message to view it. Thank you, Andrew Hoying From jkf at ecs.soton.ac.uk Sat Oct 20 12:32:09 2001 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:04 2006 Subject: BUG: File's not renamed when caught with the file extension checker In-Reply-To: References: <20011019093915.B25840@lemon-computing.com> Message-ID: <5.1.0.14.2.20011020123104.031ccdf8@hawk.ecs.soton.ac.uk> At 19:13 19/10/2001, you wrote: >I apologize if this has been mentioned before, but I am new to this list. >During my testing of MailScanner 2.53-1 I've noticed that if I send a file >through with the name test.vbs or test.jpg.vgs, which does not actually >contain a virus, it does get quarantined, but the mail is sent on to the >user with the virus warning named test.vbs or test.jpg.vbs. If I edit this >file, I see the correct message, but of course people can't double click the >message to view it. I'll look into that one and get back to you (and the list) in the week. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jkf at ecs.soton.ac.uk Sat Oct 20 12:36:53 2001 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:04 2006 Subject: BUG: File's not renamed when caught with the file extension checker In-Reply-To: References: <20011019093915.B25840@lemon-computing.com> Message-ID: <5.1.0.14.2.20011020123437.032d0be0@hawk.ecs.soton.ac.uk> At 19:13 19/10/2001, you wrote: >I apologize if this has been mentioned before, but I am new to this list. >During my testing of MailScanner 2.53-1 I've noticed that if I send a file >through with the name test.vbs or test.jpg.vgs, which does not actually >contain a virus, it does get quarantined, but the mail is sent on to the >user with the virus warning named test.vbs or test.jpg.vbs. If I edit this >file, I see the correct message, but of course people can't double click the >message to view it. I have just tested this feature, and it appears to be working as intended. I mailed myself a file containing a (harmless) online1.htm.vbs file, and the attachment in the received message was correctly named "VirusWarning.txt". I would have to suspect the version of the MIME-tools perl module you are using. I recommend that you use exactly the version that is posted on my web site at http://www.sng.ecs.soton.ac.uk/mailscanner/install/perl.shtml as there are many "ropey" versions of that module. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From LISTSERV at JISCMAIL.AC.UK Sat Oct 20 16:12:50 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:04 2006 Subject: MAILSCANNER: sfarrell@ICCONSULTING.COM.AU requested to join Message-ID: <200110201512.QAA06818@magpie.ecs.soton.ac.uk> Sat, 20 Oct 2001 16:12:50 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Scott Farrell You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER sfarrell@ICCONSULTING.COM.AU Scott Farrell PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER sfarrell@ICCONSULTING.COM.AU Scott Farrell // EOJ From LISTSERV at JISCMAIL.AC.UK Sat Oct 20 18:28:29 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:04 2006 Subject: MAILSCANNER: splee@PLEXIO.COM requested to join Message-ID: <200110201728.SAA10122@magpie.ecs.soton.ac.uk> Sat, 20 Oct 2001 18:28:29 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Stephen Lee You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER splee@PLEXIO.COM Stephen Lee PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER splee@PLEXIO.COM Stephen Lee // EOJ From LISTSERV at JISCMAIL.AC.UK Sat Oct 20 20:59:02 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:04 2006 Subject: MAILSCANNER: hamish@TRAVELLINGKIWI.COM requested to join Message-ID: <200110201959.UAA13875@magpie.ecs.soton.ac.uk> Sat, 20 Oct 2001 20:59:02 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Hamish Marson You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER hamish@TRAVELLINGKIWI.COM Hamish Marson PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER hamish@TRAVELLINGKIWI.COM Hamish Marson // EOJ From andrewh at CQG.COM Sat Oct 20 23:13:53 2001 From: andrewh at CQG.COM (Andrew Hoying) Date: Thu Jan 12 21:14:04 2006 Subject: BUG: File's not renamed when caught with the file extension checker References: <20011019093915.B25840@lemon-computing.com> <5.1.0.14.2.20011020123437.032d0be0@hawk.ecs.soton.ac.uk> Message-ID: <008801c159b4$81bd80b0$040be3cc@wolffang> This seems to have fixed the problem, thank you. Andrew Hoying ----- Original Message ----- From: "Julian Field" To: Sent: Saturday, October 20, 2001 5:36 AM Subject: Re: BUG: File's not renamed when caught with the file extension checker > At 19:13 19/10/2001, you wrote: > >I apologize if this has been mentioned before, but I am new to this list. > >During my testing of MailScanner 2.53-1 I've noticed that if I send a file > >through with the name test.vbs or test.jpg.vgs, which does not actually > >contain a virus, it does get quarantined, but the mail is sent on to the > >user with the virus warning named test.vbs or test.jpg.vbs. If I edit this > >file, I see the correct message, but of course people can't double click the > >message to view it. > > I have just tested this feature, and it appears to be working as intended. > I mailed myself a file containing a (harmless) online1.htm.vbs file, and > the attachment in the received message was correctly named "VirusWarning.txt". > > I would have to suspect the version of the MIME-tools perl module you are > using. I recommend that you use exactly the version that is posted on my > web site at > http://www.sng.ecs.soton.ac.uk/mailscanner/install/perl.shtml > as there are many "ropey" versions of that module. > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ > From splee at PLEXIO.COM Sun Oct 21 23:11:44 2001 From: splee at PLEXIO.COM (Stephen Lee) Date: Thu Jan 12 21:14:04 2006 Subject: Multiple copies of the same message Message-ID: I have Mailscanner 2.53/Sophos running on RH7.1/Sendmail 8.11.6 quite nicely. The only piece of instruction I did not follow was to change DM from sendmail.cf to the full name of my mailserver. If I did that, wouldn't I lose the ability to masquerade the server? However, the problem I am having now is that every so often, some of my users get multiple copies of the same message over a period of several hours and even 1 day later. This never happened before the AV scanner was installed. I would appreciate suggestions on how to resolve this problem. Thanks, Stephen From LISTSERV at JISCMAIL.AC.UK Sun Oct 21 14:55:21 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:04 2006 Subject: MAILSCANNER: dave@NONSTOP-NETWORKS.CO.UK requested to join Message-ID: <200110211355.OAA05632@magpie.ecs.soton.ac.uk> Sun, 21 Oct 2001 14:55:21 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Dave Atkin You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER dave@NONSTOP-NETWORKS.CO.UK Dave Atkin PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER dave@NONSTOP-NETWORKS.CO.UK Dave Atkin // EOJ From sfarrell at ICCONSULTING.COM.AU Mon Oct 22 10:03:27 2001 From: sfarrell at ICCONSULTING.COM.AU (Scott Farrell) Date: Thu Jan 12 21:14:04 2006 Subject: other virus scanners Message-ID: Started using mailscanner a few days ago ... its great. How easy is it to get mailscanner to use other virus scanners? We are thinking of using CA's inoculate. Is there a script file I can manipulate? regards Scott Farrell http://www.icconsulting.com.au ic Consulting - the people that make eBusiness happen. We offer e-business consulting and perform services. We deliver high impact consulting, and fast turn around projects for our clients. Ask us about Web Content Management, Web Self Service, or working closer with your customers or suppliers. 0412 927 156, 02 9411 3622 mailto:sfarrell@icconsulting.com.au -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20011022/1c8ae8fd/attachment.html From jkf at ecs.soton.ac.uk Mon Oct 22 11:26:20 2001 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:04 2006 Subject: other virus scanners In-Reply-To: Message-ID: <5.1.0.14.2.20011022112426.0356fcf8@hawk.ecs.soton.ac.uk> At 10:03 22/10/2001, you wrote: >How easy is it to get mailscanner to use other virus scanners? >We are thinking of using CA's inoculate. >Is there a script file I can manipulate? Everything to do with the scanner is in sweep.pl. Basically you need to 1) Work out all the command-line options needed 2) Write a little parser that pulls out the names of the infected files, along with the virus reports for them. There's code already in there for Sophos and Mcafee, so you should be able to copy what I've already written. If you get it working nicely, I would be grateful of the code to put in the distribution. If you need a hand writing it, send me some output from inoculate and I'll show you what the regular expressions and code should look like. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From LISTSERV at JISCMAIL.AC.UK Mon Oct 22 14:56:44 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:04 2006 Subject: MAILSCANNER: Hamish.N.Marson@BRITISHAIRWAYS.COM requested to join Message-ID: <200110221356.OAA25293@magpie.ecs.soton.ac.uk> Mon, 22 Oct 2001 14:56:44 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Hamish Marson You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER Hamish.N.Marson@BRITISHAIRWAYS.COM Hamish Marson PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER Hamish.N.Marson@BRITISHAIRWAYS.COM Hamish Marson // EOJ From LISTSERV at JISCMAIL.AC.UK Mon Oct 22 15:35:57 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:04 2006 Subject: MAILSCANNER: tyler@BELOIT.EDU requested to join Message-ID: <200110221435.PAA27775@magpie.ecs.soton.ac.uk> Mon, 22 Oct 2001 15:35:57 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Tim Tyler You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER tyler@BELOIT.EDU Tim Tyler PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER tyler@BELOIT.EDU Tim Tyler // EOJ From tyler at BELOIT.EDU Mon Oct 22 16:08:37 2001 From: tyler at BELOIT.EDU (Tim Tyler) Date: Thu Jan 12 21:14:04 2006 Subject: Wrong body with wrong headers!!! ? Message-ID: <4.3.1.0.20011022100333.00c80c80@pop3.norton.antivirus> Mailscanner experts, I have a situation I have never seen before. I am running sendmail 8.9.3 in conjunction with mailscanner and sophos which I just intalled less than a month ago to try out. A user sent a message that became queued for one reason or another. The next day, another message came into the system and took the same id number as the one that was queued (which I thought was impossible). The body of the message of the original sender was then sent via the new headers to the new address. I have no idea what happened to the new body (perhaps simply lost). Hence, a message was delivered to the wrong destination because the process ID's cycled around in less than 24 hours. How is this possible? Is this the fault of sendmail or mailscanner or AIX? What might I do to prevent an identification number from cycling around and being taken again by chance? Is this a failure to lock the queued files? Tim Tim Tyler Network Engineer - Beloit College tyler@beloit.edu From jkf at ecs.soton.ac.uk Mon Oct 22 16:22:58 2001 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:04 2006 Subject: Wrong body with wrong headers!!! ? In-Reply-To: <4.3.1.0.20011022100333.00c80c80@pop3.norton.antivirus> Message-ID: <5.1.0.14.2.20011022162139.03bd4b30@hawk.ecs.soton.ac.uk> At 16:08 22/10/2001, you wrote: > I have a situation I have never seen before. I am running sendmail >8.9.3 in conjunction with mailscanner and sophos which I just intalled less >than a month ago to try out. A user sent a message that became queued for >one reason or another. The next day, another message came into the system >and took the same id number as the one that was queued (which I thought was >impossible). The body of the message of the original sender was then sent >via the new headers to the new address. I have no idea what happened to >the new body (perhaps simply lost). Hence, a message was delivered to the >wrong destination because the process ID's cycled around in less than 24 >hours. How is this possible? Is this the fault of sendmail or >mailscanner or AIX? It's a sendmail fault. It shouldn't have given 2 messages the same message ID. Later versions of sendmail solved this problem by completely changing the way they allocated message IDs so it cannot now allocate the same message ID twice in less than about 60 years. Never seen sendmail do this one before... -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jkha at HPLB.HPL.HP.COM Mon Oct 22 16:46:00 2001 From: jkha at HPLB.HPL.HP.COM (John Hawkes-Reed) Date: Thu Jan 12 21:14:04 2006 Subject: Wrong body with wrong headers!!! ? References: <5.1.0.14.2.20011022162139.03bd4b30@hawk.ecs.soton.ac.uk> Message-ID: <3BD43F38.112BA06C@hplb.hpl.hp.com> Julian Field wrote: [ ... ] > It's a sendmail fault. It shouldn't have given 2 messages the same message > ID. Later versions of sendmail solved this problem by completely changing > the way they allocated message IDs so it cannot now allocate the same > message ID twice in less than about 60 years. > > Never seen sendmail do this one before... Hell's donkeys. M3 too. Possibly, anyway. I've had a report this AM of an outgoing message body being replaced with some spam at some point between and . I strongly suspect Ugly Coincidence, though. Ugh. Mondays. -- John Hawkes-Reed Unix hacker. RIT Bristol. T:(0117) 312-8787 From jkf at ecs.soton.ac.uk Mon Oct 22 18:23:59 2001 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:04 2006 Subject: Careful where queue directories are placed In-Reply-To: Message-ID: <5.1.0.14.2.20011022182204.00b05ea8@hawk.ecs.soton.ac.uk> At 18:01 22/10/2001, you wrote: >The cause of our problem was that /var/spool/mqueue was on a separate >filesystem to /var/spool/mqueue.in and /var/spool/MailScanner. Vital >locking information was being lost when message files were being moved >between filesystems rather than _within the same_ filesystem as was >intended. This is 1 of the items in the Installation FAQ, but I agree I should re-word the installation guide. "Advises" is hardly the case... Sorry! >Mailscanner works >fine. Glad to hear it's all working now. Sorry for poorly wording the installation guide. I'll fix it tonight/tomorrow. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From dave at NONSTOP-NETWORKS.CO.UK Tue Oct 23 01:05:26 2001 From: dave at NONSTOP-NETWORKS.CO.UK (David Atkin) Date: Thu Jan 12 21:14:04 2006 Subject: other virus scanners References: <5.1.0.14.2.20011022112426.0356fcf8@hawk.ecs.soton.ac.uk> Message-ID: <001701c15b56$6c289ac0$fe01a8c0@nonstop> Would it be easy to make it use more than one virus scanner, and maybe run them in parallel for each message? For a belt-and-braces approach... -- Dave Atkin, NonStop Networks Ltd www.nonstop-networks.co.uk Tel: 01904 425406 ----- Original Message ----- From: "Julian Field" To: Sent: Monday, October 22, 2001 3:26 AM Subject: Re: other virus scanners > At 10:03 22/10/2001, you wrote: > >How easy is it to get mailscanner to use other virus scanners? > >We are thinking of using CA's inoculate. > >Is there a script file I can manipulate? > > Everything to do with the scanner is in sweep.pl. Basically you need to > 1) Work out all the command-line options needed > 2) Write a little parser that pulls out the names of the infected files, > along with the virus reports for them. > > There's code already in there for Sophos and Mcafee, so you should be able > to copy what I've already written. > > If you get it working nicely, I would be grateful of the code to put in the > distribution. If you need a hand writing it, send me some output from > inoculate and I'll show you what the regular expressions and code should > look like. > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ > From Q.G.Campbell at NEWCASTLE.AC.UK Mon Oct 22 18:01:15 2001 From: Q.G.Campbell at NEWCASTLE.AC.UK (Q G Campbell) Date: Thu Jan 12 21:14:05 2006 Subject: Careful where queue directories are placed Message-ID: We have been running various releases of Mailscanner perfectly happily on a test Mail Hub which uses sendmail on a Sun ULTRA5 box. Today was the big day when we went live on the three production Mail Hubs; these also use sendmail on ULTRA5 boxes and the production installations were, software wise, a clone of the test installation. Immediately after we rebooted the first production server the console was flooded with messages of the form: SYSERR(root): readqf cannot open ./df.........: No such file or directory It became clear that mail was being moved from the mqueue.in directory to the mqueue directory often without their corresponding "df" file. Users were receiving messages without bodies as a consequence. The cause of our problem was that /var/spool/mqueue was on a separate filesystem to /var/spool/mqueue.in and /var/spool/MailScanner. Vital locking information was being lost when message files were being moved between filesystems rather than _within the same_ filesystem as was intended. The Installation Guide "advises" putting all these directories in the same filesystem. The Guide should be amended to make this advice mandatory and warn users of the consequences of not doing so! Our configuration was probably a bit unusual in having /var/spool/mqueue mounted on its own disk, separate from the rest of /var/spool. The whole of /var/spool is now mounted on this separate disk and Mailscanner works fine. Quentin Campbell (Postmaster) --- PHONE: +44 191 222 8209 Computing Service, University of Newcastle FAX: +44 191 222 8765 Newcastle upon Tyne, United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." From sfarrell at ICCONSULTING.COM.AU Tue Oct 23 06:31:47 2001 From: sfarrell at ICCONSULTING.COM.AU (Scott Farrell) Date: Thu Jan 12 21:14:05 2006 Subject: MAPS support Message-ID: Just looking in the mailscanner.conf file, and I am trying to get the MAPS support works. The ORDB support seems to work fine. # MAPS now charge for their services, so you'll have to buy a contract before # attempting to use the next 3 lines. # Spam List = MAPS-RBL, blackholes.mail-abuse.org. # Spam List = MAPS-DUL, dialups.mail-abuse.org. # Spam List = MAPS-RSS, relays.mail-abuse.org. I had a looks at mail-abuse.org, and couldn't find any references to having to pay. what is the status on MAPS support? thanx Scott From LISTSERV at JISCMAIL.AC.UK Mon Oct 22 18:57:15 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:05 2006 Subject: MAILSCANNER: hancocks@MORGANCO.COM requested to join Message-ID: <200110221757.SAA10130@magpie.ecs.soton.ac.uk> Mon, 22 Oct 2001 18:57:15 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Scott Hancock The following membership options have been requested: SHORTHDR. You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER hancocks@MORGANCO.COM Scott Hancock PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER hancocks@MORGANCO.COM Scott Hancock SET MAILSCANNER SHORTHDR FOR hancocks@MORGANCO.COM // EOJ From LISTSERV at JISCMAIL.AC.UK Mon Oct 22 21:53:38 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:05 2006 Subject: MAILSCANNER: edward_ortiz@SSA-SA.SEL.SONY.COM requested to join Message-ID: <200110222053.VAA19157@magpie.ecs.soton.ac.uk> Mon, 22 Oct 2001 21:53:38 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Ed Ortiz The following membership options have been requested: NOMAIL CONCEAL. You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER edward_ortiz@SSA-SA.SEL.SONY.COM Ed Ortiz PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER edward_ortiz@SSA-SA.SEL.SONY.COM Ed Ortiz SET MAILSCANNER NOMAIL CONCEAL FOR edward_ortiz@SSA-SA.SEL.SONY.COM // EOJ From jkf at ecs.soton.ac.uk Tue Oct 23 09:35:41 2001 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:05 2006 Subject: Version 2.54-1 released Message-ID: <5.1.0.14.2.20011023093324.03a39688@hawk.ecs.soton.ac.uk> I have just released version 2.54-1. This is basically a minor bug-fix released, to correct a problem relating to modifying the subject line of mail marked as spam, when using Exim. Sendmail users need not upgrade. I also now insist on minimum version numbers of the MIME-tools modules, as there have been so many problems related to this package. Also, the Linux version now uses wget to autoupdate the Sophos IDE files, rather than Lynx. This is due to problems seen running some versions of Lynx from crond. All downloadable, as ever, from http://www.sng.ecs.soton.ac.uk/mailscanner/ -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From nwp at LEMON-COMPUTING.COM Tue Oct 23 09:50:17 2001 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:05 2006 Subject: MAPS support In-Reply-To: ; from sfarrell@ICCONSULTING.COM.AU on Tue, Oct 23, 2001 at 04:31:47PM +1100 References: Message-ID: <20011023095017.C5228@lemon-computing.com> On Tue, Oct 23, 2001 at 04:31:47PM +1100, Scott Farrell wrote: > I had a looks at mail-abuse.org, and couldn't find any references to having > to pay. http://www.mail-abuse.org/subscription.html Not terribly prominent, I admit. They appear to have finally disallowed unpaid access about a month or so after they said they would. > what is the status on MAPS support? You have to pay MAPS. There are several other possible lists, though - ordb, orbz, dorkslayers... You pays your money and takes your choice (or not, as the case may be). -- Nick Phillips -- nwp@lemon-computing.com If you sow your wild oats, hope for a crop failure. From Q.G.Campbell at NEWCASTLE.AC.UK Tue Oct 23 16:19:34 2001 From: Q.G.Campbell at NEWCASTLE.AC.UK (Q G Campbell) Date: Thu Jan 12 21:14:05 2006 Subject: Filtering on filename extensions Message-ID: This site has chosen to use the default ~/etc/filename.rules.conf for our roll out of Mailscanner. One consequence of this decision is that attachments containing files such as "proposal.rtf.doc" are now being blocked with an "Attempt to hide real filename extension" warning message. This occurs whether or not the .DOC attachment carried a virus and was disinfected. I don't think it should have blocked simply because of the filenames rules. In particular I would expect a message with a repeated file extension to be delivered, provided it passed the virus scan phase, _if_ the last extension was ".DOC". In the light of the above I would like to ask: 1. Is it "safe" to modify filename.rules.conf in the way I have suggested? 2. If it is safe, what is the best way to modify the conf file to achieve delivery of .DOC files. 3. Why are common file extensions like .DOC ignored altogether in the filename.rules.conf file? I carried out a sample survey at this site recently of more than 20,000 messages with attachments and almost 50% were .DOC files. Thus better handling of .DOC files is an important issue for us. Quentin --- PHONE: +44 191 222 8209 Computing Service, University of Newcastle FAX: +44 191 222 8765 Newcastle upon Tyne, United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." From Q.G.Campbell at NEWCASTLE.AC.UK Tue Oct 23 16:41:09 2001 From: Q.G.Campbell at NEWCASTLE.AC.UK (Q G Campbell) Date: Thu Jan 12 21:14:05 2006 Subject: Filtering on filename extensions Message-ID: > -----Original Message----- > From: Q G Campbell [mailto:Q.G.Campbell@newcastle.ac.uk] > Sent: 23 October 2001 16:20 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Filtering on filename extensions > > > This site has chosen to use the default > ~/etc/filename.rules.conf for our roll out of Mailscanner. > > One consequence of this decision is that attachments > containing files such as "proposal.rtf.doc" are now being > blocked with an "Attempt to hide real filename extension" > warning message. > > This occurs whether or not the .DOC attachment carried a > virus and was disinfected. I don't think it should have > blocked simply because of the filenames rules. > > In particular I would expect a message with a repeated file > extension to be delivered, provided it passed the virus scan > phase, _if_ the last extension was ".DOC". > > In the light of the above I would like to ask: > > 1. Is it "safe" to modify filename.rules.conf in the way I > have suggested? > > 2. If it is safe, what is the best way to modify the conf > file to achieve > delivery of .DOC files. As an attempt to answer my own question I am going to try, taking the excerpt from my modified filename.rules.conf file: ... # Deny all other double file extensions.... deny \.[a-z][a-z0-9]{2,3}\.[a-z0-9]{3}$ # but allow \.[a-z][a-z0-9]{2,3}\.doc$ # These 2 are well known... ... Quentin From Q.G.Campbell at NEWCASTLE.AC.UK Tue Oct 23 17:14:41 2001 From: Q.G.Campbell at NEWCASTLE.AC.UK (Q G Campbell) Date: Thu Jan 12 21:14:05 2006 Subject: Filtering on filename extensions Message-ID: [snip] > As an attempt to answer my own question I am going to try, > taking the excerpt from my modified filename.rules.conf file: > > ... > # Deny all other double file extensions.... > deny \.[a-z][a-z0-9]{2,3}\.[a-z0-9]{3}$ > # but > allow \.[a-z][a-z0-9]{2,3}\.doc$ > > # These 2 are well known... > ... A colleague looked at the code that processes the filename.rules.conf file and has pointed out that the above will not work. The rule matching terminates at the first successful match in the conf file. Thus the way to ensure that "blah.rtf.doc" and "blah.doc.rtf" are not blocked (if they are virus free) is to add "\.doc$" and "\.rtf$\" to the list of allowed file extensions. Which begs the question as to why these two common file extensions are not already there given that an attachment with a repeated file extension is scanned for viruses anyway? Quentin From jkf at ecs.soton.ac.uk Tue Oct 23 16:26:23 2001 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:05 2006 Subject: Filtering on filename extensions In-Reply-To: Message-ID: <5.1.0.14.2.20011023162053.03e98178@hawk.ecs.soton.ac.uk> At 16:19 23/10/2001, you wrote: >One consequence of this decision is that attachments containing files >such as "proposal.rtf.doc" are now being blocked with an "Attempt to >hide real filename extension" warning message. > >This occurs whether or not the .DOC attachment carried a virus and was >disinfected. I don't think it should have blocked simply because of the >filenames rules. > >In particular I would expect a message with a repeated file extension to >be delivered, provided it passed the virus scan phase, _if_ the last >extension was ".DOC". > >In the light of the above I would like to ask: > > 1. Is it "safe" to modify filename.rules.conf in the way I have >suggested? Fairly. > 2. If it is safe, what is the best way to modify the conf file to >achieve delivery of .DOC files. allow \.doc$ - - Put that above the double-file-extension trap in filename.rules.conf. Note: *Remember* to separate the fields with TAB characters, not just spaces. Sorry about that, I need to put a better syntax checker into the code that reads this file, to check for this. > 3. Why are common file extensions like .DOC ignored altogether in the > filename.rules.conf file? It's just a sample, I hope people at least look at it before using it on their site. Part of the reason the double-file-extension trap is there is to serve as an example of what *can* be done. Mind you, I wouldn't be without it here! We find it does produce a fair false-positive rate. However, we only get asked once or twice a month to actually send the recipient the file out of the quarantine. Seems most people don't actually want the attachments they receive anyway... -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From LISTSERV at JISCMAIL.AC.UK Tue Oct 23 18:52:31 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:05 2006 Subject: MAILSCANNER: jpollman@BIGFOOT.COM requested to join Message-ID: <200110231752.SAA16627@magpie.ecs.soton.ac.uk> Tue, 23 Oct 2001 18:52:31 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from JC Pollman You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER jpollman@BIGFOOT.COM JC Pollman PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER jpollman@BIGFOOT.COM JC Pollman // EOJ From jkf at ecs.soton.ac.uk Wed Oct 24 10:40:48 2001 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:05 2006 Subject: Filtering on filename extensions In-Reply-To: Message-ID: <5.1.0.14.2.20011024103951.00b00420@hawk.ecs.soton.ac.uk> At 17:14 23/10/2001, you wrote: >Which begs the question as to why these two common file extensions are >not already there given that an attachment with a repeated file >extension is scanned for viruses anyway? I believe my previous message answers this... Remember we are trying to stop some viruses *before* Sophos have a chance to get an IDE file out for them. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From LISTSERV at JISCMAIL.AC.UK Thu Oct 25 03:57:05 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:05 2006 Subject: MAILSCANNER: butler@GLOBESERVER.COM requested to join Message-ID: <200110250257.DAA17309@magpie.ecs.soton.ac.uk> Thu, 25 Oct 2001 03:57:05 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Phil Butler You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER butler@GLOBESERVER.COM Phil Butler PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER butler@GLOBESERVER.COM Phil Butler // EOJ From Amanda.J.Tyler at SOC.SOTON.AC.UK Thu Oct 25 17:26:52 2001 From: Amanda.J.Tyler at SOC.SOTON.AC.UK (Amanda Tyler) Date: Thu Jan 12 21:14:05 2006 Subject: Red Hat 7.2 Message-ID: <5.0.0.25.2.20011025172341.00acb0f8@mail.soc.soton.ac.uk> Hello As a user just about to embark on using mailscanner my question is has anyone tried it on Red Hat 7.2? I am purchasing a new box which is coming pre-loaded with 7.2 and wondered if I should reload version 7.1 Any suggestions please Amanda IT Group Southampton Oceanography Centre From sfarrell at ICCONSULTING.COM.AU Fri Oct 26 01:00:06 2001 From: sfarrell at ICCONSULTING.COM.AU (Scott Farrell) Date: Thu Jan 12 21:14:05 2006 Subject: Red Hat 7.2 Message-ID: Amanda, I'd be interested in your efforts with 7.2. We are running on 7.1 and that is obviously great. We are going to move to7.2 and use ext3 ... I would be interested on anyone's experience with using redhat 7.2 or ext3 on the spool directories with mailscanner. I know all the spool stuff needs to be on the same filesystem (it breaks otherwise - I know that one first hand), I wonder ext3 breaks it? regards Scott Farrell http://www.icconsulting.com.au ic Consulting - the people that make eBusiness happen. We offer e-business consulting and perform services. We deliver high impact consulting, and fast turn around projects for our clients. Ask us about Web Content Management, Web Self Service, or working closer with your customers or suppliers. 0412 927 156, 02 9411 3622 mailto:sfarrell@icconsulting.com.au Amanda Tyler cc: Sent by: MailScanner Subject: Red Hat 7.2 mailing list 26/10/01 02:26 AM Please respond to MailScanner mailing list Hello As a user just about to embark on using mailscanner my question is has anyone tried it on Red Hat 7.2? I am purchasing a new box which is coming pre-loaded with 7.2 and wondered if I should reload version 7.1 Any suggestions please Amanda IT Group Southampton Oceanography Centre From Jvanlowe at EMS.JSC.NASA.GOV Fri Oct 26 05:12:18 2001 From: Jvanlowe at EMS.JSC.NASA.GOV (Van Lowe, John A) Date: Thu Jan 12 21:14:05 2006 Subject: Red Hat 7.2 Message-ID: I've purchased four dell poweredge servers all of which came factory installed with Redhat 7.2 sbe and the first third party software I applied was the MailScanner. Each of the mail servers, which btw is the primary use of the systems, handles nearly 1300 emails a day most of which have attachments. The loads on the servers have been minimal. Each server has two 800mhz CPU's and 512Mb of Ram. The CPU idle time was around 95%. The system has been running nearly a week without any problems. Good luck! - John Van Lowe jvanlowe@ems.jsc.nasa.gov MCC FC / JSC / NASA -----Original Message----- From: Amanda Tyler [mailto:Amanda.J.Tyler@SOC.SOTON.AC.UK] Sent: Thursday, October 25, 2001 11:27 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Red Hat 7.2 Hello As a user just about to embark on using mailscanner my question is has anyone tried it on Red Hat 7.2? I am purchasing a new box which is coming pre-loaded with 7.2 and wondered if I should reload version 7.1 Any suggestions please Amanda IT Group Southampton Oceanography Centre From sfarrell at ICCONSULTING.COM.AU Fri Oct 26 07:02:55 2001 From: sfarrell at ICCONSULTING.COM.AU (Scott Farrell) Date: Thu Jan 12 21:14:05 2006 Subject: Red Hat 7.2 Message-ID: Sound great !! do you know if you are using ext3 file system, or ext2 ?? regards Scott Farrell http://www.icconsulting.com.au ic Consulting - the people that make eBusiness happen. We offer e-business consulting and perform services. We deliver high impact consulting, and fast turn around projects for our clients. Ask us about Web Content Management, Web Self Service, or working closer with your customers or suppliers. 0412 927 156, 02 9411 3622 mailto:sfarrell@icconsulting.com.au "Van Lowe, John A" cc: Sent by: Subject: Re: Red Hat 7.2 MailScanner mailing list 26/10/01 02:12 PM Please respond to MailScanner mailing list I've purchased four dell poweredge servers all of which came factory installed with Redhat 7.2 sbe and the first third party software I applied was the MailScanner. Each of the mail servers, which btw is the primary use of the systems, handles nearly 1300 emails a day most of which have attachments. The loads on the servers have been minimal. Each server has two 800mhz CPU's and 512Mb of Ram. The CPU idle time was around 95%. The system has been running nearly a week without any problems. Good luck! - John Van Lowe jvanlowe@ems.jsc.nasa.gov MCC FC / JSC / NASA -----Original Message----- From: Amanda Tyler [mailto:Amanda.J.Tyler@SOC.SOTON.AC.UK] Sent: Thursday, October 25, 2001 11:27 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Red Hat 7.2 Hello As a user just about to embark on using mailscanner my question is has anyone tried it on Red Hat 7.2? I am purchasing a new box which is coming pre-loaded with 7.2 and wondered if I should reload version 7.1 Any suggestions please Amanda IT Group Southampton Oceanography Centre From Jvanlowe at EMS.JSC.NASA.GOV Fri Oct 26 08:03:01 2001 From: Jvanlowe at EMS.JSC.NASA.GOV (Van Lowe, John A) Date: Thu Jan 12 21:14:05 2006 Subject: Red Hat 7.2 Message-ID: The servers that I mentioned are running with the "ext3 Journaling File System" as Redhat calls it. This along with the latest 2.4.7 kernel, gcc 2.96, and glibc 2.2.4. For mission critical systems it may be wise to hold out on this configuration though (not sure how stable it would be if given multiple process intensive tasks). Hope this helps! -----Original Message----- From: Scott Farrell [mailto:sfarrell@ICCONSULTING.COM.AU] Sent: Friday, October 26, 2001 1:03 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Red Hat 7.2 Sound great !! do you know if you are using ext3 file system, or ext2 ?? regards Scott Farrell http://www.icconsulting.com.au ic Consulting - the people that make eBusiness happen. We offer e-business consulting and perform services. We deliver high impact consulting, and fast turn around projects for our clients. Ask us about Web Content Management, Web Self Service, or working closer with your customers or suppliers. 0412 927 156, 02 9411 3622 mailto:sfarrell@icconsulting.com.au "Van Lowe, John A" cc: Sent by: Subject: Re: Red Hat 7.2 MailScanner mailing list 26/10/01 02:12 PM Please respond to MailScanner mailing list I've purchased four dell poweredge servers all of which came factory installed with Redhat 7.2 sbe and the first third party software I applied was the MailScanner. Each of the mail servers, which btw is the primary use of the systems, handles nearly 1300 emails a day most of which have attachments. The loads on the servers have been minimal. Each server has two 800mhz CPU's and 512Mb of Ram. The CPU idle time was around 95%. The system has been running nearly a week without any problems. Good luck! - John Van Lowe jvanlowe@ems.jsc.nasa.gov MCC FC / JSC / NASA -----Original Message----- From: Amanda Tyler [mailto:Amanda.J.Tyler@SOC.SOTON.AC.UK] Sent: Thursday, October 25, 2001 11:27 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Red Hat 7.2 Hello As a user just about to embark on using mailscanner my question is has anyone tried it on Red Hat 7.2? I am purchasing a new box which is coming pre-loaded with 7.2 and wondered if I should reload version 7.1 Any suggestions please Amanda IT Group Southampton Oceanography Centre From Amanda.J.Tyler at SOC.SOTON.AC.UK Fri Oct 26 08:59:04 2001 From: Amanda.J.Tyler at SOC.SOTON.AC.UK (Amanda Tyler) Date: Thu Jan 12 21:14:05 2006 Subject: Red Hat 7.2 In-Reply-To: Message-ID: <5.0.0.25.2.20011026085810.00abbd88@mail.soc.soton.ac.uk> Dear John Many thanks for that reassuring information Amanda At 23:12 25/10/2001 -0500, you wrote: >I've purchased four dell poweredge servers all of which came factory >installed with Redhat 7.2 sbe and the first third party software I applied >was the MailScanner. Each of the mail servers, which btw is the primary use >of the systems, handles nearly 1300 emails a day most of which have >attachments. The loads on the servers have been minimal. Each server has two >800mhz CPU's and 512Mb of Ram. The CPU idle time was around 95%. The system >has been running nearly a week without any problems. Good luck! > >- John Van Lowe > jvanlowe@ems.jsc.nasa.gov > MCC FC / JSC / NASA > > > >-----Original Message----- >From: Amanda Tyler [mailto:Amanda.J.Tyler@SOC.SOTON.AC.UK] >Sent: Thursday, October 25, 2001 11:27 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Red Hat 7.2 > > >Hello > > As a user just about to embark on using mailscanner my question is has >anyone tried it on Red Hat 7.2? >I am purchasing a new box which is coming pre-loaded with 7.2 and wondered >if I should reload version 7.1 >Any suggestions please > >Amanda >IT Group >Southampton Oceanography Centre From LISTSERV at JISCMAIL.AC.UK Thu Oct 25 21:30:52 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:05 2006 Subject: MAILSCANNER: pdr@EVANSTON.FLUENT.COM requested to join Message-ID: <200110252030.VAA11503@magpie.ecs.soton.ac.uk> Thu, 25 Oct 2001 21:30:52 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Paul R You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER pdr@EVANSTON.FLUENT.COM Paul R PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER pdr@EVANSTON.FLUENT.COM Paul R // EOJ From LISTSERV at JISCMAIL.AC.UK Fri Oct 26 12:17:37 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:05 2006 Subject: MAILSCANNER: pipera@HRZ.UNI-MARBURG.DE requested to join Message-ID: <200110261117.MAA18406@magpie.ecs.soton.ac.uk> Fri, 26 Oct 2001 12:17:37 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Andreas Piper You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER pipera@HRZ.UNI-MARBURG.DE Andreas Piper PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER pipera@HRZ.UNI-MARBURG.DE Andreas Piper // EOJ From LISTSERV at JISCMAIL.AC.UK Fri Oct 26 21:30:38 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:05 2006 Subject: MAILSCANNER: tyler@BELOIT.EDU left the JISCmail list Message-ID: <200110262030.VAA18408@magpie.ecs.soton.ac.uk> Fri, 26 Oct 2001 21:30:38 Tim Tyler has just left the MAILSCANNER JISCmail list (MailScanner mailing list). From LISTSERV at JISCMAIL.AC.UK Sun Oct 28 21:14:02 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:05 2006 Subject: MAILSCANNER: tom@TILMANT.COM requested to join Message-ID: <200110282114.VAA06168@magpie.ecs.soton.ac.uk> Sun, 28 Oct 2001 21:14:02 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Tom Tilmant You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER tom@TILMANT.COM Tom Tilmant PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER tom@TILMANT.COM Tom Tilmant // EOJ From jkf at ecs.soton.ac.uk Mon Oct 29 09:05:09 2001 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:05 2006 Subject: Version 2.60-2 released Message-ID: <5.1.0.14.2.20011029085459.02928008@hawk.ecs.soton.ac.uk> I have just released version 2.60-2. The new feature for this release is that the message to the users varies depeding on what triggered MailScanner: - a virus - a bad filename (failed filename.rules.conf) - an error in the message This now changed what the recipient and the sender are told as a response. Should make life much clearer for users, particularly when they fail a filename check. I have also further improved the timeout codent, to make it more reliable. We have a new domain for MailScanner too, so you can download everything from http://www.mailscanner.info/ -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From richard.bell at BREGENZ.AT Mon Oct 29 09:09:53 2001 From: richard.bell at BREGENZ.AT (Bell Richard) Date: Thu Jan 12 21:14:05 2006 Subject: Filltered Attachements are passing Message-ID: <47B7A712D911D41183AA0000F80264C7756A2C@breg09.bregenz.at> Hello! I have a serios problem with my installed mailscanner. In the configuration file I prohibit the passing of EXE and other filetypes. Sometimes it happens that, regardless of the configuration, these filetypes are passing. It also has happened with virus infected files. I?m using Sendmail (Version 8.11.3), Mailscanner (Version 2.52) and Sophos Virusscanner on a Suse 7.2 System. I have discovered the following entrys in my mail-logfile: Oct 29 09:07:08 mailgateway sendmail[15534]: f9T878D15534: from=<>, size=1663, class=0, nrcpts=1, msgid=<200110290807.JAA10525@ns.bregenz.at>, proto=ESM Oct 29 09:07:08 mailgateway sendmail[15534]: f9T878D15534: to=, delay=00:00:00, mailer=nullclient, pri=31663, stat=queued Oct 29 09:07:08 mailgateway mailscanner[14678]: Using flock() to lock /var/spool/mqueue.in/qff9T878D15534 Oct 29 09:07:08 mailgateway mailscanner[14678]: Forwarding 1 clean messages, 2085 bytes Oct 29 09:07:08 mailgateway mailscanner[14678]: Using flock() to lock >/var/spool/mqueue/tff9T878D15534 Oct 29 09:07:08 mailgateway mailscanner[14678]: About to deliver 1 messages Oct 29 09:07:08 mailgateway sendmail[15535]: f9T878D15534: SMTP outgoing connect on mailgateway.bregenz.at Oct 29 09:07:08 mailgateway sendmail[15535]: f9T878D15534: to=, delay=00:00:00, xdelay=00:00:00, mailer=nullclient, pri=12 Oct 29 09:07:08 mailgateway sendmail[15535]: f9T878D15534: done; delay=00:00:00, ntries=1 Oct 29 09:07:38 mailgateway mailscanner[14678]: Using flock() to lock /var/spool/mqueue.in/qff9T878D15534 Oct 29 09:07:38 mailgateway mailscanner[14678]: Forwarding 1 clean messages, 786 bytes Oct 29 09:07:38 mailgateway mailscanner[14678]: Using flock() to lock >/var/spool/mqueue/tff9T878D15534 Oct 29 09:07:38 mailgateway mailscanner[14678]: About to deliver 1 messages Oct 29 09:07:38 mailgateway sendmail[15536]: f9T878D15534: SYSERR(root): readqf: cannot open ./dff9T878D15534: No such file or directory !!!!!----------------------------------------------------------------------- ---------------------------------------------------------------------------- ------------------------------- Oct 29 09:07:38 mailgateway sendmail[15536]: f9T878D15534: SMTP outgoing connect on mailgateway.bregenz.at Oct 29 09:07:39 mailgateway sendmail[15536]: f9T878D15534: to=, delay=00:00:31, xdelay=00:00:01, mailer=nullclient, pri=12 Oct 29 09:07:39 mailgateway sendmail[15536]: f9T878D15534: done; delay=00:00:31, ntries=1 Is it possible that sendmail gives two times the same message-ID? (In one of the earlier Mails there was this problem, but with an older sendmail version). regards Richard Bell From jkf at ecs.soton.ac.uk Mon Oct 29 10:30:59 2001 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:05 2006 Subject: Filltered Attachements are passing In-Reply-To: <47B7A712D911D41183AA0000F80264C7756A2C@breg09.bregenz.at> Message-ID: <5.1.0.14.2.20011029103013.029444c0@hawk.ecs.soton.ac.uk> First thing to check is that you only have 2 sendmails and 1 MailScanner running. Occasionally I've seen problems where people have more than 1 MailScanner process running. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From richard.bell at BREGENZ.AT Mon Oct 29 10:51:47 2001 From: richard.bell at BREGENZ.AT (Bell Richard) Date: Thu Jan 12 21:14:05 2006 Subject: AW: Filltered Attachements are passing Message-ID: <47B7A712D911D41183AA0000F80264C7756A2F@breg09.bregenz.at> There are two sendmail prcesses and one mailscanner processes running. The maschine is installed only for mailscanning so no other processes should disturb the mailscanner. -----Urspr?ngliche Nachricht----- Von: Julian Field [mailto:jkf@ECS.SOTON.AC.UK] Gesendet: Montag, 29. Oktober 2001 11:31 An: MAILSCANNER@JISCMAIL.AC.UK Betreff: Re: Filltered Attachements are passing First thing to check is that you only have 2 sendmails and 1 MailScanner running. Occasionally I've seen problems where people have more than 1 MailScanner process running. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From Paul.Haldane at NEWCASTLE.AC.UK Mon Oct 29 10:55:53 2001 From: Paul.Haldane at NEWCASTLE.AC.UK (Paul Haldane) Date: Thu Jan 12 21:14:05 2006 Subject: Filltered Attachements are passing Message-ID: You may also want to check that /var/spool/mqueue and /var/spool/mqueue.in are on the same partition. We got similar messages (about missing files) when mqueue and mqueue.in were on different file systems. My understanding is that the lock on the qf files was getting lost when the jobs was moved from mqueue.in to mqueue across file systems. Paul -- Paul Haldane Unix Systems, Computing Service, University of Newcastle upon Tyne > -----Original Message----- > From: Bell Richard [mailto:richard.bell@bregenz.at] > Sent: 29 October 2001 10:52 > To: 'MailScanner mailing list' > Subject: AW: Filltered Attachements are passing > > > There are two sendmail prcesses and one mailscanner processes > running. The maschine is installed only for mailscanning so > no other processes should disturb the mailscanner. > > -----Urspr?ngliche Nachricht----- > Von: Julian Field [mailto:jkf@ECS.SOTON.AC.UK] > Gesendet: Montag, 29. Oktober 2001 11:31 > An: MAILSCANNER@JISCMAIL.AC.UK > Betreff: Re: Filltered Attachements are passing > > > First thing to check is that you only have 2 sendmails and 1 > MailScanner running. Occasionally I've seen problems where > people have more than 1 MailScanner process running. > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ > From richard.bell at BREGENZ.AT Mon Oct 29 11:08:20 2001 From: richard.bell at BREGENZ.AT (Bell Richard) Date: Thu Jan 12 21:14:05 2006 Subject: AW: Filltered Attachements are passing Message-ID: <47B7A712D911D41183AA0000F80264C7756A34@breg09.bregenz.at> Both queues are on the same partition. But in most cases it works fine. Only a few messages are passing faultly. We have per day ap. 500 incomming mails which have to be scanned and ap. one message per day passes the system without being scanned. I havent seen a rule until now why the great part passes correctly and some not. Could it be that the maschine is to slow? I?m using a Pentium with 166Mhz and 64MB of RAM. -----Urspr?ngliche Nachricht----- Von: Paul Haldane [mailto:Paul.Haldane@newcastle.ac.uk] Gesendet: Montag, 29. Oktober 2001 11:56 An: Bell Richard; MailScanner mailing list Betreff: RE: Filltered Attachements are passing You may also want to check that /var/spool/mqueue and /var/spool/mqueue.in are on the same partition. We got similar messages (about missing files) when mqueue and mqueue.in were on different file systems. My understanding is that the lock on the qf files was getting lost when the jobs was moved from mqueue.in to mqueue across file systems. Paul -- Paul Haldane Unix Systems, Computing Service, University of Newcastle upon Tyne > -----Original Message----- > From: Bell Richard [mailto:richard.bell@bregenz.at] > Sent: 29 October 2001 10:52 > To: 'MailScanner mailing list' > Subject: AW: Filltered Attachements are passing > > > There are two sendmail prcesses and one mailscanner processes > running. The maschine is installed only for mailscanning so > no other processes should disturb the mailscanner. > > -----Urspr?ngliche Nachricht----- > Von: Julian Field [mailto:jkf@ECS.SOTON.AC.UK] > Gesendet: Montag, 29. Oktober 2001 11:31 > An: MAILSCANNER@JISCMAIL.AC.UK > Betreff: Re: Filltered Attachements are passing > > > First thing to check is that you only have 2 sendmails and 1 > MailScanner running. Occasionally I've seen problems where > people have more than 1 MailScanner process running. > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ > From jkf at ecs.soton.ac.uk Mon Oct 29 14:00:15 2001 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:05 2006 Subject: Newer MIME-tools module required Message-ID: <5.1.0.14.2.20011029135751.03b87680@hawk.ecs.soton.ac.uk> One thing I forgot to say in the announcement of version 2.60: we now have module version checks on some of the modules (the ones that cause most trouble). You now require at least version 5.410 of MIME-tools, so I have updated the web site and removed my reference to my patched version of 5.313. 5.411 is available for download from http://www.sng.ecs.soton.ac.uk/mailscanner/files/modules/MIME-tools-5.411.tar.gz which you might want to do before getting the new code running on your production servers... Many thanks to Michael Forrest in Aberdeen for reminding me of this. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From LISTSERV at JISCMAIL.AC.UK Mon Oct 29 14:00:25 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:05 2006 Subject: MAILSCANNER: valites@GENESEO.EDU requested to join Message-ID: <200110291400.OAA15187@magpie.ecs.soton.ac.uk> Mon, 29 Oct 2001 14:00:25 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from "Mark T. Valites" You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER valites@GENESEO.EDU Mark T. Valites PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER valites@GENESEO.EDU Mark T. Valites // EOJ From tom at TILMANT.COM Mon Oct 29 21:21:24 2001 From: tom at TILMANT.COM (Tom Tilmant) Date: Thu Jan 12 21:14:05 2006 Subject: Subject Line control (SPAM CONTROL) In-Reply-To: <5.1.0.14.2.20011029135751.03b87680@hawk.ecs.soton.ac.uk> Message-ID: I am new to mailscanner, so I apologies if this is answered somewhere else. Is there a way to scan for word expressions in the Subject line to identify Spam mail? It seems to only catch 20% of the Spam coming through my mail server using MAPS. Tom From S.R.Patterson at SOTON.AC.UK Tue Oct 30 09:25:27 2001 From: S.R.Patterson at SOTON.AC.UK (Patterson, S R) Date: Thu Jan 12 21:14:05 2006 Subject: Subject Line control (SPAM CONTROL) Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Tom Tilmant > Sent: 29 October 2001 21:21 > > Is there a way to scan for word expressions in the Subject > line to identify Spam mail? It seems to only catch 20% of > the Spam coming through my mail server using MAPS. I think this is on Jules's wish list. Otherwise if you're a sendmail site and know your way around the sendmail.cf it can be done there - I can provide examples but only ask if you're au fait with sendmail.cf Steve -- Steven Patterson, MSci ----------------------------------------------+ | Electronic Information Systems Support and Development | | Computing Services, University of Southampton, UK. | +-------------------------------------------- Tel: +44 (0) 2380 595810 ...... ...... .. Conviction is a bigger enemy of the truth than lies. .. ...... ...... From jkf at ecs.soton.ac.uk Tue Oct 30 09:18:57 2001 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:05 2006 Subject: Subject Line control (SPAM CONTROL) In-Reply-To: References: <5.1.0.14.2.20011029135751.03b87680@hawk.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20011030091827.02915bd8@hawk.ecs.soton.ac.uk> At 21:21 29/10/2001, you wrote: >I am new to mailscanner, so I apologies if this is answered somewhere else. >Is there a way to scan for word expressions in the Subject line to identify >Spam mail? It seems to only catch 20% of the Spam coming through my mail >server using MAPS. No there aren't, I'm afraid. Have you looked at using ORDB, ORBZ and/or ORBL as well? -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From andrewh at CQG.COM Tue Oct 30 18:22:39 2001 From: andrewh at CQG.COM (Andrew Hoying) Date: Thu Jan 12 21:14:05 2006 Subject: Subject Line control (SPAM CONTROL) In-Reply-To: <5.1.0.14.2.20011030091827.02915bd8@hawk.ecs.soton.ac.uk> Message-ID: I've been using spam-assassin, http://spamassassin.taint.org/, along with mailscanner. Spam-assassin catches about 95% of the spam sent to the company I work for, up significantly from what mailscanner can catch, but it doesn't do virus scanning so I have to use both products on my mail gateway. I would love to see these to products combined into one. I may have a chance to start some work in that direction in the comming days, but if someone else would like to look at this, that would be great. Andrew Hoying > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Julian Field > Sent: Tuesday, October 30, 2001 2:19 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Subject Line control (SPAM CONTROL) > > > At 21:21 29/10/2001, you wrote: > >I am new to mailscanner, so I apologies if this is answered > somewhere else. > >Is there a way to scan for word expressions in the Subject line > to identify > >Spam mail? It seems to only catch 20% of the Spam coming through my mail > >server using MAPS. > > No there aren't, I'm afraid. Have you looked at using ORDB, ORBZ and/or > ORBL as well? > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ From sfarrell at ICCONSULTING.COM.AU Tue Oct 30 21:56:07 2001 From: sfarrell at ICCONSULTING.COM.AU (Scott Farrell) Date: Thu Jan 12 21:14:05 2006 Subject: Inoculate support Message-ID: I am working on inoculate (from computer associates) support for mailscanner. I have most of it going. Would this interest users of mailscanner? Should I ask Julian to integrate the support to the main code base? regards Scott Farrell http://www.icconsulting.com.au ic Consulting - the people that make eBusiness happen. We offer e-business consulting and perform services. We deliver high impact consulting, and fast turn around projects for our clients. Ask us about Web Content Management, Web Self Service, or working closer with your customers or suppliers. 0412 927 156, 02 9411 3622 mailto:sfarrell@icconsulting.com.au -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20011031/919805ee/attachment.html From LISTSERV at JISCMAIL.AC.UK Tue Oct 30 20:38:19 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:05 2006 Subject: MAILSCANNER: tyler@BELOIT.EDU requested to join Message-ID: <200110302038.UAA16156@magpie.ecs.soton.ac.uk> Tue, 30 Oct 2001 20:38:19 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Tim Tyler You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER tyler@BELOIT.EDU Tim Tyler PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER tyler@BELOIT.EDU Tim Tyler // EOJ From LISTSERV at JISCMAIL.AC.UK Tue Oct 30 22:43:54 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:05 2006 Subject: MAILSCANNER: gib@TMISNET.COM requested to join Message-ID: <200110302243.WAA21980@magpie.ecs.soton.ac.uk> Tue, 30 Oct 2001 22:43:54 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Gib Gilbertson Jr You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER gib@TMISNET.COM Gib Gilbertson Jr PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER gib@TMISNET.COM Gib Gilbertson Jr // EOJ From LISTSERV at JISCMAIL.AC.UK Wed Oct 31 12:16:12 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:05 2006 Subject: MAILSCANNER: s.effertz@JOLA.DE requested to join Message-ID: <200110311216.MAA22831@magpie.ecs.soton.ac.uk> Wed, 31 Oct 2001 12:16:12 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Stephan Effertz You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER s.effertz@JOLA.DE Stephan Effertz PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER s.effertz@JOLA.DE Stephan Effertz // EOJ From LISTSERV at JISCMAIL.AC.UK Wed Oct 31 18:20:08 2001 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at CCLRC (1.8d)) Date: Thu Jan 12 21:14:05 2006 Subject: MAILSCANNER: rfowkar@YAHOO.COM requested to join Message-ID: <200110311820.SAA14117@magpie.ecs.soton.ac.uk> Wed, 31 Oct 2001 18:20:08 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Rajesh Fowkar You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER rfowkar@YAHOO.COM Rajesh Fowkar PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER rfowkar@YAHOO.COM Rajesh Fowkar // EOJ