From LISTSERV at JISCMAIL.AC.UK Tue Apr 2 05:08:26 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:35 2006 Subject: MAILSCANNER: 20020401@DUH.NET requested to join Message-ID: <200204020408.FAA09161@magpie.ecs.soton.ac.uk> Tue, 2 Apr 2002 05:08:26 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Travis Taylor <20020401@DUH.NET> The following membership options have been requested: CONCEAL. You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER 20020401@DUH.NET Travis Taylor PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER 20020401@DUH.NET Travis Taylor SET MAILSCANNER CONCEAL FOR 20020401@DUH.NET // EOJ From LISTSERV at JISCMAIL.AC.UK Tue Apr 2 09:59:19 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:35 2006 Subject: MAILSCANNER: ben.tullis@INFOMATRIX.LTD.UK left the JISCmail list Message-ID: <200204020856.JAA19717@tortoise.webcentre.net> Tue, 2 Apr 2002 09:59:19 Ben Tullis has just left the MAILSCANNER JISCmail list (MailScanner mailing list). From LISTSERV at JISCMAIL.AC.UK Tue Apr 2 10:02:59 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:35 2006 Subject: MAILSCANNER: marc.perea@ELECTRONIC-GROUP.COM requested to join Message-ID: <200204020902.KAA15425@magpie.ecs.soton.ac.uk> Tue, 2 Apr 2002 10:02:59 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Marc Perea You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER marc.perea@ELECTRONIC-GROUP.COM Marc Perea PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER marc.perea@ELECTRONIC-GROUP.COM Marc Perea // EOJ From LISTSERV at JISCMAIL.AC.UK Tue Apr 2 17:47:04 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:35 2006 Subject: MAILSCANNER: ron@SPAWAR.NAVY.MIL requested to join Message-ID: <200204021647.RAA27059@magpie.ecs.soton.ac.uk> Tue, 2 Apr 2002 17:47:04 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Ron Broersma You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER ron@SPAWAR.NAVY.MIL Ron Broersma PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER ron@SPAWAR.NAVY.MIL Ron Broersma // EOJ From LISTSERV at JISCMAIL.AC.UK Wed Apr 3 05:23:25 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:35 2006 Subject: MAILSCANNER: jmiller@FNSI.NET requested to join Message-ID: <200204030423.FAA13503@magpie.ecs.soton.ac.uk> Wed, 3 Apr 2002 05:23:25 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Josh Miller You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER jmiller@FNSI.NET Josh Miller PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER jmiller@FNSI.NET Josh Miller // EOJ From Funk.Gabor at HUNETKFT.HU Wed Apr 3 12:37:50 2002 From: Funk.Gabor at HUNETKFT.HU (Funk Gabor) Date: Thu Jan 12 21:14:35 2006 Subject: Inocmd32 root issue - [Re: CA Startrak Issue 11797348;01 - WEB E-MAIL SUPPORT:] Message-ID: <01ba01c1db04$01318820$3364a8c0@xxxx.xxx> Meanwhile CA is good at sponsoring "West McLaren Mercedes", they're not that good in understanding and supporting customer needs. Those who plan to use virus protection under linux, probably have to wait until Mercedes writes a decent virus disinfector which doesn't have to run as root. Or use something else. Find attached reply from CA on my opened STARTRAK incident. This got posted on "mailscanner" mailing list mailscanner@jiscmail.ac.uk (offline readable at: http://www.jiscmail.ac.uk/lists/mailscanner.html ) and the appropriate "amavis" bugtracker entry for the time being. http://sourceforge.net/tracker/index.php?func=detail&aid=460388&group_id=6006&atid=106006 cc'd: cainfo@ca.com, PCS@ca.com Subject: Re: CA Startrak Issue 11797348;01 - WEB E-MAIL SUPPORT: RE: +36 (30) 944-3333 CLI: FUNK.GABOR; ;ISLANDIA TECH: HARVEY R$$AR01 CCN: 11797348 ISS: 1 PROD: INNT INOCULATEIT NT DESC: WEB E-MAIL SUPPORT: Hi, The inocmd32 can be executed only by root. There is no near plans to chane th at option. Thank you and have a great day CA Tech Support CA World 2002 April 21-25 Orlando, Florida For more information and to register, please visit www.ca.com/caworld **************************************************************************** +++ Subscribe Now To CA's E-News Technical Newsletter +++ For Information Visit Us At: http://eSupport.ca.com ==> Come Visit CA's Open Forum at: http://forums.ca.com <== **************************************************************************** Computer Associates Inoculan/InoculateIT/ControlIT Workgroup Support We encourage you to use the support site to assist you in solving your technical issues. END OF STARTRAK MESSAGE From valianp at SOUTHWESTERN.EDU Wed Apr 3 22:13:26 2002 From: valianp at SOUTHWESTERN.EDU (Peter Valian) Date: Thu Jan 12 21:14:35 2006 Subject: [Fwd: mail delay and can't parse message] Message-ID: <3CAB7076.2010508@southwestern.edu> Does anyone at all have a suggestion on this? thanks, -peter -------- Original Message -------- Subject: mail delay and can't parse message Date: Mon, 01 Apr 2002 09:49:32 -0600 From: Peter Valian Organization: Southwestern University To: MAILSCANNER@JISCMAIL.AC.UK CC: Peter Valian Hi all, Im having a heap of trouble with Mailscanner. For the most part it works fantastic. However, Im getting many calls from users claiming that some email is delayed by several hours. I have not personally witnessed this phenomenon but it's more than just a couple users making this claim...(they claim to receive mail as normal but then every now and again get a message timestamped before several emails they have already received. I don't know if the problem is with Mailscanner/Sendmail or with Qpopper (4.0.3). Also, several warnings a day get sent to postmaster about 'could not parse message xxx, e.g. Report: Could not parse message g313LlZ19901 I don't know if these messages just got dropped or went through or what. attached is my conf. One thing that's special to our set up is that the mail spools are NFS mounted...so perhaps some file locking issues? I would appreaciate any suggestions. TIA, Peter -- Peter Valian Network & Systems Administrator Southwestern University Georgetown, Texas -- -- Peter Valian Network & Systems Administrator Southwestern University Georgetown, Texas 512.863.1586 office 512.863.1605 fax -- -------------- next part -------------- # Configuration file for MailScanner E-Mail Virus Scanner # This file assumes everything is in the default locations provided # by the MailScanner and RedHat 6.2 and upwards. # User to run as (provided for Exim users) #Run As User = mail # Group to run as (provided for Exim users) #Run As Group = mail # In every batch of virus-scanning, limit the maximum # a) number of text-only messages to deliver # b) number of potentially infected messages to unpack and scan # c) total size of text-only messages to deliver # d) total size of potentially infected messages to unpack and scan Max Safe Messages Per Scan = 500 Max Unsafe Messages Per Scan = 100 Max Safe Bytes Per Scan = 100000000 Max Unsafe Bytes Per Scan = 50000000 # To avoid resource leaks, re-start periodically. Restart Every = 14400 # 4 hours # Name of this host, or just "the MailScanner" if you want to hide this info. # It can be placed in the Help Desk note contained in virus warnings sent to users. Host name = the MailScanner # Add this extra header to all mail as it is scanned. # (this must *include* terminating colon). Mail Header = X-MailScanner: # Set the mail header to these values for clean/infected messages. Clean Header = Found to be clean Infected Header = Found to be infected Disinfected Header = Disinfected # Set where to unpack incoming messages before scanning them Incoming Work Dir = /var/spool/MailScanner/incoming # Set where to store infected message attachments (if they are kept) Quarantine Dir = /var/spool/MailScanner/quarantine # Set where to store the process id so you can easily stop the scanner Pid File = /usr/local/MailScanner/var/virus.pid # Set where to find the attachment filename ruleset. # The structure of this file is explained elsewhere, but it is used to # accept or reject file attachments based on their name, regardless of # whether they are infected or not. Filename Rules = /usr/local/MailScanner/etc/filename.rules.conf # Set where to find the message text sent to users when one of their # attachments has been quarantined. Stored Virus Message Report = /usr/local/MailScanner/etc/stored.virus.message.txt Stored Bad Filename Message Report = /usr/local/MailScanner/etc/stored.filename.message.txt # Set where to find the message text sent to users when one of their # attachments has been deleted. Deleted Virus Message Report = /usr/local/MailScanner/etc/deleted.virus.message.txt Deleted Bad Filename Message Report = /usr/local/MailScanner/etc/deleted.filename.message.txt # Set where to find the message text sent to users explaining about the # attached disinfected documents. Disinfected Report = /usr/local/MailScanner/etc/disinfected.report.txt # Set location of incoming mail queue # and location of outgoing mail queue. Incoming Queue Dir = /var/spool/MailScanner/mqueue.in Outgoing Queue Dir = /var/spool/MailScanner/mqueue # Set whether to use sendmail or exim (default is sendmail) MTA = sendmail # Set how to invoke MTA when sending created message # (e.g. to sender/recipient saying "found a virus in your message") Sendmail = /usr/sbin/sendmail # Sendmail2 is provided for Exim users. # It defaults to the value supplied for Sendmail. # It is the command used to attempt delivery of outgoing # (scanned/cleaned) messages. # This is not usually required for sendmail. #Sendmail2 = /usr/sbin/exim -C /etc/exim_send.conf # Do you want to scan email for viruses? # A few people have wanted to disable the entire virus scanning. Virus Scanning = yes # Which Virus Scanning package to use: # sophos from www.sophos.com, or # mcafee from www.mcafee.com, or # command from www.command.co.uk, or # kaspersky from www.kaspersky.com, or # inoculate from www.cai.com/products/inoculateit.htm, or # f-secure from www.f-secure.com, or # f-prot from www.f-prot.com (which is *free* for Linux as of 1/1/2002) # # Note: If you want to use multiple virus scanners, then this should be a # comma-separated list of virus scanners. For example: # Virus Scanner = sophos, f-prot # Virus Scanner = mcafee # Where the Virus scanner is installed. This is the command needed to run it. # # Note: If you want to use multiple virus scanners, then this should be a # comma-separated list of commands, **in the same order** as they are listed # in the "Virus Scanner" keyword just above. For example: # Sweep = /usr/local/Sophos/bin/sophoswrapper, /usr/local/f-prot/f-protwrapper # Sweep = /usr/local/mcafee/mcafeewrapper # The maximum length of time the commercial virus scanner is allowed to run # for 1 batch of messages (in seconds). Virus Scanner Timeout = 300 # Expand TNEF attachments using an external program? # This should be "yes" except for Sophos (when it should be "no") # as Sophos has the facility built-in. Expand TNEF = yes # Where the MS-TNEF expander is installed. # The new --maxsize option limits the maximum size that any expanded attachment # may be. It helps protect against Denial Of Service attacks in TNEF files. TNEF Expander = /usr/local/MailScanner/bin/tnef --maxsize=100000000 # The maximum length of time the TNEF Expander is allowed to run for 1 message. # (in seconds) TNEF Timeout = 120 # What should the attachments be called that replace virus-infected files? Attachment Warning Filename = VirusWarning.txt # Should we scan all messages, including plain-text messages which are normally # harmless? This should be "yes" since the MyParty message appeared. Scan All Messages = yes # Once we have removed viruses from an email message and replaced them with # VirusWarning.txt attachments, should we deliver the clean result to the # original recipients (or just delete them if "no")? Deliver To Recipients = yes # Deliver messages with viruses removed to their original recipients # if they came from a local address, or just delete them so no-one knows # we have a virus outbreak on our site? Deliver From Local Domains = yes # Notify the senders of infected messages that they should check out # their systems? Notify Senders = yes # Set where to find the message text sent to the senders of infected # messages. #Sender Report = /usr/local/MailScanner/etc/sender.report.txt Sender Virus Report = /usr/local/MailScanner/etc/sender.virus.report.txt Sender Bad Filename Report = /usr/local/MailScanner/etc/sender.filename.report.txt Sender Error Report = /usr/local/MailScanner/etc/sender.error.report.txt # Notify the local postmaster when any infections are found? Notify Local Postmaster = yes # Include the full headers of each message in the postmaster notification? Postmaster Gets Full Headers = yes # Set email address of who to notify about any infections found. # Should put your full domain name here too, # e.g. postmaster@your.domain.com Local Postmaster = virusalert@southwestern.edu # Set what to do with infected attachments or messages. # keep ==> Store under the "Quarantine Dir" # delete ==> Just delete them #Action = delete Action = keep # Should I attempt to disinfect infected attachments and then deliver # the clean ones Deliver Disinfected Files = yes # Local domain name, or filename containing a list of local domain names # The file supports blank entries, '#' and ';' comment characters and # uses the first word off each line. This should be compatible with all # such lines in a sendmail or Exim configuration file. #Local Domains = /usr/local/MailScanner/etc/localdomains.conf Local Domains = southwestern.edu # Mark infected messages in the message body. # There can now be more than 1 of these configuration lines here, so you can # break the warning message over multiple lines. Mark Infected Messages = yes Inline Text Warning = Warning: This message has had one or more attachments removed. Inline Text Warning = Warning: Please read the "VirusWarning.txt" attachment(s) for more information. Inline HTML Warning =

Warning: This message has had one or more attachments removed. Please read the "VirusWarning.txt" attachment(s) for more information.

# Sign clean messages in the message body. # There can be more than 1 of these configuration lines here, so you can # break the signature message over multiple lines. # Note that enabling this option will add to the overall system load as some # major optimisations will no longer be possible! Sign Clean Messages = no Inline Text Signature = -- Inline Text Signature = This message has been scanned for viruses and Inline Text Signature = dangerous content by MailScanner, and is Inline Text Signature = believed to be clean. Inline HTML Signature =
-- Inline HTML Signature =
This message has been scanned for viruses and Inline HTML Signature =
dangerous content by Inline HTML Signature = MailScanner, Inline HTML Signature = and is
believed to be clean. # # Spam Detection # # Should the anti-spam checks be done on all incoming messages? Spam Checks = no # Set the name of the extra header to add to all messages found to be # likely spam. Spam Header = X-MailScanner-SpamCheck: # Do you want to put some text on the front of the subject line when # we think it is spam? Spam Modify Subject = yes # What text do we want to put on the front (gets followed by a " ") Spam Subject Text = {SPAM?} # Do we have the SpamAssassin package installed? # This is a very good, very clever heuristics-based spam checker. # For more info and installation instructions, see http://spamassassin.taint.org/ Use SpamAssassin = no # Set the maximum size of message which we will check with SpamAssassin # Don't set this too large as your system load will get very high processing # huge messages. Max SpamAssassin Size = 100000 # Set the maximum time to allow SpamAssassin to process 1 message SpamAssassin Timeout = 10 # Set the list of database names and their corresponding DNS domains. # All of these databases work in a similar way, allowing the simple use # of multiple databases. # See www.ordb.org and www.mail-abuse.org for more information. Spam List = ORDB-RBL, relays.ordb.org. # MAPS now charge for their services, so you'll have to buy a contract before # attempting to use the next 3 lines. #Spam List = MAPS-RBL, blackholes.mail-abuse.org. #Spam List = MAPS-DUL, dialups.mail-abuse.org. #Spam List = MAPS-RSS, relays.mail-abuse.org. # This next line works for JANET UK Academic sites only #Spam List = MAPS-RBL+, rbl-plus.mail-abuse.ja.net. # Define local networks from whom you should always accept mail, and # never mark it as spam. This is useful in case your own mail servers # are ever in the ORBS or MAPS lists. #Accept Spam From = 152.78. #Accept Spam From = 139.166. Accept Spam From = 161.13. # Define a list of email addresses and email domains from whom you should # always accept mail, and never mark it as spam. This is useful in case # someone you correspond with a lot has their mail servers in the ORBS or # MAPS lists. Spam White List = /usr/local/MailScanner/etc/spam.whitelist.conf # # Advanced Features # ================= # # Don't bother changing anything below this unless you really know what # you are doing. # # Set Debug to 1 to stop it running as a daemon # and produce more verbose output Debug = 0 # Attempt immediate delivery of messages, or just place them in the outgoing # queue for the MTA to deliver at a time of its own choosing? # If attempting immediate delivery, do them one at a time, # or do them in batches of 30 at a time? Delivery Method = queue # Delivery Method = individual #Delivery Method = batch # How to lock spool files. # Don't set this unless you *know* you need to. # For sendmail, it defaults to "flock". # For Exim, it defaults to "posix". # No other type is implemented. #Lock Type = flock # Where to put the virus scanning engine lock files. # These lock files are used between MailScanner and the virus signature # "autoupdate" scripts, to ensure that they aren't both working at the # same time (which could cause MailScanner to let a virus through). Lock File Dir = /tmp # What to do when you get several MailScanner headers in one message, # from multiple MailScanner servers. Values are # "append" : Append the new data to the existing header # "add" : Add a new header # "replace" : Replace the old data with the new data # Default is "append" Multiple Headers = append # Some versions of Microsoft Outlook generate unparsable Rich Text # format attachments. Do we want to deliver these bad attachments anyway? # Setting this to yes introduces the slight risk of a virus getting through, # but if you have a lot of troubled Outlook users you might need to do this. # We are working on a replacement for the TNEF decoder. Deliver Unparsable TNEF = yes # When attempting delivery of outgoing messages, should we do it in the # background or wait for it to complete? The danger of doing it in the # background is that the machine load goes ever upwards while all the # slow sendmail processes run to completion. However, running it in the # foreground may cause the mail server to run too slowly. Deliver In Background = no # Minimum acceptable code stability status -- if we come across code # that's not at least as stable as this, we barf. # This is currently only used to check that you don't end up using untested # virus scanner support code without realising it. # Levels used are: # none - there may not even be any code. # unsupported - code may be completely untested, a contributed dirty hack, # anything, really. # alpha - code is pretty well untested. Don't assume it will work. # beta - code is tested a bit. It should work. # supported - code *should* be reliable. # # Don't even *think* about setting this to anything other than "beta" or # "supported" on a system that receives real mail until you have tested it # yourself and are happy that it is all working as you expect it to. # Don't set it to anything other than "supported" on a system that could # ever receive important mail. Minimum Code Status = supported From sevans at FOUNDATION.SDSU.EDU Wed Apr 3 22:30:32 2002 From: sevans at FOUNDATION.SDSU.EDU (Steve Evans) Date: Thu Jan 12 21:14:35 2006 Subject: Blocking Double Extensions Except For . . . Message-ID: <7E2D2700ADE29542BAFC135552997E6C415C@mail.foundation.sdsu.edu> I want to block most double extensions. However if the file is whatever.vbs.pdf I don't want it to be blocked. So I want to have a list of extensions that I know are safe (txt, pdf, jpg, etc) and allow those through even if it is a double extensions (ie document.0302.pdf). I put an allow line for txt's at the top of my filename file but it's still being blocked. Steve Evans Computing Services SDSU Foundation 619 594-0653 From Funk.Gabor at HUNETKFT.HU Wed Apr 3 22:44:05 2002 From: Funk.Gabor at HUNETKFT.HU (Funk Gabor) Date: Thu Jan 12 21:14:35 2006 Subject: Blocking Double Extensions Except For . . . Message-ID: <001e01c1db58$ae57f710$3364a8c0@xxxx.xxx> >>I want to block most double extensions. However if the file is >>whatever.vbs.pdf I don't want it to be blocked. So I want to have a >>list of extensions that I know are safe (txt, pdf, jpg, etc) and allow >>those through even if it is a double extensions (ie document.0302.pdf). >> >>I put an allow line for txt's at the top of my filename file but it's >>still being blocked. Count me too. (I also had to disable it because of "my_curric.vit.pdf" and alike...) G. From dennis at YTN.CO.NZ Wed Apr 3 23:08:42 2002 From: dennis at YTN.CO.NZ (Dennis Monks) Date: Thu Jan 12 21:14:35 2006 Subject: Blocking Double Extensions Except For . . . References: <001e01c1db58$ae57f710$3364a8c0@xxxx.xxx> Message-ID: <3CAB7D6A.4010708@YTN.CO.NZ> Funk Gabor wrote: >>>I want to block most double extensions. However if the file is >>>whatever.vbs.pdf I don't want it to be blocked. So I want to have a >>>list of extensions that I know are safe (txt, pdf, jpg, etc) and allow >>>those through even if it is a double extensions (ie document.0302.pdf). >>> >>>I put an allow line for txt's at the top of my filename file but it's >>>still being blocked. >> > > Count me too. > (I also had to disable it because of "my_curric.vit.pdf" and alike...) > > G. > I have no problems in getting the pdf double ext working. We needed if for faxes. Did notice thou, it will not work if you use tab as a space at the beginning of the line. Use space. Cheers Dennis From Funk.Gabor at HUNETKFT.HU Wed Apr 3 23:28:41 2002 From: Funk.Gabor at HUNETKFT.HU (Funk Gabor) Date: Thu Jan 12 21:14:35 2006 Subject: Blocking Double Extensions Except For . . . Message-ID: <001401c1db5e$e9a92630$3364a8c0@xxxx.xxx> > (I also had to disable it because of "my_curric.vit.pdf" and alike...) I mean not mailscanner, just remarked the line with the dblext regex. I had not much time to play around with it, and then it was left as is... I guess I could've put an "allow *.pdf" regex to make it work, but didn't bother. Archiving only the infected (and/or spam) mails would be also a great option as full mail archive is not much good except for some debugging. G. From sevans at FOUNDATION.SDSU.EDU Wed Apr 3 23:32:05 2002 From: sevans at FOUNDATION.SDSU.EDU (Steve Evans) Date: Thu Jan 12 21:14:35 2006 Subject: Blocking Double Extensions Except For . . . Message-ID: <7E2D2700ADE29542BAFC135552997E6C415D@mail.foundation.sdsu.edu> Never mind everybody. I got it to work. After I originally added the allow for .txt's I didn't save the file, I closed VI without saving. And they trust me with the mail. Steve Evans Computing Services SDSU Foundation 619 594-0653 -----Original Message----- From: Dennis Monks [mailto:dennis@YTN.CO.NZ] Sent: Wednesday, April 03, 2002 2:09 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Blocking Double Extensions Except For . . . Funk Gabor wrote: >>>I want to block most double extensions. However if the file is >>>whatever.vbs.pdf I don't want it to be blocked. So I want to have a >>>list of extensions that I know are safe (txt, pdf, jpg, etc) and >>>allow those through even if it is a double extensions (ie >>>document.0302.pdf). >>> >>>I put an allow line for txt's at the top of my filename file but it's >>>still being blocked. >> > > Count me too. > (I also had to disable it because of "my_curric.vit.pdf" and alike...) > > G. > I have no problems in getting the pdf double ext working. We needed if for faxes. Did notice thou, it will not work if you use tab as a space at the beginning of the line. Use space. Cheers Dennis From nwp at LEMON-COMPUTING.COM Thu Apr 4 00:00:05 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:35 2006 Subject: [Fwd: mail delay and can't parse message] In-Reply-To: <3CAB7076.2010508@southwestern.edu> References: <3CAB7076.2010508@southwestern.edu> Message-ID: <20020403230005.GI22344@hoiho.nz.lemon-computing.com> On Wed, Apr 03, 2002 at 03:13:26PM -0600, Peter Valian wrote: > However, Im getting many calls from users claiming that some email is > delayed by several hours. I have not personally witnessed this > phenomenon but it's more than just a couple users making this > claim...(they claim to receive mail as normal but then every now and > again get a message timestamped before several emails they have already > received. I don't know if the problem is with Mailscanner/Sendmail or > with Qpopper (4.0.3). You need to have a look at the messages in question, and see where the delay is actually occuring, if indeed it is (you often find that if the sending system has its clock set wrong then it appears at first to have been delayed, but when you look at the headers, you see that in fact there has probably been no delay). > Also, several warnings a day get sent to postmaster about 'could not > parse message xxx, e.g. > Report: Could not parse message g313LlZ19901 > > I don't know if these messages just got dropped or went through or what. Try it or check your logs; I can't remember off the top of my head what the answer is... > attached is my conf. One thing that's special to our set up is that the > mail spools are NFS mounted...so perhaps some file locking issues? Since you appear to be running sendmail, it's probably a bad idea to run with the spools NFS mounted, as so far as I am aware: 1) Sendmail uses flock(); 2) flock() is not NFS-safe. I'm not too hot on the details of this though, as sendmail is not my preferred MTA. Cheers, Nick -- Nick Phillips -- nwp@lemon-computing.com Tomorrow, you can be anywhere. From rishi at THEARGONCOMPANY.COM Thu Apr 4 05:08:25 2002 From: rishi at THEARGONCOMPANY.COM (Rishi Gangoly) Date: Thu Jan 12 21:14:35 2006 Subject: f-prot final version released - 3.12 References: <3CAB7076.2010508@southwestern.edu> <20020403230005.GI22344@hoiho.nz.lemon-computing.com> Message-ID: <008201c1db8e$5f391520$1400a8c0@gangfam.com> Hi Julian, F-prot final version 3.12 has been released. Will we need to change the mailscanner.conf from beta to supported? Latest version from their ftp site ftp://ftp.f-prot.com/pub/fp-linux_312.tar.gz Regards ---------------------------------------------------------------------------- ---- Rishi Gangoly The Argon Company 4th Floor, G Block, Dhanraj Mahal Chhatrapati Shivaji marg, Mumbai - 400039 Phone: 2361300 ; 2361311 Website: www.TheArgonCompany.com ---------------------------------------------------------------------------- ---- From nwp at LEMON-COMPUTING.COM Thu Apr 4 05:53:19 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:35 2006 Subject: f-prot final version released - 3.12 In-Reply-To: <008201c1db8e$5f391520$1400a8c0@gangfam.com> References: <3CAB7076.2010508@southwestern.edu> <20020403230005.GI22344@hoiho.nz.lemon-computing.com> <008201c1db8e$5f391520$1400a8c0@gangfam.com> Message-ID: <20020404045319.GC3518@hoiho.nz.lemon-computing.com> On Thu, Apr 04, 2002 at 09:38:25AM +0530, Rishi Gangoly wrote: > F-prot final version 3.12 has been released. Will we need to change the > mailscanner.conf from beta to supported? The code level setting in mailscanner.conf has nothing to do with the status of the f-prot version you are running; it is to do with the code in mailscanner that supports any particular scanner. In the current version, I believe that the f-prot support is labelled as "supported", so you would probably be better off with that setting set to "supported", in order to avoid running any other potentially dodgy code with status "beta" without realising it. I haven't yet tested the latest version of f-prot with mailscanner, however, and haven't verified that the output format is still the same. So far as I am aware, neither has Julian. If anybody "out there" is now running the "release" version of f-prot with mailscanner, please let us know how you are getting on. Cheers, Nick -- Nick Phillips -- nwp@lemon-computing.com Think twice before speaking, but don't say "think think click click". From jeroen at WIJDOGEN.DHS.ORG Thu Apr 4 09:52:32 2002 From: jeroen at WIJDOGEN.DHS.ORG (Jeroen Wijdogen) Date: Thu Jan 12 21:14:35 2006 Subject: Error sophosupdate Message-ID: <001701c1dbb6$0fb167a0$0101a8c0@a2000.nl> Hello, a small question i installed on a server mailscanner and where running for several months oke. Last night the sophos.update script was running and gave this output, is there a quik way to repair this.? [root@firewall admin]# /var/opt/sophos/bin/autoupdate [353_ides.zip] End-of-central-directory signature not found. Either this file is not a zipfile, or it constitutes one disk of a multi-part archive. In the latter case the central directory and zipfile comment will be found on the last disk(s) of this archive. unzip: cannot find zipfile directory in one of 353_ides.zip or 353_ides.zip.zip, and cannot find 353_ides.zip.ZIP, period. Unzip failed with error return 9 , Bad file descriptor at /var/opt/sophos/bin/autoupdate line 82. [root@firewall admin]# Grt, Jeroen -- This message has been scanned for viruses and dangerous content by MailScanner on http://wijdogen.dhs.org and is believed to be clean. From marc.perea at ELECTRONIC-GROUP.COM Thu Apr 4 10:27:36 2002 From: marc.perea at ELECTRONIC-GROUP.COM (Marc Perea) Date: Thu Jan 12 21:14:35 2006 Subject: f-prot final version released - 3.12 In-Reply-To: <20020404045319.GC3518@hoiho.nz.lemon-computing.com> References: <3CAB7076.2010508@southwestern.edu> <20020403230005.GI22344@hoiho.nz.lemon-computing.com> <008201c1db8e$5f391520$1400a8c0@gangfam.com> <20020404045319.GC3518@hoiho.nz.lemon-computing.com> Message-ID: <20020404112736.11550fba.marc.perea@electronic-group.com> On Thu, 4 Apr 2002 16:53:19 +1200 Nick Phillips wrote: > On Thu, Apr 04, 2002 at 09:38:25AM +0530, Rishi Gangoly wrote: > > > F-prot final version 3.12 has been released. Will we need to change the > > mailscanner.conf from beta to supported? > > The code level setting in mailscanner.conf has nothing to do with the > status of the f-prot version you are running; it is to do with the code > in mailscanner that supports any particular scanner. > > In the current version, I believe that the f-prot support is labelled as > "supported", so you would probably be better off with that setting set > to "supported", in order to avoid running any other potentially dodgy code > with status "beta" without realising it. > > > I haven't yet tested the latest version of f-prot with mailscanner, however, > and haven't verified that the output format is still the same. So far as I am > aware, neither has Julian. > > If anybody "out there" is now running the "release" version of f-prot with > mailscanner, please let us know how you are getting on. > > > Cheers, I'm using it. And it's working very very well (By the moment) If someone are interested, here are a pair of urls to get the actualized signature files : ftp://eu-1.updates.f-prot.com:21/pub/fp-def.zip ftp://eu-1.updates.f-prot.com:21/pub/macrdef2.zip Here I copy an example output : At Thu Apr 4 02:56:10 2002 the virus scanner said: /opt/mailscanner/var/incoming/g340ti715079/enano.exe Infection: W32/Hybris.worm.B I'm looking for a way to easyly remove the path to the file, so just appears as "file.ext" instead of /opt/mailscanner/var/incoming/XXXXXXX/file.ext Cheers, -- Marc Perea - System Administration Staff Mail: marc.perea@electronic-group.com Phone: (+34) 93 600 23 23 Fax: (+34) 93 600 23 10 ---------------- Electronic Group - http://www.electronic-group.com From Metod.Skufca at ADVANT.SI Thu Apr 4 10:43:59 2002 From: Metod.Skufca at ADVANT.SI (Metod =?ISO-8859-2?Q?=A9kufca?=) Date: Thu Jan 12 21:14:35 2006 Subject: Error sophosupdate Message-ID: You're a little behind updates. :-)) You should update master sophos update to version 356 and then run autoupdate. I belive that 353_ides.zip have been removed from sohos site beacuse it is outdated. by m. >>> Jeroen Wijdogen 4.4.2002 10:52:32 >>> Hello, a small question i installed on a server mailscanner and where running for several months oke. Last night the sophos.update script was running and gave this output, is there a quik way to repair this.? [root@firewall admin]# /var/opt/sophos/bin/autoupdate [353_ides.zip] End-of-central-directory signature not found. Either this file is not a zipfile, or it constitutes one disk of a multi-part archive. In the latter case the central directory and zipfile comment will be found on the last disk(s) of this archive. unzip: cannot find zipfile directory in one of 353_ides.zip or 353_ides.zip.zip, and cannot find 353_ides.zip.ZIP, period. Unzip failed with error return 9 , Bad file descriptor at /var/opt/sophos/bin/autoupdate line 82. [root@firewall admin]# Grt, Jeroen -- This message has been scanned for viruses and dangerous content by MailScanner on http://wijdogen.dhs.org and is believed to be clean. From Metod.Skufca at ADVANT.SI Thu Apr 4 10:49:04 2002 From: Metod.Skufca at ADVANT.SI (Metod =?ISO-8859-2?Q?=A9kufca?=) Date: Thu Jan 12 21:14:35 2006 Subject: [Fwd: mail delay and can't parse message] Message-ID: It could be something on your link to net or maybe name resolution. by m. >>> Peter Valian 3.4.2002 23:13:26 >>> Does anyone at all have a suggestion on this? thanks, -peter -------- Original Message -------- Subject: mail delay and can't parse message Date: Mon, 01 Apr 2002 09:49:32 -0600 From: Peter Valian Organization: Southwestern University To: MAILSCANNER@JISCMAIL.AC.UK CC: Peter Valian Hi all, Im having a heap of trouble with Mailscanner. For the most part it works fantastic. However, Im getting many calls from users claiming that some email is delayed by several hours. I have not personally witnessed this phenomenon but it's more than just a couple users making this claim...(they claim to receive mail as normal but then every now and again get a message timestamped before several emails they have already received. I don't know if the problem is with Mailscanner/Sendmail or with Qpopper (4.0.3). Also, several warnings a day get sent to postmaster about 'could not parse message xxx, e.g. Report: Could not parse message g313LlZ19901 I don't know if these messages just got dropped or went through or what. attached is my conf. One thing that's special to our set up is that the mail spools are NFS mounted...so perhaps some file locking issues? I would appreaciate any suggestions. TIA, Peter -- Peter Valian Network & Systems Administrator Southwestern University Georgetown, Texas -- -- Peter Valian Network & Systems Administrator Southwestern University Georgetown, Texas 512.863.1586 office 512.863.1605 fax -- From valianp at SOUTHWESTERN.EDU Thu Apr 4 17:22:42 2002 From: valianp at SOUTHWESTERN.EDU (Peter Valian) Date: Thu Jan 12 21:14:35 2006 Subject: [Fwd: mail delay and can't parse message] References: <3CAB7076.2010508@southwestern.edu> <20020403230005.GI22344@hoiho.nz.lemon-computing.com> Message-ID: <3CAC7DD2.6000806@southwestern.edu> What is your prefered MTA? Is there an MTA that is NFS-friendly? Nick Phillips wrote: > On Wed, Apr 03, 2002 at 03:13:26PM -0600, Peter Valian wrote: > > >>However, Im getting many calls from users claiming that some email is >>delayed by several hours. I have not personally witnessed this >>phenomenon but it's more than just a couple users making this >>claim...(they claim to receive mail as normal but then every now and >>again get a message timestamped before several emails they have already >>received. I don't know if the problem is with Mailscanner/Sendmail or >>with Qpopper (4.0.3). >> > > You need to have a look at the messages in question, and see where the > delay is actually occuring, if indeed it is (you often find that if the > sending system has its clock set wrong then it appears at first to have > been delayed, but when you look at the headers, you see that in fact there > has probably been no delay). > > >>Also, several warnings a day get sent to postmaster about 'could not >>parse message xxx, e.g. >> Report: Could not parse message g313LlZ19901 >> >>I don't know if these messages just got dropped or went through or what. >> > > Try it or check your logs; I can't remember off the top of my head what > the answer is... > > >>attached is my conf. One thing that's special to our set up is that the >>mail spools are NFS mounted...so perhaps some file locking issues? >> > > Since you appear to be running sendmail, it's probably a bad idea to run > with the spools NFS mounted, as so far as I am aware: > > 1) Sendmail uses flock(); > 2) flock() is not NFS-safe. > > I'm not too hot on the details of this though, as sendmail is not my preferred > MTA. > > > > Cheers, > > > Nick > > -- > Nick Phillips -- nwp@lemon-computing.com > Tomorrow, you can be anywhere. > -- Peter Valian Network & Systems Administrator Southwestern University Georgetown, Texas 512.863.1586 office 512.863.1605 fax -- From valianp at SOUTHWESTERN.EDU Thu Apr 4 21:55:34 2002 From: valianp at SOUTHWESTERN.EDU (Peter Valian) Date: Thu Jan 12 21:14:35 2006 Subject: [Fwd: mail delay and can't parse message] References: <3CAB7076.2010508@southwestern.edu> <20020403230005.GI22344@hoiho.nz.lemon-computing.com> Message-ID: <3CACBDC6.4090500@southwestern.edu> Here is an example message and log entries: here's the message to postmaster w/ full headers: The following e-mail messages were found to have viruses in them: Sender: Recipient: Subject: [Lockergnome Windows Daily] Whiter Inevitability MessageID: g34DtcD24786 Report: Could not parse message g34DtcD24786 Full headers are: Return-Path: Received: from lockergnome.com (sprocket.lockergnome.com [130.94.96.247]) by ralph2.southwestern.edu (8.11.6/8.11.6) with SMTP id g34DtcD24786 for ; Thu, 4 Apr 2002 07:55:38 -0600 X-Mailer: ListManager Web Interface Date: Thu, 4 Apr 2002 00:56:15 -0600 Subject: [Lockergnome Windows Daily] Whiter Inevitability To: williamd@southwestern.edu From: Lockergnome Windows Daily List-Unsubscribe: List-Subscribe: List-Owner: X-URL: X-List-Host: Lockergnome Reply-To: leave-lghtml-1892263N@sprocket.lockergnome.com Sender: bounce-lghtml-1892263@sprocket.lockergnome.com Message-Id: MIME-Version: 1.0 Content-Type: text/html; charset=us-ascii -- MailScanner Email Virus Scanner sendmail log: Apr 4 07:55:39 ralph2 sendmail[24786]: g34DtcD24786: from=, size=38467, class=0, nrcpts=1, msgid= as the return path...is this why they are unparseable? any help appreciated. thanks, -peter Nick Phillips wrote: > On Wed, Apr 03, 2002 at 03:13:26PM -0600, Peter Valian wrote: > > >>However, Im getting many calls from users claiming that some email is >>delayed by several hours. I have not personally witnessed this >>phenomenon but it's more than just a couple users making this >>claim...(they claim to receive mail as normal but then every now and >>again get a message timestamped before several emails they have already >>received. I don't know if the problem is with Mailscanner/Sendmail or >>with Qpopper (4.0.3). >> > > You need to have a look at the messages in question, and see where the > delay is actually occuring, if indeed it is (you often find that if the > sending system has its clock set wrong then it appears at first to have > been delayed, but when you look at the headers, you see that in fact there > has probably been no delay). > > >>Also, several warnings a day get sent to postmaster about 'could not >>parse message xxx, e.g. >> Report: Could not parse message g313LlZ19901 >> >>I don't know if these messages just got dropped or went through or what. >> > > Try it or check your logs; I can't remember off the top of my head what > the answer is... > > >>attached is my conf. One thing that's special to our set up is that the >>mail spools are NFS mounted...so perhaps some file locking issues? >> > > Since you appear to be running sendmail, it's probably a bad idea to run > with the spools NFS mounted, as so far as I am aware: > > 1) Sendmail uses flock(); > 2) flock() is not NFS-safe. > > I'm not too hot on the details of this though, as sendmail is not my preferred > MTA. > > > > Cheers, > > > Nick > > -- > Nick Phillips -- nwp@lemon-computing.com > Tomorrow, you can be anywhere. > -- Peter Valian Network & Systems Administrator Southwestern University Georgetown, Texas 512.863.1586 office 512.863.1605 fax -- -------------- next part -------------- Return-Path: Received: from lockergnome.com (sprocket.lockergnome.com [130.94.96.247]) by ralph2.southwestern.edu (8.11.6/8.11.6) with SMTP id g34DtcD24786 for ; Thu, 4 Apr 2002 07:55:38 -0600 X-Mailer: ListManager Web Interface Date: Thu, 4 Apr 2002 00:56:15 -0600 Subject: [Lockergnome Windows Daily] Whiter Inevitability To: williamd@southwestern.edu From: Lockergnome Windows Daily List-Unsubscribe: List-Subscribe: List-Owner: X-URL: X-List-Host: Lockergnome Reply-To: leave-lghtml-1892263N@sprocket.lockergnome.com Sender: bounce-lghtml-1892263@sprocket.lockergnome.com Message-Id: MIME-Version: 1.0 Content-Type: text/html; charset=us-ascii 20020404 Lockergnome Windows Daily
Lockergnome thenakedpcstore.com

  04.04.2002 GnomeREPORT

Even with offering seven different document formats for the price of one, we knew we'd run into a couple of platform incompatibilities. Y'all came to Jim's rescue rather quickly! Gail Reilly: "I use CSpotRun - the cool, and free DOC reader to read my GnomeTomes on my Visor. It's pretty basic, but it does the trick." Joe Darden: "I was up late last night, burning the midnight oil trying to figure out the same exact thing. I found a free utility / application that allows you to read any PDB file format on a palm OS device. It is called 'Read Them All' and can be downloaded here. It takes a while to get the hang of the navigation, but after tweaking the setting for scrolling, it is flying. Also, here is the link to the guy who wrote the software. Hope this helps all the Tomies." Devin Lussier: "Regarding the Palm Pilot system, I recommend Aportis Doc. It should be able to read that GnomeTome for you - it reads many text and portable text formats!" Ryan Harris: "I work for Palm so this might be of some use regarding the problem reading the GnomeTomes on a Visor. Did the writer try using the Palm Reader for the PalmOS? It's a free download from the Palm Web site." Tim Williams: "I have a Palm VIIx and had no problem reading the Win2K Tips .PDB file in the freeware ZDoc reader. He might also consider using something like MakeDocW or Syncplicity to load / convert the text formatted file."

Ric Fisher had further thoughts on the matter: "I have quite a suite of Palm-compatible document readers. For the record, your GnomeTomes PDB files are in the standard Palm DOC format. A Palm DOC has no relation to Microsoft Word's DOC file format. Palm DOC is a free-to-use document format that was invented to answer the need for a standard text-file document format on the Palm. There are many programs that can be used on the Palm platform to read these documents - like ISilo Free or Wor dSmith (my favorite editor / reader). Have you thought about a Palm-oriented newsletter (much like the Mac one you're starting)? I'd be happy to help out with one." Yeah, we've thought about it before - and I appreciate the offer for assistance. Stay tuned. I'm sure it's an inevitability with so many PDA owners out there. Oh yes, we've silently launched the Apple Core - even though a sample issue hasn't been compiled yet. Jake, Furo, and I will be working on it together. Which brings me to our question of the day.

From paul-w at BLUEYONDER.CO.UK Fri Apr 5 08:36:50 2002 From: paul-w at BLUEYONDER.CO.UK (Paul Welsh) Date: Thu Jan 12 21:14:35 2006 Subject: Spamassassin install instructions References: <0997a0419230442PCOW024M@blueyonder.co.uk> Message-ID: <006001c1dc74$a6197d90$6a0110ac@sbsplc.com> Does anyone have instructions for a newby such as myself on how to install SpamAssassin? From LISTSERV at JISCMAIL.AC.UK Fri Apr 5 06:14:38 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:35 2006 Subject: MAILSCANNER: david.pollard@MERIDIANINFO.COM requested to join Message-ID: <200204050514.GAA04212@magpie.ecs.soton.ac.uk> Fri, 5 Apr 2002 06:14:38 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from David Pollard You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER david.pollard@MERIDIANINFO.COM David Pollard PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER david.pollard@MERIDIANINFO.COM David Pollard // EOJ From evertjan at VANRAMSELAAR.NL Fri Apr 5 09:08:13 2002 From: evertjan at VANRAMSELAAR.NL (Evert Jan van Ramselaar) Date: Thu Jan 12 21:14:35 2006 Subject: Spamassassin install instructions In-Reply-To: <006001c1dc74$a6197d90$6a0110ac@sbsplc.com> Message-ID: <00a201c1dc79$086561e0$65020a0a@galaxy> > -----Original Message----- > From: Paul Welsh > Sent: Friday, April 05, 2002 9:37 AM > Does anyone have instructions for a newby such as myself on how to install > SpamAssassin? Did you consider reading the README? It's there step by step... http://spamassassin.taint.org/dist/README -- Evert Jan van Ramselaar Van Ramselaar Info Tech ___ This message has been scanned for viruses and other dangerous content by Van Ramselaar Info Tech and is believed to be clean. See http://www.vr-it.com/emailpolicy.php From LISTSERV at JISCMAIL.AC.UK Fri Apr 5 12:27:30 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:35 2006 Subject: MAILSCANNER: mdunder@GE.UCL.AC.UK requested to join Message-ID: <200204051127.MAA09603@magpie.ecs.soton.ac.uk> Fri, 5 Apr 2002 12:27:30 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Mike Dunderdale The following membership options have been requested: NOMIME DIGEST. You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER mdunder@GE.UCL.AC.UK Mike Dunderdale PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER mdunder@GE.UCL.AC.UK Mike Dunderdale SET MAILSCANNER NOMIME DIGEST FOR mdunder@GE.UCL.AC.UK // EOJ From paul-w at BLUEYONDER.CO.UK Sat Apr 6 09:02:56 2002 From: paul-w at BLUEYONDER.CO.UK (Paul Welsh) Date: Thu Jan 12 21:14:35 2006 Subject: Spamassassin install instructions References: <04ae42827230542PCOW028M@blueyonder.co.uk> Message-ID: <00b301c1dd41$8c9d0d00$64e030d5@espmail00053> ----- Original Message ----- > Date: Fri, 5 Apr 2002 10:08:13 +0200 > From: Evert Jan van Ramselaar > Subject: Re: Spamassassin install instructions > > > Does anyone have instructions for a newby such as myself on how to install > > SpamAssassin? > > Did you consider reading the README? It's there step by step... > http://spamassassin.taint.org/dist/README > Yes, naturally I read that. I should clarify and say that I have a Sun Cobalt Raq 3 server that needs to be up and working during working hours. I know that the RAQs differ in some ways from standard Linux installations, I also don't have the experience to get myself out of trouble if I run into difficulties during the install. From evertjan at VANRAMSELAAR.NL Sat Apr 6 09:25:01 2002 From: evertjan at VANRAMSELAAR.NL (Evert Jan van Ramselaar) Date: Thu Jan 12 21:14:35 2006 Subject: Spamassassin install instructions In-Reply-To: <00b301c1dd41$8c9d0d00$64e030d5@espmail00053> Message-ID: <016601c1dd44$8bb2f3c0$65020a0a@galaxy> > -----Original Message----- > From: Paul Welsh > Sent: Saturday, April 06, 2002 10:03 AM > Yes, naturally I read that. I should clarify and say that I have a Sun > Cobalt Raq 3 server that needs to be up and working during working > hours. I know that the RAQs differ in some ways from standard Linux > installations, I also don't have the experience to get myself out of > trouble if I run into difficulties during the install. Ah ok. Well maybe this can help you a bit: http://www.uk2raq.com/raqfaq/raqfaqshow.php?faq=96 -- Evert Jan van Ramselaar Van Ramselaar Info Tech ___ This message has been scanned for viruses and other dangerous content by Van Ramselaar Info Tech and is believed to be clean. See http://www.vr-it.com/emailpolicy.php From evertjan at VANRAMSELAAR.NL Sat Apr 6 09:27:40 2002 From: evertjan at VANRAMSELAAR.NL (Evert Jan van Ramselaar) Date: Thu Jan 12 21:14:35 2006 Subject: Spamassassin install instructions In-Reply-To: <00b301c1dd41$8c9d0d00$64e030d5@espmail00053> Message-ID: <016701c1dd44$eab6fce0$65020a0a@galaxy> Erm... can I un-send my previous message? ;o) Sorry, when pressing Send I realised you were asking about Spamassassing install and not MailScanner install... For SA questions I guess you'd better join their list: http://spamassassin.taint.org/lists.html -- Evert Jan van Ramselaar Van Ramselaar Info Tech ___ This message has been scanned for viruses and other dangerous content by Van Ramselaar Info Tech and is believed to be clean. See http://www.vr-it.com/emailpolicy.php From doko at CS.TU-BERLIN.DE Sat Apr 6 19:49:25 2002 From: doko at CS.TU-BERLIN.DE (Matthias Klose) Date: Thu Jan 12 21:14:35 2006 Subject: ms-3.13.2 & exim: forwarded bug report Message-ID: <15535.17205.211574.241017@gargle.gargle.HOWL> [ Please CC 141331@bugs.debian.org on replies; the full report can be read at http://bugs.debian.org/mailscanner as well. ] -------------- next part -------------- An embedded message was scrubbed... From: gmulas@ca.astro.it Subject: Bug#141331: mailscanner: mailscanner does not restart if it had stopped while processing a message Date: Fri, 05 Apr 2002 15:14:54 +0200 Size: 9339 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020406/cc009d0a/attachment.mht From nwp at LEMON-COMPUTING.COM Sat Apr 6 21:42:19 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:35 2006 Subject: ms-3.13.2 & exim: forwarded bug report In-Reply-To: <15535.17205.211574.241017@gargle.gargle.HOWL> References: <15535.17205.211574.241017@gargle.gargle.HOWL> Message-ID: <20020406204219.GB14217@hoiho.nz.lemon-computing.com> On Sat, Apr 06, 2002 at 08:49:25PM +0200, Matthias Klose wrote: > After a somewhat long while without receiving emails, I became suspicious > and checked, finding a huge queue of unprocessed emails and no mailscanner > running. When I manually tried to restart it, it aborted with the message: > > Insecure dependency in unlink while running with -T switch at > /usr/share/mailscanner/sendmail.pl line 438 Thanks; I'll have a look now. > I tagged this important because it is unacceptable for the email system to > get stuck silently: if the underlying bug cannot be simply and quicly fixed, > at least arrange things so that mailscanner will complain loud and clear > that it could not be (re)started to postmaster, and do it straight on the > outgoing mail queue, of course, to avoid the message itself being trapped. Was there nothing logged to syslog at the time? Cheers, Nick -- Nick Phillips -- nwp@lemon-computing.com Don't plan any hasty moves. You'll be evicted soon anyway. From paul-w at BLUEYONDER.CO.UK Sat Apr 6 22:12:44 2002 From: paul-w at BLUEYONDER.CO.UK (Paul Welsh) Date: Thu Jan 12 21:14:35 2006 Subject: Spamassassin install instructions Message-ID: <002f01c1ddb0$00d7a680$75e130d5@espmail00053> ----- Original Message ----- From: "Paul Welsh" To: "MailScanner mailing list" Sent: 06 April 2002 09:02 Subject: Re: Spamassassin install instructions > > > > Did you consider reading the README? It's there step by step... > > http://spamassassin.taint.org/dist/README > > > > Yes, naturally I read that. I should clarify and say that I have a Sun > Cobalt Raq 3 server that needs to be up and working during working > hours. I know that the RAQs differ in some ways from standard Linux > installations, I also don't have the experience to get myself out of > trouble if I run into difficulties during the install. To answer my own question, I did manage to install SpamAssassin from the README file. From paul-w at BLUEYONDER.CO.UK Sat Apr 6 22:35:08 2002 From: paul-w at BLUEYONDER.CO.UK (Paul Welsh) Date: Thu Jan 12 21:14:35 2006 Subject: Turn off Mailscanner ordb.org check with SpamAssassin? Message-ID: <005801c1ddb2$f24f8760$75e130d5@espmail00053> I have today installed SpamAssassin. I also installed Net::DNS (from CPAN) as per the recommendaton at http://spamassassin.taint.org/dist/README. This, apparently, helps checking the open relay databases, eg, ordb.org. SpamAssassin checks against relays.ordb.org so it seems a waste of resources leaving on the default option to check against ordb.org in mailscanner.conf. Does anyone think it's necessary to keep Mailscanner's ordb.org check if SpamAssassin is used? From brose at MED.WAYNE.EDU Sat Apr 6 23:15:29 2002 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:14:35 2006 Subject: Turn off Mailscanner ordb.org check with SpamAssassin? Message-ID: I disabled ordb in both SA and Mailscanner since I have Sendmail checking ordb and rejecting open-relays. -----Original Message----- From: Paul Welsh [mailto:paul-w@BLUEYONDER.CO.UK] Sent: Saturday, April 06, 2002 4:35 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Turn off Mailscanner ordb.org check with SpamAssassin? I have today installed SpamAssassin. I also installed Net::DNS (from CPAN) as per the recommendaton at http://spamassassin.taint.org/dist/README. This, apparently, helps checking the open relay databases, eg, ordb.org. SpamAssassin checks against relays.ordb.org so it seems a waste of resources leaving on the default option to check against ordb.org in mailscanner.conf. Does anyone think it's necessary to keep Mailscanner's ordb.org check if SpamAssassin is used? From mike at ZANKER.ORG Sat Apr 6 23:47:34 2002 From: mike at ZANKER.ORG (Mike Zanker) Date: Thu Jan 12 21:14:35 2006 Subject: Turn off Mailscanner ordb.org check with SpamAssassin? In-Reply-To: References: Message-ID: <109397635.1018136854@jemima.zanker.org> On 06 April 2002 17:15 -0500 "Rose, Bobby" wrote: > I disabled ordb in both SA and Mailscanner since I have Sendmail > checking ordb and rejecting open-relays. The only problem with this is that sendmail only checks the IP address of the connecting MTA so if the spam gets sent via one of your lower-priority MX hosts there's not much you can do about it. I used to let sendmail handle it but now let SpamAssassin do the checking exclusively. Mike -- Mike Zanker Northampton, UK PGP Public Key: pgp@zanker.org From LISTSERV at JISCMAIL.AC.UK Sun Apr 7 20:29:24 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:35 2006 Subject: MAILSCANNER: wolfgang.lumpp@GMX.NET requested to join Message-ID: <200204071929.UAA07519@magpie.ecs.soton.ac.uk> Sun, 7 Apr 2002 20:29:24 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Wolfgang Lumpp You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER wolfgang.lumpp@GMX.NET Wolfgang Lumpp PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER wolfgang.lumpp@GMX.NET Wolfgang Lumpp // EOJ From LISTSERV at JISCMAIL.AC.UK Mon Apr 8 04:55:27 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:36 2006 Subject: MAILSCANNER: sarabjeet@BHARTITELESOFT.COM requested to join Message-ID: <200204080355.EAA20679@magpie.ecs.soton.ac.uk> Mon, 8 Apr 2002 04:55:27 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Sarabjeet Singh You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER sarabjeet@BHARTITELESOFT.COM Sarabjeet Singh PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER sarabjeet@BHARTITELESOFT.COM Sarabjeet Singh // EOJ From jkf at ecs.soton.ac.uk Mon Apr 8 12:27:04 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:36 2006 Subject: Spamassassin and compile_now() In-Reply-To: Message-ID: <5.1.0.14.2.20020408122622.03491e58@imap.ecs.soton.ac.uk> At 03:26 29/03/2002, you wrote:

Julian, do you know if this guy is still broken?  I'm just wondering if that would speed things up when spam checking?  I take that if it's not used then the SA rules are read in every time correct?  I'm not positive but I think this is the case since I know I've updated my local.cf for SA and Mailscanner picked up the changes without a restart.

I haven't checked it with the latest SA version. I raised it in the SA list at some point and never got a decent response, so assumed it was still broken.
--
Julian Field                Teaching Systems Manager
jkf@ecs.soton.ac.uk         Dept. of Electronics & Computer Science
Tel. 023 8059 2817          University of Southampton
                            Southampton SO17 1BJ From jkf at ecs.soton.ac.uk Mon Apr 8 12:17:00 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:36 2006 Subject: FEATURE(dnsbl...... in sendmail In-Reply-To: <96055210.1017155177@mallard.open.ac.uk> References: <200203261444.g2QEijT03900@lewis.abi.tconline.net> <200203261444.g2QEijT03900@lewis.abi.tconline.net> Message-ID: <5.1.0.14.2.20020408121629.034dc170@imap.ecs.soton.ac.uk> At 16:06 26/03/2002, you wrote: >On 26 March 2002 08:44 -0600 Lewis Bergman >wrote: > >>I have had a few blacklist entries in my sendmail.mc which I generate >>my cf file with. Now that those entries are in MailScanner should I >>remove those? > >That depends whether you want to simply tag the mail as spam or reject >the remote mail server at the point of delivery. Use MailScanner for >the former and sendmail.mc for the latter. > >Incidentally, I find that spammers are injecting via my secondary MX >host more and more which means the sendmail method fails. However, it >should still be tagged by MailScanner. But hopefully your primary and secondary MX hosts have the same configuration! -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jkf at ecs.soton.ac.uk Mon Apr 8 12:15:51 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:36 2006 Subject: Useful Feature? In-Reply-To: Message-ID: <5.1.0.14.2.20020408121447.034dc030@imap.ecs.soton.ac.uk> At 13:39 26/03/2002, you wrote: >Would be very useful to be able to configure/turn on/turn off features on >a domain by domain basis. Per-domain control of lots of configuration options is something that is definitely on my list, when I have time. Unfortunately I am really busy on other work projects at the moment, so the time I have for implementing new features is rather limited :-( >e.g. > >abc.bristol.sch.uk want .exe attachments but no one else does > >xyz.org.uk have their own local tech support so I want VirusWarning.txt >and the body signature to give a message advising to contact local tech >support. > >Does anyone else think this would be useful? > >Has anyone written any patches to achieve this? my perl knowledge is not >at a level where I would feel confident doing this myself. > >The Scan/Skip Ruleset feature mentioned in the "Plans for the Next >Version" would be useful as well. > >Paul Houselander >Network & Intranet Support Officer >Bristol City Council -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From david.pollard at MERIDIANINFO.COM Mon Apr 8 04:06:44 2002 From: david.pollard at MERIDIANINFO.COM (David Pollard) Date: Thu Jan 12 21:14:36 2006 Subject: Can't Install Mail Scanner, Message-ID: Can't Install Mail Scanner,

Hi There,

Im trying to install Mailscanner on my Redhat Linux 7.1 machine.

I have downloaded the .rpm file a couple of times and get the same result.

Logged on to the consol as root if I choose the install option I get the following error message.

db3 error(-30989) from dbcursor -> c_get: DB_RUNRECOVERY: Fatal error, run database recovery.

It comes up twice with the only option being OK

If I press ok it tells me that there were problems and would I like to ignore them.  If I do then the program doesnt work.

Some of the files are installed but some are missing. (sophoswrapper for one)

Any ideas what I can do to fix this problem.

David.

PS I tried to search the list archive but I could not connect to it.

From valianp at SOUTHWESTERN.EDU Mon Apr 1 16:49:32 2002 From: valianp at SOUTHWESTERN.EDU (Peter Valian) Date: Thu Jan 12 21:14:36 2006 Subject: mail delay and can't parse message Message-ID: <3CA8818C.6060207@southwestern.edu> Hi all, Im having a heap of trouble with Mailscanner. For the most part it works fantastic. However, Im getting many calls from users claiming that some email is delayed by several hours. I have not personally witnessed this phenomenon but it's more than just a couple users making this claim...(they claim to receive mail as normal but then every now and again get a message timestamped before several emails they have already received. I don't know if the problem is with Mailscanner/Sendmail or with Qpopper (4.0.3). Also, several warnings a day get sent to postmaster about 'could not parse message xxx, e.g. Report: Could not parse message g313LlZ19901 I don't know if these messages just got dropped or went through or what. attached is my conf. One thing that's special to our set up is that the mail spools are NFS mounted...so perhaps some file locking issues? I would appreaciate any suggestions. TIA, Peter -- Peter Valian Network & Systems Administrator Southwestern University Georgetown, Texas -- # Configuration file for MailScanner E-Mail Virus Scanner # This file assumes everything is in the default locations provided # by the MailScanner and RedHat 6.2 and upwards. # User to run as (provided for Exim users) #Run As User = mail # Group to run as (provided for Exim users) #Run As Group = mail # In every batch of virus-scanning, limit the maximum # a) number of text-only messages to deliver # b) number of potentially infected messages to unpack and scan # c) total size of text-only messages to deliver # d) total size of potentially infected messages to unpack and scan Max Safe Messages Per Scan = 500 Max Unsafe Messages Per Scan = 100 Max Safe Bytes Per Scan = 100000000 Max Unsafe Bytes Per Scan = 50000000 # To avoid resource leaks, re-start periodically. Restart Every = 14400 # 4 hours # Name of this host, or just "the MailScanner" if you want to hide this info. # It can be placed in the Help Desk note contained in virus warnings sent to users. Host name = the MailScanner # Add this extra header to all mail as it is scanned. # (this must *include* terminating colon). Mail Header = X-MailScanner: # Set the mail header to these values for clean/infected messages. Clean Header = Found to be clean Infected Header = Found to be infected Disinfected Header = Disinfected # Set where to unpack incoming messages before scanning them Incoming Work Dir = /var/spool/MailScanner/incoming # Set where to store infected message attachments (if they are kept) Quarantine Dir = /var/spool/MailScanner/quarantine # Set where to store the process id so you can easily stop the scanner Pid File = /usr/local/MailScanner/var/virus.pid # Set where to find the attachment filename ruleset. # The structure of this file is explained elsewhere, but it is used to # accept or reject file attachments based on their name, regardless of # whether they are infected or not. Filename Rules = /usr/local/MailScanner/etc/filename.rules.conf # Set where to find the message text sent to users when one of their # attachments has been quarantined. Stored Virus Message Report = /usr/local/MailScanner/etc/stored.virus.message.txt Stored Bad Filename Message Report = /usr/local/MailScanner/etc/stored.filename.message.txt # Set where to find the message text sent to users when one of their # attachments has been deleted. Deleted Virus Message Report = /usr/local/MailScanner/etc/deleted.virus.message.txt Deleted Bad Filename Message Report = /usr/local/MailScanner/etc/deleted.filename.message.txt # Set where to find the message text sent to users explaining about the # attached disinfected documents. Disinfected Report = /usr/local/MailScanner/etc/disinfected.report.txt # Set location of incoming mail queue # and location of outgoing mail queue. Incoming Queue Dir = /var/spool/MailScanner/mqueue.in Outgoing Queue Dir = /var/spool/MailScanner/mqueue # Set whether to use sendmail or exim (default is sendmail) MTA = sendmail # Set how to invoke MTA when sending created message # (e.g. to sender/recipient saying "found a virus in your message") Sendmail = /usr/sbin/sendmail # Sendmail2 is provided for Exim users. # It defaults to the value supplied for Sendmail. # It is the command used to attempt delivery of outgoing # (scanned/cleaned) messages. # This is not usually required for sendmail. #Sendmail2 = /usr/sbin/exim -C /etc/exim_send.conf # Do you want to scan email for viruses? # A few people have wanted to disable the entire virus scanning. Virus Scanning = yes # Which Virus Scanning package to use: # sophos from www.sophos.com, or # mcafee from www.mcafee.com, or # command from www.command.co.uk, or # kaspersky from www.kaspersky.com, or # inoculate from www.cai.com/products/inoculateit.htm, or # f-secure from www.f-secure.com, or # f-prot from www.f-prot.com (which is *free* for Linux as of 1/1/2002) # # Note: If you want to use multiple virus scanners, then this should be a # comma-separated list of virus scanners. For example: # Virus Scanner = sophos, f-prot # Virus Scanner = mcafee # Where the Virus scanner is installed. This is the command needed to run it. # # Note: If you want to use multiple virus scanners, then this should be a # comma-separated list of commands, **in the same order** as they are listed # in the "Virus Scanner" keyword just above. For example: # Sweep = /usr/local/Sophos/bin/sophoswrapper, /usr/local/f-prot/f-protwrapper # Sweep = /usr/local/mcafee/mcafeewrapper # The maximum length of time the commercial virus scanner is allowed to run # for 1 batch of messages (in seconds). Virus Scanner Timeout = 300 # Expand TNEF attachments using an external program? # This should be "yes" except for Sophos (when it should be "no") # as Sophos has the facility built-in. Expand TNEF = yes # Where the MS-TNEF expander is installed. # The new --maxsize option limits the maximum size that any expanded attachment # may be. It helps protect against Denial Of Service attacks in TNEF files. TNEF Expander = /usr/local/MailScanner/bin/tnef --maxsize=100000000 # The maximum length of time the TNEF Expander is allowed to run for 1 message. # (in seconds) TNEF Timeout = 120 # What should the attachments be called that replace virus-infected files? Attachment Warning Filename = VirusWarning.txt # Should we scan all messages, including plain-text messages which are normally # harmless? This should be "yes" since the MyParty message appeared. Scan All Messages = yes # Once we have removed viruses from an email message and replaced them with # VirusWarning.txt attachments, should we deliver the clean result to the # original recipients (or just delete them if "no")? Deliver To Recipients = yes # Deliver messages with viruses removed to their original recipients # if they came from a local address, or just delete them so no-one knows # we have a virus outbreak on our site? Deliver From Local Domains = yes # Notify the senders of infected messages that they should check out # their systems? Notify Senders = yes # Set where to find the message text sent to the senders of infected # messages. #Sender Report = /usr/local/MailScanner/etc/sender.report.txt Sender Virus Report = /usr/local/MailScanner/etc/sender.virus.report.txt Sender Bad Filename Report = /usr/local/MailScanner/etc/sender.filename.report.txt Sender Error Report = /usr/local/MailScanner/etc/sender.error.report.txt # Notify the local postmaster when any infections are found? Notify Local Postmaster = yes # Include the full headers of each message in the postmaster notification? Postmaster Gets Full Headers = yes # Set email address of who to notify about any infections found. # Should put your full domain name here too, # e.g. postmaster@your.domain.com Local Postmaster = virusalert@southwestern.edu # Set what to do with infected attachments or messages. # keep ==> Store under the "Quarantine Dir" # delete ==> Just delete them #Action = delete Action = keep # Should I attempt to disinfect infected attachments and then deliver # the clean ones Deliver Disinfected Files = yes # Local domain name, or filename containing a list of local domain names # The file supports blank entries, '#' and ';' comment characters and # uses the first word off each line. This should be compatible with all # such lines in a sendmail or Exim configuration file. #Local Domains = /usr/local/MailScanner/etc/localdomains.conf Local Domains = southwestern.edu # Mark infected messages in the message body. # There can now be more than 1 of these configuration lines here, so you can # break the warning message over multiple lines. Mark Infected Messages = yes Inline Text Warning = Warning: This message has had one or more attachments removed. Inline Text Warning = Warning: Please read the "VirusWarning.txt" attachment(s) for more information. Inline HTML Warning =

Warning: This message has had one or more attachments removed. Please read the "VirusWarning.txt" attachment(s) for more information.

# Sign clean messages in the message body. # There can be more than 1 of these configuration lines here, so you can # break the signature message over multiple lines. # Note that enabling this option will add to the overall system load as some # major optimisations will no longer be possible! Sign Clean Messages = no Inline Text Signature = -- Inline Text Signature = This message has been scanned for viruses and Inline Text Signature = dangerous content by MailScanner, and is Inline Text Signature = believed to be clean. Inline HTML Signature =
-- Inline HTML Signature =
This message has been scanned for viruses and Inline HTML Signature =
dangerous content by Inline HTML Signature = MailScanner, Inline HTML Signature = and is
believed to be clean. # # Spam Detection # # Should the anti-spam checks be done on all incoming messages? Spam Checks = no # Set the name of the extra header to add to all messages found to be # likely spam. Spam Header = X-MailScanner-SpamCheck: # Do you want to put some text on the front of the subject line when # we think it is spam? Spam Modify Subject = yes # What text do we want to put on the front (gets followed by a " ") Spam Subject Text = {SPAM?} # Do we have the SpamAssassin package installed? # This is a very good, very clever heuristics-based spam checker. # For more info and installation instructions, see http://spamassassin.taint.org/ Use SpamAssassin = no # Set the maximum size of message which we will check with SpamAssassin # Don't set this too large as your system load will get very high processing # huge messages. Max SpamAssassin Size = 100000 # Set the maximum time to allow SpamAssassin to process 1 message SpamAssassin Timeout = 10 # Set the list of database names and their corresponding DNS domains. # All of these databases work in a similar way, allowing the simple use # of multiple databases. # See www.ordb.org and www.mail-abuse.org for more information. Spam List = ORDB-RBL, relays.ordb.org. # MAPS now charge for their services, so you'll have to buy a contract before # attempting to use the next 3 lines. #Spam List = MAPS-RBL, blackholes.mail-abuse.org. #Spam List = MAPS-DUL, dialups.mail-abuse.org. #Spam List = MAPS-RSS, relays.mail-abuse.org. # This next line works for JANET UK Academic sites only #Spam List = MAPS-RBL+, rbl-plus.mail-abuse.ja.net. # Define local networks from whom you should always accept mail, and # never mark it as spam. This is useful in case your own mail servers # are ever in the ORBS or MAPS lists. #Accept Spam From = 152.78. #Accept Spam From = 139.166. Accept Spam From = 161.13. # Define a list of email addresses and email domains from whom you should # always accept mail, and never mark it as spam. This is useful in case # someone you correspond with a lot has their mail servers in the ORBS or # MAPS lists. Spam White List = /usr/local/MailScanner/etc/spam.whitelist.conf # # Advanced Features # ================= # # Don't bother changing anything below this unless you really know what # you are doing. # # Set Debug to 1 to stop it running as a daemon # and produce more verbose output Debug = 0 # Attempt immediate delivery of messages, or just place them in the outgoing # queue for the MTA to deliver at a time of its own choosing? # If attempting immediate delivery, do them one at a time, # or do them in batches of 30 at a time? Delivery Method = queue # Delivery Method = individual #Delivery Method = batch # How to lock spool files. # Don't set this unless you *know* you need to. # For sendmail, it defaults to "flock". # For Exim, it defaults to "posix". # No other type is implemented. #Lock Type = flock # Where to put the virus scanning engine lock files. # These lock files are used between MailScanner and the virus signature # "autoupdate" scripts, to ensure that they aren't both working at the # same time (which could cause MailScanner to let a virus through). Lock File Dir = /tmp # What to do when you get several MailScanner headers in one message, # from multiple MailScanner servers. Values are # "append" : Append the new data to the existing header # "add" : Add a new header # "replace" : Replace the old data with the new data # Default is "append" Multiple Headers = append # Some versions of Microsoft Outlook generate unparsable Rich Text # format attachments. Do we want to deliver these bad attachments anyway? # Setting this to yes introduces the slight risk of a virus getting through, # but if you have a lot of troubled Outlook users you might need to do this. # We are working on a replacement for the TNEF decoder. Deliver Unparsable TNEF = yes # When attempting delivery of outgoing messages, should we do it in the # background or wait for it to complete? The danger of doing it in the # background is that the machine load goes ever upwards while all the # slow sendmail processes run to completion. However, running it in the # foreground may cause the mail server to run too slowly. Deliver In Background = no # Minimum acceptable code stability status -- if we come across code # that's not at least as stable as this, we barf. # This is currently only used to check that you don't end up using untested # virus scanner support code without realising it. # Levels used are: # none - there may not even be any code. # unsupported - code may be completely untested, a contributed dirty hack, # anything, really. # alpha - code is pretty well untested. Don't assume it will work. # beta - code is tested a bit. It should work. # supported - code *should* be reliable. # # Don't even *think* about setting this to anything other than "beta" or # "supported" on a system that receives real mail until you have tested it # yourself and are happy that it is all working as you expect it to. # Don't set it to anything other than "supported" on a system that could # ever receive important mail. Minimum Code Status = supported From brose at MED.WAYNE.EDU Mon Apr 1 01:27:23 2002 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:14:36 2006 Subject: No SpamAssassin report with MailScanner? Message-ID: Nope as stated it just saves the message with an SA rewrite in a dir. I think it will take more work to get the current Mailscanner to return the rewritten body and replace the original message body. Right now all the main routine does it send the contents to sendmail.pl, run SA against it, and return an additional header tag which is appended to the header before mailscanner reassembles the message for delviery. -----Original Message----- From: Kelly Hamlin [mailto:fizz@BOMB.NET] Sent: Friday, March 29, 2002 7:59 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: No SpamAssassin report with MailScanner? Would this make it so it includes the spamassassin report in the header when using mailscanner on a email gateway useing sendmail? ----- Original Message ----- From: "Rose, Bobby" To: Sent: Friday, March 29, 2002 4:53 PM Subject: Re: No SpamAssassin report with MailScanner? I added some code to the sendmail.pl that will call SA to rewrite the message with a report and dump that into a directory. I haven't spent any time to see about returning rewrite back since I think that may be more difficult. Here's the diffs. 289c289,290 < $SAResult = SAForkAndTest($SAspamtest, $spammail); --- > #Bobby added $mID > $SAResult = SAForkAndTest($SAspamtest, $spammail, $mID); 299c300,301 < my($Test, $Mail) = @_; --- > #Bobby added $mID > my($Test, $Mail, $mID) = @_; 312a315,327 > #Bobby's added code > my $SAScore = $spamness->get_hits(); > my $SAReqHits = $spamness->get_required_hits(); > Log::InfoLog("SpamAssassin score $SAScore of $SAReqHits"); > if ($SAScore >= $SAReqHits) { > #$spamness->report_as_spam ($Mail); > $spamness->rewrite_mail (); > my $SARewrite = $spamness->get_full_message_as_text(); > local(*DOUT); > open(DOUT, ">>/var/spam/queue/spr$mID") or Log::DieLog("Failed to create copy of spam message spr$mID"); > print DOUT $SARewrite; > close DOUT; > } -----Original Message----- From: Dan Kubilos [mailto:dan@OXNARDSD.ORG] Sent: Friday, March 29, 2002 4:40 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: No SpamAssassin report with MailScanner? Thanks Richard. I was looking for this. But . . . why the -P option > > :0fw > > | spamassassin -P > > As I mentioned before if your setup is typical then if you don't want -P The -P parameter will cause it to pipe the output to STDOUT instead. Why do you want it in standard out instead of the mail spool? Thanks -- Dan Kubilos __\o_ ^ K-8 Tech Coord http://www.oxnardsd.org From jkf at ecs.soton.ac.uk Mon Apr 8 12:30:09 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:36 2006 Subject: [Fwd: mail delay and can't parse message] In-Reply-To: <20020403230005.GI22344@hoiho.nz.lemon-computing.com> References: <3CAB7076.2010508@southwestern.edu> <3CAB7076.2010508@southwestern.edu> Message-ID: <5.1.0.14.2.20020408122830.03542e90@imap.ecs.soton.ac.uk> At 00:00 04/04/2002, you wrote: >On Wed, Apr 03, 2002 at 03:13:26PM -0600, Peter Valian wrote: > > > However, Im getting many calls from users claiming that some email is > > delayed by several hours. I have not personally witnessed this > > phenomenon but it's more than just a couple users making this > > claim...(they claim to receive mail as normal but then every now and > > again get a message timestamped before several emails they have already > > received. I don't know if the problem is with Mailscanner/Sendmail or > > with Qpopper (4.0.3). > >You need to have a look at the messages in question, and see where the >delay is actually occuring, if indeed it is (you often find that if the >sending system has its clock set wrong then it appears at first to have >been delayed, but when you look at the headers, you see that in fact there >has probably been no delay). > > > Also, several warnings a day get sent to postmaster about 'could not > > parse message xxx, e.g. > > Report: Could not parse message g313LlZ19901 > > > > I don't know if these messages just got dropped or went through or what. > >Try it or check your logs; I can't remember off the top of my head what >the answer is... There is an option in mailscanner.conf to deliver unparsable TNEF messages or not. > > attached is my conf. One thing that's special to our set up is that the > > mail spools are NFS mounted...so perhaps some file locking issues? > >Since you appear to be running sendmail, it's probably a bad idea to run >with the spools NFS mounted, as so far as I am aware: > >1) Sendmail uses flock(); >2) flock() is not NFS-safe. > >I'm not too hot on the details of this though, as sendmail is not my preferred >MTA. If using sendmail, you *really* shouldn't NFS-mount your mail spool. As Nick pointed out, sendmail uses a locking strategy that is incompatible with NFS. You are effectively running sendmail with no file locking at all, which is a very bad thing. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jkf at ecs.soton.ac.uk Mon Apr 8 12:34:51 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:36 2006 Subject: Error sophosupdate In-Reply-To: Message-ID: <5.1.0.14.2.20020408123408.03527918@imap.ecs.soton.ac.uk> Sophos maintain the zip files for the most recent 3 versions. So if 3.56 is out, the oldest one they support is 3.54. You have to update Sophos once every 3 months. At 10:43 04/04/2002, you wrote: >You're a little behind updates. :-)) >You should update master sophos update to version 356 and then run autoupdate. >I belive that 353_ides.zip have been removed from sohos site beacuse it is >outdated. > >by > m. > > > >>> Jeroen Wijdogen 4.4.2002 10:52:32 >>> >Hello, > >a small question i installed on a server mailscanner and where running for >several months oke. Last night the sophos.update script was running and gave >this output, is there a quik way to repair this.? > >[root@firewall admin]# /var/opt/sophos/bin/autoupdate >[353_ides.zip] > End-of-central-directory signature not found. Either this file is not > a zipfile, or it constitutes one disk of a multi-part archive. In the > latter case the central directory and zipfile comment will be found on > the last disk(s) of this archive. >unzip: cannot find zipfile directory in one of 353_ides.zip or > 353_ides.zip.zip, and cannot find 353_ides.zip.ZIP, period. >Unzip failed with error return 9 >, Bad file descriptor at /var/opt/sophos/bin/autoupdate line 82. >[root@firewall admin]# > > >Grt, > >Jeroen > > >-- >This message has been scanned for viruses and >dangerous content by MailScanner on http://wijdogen.dhs.org >and is believed to be clean. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jkf at ecs.soton.ac.uk Mon Apr 8 12:31:56 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:36 2006 Subject: Blocking Double Extensions Except For . . . In-Reply-To: <3CAB7D6A.4010708@YTN.CO.NZ> References: <001e01c1db58$ae57f710$3364a8c0@xxxx.xxx> Message-ID: <5.1.0.14.2.20020408123050.034a8578@imap.ecs.soton.ac.uk> At 23:08 03/04/2002, you wrote: >Funk Gabor wrote: >>>>I want to block most double extensions. However if the file is >>>>whatever.vbs.pdf I don't want it to be blocked. So I want to have a >>>>list of extensions that I know are safe (txt, pdf, jpg, etc) and allow >>>>those through even if it is a double extensions (ie document.0302.pdf). >>>> >>>>I put an allow line for txt's at the top of my filename file but it's >>>>still being blocked. >> >>Count me too. >>(I also had to disable it because of "my_curric.vit.pdf" and alike...) >> >>G. > >I have no problems in getting the pdf double ext working. We needed if >for faxes. > >Did notice thou, it will not work if you use tab as a space at the >beginning of the line. Use space. The format of each line of the file is 4 fields, each of which are ***tab-separated*** as mentioned at the top of the filename.rules.conf file. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jkf at ecs.soton.ac.uk Mon Apr 8 12:32:44 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:36 2006 Subject: Blocking Double Extensions Except For . . . In-Reply-To: <7E2D2700ADE29542BAFC135552997E6C415D@mail.foundation.sdsu. edu> Message-ID: <5.1.0.14.2.20020408123228.0353b760@imap.ecs.soton.ac.uk> At 23:32 03/04/2002, you wrote: >Never mind everybody. I got it to work. After I originally added the >allow for .txt's I didn't save the file, I closed VI without saving. Oops... :-) -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From LISTSERV at JISCMAIL.AC.UK Mon Apr 8 13:25:20 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:36 2006 Subject: MAILSCANNER: sarabjeet@BHARTITELESOFT.COM left the JISCmail list Message-ID: <200204081225.NAA08461@magpie.ecs.soton.ac.uk> Mon, 8 Apr 2002 13:25:20 sarabjeet@BHARTITELESOFT.COM has just left the MAILSCANNER JISCmail list (MailScanner mailing list). From jkf at ecs.soton.ac.uk Mon Apr 8 15:11:08 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:36 2006 Subject: Can't Install Mail Scanner, In-Reply-To: Message-ID: <5.1.0.14.2.20020408151046.02c0fbc0@imap.ecs.soton.ac.uk> At 04:06 08/04/2002, you wrote: >Hi There, >I m trying to install Mailscanner on my Redhat Linux 7.1 machine. >I have downloaded the .rpm file a couple of times and get the same result. >Logged on to the consol as root if I choose the install option I get the >following error message. >db3 error(-30989) from dbcursor -> c_get: DB_RUNRECOVERY: Fatal error, run >database recovery. >It comes up twice with the only option being OK >If I press ok it tells me that there were problems and would I like to >ignore them. If I do then the program doesn t work. >Some of the files are installed but some are missing. (sophoswrapper for one) >Any ideas what I can do to fix this problem. >David. >PS I tried to search the list archive but I could not connect to it. If you are getting db3 errors, then something is broken in your RPM database on your system. Read "man rpm" and look for the option to recover the database. Also, try downloading the MailScanner RPM again, just in case it got corrupted on its way to you (very unlikely but it could happen). No-one else has reported any problems with the latest RPMs, so it must be a problem specific to your system. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From LISTSERV at JISCMAIL.AC.UK Mon Apr 8 16:37:05 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:36 2006 Subject: MAILSCANNER: klon@NYBRO.DK requested to join Message-ID: <200204081537.QAA29306@magpie.ecs.soton.ac.uk> Mon, 8 Apr 2002 16:37:04 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Thomas Hanson You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER klon@NYBRO.DK Thomas Hanson PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER klon@NYBRO.DK Thomas Hanson // EOJ From mike at ZANKER.ORG Mon Apr 8 17:14:12 2002 From: mike at ZANKER.ORG (Mike Zanker) Date: Thu Jan 12 21:14:36 2006 Subject: FEATURE(dnsbl...... in sendmail In-Reply-To: <5.1.0.14.2.20020408121629.034dc170@imap.ecs.soton.ac.uk> References: <5.1.0.14.2.20020408121629.034dc170@imap.ecs.soton.ac.uk> Message-ID: <258608249.1018286052@jemima.zanker.org> On 08 April 2002 12:17 +0100 Julian Field wrote: > But hopefully your primary and secondary MX hosts have the same > configuration! No, I don't have any control over the secondary - it's simply a relay. Mike -- Mike Zanker Northampton, UK PGP Public Key: pgp@zanker.org From jkf at ecs.soton.ac.uk Mon Apr 8 17:50:46 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:36 2006 Subject: FEATURE(dnsbl...... in sendmail In-Reply-To: <258608249.1018286052@jemima.zanker.org> References: <5.1.0.14.2.20020408121629.034dc170@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020408121629.034dc170@imap.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020408174512.00b5fb70@imap.ecs.soton.ac.uk> At 17:14 08/04/2002, you wrote: >On 08 April 2002 12:17 +0100 Julian Field wrote: >>But hopefully your primary and secondary MX hosts have the same >>configuration! > >No, I don't have any control over the secondary - it's simply a relay. In that case, aren't you better off without it? Mail will queue on the sender's outgoing servers for a few days if your primary MX is out of action. So as long as you can keep your primary MX up most of the time, and can fix it fairly quickly, you don't need a secondary at all. If possible, you should obviously have a secondary MX, but given the choice between having one I couldn't configure properly, and not having one at all, I would have to think quite hard which way to go. Personally I have 3 MX's, but I have complete control over all of them. If you are wondering why 3, it provides us resilience against failures in the UK academic network, our MAN, and our local campus network. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From mike at ZANKER.ORG Mon Apr 8 19:23:49 2002 From: mike at ZANKER.ORG (Mike Zanker) Date: Thu Jan 12 21:14:36 2006 Subject: FEATURE(dnsbl...... in sendmail In-Reply-To: <5.1.0.14.2.20020408174512.00b5fb70@imap.ecs.soton.ac.uk> References: <5.1.0.14.2.20020408174512.00b5fb70@imap.ecs.soton.ac.uk> Message-ID: <266385982.1018293829@jemima.zanker.org> On 08 April 2002 17:50 +0100 Julian Field wrote: > In that case, aren't you better off without it? Mail will queue on the > sender's outgoing servers for a few days if your primary MX is out of > action. So as long as you can keep your primary MX up most of the > time, and can fix it fairly quickly, you don't need a secondary at > all. It's a home ADSL connection and the secondary is one of the ISP's mail servers. If my ADSL link goes down for any reason I'd rather the mail was waiting for me in one place where I can use ETRN to get it delivered immediately when I come back online. > If possible, you should obviously have a secondary MX, but given the > choice between having one I couldn't configure properly, and not > having one at all, I would have to think quite hard which way to go. > Personally I have 3 MX's, but I have complete control over all of > them. If you are wondering why 3, it provides us resilience against > failures in the UK academic network, our MAN, and our local campus > network. Absolutely, and under those circumstances I couldn't agree more. That's exactly what we do at the UK university where I work! Mike -- Mike Zanker Northampton, UK PGP Public Key: pgp@zanker.org From david.pollard at MERIDIANINFO.COM Tue Apr 9 01:14:57 2002 From: david.pollard at MERIDIANINFO.COM (David Pollard) Date: Thu Jan 12 21:14:36 2006 Subject: Can't Install Mail Scanner, Message-ID: Hi Julian, Thanks for the reply. I have sorted it out and it now appears to be running smoothly although I am yet to do some serious testing. FYI and for anyone else that may bump into the same problem. I found the rpm --rebuilddb command and it ran without reporting any problems. I tried to install the rpm again by right clicking on the file in a graphical file manager as I did before then and chose the install option. I received the same message as before. I then tried the command line specified in the Installation guide and it said the package was already installed. I tried again with the --force option and it spewed out screens of information all of which looked good except for a couple of things that looked like minor problems. I ran the sophros.install script again for good measure and it worked ok to. I Sent a test virus through the server and it picked it up no problem. This looks like quit a robust system and I'm looking forward to getting rid of my old solution. Thanks Again David. -----Original Message----- From: Julian Field [mailto:jkf@ECS.SOTON.AC.UK] Sent: Tuesday, 9 April 2002 12:11 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Can't Install Mail Scanner, At 04:06 08/04/2002, you wrote: >Hi There, >I m trying to install Mailscanner on my Redhat Linux 7.1 machine. >I have downloaded the .rpm file a couple of times and get the same result. >Logged on to the consol as root if I choose the install option I get the >following error message. >db3 error(-30989) from dbcursor -> c_get: DB_RUNRECOVERY: Fatal error, run >database recovery. >It comes up twice with the only option being OK >If I press ok it tells me that there were problems and would I like to >ignore them. If I do then the program doesn t work. >Some of the files are installed but some are missing. (sophoswrapper for one) >Any ideas what I can do to fix this problem. >David. >PS I tried to search the list archive but I could not connect to it. If you are getting db3 errors, then something is broken in your RPM database on your system. Read "man rpm" and look for the option to recover the database. Also, try downloading the MailScanner RPM again, just in case it got corrupted on its way to you (very unlikely but it could happen). No-one else has reported any problems with the latest RPMs, so it must be a problem specific to your system. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From LISTSERV at JISCMAIL.AC.UK Tue Apr 9 07:19:23 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:36 2006 Subject: MAILSCANNER: gib@TMISNET.COM left the JISCmail list Message-ID: <200204090619.HAA22762@magpie.ecs.soton.ac.uk> Tue, 9 Apr 2002 07:19:23 Gib Gilbertson Jr has just left the MAILSCANNER JISCmail list (MailScanner mailing list). From jkf at ecs.soton.ac.uk Tue Apr 9 10:11:46 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:36 2006 Subject: Can't Install Mail Scanner, Message-ID: <5.1.0.14.2.20020409101140.053c0e30@wheresmymailserver.com> Glad to hear you got it fixed. I'm not a user of those graphical RPM managers (I just type the command :-) but I can't see why it would fail, when it works from the command line. At 01:14 09/04/2002, you wrote: >Hi Julian, >Thanks for the reply. I have sorted it out and it now appears to be >running smoothly although I am yet to do some serious testing. > >FYI and for anyone else that may bump into the same problem. > >I found the rpm --rebuilddb command and it ran without reporting any >problems. I tried to install the rpm again by right clicking on the >file in a graphical file manager as I did before then and chose the >install option. I received the same message as before. I then tried >the command line specified in the Installation guide and it said the >package was already installed. I tried again with the --force option >and it spewed out screens of information all of which looked good except >for a couple of things that looked like minor problems. I ran the >sophros.install script again for good measure and it worked ok to. > >I Sent a test virus through the server and it picked it up no problem. > >This looks like quit a robust system and I'm looking forward to getting >rid of my old solution. > >Thanks Again >David. > >-----Original Message----- >From: Julian Field [mailto:jkf@ECS.SOTON.AC.UK] >Sent: Tuesday, 9 April 2002 12:11 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Can't Install Mail Scanner, > >At 04:06 08/04/2002, you wrote: > >Hi There, > >I m trying to install Mailscanner on my Redhat Linux 7.1 machine. > >I have downloaded the .rpm file a couple of times and get the same >result. > >Logged on to the consol as root if I choose the install option I get >the > >following error message. > >db3 error(-30989) from dbcursor -> c_get: DB_RUNRECOVERY: Fatal error, >run > >database recovery. > >It comes up twice with the only option being OK > >If I press ok it tells me that there were problems and would I like to > >ignore them. If I do then the program doesn t work. > >Some of the files are installed but some are missing. (sophoswrapper >for one) > >Any ideas what I can do to fix this problem. > >David. > >PS I tried to search the list archive but I could not connect to it. > >If you are getting db3 errors, then something is broken in your RPM >database on your system. Read "man rpm" and look for the option to >recover >the database. >Also, try downloading the MailScanner RPM again, just in case it got >corrupted on its way to you (very unlikely but it could happen). >No-one else has reported any problems with the latest RPMs, so it must >be a >problem specific to your system. > >-- >Julian Field Teaching Systems Manager >jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science >Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From paul-w at BLUEYONDER.CO.UK Tue Apr 9 10:13:19 2002 From: paul-w at BLUEYONDER.CO.UK (Paul Welsh) Date: Thu Jan 12 21:14:36 2006 Subject: SpamAssassin timed out and was killed References: <020181103230842PCOW028M@blueyonder.co.uk> Message-ID: <005601c1dfa6$ca60ef00$6a0110ac@sbsplc.com> I installed SpamAssassin over the weekend. Yesterday (Monday) was the first day where it had to cope with any real mail load. The result is lots of "SpamAssassin timed out and was killed" messages in my mail log. Is this a common problem? If so, I guess I should turn on MailScanner's checking against relays.ordb.org. From LISTSERV at JISCMAIL.AC.UK Tue Apr 9 10:24:35 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:36 2006 Subject: MAILSCANNER: Patricia.Keena@DIT.IE requested to join Message-ID: <200204090924.KAA11127@magpie.ecs.soton.ac.uk> Tue, 9 Apr 2002 10:24:35 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Patricia Keena You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER Patricia.Keena@DIT.IE Patricia Keena PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER Patricia.Keena@DIT.IE Patricia Keena // EOJ From jkf at ecs.soton.ac.uk Tue Apr 9 13:46:49 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:36 2006 Subject: SpamAssassin timed out and was killed In-Reply-To: <005601c1dfa6$ca60ef00$6a0110ac@sbsplc.com> References: <020181103230842PCOW028M@blueyonder.co.uk> Message-ID: <5.1.0.14.2.20020409134603.02acad30@imap.ecs.soton.ac.uk> At 10:13 09/04/2002, you wrote: >I installed SpamAssassin over the weekend. Yesterday (Monday) was the first >day where it had to cope with any real mail load. > >The result is lots of "SpamAssassin timed out and was killed" messages in my >mail log. > >Is this a common problem? If so, I guess I should turn on MailScanner's >checking against relays.ordb.org. If the load on the system is getting high, then the default timeout may not be long enough. However, you may not have sufficient horsepower on your current server to run SpamAssassin at all. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From mmiller1 at MPTOTALCARE.COM Tue Apr 9 14:58:03 2002 From: mmiller1 at MPTOTALCARE.COM (Matt Miller) Date: Thu Jan 12 21:14:36 2006 Subject: SpamAssassin Report Headers Message-ID: <1018360684.1302.16.camel@menix> After searching the archives, I am still unsure if Mailscanner has implemented the report_headers function of SpamAssassin. I would really like to see the point system SpamAssassin reports in the headers of e-mails scanned by Mailscanner. Can anyone give me a definitive answer whether or not this is implemented? If so, how do I set this up? If not, is there a hack or workaround to import this function? I am seeing the "X-MailScanner-SpamCheck: SpamAssassin (x hits)" header. I have configured the .spamassassin/user_prefs , the 10_misc.cf and user_prefs.template all with the "report_header 1" and "use_terse_report 1" options. Am I missing something? Thanks for any insight. Matt From tal at MUSICGENOME.COM Tue Apr 9 17:19:03 2002 From: tal at MUSICGENOME.COM (Tal Kelrich) Date: Thu Jan 12 21:14:36 2006 Subject: No SpamAssassin report with MailScanner? In-Reply-To: References: Message-ID: <1018369146.6657.64.camel@localhost.localdomain> I was wondering whether this is a good solution, here goes. I didn't test it, i'm probably making some big mistakes there, and I can't promise anything other than it compiles ok --- sendmail.pl.old Mon Apr 1 11:09:59 2002 +++ sendmail.pl Tue Apr 9 18:51:58 2002 @@ -231,7 +231,7 @@ $spammy = SpamAssassinChecks($Headers, $mID); if ($spammy) { $SpamText->{$mID} .= ", " if $SpamText->{$mID}; - $SpamText->{$mID} .= "SpamAssassin ($spammy hits)"; + $SpamText->{$mID} .= $spammy; ## Make a copy of the spam for later analysis and checking #system("/bin/cp $dfilename /export/2/var/spam/queue"); } @@ -300,27 +300,47 @@ my $PipeReturn = 0; +# local (*PWRITE); +# local (*PREAD); + pipe PREAD, PWRITE; + die "could not open pipe: $!" if($!==0); my $pid = fork(); die "Can't fork: $!" unless defined($pid); if ($pid == 0) { # In the child POSIX::setsid(); + close PREAD; # Do the actual tests and work out the integer result my($spamness) = $Test->check($Mail); my($SAResult) = ($spamness->is_spam())?1:0; - $SAResult = int($spamness->get_hits()) if $SAResult; + my($tests,$hits,$req,$stat); + #X-Spam-Status: Yes, hits=7.2 required=5.0 tests=ALL_CAPS_SUBJECT,PLING,DEAR_SOMEBODY,CLICK_BELOW,AOL_USERS_LINK,GREAT_OFFER,HTTP_WITH_EMAIL_IN_URL,CLICK_HERE_LINK version=2.11 + $tests=$spamness->get_names_of_tests_hit(); + $hits=$spamness->get_hits(); + $req=$spamness->get_required_hits(); + #X-Spam-Flag: YES + $stat=$SAResult?"Yes":"No"; + $SAResult="X-Spam-Status: $stat hits=$hits required=$req tests=$tests" ."\n X-Spam-Flag: " . uc($stat); # Destroy the status result -- should be unnecessary $spamness->finish(); - exit $SAResult; + print PWRITE $SAResult; + close PWRITE; + exit 0; } - + eval { local $SIG{ALRM} = sub { die "Command Timed Out" }; + close PWRITE; alarm $Config::SpamAssassinTimeout; wait; - $PipeReturn = $?; + $PipeReturn = ""; alarm 0; + while() + { + $PipeReturn.=$_; + } + close PREAD; $pid = 0; }; alarm 0; @@ -354,7 +374,7 @@ # The return from the pipe is a measure of how spammy it was Log::DebugLog("SpamAssassin returned $PipeReturn"); - return $PipeReturn>>8; + return $PipeReturn; } -- Tal Kelrich PGP Fingerprint: 3EDF FCC5 60BB 4729 AB2F CAE6 FEC1 9AAC 12B9 AA69 PGP key-id: 12B9AA69 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 240 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020409/0eaa16f6/attachment.bin From paul-w at BLUEYONDER.CO.UK Wed Apr 10 00:49:39 2002 From: paul-w at BLUEYONDER.CO.UK (Paul Welsh) Date: Thu Jan 12 21:14:36 2006 Subject: SpamAssassin timed out and was killed References: <0d7781522230942PCOW029M@blueyonder.co.uk> Message-ID: <013201c1e021$388ea6a0$336c30d5@espmail00053> > > Date: Tue, 9 Apr 2002 13:46:49 +0100 > From: Julian Field > Subject: Re: SpamAssassin timed out and was killed > > If the load on the system is getting high, then the default timeout may not > be long enough. However, you may not have sufficient horsepower on your > current server to run SpamAssassin at all. Out of about 700 messages today, I got the "timed out" error on 34 of them, ie, under 5%. I've doubled the timeout value in mailscanner.conf to 20 to see what happens. From LISTSERV at JISCMAIL.AC.UK Wed Apr 10 14:26:20 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:36 2006 Subject: MAILSCANNER: mikeb@DIGITALMINDS.NET requested to join Message-ID: <200204101326.OAA27453@magpie.ecs.soton.ac.uk> Wed, 10 Apr 2002 14:26:20 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Michael Bush You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER mikeb@DIGITALMINDS.NET Michael Bush PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER mikeb@DIGITALMINDS.NET Michael Bush // EOJ From kwang at UCALGARY.CA Wed Apr 10 16:10:54 2002 From: kwang at UCALGARY.CA (Kai Wang) Date: Thu Jan 12 21:14:36 2006 Subject: character sets Message-ID: <3CB455FE.93355356@ucalgary.ca> I found the following errors on my mailscanner server. How to fix the problem? ignoring text in character set `BIG5' at /usr/lib/perl5/site_perl/5.6.0/MIME/Parser/Filer.pm line 646 ignoring text in character set `WINDOWS-1256' at /usr/lib/perl5/site_perl/5.6.0/MIME/Parser/Filer.pm line 646 ignoring text in character set `ISO-2022-JP' at /usr/lib/perl5/site_perl/5.6.0/MIME/Parser/Filer.pm line 646 Thanks Kai Wang From LISTSERV at JISCMAIL.AC.UK Wed Apr 10 16:44:16 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:36 2006 Subject: MAILSCANNER: dave@NONSTOP-NETWORKS.CO.UK left the JISCmail list Message-ID: <200204101544.QAA10428@magpie.ecs.soton.ac.uk> Wed, 10 Apr 2002 16:44:16 Dave Atkin has just left the MAILSCANNER JISCmail list (MailScanner mailing list). From LISTSERV at JISCMAIL.AC.UK Wed Apr 10 17:15:02 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:36 2006 Subject: MAILSCANNER: MikeB@DIGITALMINDS.NET requested to join Message-ID: <200204101615.RAA13407@magpie.ecs.soton.ac.uk> Wed, 10 Apr 2002 17:15:02 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Michael Bush The following membership options have been requested: SUBJECTHDR. You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER MikeB@DIGITALMINDS.NET Michael Bush PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER MikeB@DIGITALMINDS.NET Michael Bush SET MAILSCANNER SUBJECTHDR FOR MikeB@DIGITALMINDS.NET // EOJ From mikeb at DIGITALMINDS.NET Wed Apr 10 16:22:55 2002 From: mikeb at DIGITALMINDS.NET (Michael Bush) Date: Thu Jan 12 21:14:36 2006 Subject: SpamAssassin Version issue Message-ID: I have had Mailscanner running great for sometime now. However, since the new feature of using SpamAssassin, I have been unable to get SpamAssassin to work with MailScanner. I have installed all of the latest SpamAssassin modules successfully with no error messages. However, when I set the parameter in mailscanner.confwq: Use SpamAssassin = yes I get the following message when starting mailscanner: Starting MailScanner: FATAL: Newer Mail::SpamAssassin module needed: Mail::SpamAssassin is only 2.01-- 2.1 required at /usr/local/MailScanner/bin/logger.pl line 60. Any guidiance on correcting the issue and getting SpamAssassin up and running is greatly appreciated. Thanks, Michael Bush -- Digital Minds International E-Mail: MikeB@DigitalMinds.net Web: http://www.DigitalMinds.net Tel: (615) 661-7900 Fax: (615) 661-7949 From jkf at ecs.soton.ac.uk Wed Apr 10 17:40:16 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:36 2006 Subject: SpamAssassin Version issue In-Reply-To: Message-ID: <5.1.0.14.2.20020410173924.031765d8@imap.ecs.soton.ac.uk> At 16:22 10/04/2002, you wrote: >I get the following message when starting mailscanner: > >Starting MailScanner: FATAL: Newer Mail::SpamAssassin module needed: >Mail::SpamAssassin is only 2.01-- 2.1 required at >/usr/local/MailScanner/bin/logger.pl line 60. I thought that error message was pretty self-explanatory. As it says, you only have SpamAssassin 2.01 installed, and MailScanner requires version 2.1. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From LISTSERV at JISCMAIL.AC.UK Wed Apr 10 17:41:17 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:36 2006 Subject: MAILSCANNER: mike@4FRONTMEDIA.NET requested to join Message-ID: <200204101641.RAA15711@magpie.ecs.soton.ac.uk> Wed, 10 Apr 2002 17:41:17 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Mike Walker You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER mike@4FRONTMEDIA.NET Mike Walker PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER mike@4FRONTMEDIA.NET Mike Walker // EOJ From mikeb at DIGITALMINDS.NET Wed Apr 10 16:56:47 2002 From: mikeb at DIGITALMINDS.NET (Michael Bush) Date: Thu Jan 12 21:14:36 2006 Subject: SpamAssassin Version issue In-Reply-To: <5.1.0.14.2.20020410173924.031765d8@imap.ecs.soton.ac.uk> Message-ID: Hi Julian: Yes, I understand the message. However, why I'm I getting? I have installed the lastest SpamAssassin from CPAN and I have also tried install via the standard make.. install. How do you uninstall SpamAssassin? Or how do I point MailScanner to the correct SpamAssassin? Thanks, Michael Bush -- Digital Minds International E-Mail: MikeB@DigitalMinds.net Web: http://www.DigitalMinds.net Tel: (615) 661-7900 Fax: (615) 661-7949 On Wed, 10 Apr 2002, Julian Field wrote: > At 16:22 10/04/2002, you wrote: > >I get the following message when starting mailscanner: > > > >Starting MailScanner: FATAL: Newer Mail::SpamAssassin module needed: > >Mail::SpamAssassin is only 2.01-- 2.1 required at > >/usr/local/MailScanner/bin/logger.pl line 60. > > I thought that error message was pretty self-explanatory. As it says, you > only have SpamAssassin 2.01 installed, and MailScanner requires version 2.1. > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ > From thomas.zajic at NEO.AT Wed Apr 10 18:04:39 2002 From: thomas.zajic at NEO.AT (Thomas Zajic) Date: Thu Jan 12 21:14:36 2006 Subject: SpamAssassin Version issue In-Reply-To: ; from mikeb@DIGITALMINDS.NET on Wed, Apr 10, 2002 at 10:56:47AM -0500 References: <5.1.0.14.2.20020410173924.031765d8@imap.ecs.soton.ac.uk> Message-ID: <20020410190439.D603@thomas.neo.at> On Wed, Apr 10, 2002 at 10:56:47AM -0500, Michael Bush wrote: > Yes, I understand the message. However, why I'm I getting? I have > installed the lastest SpamAssassin from CPAN [...] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ No, you haven't: http://www.cpan.org/modules/by-module/Mail/Mail-SpamAssassin-2.11.tar.gz http://www.spamassassin.org/released/Mail-SpamAssassin-2.11.tar.gz HTH, Thomas -- ----------------------------- Thomas Zajic System Administrator neo Software Produktions GmbH A T2 Company email: thomas.zajic@neo.at web: http://www.neo.at From gerry at dorfam.ca Wed Apr 10 18:27:13 2002 From: gerry at dorfam.ca (Gerry Doris) Date: Thu Jan 12 21:14:36 2006 Subject: SpamAssassin Version issue In-Reply-To: <20020410190439.D603@thomas.neo.at> References: <20020410190439.D603@thomas.neo.at> Message-ID: <54357.129.80.22.134.1018459633.squirrel@tiger.dorfam.ca> > On Wed, Apr 10, 2002 at 10:56:47AM -0500, Michael Bush wrote: > >> Yes, I understand the message. However, why I'm I getting? I have >> installed the lastest SpamAssassin from CPAN [...] > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > No, you haven't: > > http://www.cpan.org/modules/by-module/Mail/Mail-SpamAssassin-2.11.tar.gz > http://www.spamassassin.org/released/Mail-SpamAssassin-2.11.tar.gz > > HTH, > Thomas > -- > ----------------------------- > Thomas Zajic > System Administrator > Be careful about the latest versions of spamassassin/razor. I ran into razor not working after I upgraded. After searching the spamassassin archives discovered that there was a problem where they got out of sync with some problem fixes. Gerry -- "The lyfe so short, the craft so long to learne" Chaucer From mikeb at DIGITALMINDS.NET Wed Apr 10 18:14:51 2002 From: mikeb at DIGITALMINDS.NET (Michael Bush) Date: Thu Jan 12 21:14:36 2006 Subject: SpamAssassin Version issue In-Reply-To: <20020410190439.D603@thomas.neo.at> Message-ID: Hi Thomas: Yes, I have install 2.11. I just downloaded and reinstalled it again. I got the same message below: Starting MailScanner: FATAL: Newer Mail::SpamAssassin module needed: Mail::SpamAssassin is only 2.01-- 2.1 required at /usr/local/MailScanner/bin/logger.pl line 60. How do I get the older version off my system? Michael Bush -- Digital Minds International E-Mail: MikeB@DigitalMinds.net Web: http://www.DigitalMinds.net Tel: (615) 661-7900 Fax: (615) 661-7949 On Wed, 10 Apr 2002, Thomas Zajic wrote: > On Wed, Apr 10, 2002 at 10:56:47AM -0500, Michael Bush wrote: > > > Yes, I understand the message. However, why I'm I getting? I have > > installed the lastest SpamAssassin from CPAN [...] > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > No, you haven't: > > http://www.cpan.org/modules/by-module/Mail/Mail-SpamAssassin-2.11.tar.gz > http://www.spamassassin.org/released/Mail-SpamAssassin-2.11.tar.gz > > HTH, > Thomas > -- > ----------------------------- > Thomas Zajic > System Administrator > > neo Software Produktions GmbH > A T2 Company > email: thomas.zajic@neo.at > web: http://www.neo.at > From paul-w at BLUEYONDER.CO.UK Wed Apr 10 21:17:07 2002 From: paul-w at BLUEYONDER.CO.UK (Paul Welsh) Date: Thu Jan 12 21:14:36 2006 Subject: SpamAssassin timed out and was killed Message-ID: <002e01c1e0ce$39ff4500$f0e130d5@espmail00053> ----- Original Message ----- From: "Paul Welsh" To: "MailScanner mailing list" Sent: 10 April 2002 00:49 Subject: Re: SpamAssassin timed out and was killed > > > > Date: Tue, 9 Apr 2002 13:46:49 +0100 > > From: Julian Field > > Subject: Re: SpamAssassin timed out and was killed > > > > If the load on the system is getting high, then the default timeout > may not > > be long enough. However, you may not have sufficient horsepower on > your > > current server to run SpamAssassin at all. > > Out of about 700 messages today, I got the "timed out" error on 34 of > them, ie, under 5%. I've doubled the timeout value in mailscanner.conf > to 20 to see what happens. > This worked! I had zero "timed out" messages today out of about 700. From fizz at BOMB.NET Thu Apr 11 04:14:32 2002 From: fizz at BOMB.NET (Kelly Hamlin) Date: Thu Jan 12 21:14:36 2006 Subject: hrmm... any idea on this? Message-ID: <002e01c1e107$001fcfb0$14792241@fizz> drwx------ 2 root root 4096 Apr 10 23:17 g3B34lG29776/ -rw------- 1 root root 1147 Apr 10 23:12 g3B34lG29776.header drwx------ 2 root root 4096 Apr 10 23:17 g3B34oG29780/ -rw------- 1 root root 478 Apr 10 23:12 g3B34oG29780.header drwx------ 2 root root 4096 Apr 10 23:17 g3B34pG29793/ -rw------- 1 root root 824 Apr 10 23:12 g3B34pG29793.header drwx------ 2 root root 4096 Apr 10 23:17 g3B34qG29794/ -rw------- 1 root root 809 Apr 10 23:12 g3B34qG29794.header just as a sample, but why is there a 5 minute peroid before it proceeds to scan the message and all... this has been causing my mail to really back up on the server.. im running the latest mailscanner and spamassassin with batch/del in bg and -q1m on sendmail -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020410/82677f0f/attachment.html From LISTSERV at JISCMAIL.AC.UK Thu Apr 11 09:35:03 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:36 2006 Subject: MAILSCANNER: jorgen@GIVERSEN.NET requested to join Message-ID: <200204110835.JAA16418@magpie.ecs.soton.ac.uk> Thu, 11 Apr 2002 09:35:03 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from J?rgen Giversen You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER jorgen@GIVERSEN.NET J?rgen Giversen PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER jorgen@GIVERSEN.NET J?rgen Giversen // EOJ From thomas.zajic at NEO.AT Thu Apr 11 09:50:33 2002 From: thomas.zajic at NEO.AT (Thomas Zajic) Date: Thu Jan 12 21:14:36 2006 Subject: SpamAssassin Version issue In-Reply-To: <54357.129.80.22.134.1018459633.squirrel@tiger.dorfam.ca>; from gerry@dorfam.ca on Wed, Apr 10, 2002 at 01:27:13PM -0400 References: <20020410190439.D603@thomas.neo.at> <54357.129.80.22.134.1018459633.squirrel@tiger.dorfam.ca> Message-ID: <20020411105033.A444@thomas.neo.at> On Wed, Apr 10, 2002 at 01:27:13PM -0400, Gerry Doris wrote: > Be careful about the latest versions of spamassassin/razor. I ran > into razor not working after I upgraded. After searching the > spamassassin archives discovered that there was a problem where > they got out of sync with some problem fixes. The latest stable versions of SpamAssassin and razor (2.11 & 1.19) work fine for me. Don't know about the latest unstable versions, though (2.20 & 1.20). Thomas -- ----------------------------- Thomas Zajic System Administrator neo Software Produktions GmbH A T2 Company email: thomas.zajic@neo.at web: http://www.neo.at From thomas.zajic at NEO.AT Thu Apr 11 10:11:26 2002 From: thomas.zajic at NEO.AT (Thomas Zajic) Date: Thu Jan 12 21:14:36 2006 Subject: SpamAssassin Version issue In-Reply-To: ; from mikeb@DIGITALMINDS.NET on Wed, Apr 10, 2002 at 12:14:51PM -0500 References: <20020410190439.D603@thomas.neo.at> Message-ID: <20020411111126.B444@thomas.neo.at> On Wed, Apr 10, 2002 at 12:14:51PM -0500, Michael Bush wrote: > Yes, I have install 2.11. I just downloaded and reinstalled it again. I > got the same message below: > > Starting MailScanner: FATAL: Newer Mail::SpamAssassin module needed: > Mail::SpamAssassin is only 2.01-- 2.1 required at > /usr/local/MailScanner/bin/logger.pl line 60. > > How do I get the older version off my system? What does 'locate .packlist | grep SpamAssassin' show on your system? | [root@gateway2]:~/tmp# locate .packlist | grep SpamAssassin | /usr/local/lib/perl5/site_perl/i386-linux/auto/Mail/SpamAssassin/.packlist This should show you where the two different versions are installed. On a side note, Perl usually takes care about different versions of the same module automagically (it simply uses the newer one, AFAIK). You'll just have to take care that Perl is able to find manually installed modules at runtime - on my system, I had to add the following line to the MailScanner startup script: | [root@gateway2]:~# grep profile.d /usr/local/MailScanner/bin/check_mailscanner | . /etc/profile.d/perl5.sh This sources the /etc/profile.d/perl5.sh script, which in turn sets up the proper environment for Perl: | [root@gateway2]:~# cat /etc/profile.d/perl5.sh | #!/bin/sh | | export PERL5LIB=/usr/local/lib/perl5:/usr/local/lib/perl5/site_perl | export PERLLIB="$PERL5LIB" HTH, Thomas -- ----------------------------- Thomas Zajic System Administrator neo Software Produktions GmbH A T2 Company email: thomas.zajic@neo.at web: http://www.neo.at From jorgen at GIVERSEN.NET Thu Apr 11 10:13:27 2002 From: jorgen at GIVERSEN.NET (J=?ISO-8859-1?Q?=F8rgen?= Giversen) Date: Thu Jan 12 21:14:36 2006 Subject: Newbie Message-ID: Dear all I'am trying to install mailscanner as an RPM on a RH7.2 system with EXIM as MTA. I have uninstalled the sendmail package, before i installed the EXIM package. When i try to install the mailscanner-3.13-2.i386.rpm package, the RPM system says that it needs the sendmail package before i can install the mailscanner. Can i solve the problem with the --nodeps argument, when installing the mailscanner ? Best Regards J?rgen Giversen From gerry at DORFAM.CA Thu Apr 11 12:53:23 2002 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:14:36 2006 Subject: SpamAssassin Version issue In-Reply-To: <20020411105033.A444@thomas.neo.at> Message-ID: On Thu, 11 Apr 2002, Thomas Zajic wrote: > On Wed, Apr 10, 2002 at 01:27:13PM -0400, Gerry Doris wrote: > > > Be careful about the latest versions of spamassassin/razor. I ran > > into razor not working after I upgraded. After searching the > > spamassassin archives discovered that there was a problem where > > they got out of sync with some problem fixes. > > The latest stable versions of SpamAssassin and razor (2.11 & 1.19) > work fine for me. Don't know about the latest unstable versions, > though (2.20 & 1.20). > > Thomas The problem is with razor 1.20 and SA 2.11. It believe razor 1.20 is the latest stable release but it doesn't work with SA 2.11. razor fixed a bug that was in 1.19. The problem is that SA 2.11 had incorporated a workaround for the razor bug. Fixing the bug actually prevents SA from using razor. This is supposed to be corrected in the next SA release. It all works if you use SA 2.11 and razor 1.19. -- Gerry "The lyfe so short, the craft so long to learne" Chaucer From thomas.zajic at NEO.AT Thu Apr 11 13:19:04 2002 From: thomas.zajic at NEO.AT (Thomas Zajic) Date: Thu Jan 12 21:14:36 2006 Subject: SpamAssassin Version issue In-Reply-To: ; from gerry@DORFAM.CA on Thu, Apr 11, 2002 at 07:53:23AM -0400 References: <20020411105033.A444@thomas.neo.at> Message-ID: <20020411141904.C444@thomas.neo.at> On Thu, Apr 11, 2002 at 07:53:23AM -0400, Gerry Doris wrote: > The problem is with razor 1.20 and SA 2.11. It believe razor 1.20 > is the latest stable release but it doesn't work with SA 2.11. ^^^^^^^^^^^^^^^^^^^^^^^^^ According to , the latest stable release of razor is 1.19 (the download link in the upper left corner). I also tried 1.20 once, but couldn't get it to work, either. ObUnrelatedSideNote: Am I the only one who sends proper signature terminators ("-- \n") to this list, only to have them castrated ("--\n") by some clever mail server somewhere in the chain? Just curious. Thomas -- ----------------------------- Thomas Zajic System Administrator neo Software Produktions GmbH A T2 Company email: thomas.zajic@neo.at web: http://www.neo.at From lbergman at abi.tconline.net Thu Apr 11 13:45:17 2002 From: lbergman at abi.tconline.net (Lewis Bergman) Date: Thu Jan 12 21:14:36 2006 Subject: Newbie In-Reply-To: References: Message-ID: <200204111245.g3BCjH405118@lewis.abi.tconline.net> On Thursday 11 April 2002 04:13 am, you wrote: > Dear all > I'am trying to install mailscanner as an RPM on a RH7.2 system with EXIM as > MTA. I have uninstalled the sendmail package, before i installed the EXIM > package. > > When i try to install the mailscanner-3.13-2.i386.rpm package, the RPM > system says that it needs the sendmail package before i can install the > mailscanner. Can i solve the problem with the --nodeps argument, when > installing the mailscanner ? That should work. --force if not. -- Lewis Bergman Texas Communications 4309 Maple St. Abilene, TX 79602-8044 915-695-6962 ext 115 From dml at UNB.CA Thu Apr 11 16:01:39 2002 From: dml at UNB.CA (dml) Date: Thu Jan 12 21:14:36 2006 Subject: No SpamAssassin report with MailScanner? Message-ID: <3CB9DB39@webmail1> Almost works fine for me. Only problem is that I'm using Mailscanner's option to modify the Subject line, and it was modifying the subject line even when the report from SpamAssassin was negative, e.g. Subject: {UNB: Possibly Spam} test Date: Thu, 11 Apr 2002 10:42:49 -0300 X-UNB-SpamScanner: Scanned X-UNB-MailScanner-SpamCheck: X-Spam-Status: No hits=0 required=5 tests= X-Spam-Flag: NO So I hacked the modification a bit with my neophyte perl skills, and ended up with this. Seems to work better for me with "Spam Modify Subject" enabled in mailscanner.conf. If SpamAssassin reports it as spam, the report is added to the X-Mailscanner header, and (if enabled), the subject is modified. If SA doesn't report it as spam, the subject won't be modified, but no report is generated. Which version is better depends on whether you have MA set to modify the subject line or not. Maybe somebody can improve this even more to allow the report to be added without mistakenly causing the subject modification? So, the question remains, is this a good solution? Does anybody have any idea what the effect of opening the pipe between the child and parent will have on load handling? What sort of extra limitations may this have on scaling? D. --- sendmail.pl.orig Thu Apr 11 10:14:32 2002 +++ sendmail.pl Thu Apr 11 10:38:11 2002 @@ -121,7 +121,7 @@ $MessagesInfo->{$id} = $MsgInfo; $Headers->{$id} = $RHeaders; # Store all the headers for SpamAssassin if (DefinitelyClean($RHeaders)) { - push @$RClean, $id; + push @$RClean, $id; $CleanMsgs++; $CleanBytes += -s "$InQueueDir/" . MTA::HFileName($id); $CleanBytes += -s "$InQueueDir/" . MTA::DFileName($id); @@ -231,7 +231,7 @@ $spammy = SpamAssassinChecks($Headers, $mID); if ($spammy) { $SpamText->{$mID} .= ", " if $SpamText->{$mID}; - $SpamText->{$mID} .= "SpamAssassin ($spammy hits)"; + $SpamText->{$mID} .= $spammy; ## Make a copy of the spam for later analysis and checking #system("/bin/cp $dfilename /export/2/var/spam/queue"); } @@ -300,27 +300,58 @@ my $PipeReturn = 0; + # local (*PWRITE); + # local (*PREAD); + pipe PREAD, PWRITE; + die "could not open pipe: $!" if($!==0); + my $pid = fork(); die "Can't fork: $!" unless defined($pid); if ($pid == 0) { # In the child POSIX::setsid(); + close PREAD; # Do the actual tests and work out the integer result my($spamness) = $Test->check($Mail); - my($SAResult) = ($spamness->is_spam())?1:0; - $SAResult = int($spamness->get_hits()) if $SAResult; + my($SAResult) = int(($spamness->is_spam()))?1:0; + + #The following two lines will be passed back to Mailscanner, for inclusion into the email headers + #Scoring: hits=7.2 required=5.0 tests=ALL_CAPS_SUBJECT,PLING,DEAR_SOMEBODY,CLICK_BELOW,AOL_USERS_LINK,GREAT_OF FER,HTTP_WITH_EMAIL_IN_URL,CLICK_HERE_LINK version=2.11 + #X-Spam-Flag: YES + my($tests,$hits,$req,$stat); + $tests=$spamness->get_names_of_tests_hit(); + $hits=$spamness->get_hits(); + $req=$spamness->get_required_hits(); + $stat=$SAResult?"Yes":"No"; + my $txtSAResult="Scoring: hits=$hits required=$req tests=$tests" ."\n X-Spam-Flag: " . uc($stat); + + # Destroy the status result -- should be unnecessary $spamness->finish(); + if ($SAResult){ + print PWRITE $txtSAResult; + } + else{ + #If it's not spam, return zero, otherwise mailscanner's option to insert a string into the subject will trigger + print PWRITE "0"; + } + close PWRITE; exit $SAResult; } eval { local $SIG{ALRM} = sub { die "Command Timed Out" }; + close PWRITE; alarm $Config::SpamAssassinTimeout; wait; - $PipeReturn = $?; + $PipeReturn = ""; alarm 0; + while() + { + $PipeReturn.=$_; + } + close PREAD; $pid = 0; }; alarm 0; @@ -354,7 +385,7 @@ # The return from the pipe is a measure of how spammy it was Log::DebugLog("SpamAssassin returned $PipeReturn"); - return $PipeReturn>>8; + return $PipeReturn; } >===== Original Message From MailScanner mailing list ===== >I was wondering whether this is a good solution, here goes. >I didn't test it, i'm probably making some big mistakes there, and I >can't promise anything other than it compiles ok > >--- sendmail.pl.old Mon Apr 1 11:09:59 2002 >+++ sendmail.pl Tue Apr 9 18:51:58 2002 ====================================================== David Lancaster ITS ESS From LISTSERV at JISCMAIL.AC.UK Thu Apr 11 16:10:19 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:36 2006 Subject: MAILSCANNER: tjfs@TADPOLE.CO.UK requested to join Message-ID: <200204111510.QAA21167@magpie.ecs.soton.ac.uk> Thu, 11 Apr 2002 16:10:19 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Tim Steele You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER tjfs@TADPOLE.CO.UK Tim Steele PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER tjfs@TADPOLE.CO.UK Tim Steele // EOJ From nwp at LEMON-COMPUTING.COM Fri Apr 12 00:01:11 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:37 2006 Subject: SpamAssassin Version issue In-Reply-To: <20020411141904.C444@thomas.neo.at> References: <20020411105033.A444@thomas.neo.at> <20020411141904.C444@thomas.neo.at> Message-ID: <20020411230111.GN23428@hoiho.nz.lemon-computing.com> On Thu, Apr 11, 2002 at 02:19:04PM +0200, Thomas Zajic wrote: > ObUnrelatedSideNote: Am I the only one who sends proper signature > terminators ("-- \n") to this list, only to have them castrated > ("--\n") by some clever mail server somewhere in the chain? Just > curious. I don't know; are you? -- Nick Phillips -- nwp@lemon-computing.com Write yourself a threatening letter and pen a defiant reply. From david.pollard at MERIDIANINFO.COM Fri Apr 12 02:13:06 2002 From: david.pollard at MERIDIANINFO.COM (David Pollard) Date: Thu Jan 12 21:14:37 2006 Subject: Sophos / McAfee Message-ID: Hi There, I have a test system up and running with Sophos but I'm having a hard time finding a single user price for Linux(or in fact any pricing at all). Their sales guys don't want to talk to me because I don't want to buy a copy for every machine in the place. I have also been digging around on McAfee / Network Associates web site for pricing but can't figure out which product to use on Linux? Can someone give me a point in the right direction please? David Pollard. From nwp at LEMON-COMPUTING.COM Fri Apr 12 02:05:32 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:37 2006 Subject: SpamAssassin Version issue In-Reply-To: <20020411230111.GN23428@hoiho.nz.lemon-computing.com> References: <20020411105033.A444@thomas.neo.at> <20020411141904.C444@thomas.neo.at> <20020411230111.GN23428@hoiho.nz.lemon-computing.com> Message-ID: <20020412010532.GQ23428@hoiho.nz.lemon-computing.com> On Fri, Apr 12, 2002 at 11:01:11AM +1200, Nick Phillips wrote: > On Thu, Apr 11, 2002 at 02:19:04PM +0200, Thomas Zajic wrote: > > > ObUnrelatedSideNote: Am I the only one who sends proper signature > > terminators ("-- \n") to this list, only to have them castrated > > ("--\n") by some clever mail server somewhere in the chain? Just > > curious. > > I don't know; are you? > > -- > Nick Phillips -- nwp@lemon-computing.com > Write yourself a threatening letter and pen a defiant reply. It appears not. It's probably to allow the mailing list software to add its own signature or something. -- Nick Phillips -- nwp@lemon-computing.com People are beginning to notice you. Try dressing before you leave the house. From nwp at LEMON-COMPUTING.COM Fri Apr 12 02:42:10 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:37 2006 Subject: Sophos / McAfee In-Reply-To: References: Message-ID: <20020412014210.GU23428@hoiho.nz.lemon-computing.com> On Fri, Apr 12, 2002 at 11:13:06AM +1000, David Pollard wrote: > Can someone give me a point in the right direction please? Try the list archives at www.jiscmail.ac.uk/lists/MAILSCANNER.html ...we've been over this a few times. Jules - how about a "which AV product should I buy" FAQ question? ;) -- Nick Phillips -- nwp@lemon-computing.com Stay away from flying saucers today. From miguelk at KONSULTEX.COM.BR Fri Apr 12 03:55:04 2002 From: miguelk at KONSULTEX.COM.BR (Miguel Koren O'Brien de Lacy) Date: Thu Jan 12 21:14:37 2006 Subject: Sophos / McAfee References: Message-ID: <3CB64C87.2DC072F7@konsultex.com.br> David; From dan at OXNARDSD.ORG Fri Apr 12 05:33:18 2002 From: dan at OXNARDSD.ORG (Dan Kubilos) Date: Thu Jan 12 21:14:37 2006 Subject: Sophos / McAfee In-Reply-To: Message-ID: Sophos will only license "per user" In my case I am only interested in scanning the linux mail server ( We have other Win enterprise antivirus) The f-prot product is the only affordable option in my case. It is running quite well. On Fri, 12 Apr 2002, David Pollard wrote: > Hi There, > > I have a test system up and running with Sophos but I'm having a hard > time finding a single user price for Linux(or in fact any pricing at > all). Their sales guys don't want to talk to me because I don't want to > buy a copy for every machine in the place. > > I have also been digging around on McAfee / Network Associates web site > for pricing but can't figure out which product to use on Linux? > > Can someone give me a point in the right direction please? > > David Pollard. > -- Dan Kubilos __\o_ ^ K-8 Tech Coord http://www.oxnardsd.org From david.pollard at MERIDIANINFO.COM Fri Apr 12 06:44:41 2002 From: david.pollard at MERIDIANINFO.COM (David Pollard) Date: Thu Jan 12 21:14:37 2006 Subject: Sophos / McAfee Message-ID: Hi Dan, A Sophos sales guy finally ran be back and as suspected they wanted a license for every user in the place and this would blow my budget. f-prot are ok with a single user license on the Linux server? David. -----Original Message----- From: Dan Kubilos [mailto:dan@OXNARDSD.ORG] Sent: Friday, 12 April 2002 2:33 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Sophos / McAfee Sophos will only license "per user" In my case I am only interested in scanning the linux mail server ( We have other Win enterprise antivirus) The f-prot product is the only affordable option in my case. It is running quite well. On Fri, 12 Apr 2002, David Pollard wrote: > Hi There, > > I have a test system up and running with Sophos but I'm having a hard > time finding a single user price for Linux(or in fact any pricing at > all). Their sales guys don't want to talk to me because I don't want to > buy a copy for every machine in the place. > > I have also been digging around on McAfee / Network Associates web site > for pricing but can't figure out which product to use on Linux? > > Can someone give me a point in the right direction please? > > David Pollard. > -- Dan Kubilos __\o_ ^ K-8 Tech Coord http://www.oxnardsd.org From LISTSERV at JISCMAIL.AC.UK Thu Apr 11 20:52:36 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:37 2006 Subject: MAILSCANNER: Billy.Lewis@SSA.GOV requested to join Message-ID: <200204111952.UAA15250@magpie.ecs.soton.ac.uk> Thu, 11 Apr 2002 20:52:36 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Billy Lewis You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER Billy.Lewis@SSA.GOV Billy Lewis PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER Billy.Lewis@SSA.GOV Billy Lewis // EOJ From LISTSERV at JISCMAIL.AC.UK Fri Apr 12 10:38:24 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:37 2006 Subject: MAILSCANNER: tjfs@TADPOLE.CO.UK left the JISCmail list Message-ID: <200204120938.KAA07426@magpie.ecs.soton.ac.uk> Fri, 12 Apr 2002 10:38:24 Tim Steele has just left the MAILSCANNER JISCmail list (MailScanner mailing list). From LISTSERV at JISCMAIL.AC.UK Fri Apr 12 10:19:53 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:37 2006 Subject: MAILSCANNER: kerherve@BRETAGNE.IUFM.FR requested to join Message-ID: <200204120919.KAA05845@magpie.ecs.soton.ac.uk> Fri, 12 Apr 2002 10:19:53 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from KERHERVE Gweltaz You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER kerherve@BRETAGNE.IUFM.FR KERHERVE Gweltaz PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER kerherve@BRETAGNE.IUFM.FR KERHERVE Gweltaz // EOJ From LISTSERV at JISCMAIL.AC.UK Fri Apr 12 13:40:22 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:37 2006 Subject: MAILSCANNER: Pablo.Iranzo@UV.ES requested to join Message-ID: <200204121240.NAA22635@magpie.ecs.soton.ac.uk> Fri, 12 Apr 2002 13:40:22 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Pablo Iranzo G?mez The following membership options have been requested: NOACK NOREPRO NOMAIL. You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER Pablo.Iranzo@UV.ES Pablo Iranzo G?mez PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER Pablo.Iranzo@UV.ES Pablo Iranzo G?mez SET MAILSCANNER NOACK NOREPRO NOMAIL FOR Pablo.Iranzo@UV.ES // EOJ From Pablo.Iranzo at UV.ES Fri Apr 12 14:02:03 2002 From: Pablo.Iranzo at UV.ES (=?iso-8859-1?Q?Pablo_Iranzo_G=F3mez?=) Date: Thu Jan 12 21:14:37 2006 Subject: Spam blocking-list Message-ID: Hi I've seen that there's a spam whitelist for always allowing mail from certain directions, but I'm interested in implementing on my server a spam elimination solution only for certain emails. Explanation: I've my email redirected to a local mailbox and to a remote email that automatically sends me an SMS to my mobile phone with the sender email and subject line. My adress is reflected in aliases as: Name.Surname: Name.Mobile, \login Name.Mobile: phonenumber@provider.com (everything is working fine this way) I've tried to put this in /etc/procmailrc: :0 * ^Subject:.*\{SPAM\?\} * ^TO.*\.Mobile@ ! SpamTrap That as far as I know means that for every mail arriving, check the subject for the words {SPAM?}, and in the destination adress check for something with ".Mobile@" and if both conditions are true, then forward the message to a spamtrap instead of sending it to the phonenumber@provider.com I've tested too including phonenumber@provider.com as recipient instead of the ".Mobile@" and it doesn't work neither: I continue getting the SPAM in my mobile Is this something that should be addressed by the MailScanner using some kind of list that should never get SPAM in opossition to the spam-whitelist?? Or should I try to use other aproach to solve this problem? (hints accepted ;) ) Thanks in advance Pablo Pablo Iranzo G?mez (Pablo.Iranzo@uv.es) http://www.uv.es/~iranzop/ring/astron/ (Anillo Astron?mico) http://www.uv.es/~iranzop/hp48/ (P?gina de la HP) -- (PGPKey Available on http://www.uv.es/~iranzop/PGPKey.pgp) -- Principio de Heisenberg sobre la Incertidumbre: La localizaci?n de todos los objetos no se puede conocer de forma simult?nea. Corolario: Si encuentra un objeto que estaba perdido, desaparecer? otro. -- From lbergman at abi.tconline.net Fri Apr 12 14:37:28 2002 From: lbergman at abi.tconline.net (Lewis Bergman) Date: Thu Jan 12 21:14:37 2006 Subject: Sophos / McAfee In-Reply-To: <20020412014210.GU23428@hoiho.nz.lemon-computing.com> References: <20020412014210.GU23428@hoiho.nz.lemon-computing.com> Message-ID: <200204121337.g3CDbTs06704@lewis.abi.tconline.net> > Try the list archives at www.jiscmail.ac.uk/lists/MAILSCANNER.html > ...we've been over this a few times. But are the archives searchable? > Jules - how about a "which AV product should I buy" FAQ question? ;) Is that a volunteer I hear? -- Lewis Bergman Texas Communications 4309 Maple St. Abilene, TX 79602-8044 915-695-6962 ext 115 From lbergman at abi.tconline.net Fri Apr 12 14:41:03 2002 From: lbergman at abi.tconline.net (Lewis Bergman) Date: Thu Jan 12 21:14:37 2006 Subject: F-Prot In-Reply-To: References: Message-ID: <200204121341.g3CDf3306708@lewis.abi.tconline.net> > f-prot are ok with a single user license on the Linux server? This has been lightly addressed here before but which version of f-prot? There is indication on the sight that the output (I would assume then the API) is different for the enterprise verses the small business. I have seen someone say that it "looks like" the small business should do but does anyone know for sure? -- Lewis Bergman Texas Communications 4309 Maple St. Abilene, TX 79602-8044 915-695-6962 ext 115 From jkf at ecs.soton.ac.uk Fri Apr 12 15:16:04 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:37 2006 Subject: Sophos / McAfee In-Reply-To: <200204121337.g3CDbTs06704@lewis.abi.tconline.net> References: <20020412014210.GU23428@hoiho.nz.lemon-computing.com> <20020412014210.GU23428@hoiho.nz.lemon-computing.com> Message-ID: <5.1.0.14.2.20020412151459.02d450d0@imap.ecs.soton.ac.uk> At 14:37 12/04/2002, you wrote: > > Try the list archives at www.jiscmail.ac.uk/lists/MAILSCANNER.html > > ...we've been over this a few times. >But are the archives searchable? > > Jules - how about a "which AV product should I buy" FAQ question? ;) >Is that a volunteer I hear? I will collect people's thoughts if you want me to. But an up-to-date view of people's opinions would help. My attitude is that if you can afford Sophos then buy it, else go for F-Prot (but which version?). -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From mike at 4frontmedia.net Fri Apr 12 15:10:26 2002 From: mike at 4frontmedia.net (Mike Walker) Date: Thu Jan 12 21:14:37 2006 Subject: X-Mailscanner Message-ID: <00a401c1e22b$cba36a00$0100000a@MIKES> Can anyone help? We are recent users of your Mailscanner software and have found it so far to work very well. There are a couple of problems that we would be most grateful for some assistance on. We receive the odd mail on our domain, which for no particular reason does not have the footer included, which leads us to believe the message has not been scanned. This in its self has caused some head scratching particularly as on closer investigation the e-mail header is showing that the message was found to be clean. Increasing our follicle rubbing has been the discovery that all domains with mail passing through our mail gateway are having the "X-Mailscanner: found to be clean" header included, irrespective of whether the domain is in the "domains-to-scan.conf" file. Can anyone shed light on these issues for me?. Many thanks Mike Walker 4Front Media ____________________________________________________________ This message has been scanned for viruses by "VITANIUM" the multi-scan E-mail Virus Protection Service from 4FrontMedia. To safeguard your business call 01233-850906. From gerry at dorfam.ca Fri Apr 12 16:16:27 2002 From: gerry at dorfam.ca (Gerry Doris) Date: Thu Jan 12 21:14:37 2006 Subject: Sophos / McAfee In-Reply-To: <5.1.0.14.2.20020412151459.02d450d0@imap.ecs.soton.ac.uk> References: <5.1.0.14.2.20020412151459.02d450d0@imap.ecs.soton.ac.uk> Message-ID: <9468.129.80.22.134.1018624587.squirrel@tiger.dorfam.ca> > I will collect people's thoughts if you want me to. But an up-to-date > view of people's opinions would help. My attitude is that if you can > afford Sophos then buy it, else go for F-Prot (but which version?). > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ Well, just my $0.02 worth... My knee jerk choice would be Sophos as they seem to be well established with a solid engine and heavy duty support. However, they simply aren't interested in the home/hobby market place. Their pricing reflects their focus on large companies. I'm a home user. F-PROT was willing to allow their small business package to be used by home/hobbiests free of charge. I assume it's working but I haven't detected any virii since it went in (just after I installed it I dropped off some problem lists that generated a lot of virii and most other lists instituted virus scanning). In fact, spam and virus scanning seems to be a feature being added by many list maintainers. I've heard that even ISP's are thinking about it. I'm not totally certain about the differences between the F-PROT Small Business edition and their Enterprise edition. They look like they use the same engine and virus files. However, the Enterprise version seems to have some additional features ie command line interface and claims to be able to integrate with other 3rd party packages. The big differentiator with F-PROT from what I can see is that their pricing is by server NOT by seat like Sophos or McAfee. My impression is that they are a capable group who would like to gain market share. Hence their willingness to be more flexible on pricing. My only contact with them was handled in a quick courteous professional fashion. Gerry -- "The lyfe so short, the craft so long to learne" Chaucer From eyau at SDSU.EDU Fri Apr 12 21:43:38 2002 From: eyau at SDSU.EDU (Emily Yau) Date: Thu Jan 12 21:14:37 2006 Subject: Customize warn or quarantine based on extension Message-ID: Hi, Our current filenames.rules.conf includes the default double extension rule which removes attachments (i.e. myscaryfile.doc.exe) from email before it is sent to the recipient. Can Mailscanner be configured so that attachments whose name includes double extension are delivered with a warning message (but not deleted), while attachments which are confirmed infected are deleted? Thanks :) Emily From LISTSERV at JISCMAIL.AC.UK Fri Apr 12 19:30:10 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:37 2006 Subject: MAILSCANNER: sander@GRACHTZICHT.CJB.NET left the JISCmail list Message-ID: <200204121830.TAA22406@magpie.ecs.soton.ac.uk> Fri, 12 Apr 2002 19:30:10 sander@GRACHTZICHT.CJB.NET has just left the MAILSCANNER JISCmail list (MailScanner mailing list). From LISTSERV at JISCMAIL.AC.UK Fri Apr 12 20:24:22 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:37 2006 Subject: MAILSCANNER: mdlaney@MOREHOUSE.EDU requested to join Message-ID: <200204121924.UAA02585@magpie.ecs.soton.ac.uk> Fri, 12 Apr 2002 20:24:22 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Matt Laney You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER mdlaney@MOREHOUSE.EDU Matt Laney PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER mdlaney@MOREHOUSE.EDU Matt Laney // EOJ From nwp at LEMON-COMPUTING.COM Fri Apr 12 23:20:19 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:37 2006 Subject: Sophos / McAfee In-Reply-To: <5.1.0.14.2.20020412151459.02d450d0@imap.ecs.soton.ac.uk> References: <20020412014210.GU23428@hoiho.nz.lemon-computing.com> <20020412014210.GU23428@hoiho.nz.lemon-computing.com> <5.1.0.14.2.20020412151459.02d450d0@imap.ecs.soton.ac.uk> Message-ID: <20020412222019.GY23428@hoiho.nz.lemon-computing.com> On Fri, Apr 12, 2002 at 03:16:04PM +0100, Julian Field wrote: > >> Jules - how about a "which AV product should I buy" FAQ question? ;) > >Is that a volunteer I hear? > > I will collect people's thoughts if you want me to. But an up-to-date view > of people's opinions would help. My attitude is that if you can afford > Sophos then buy it, else go for F-Prot (but which version?). I was thinking more along the lines of "search the archives; they're at..." -- Nick Phillips -- nwp@lemon-computing.com You get along very well with everyone except animals and people. From sub at ICCONSULTING.COM.AU Sat Apr 13 04:33:54 2002 From: sub at ICCONSULTING.COM.AU (Scott Farrell) Date: Thu Jan 12 21:14:37 2006 Subject: www.openantivirus.org / ScannerDaemon Message-ID: Has anyone looked at integrating any part of the www.openantivirus.org / ScannerDaemon , ( see url http://www.openantivirus.org/projects.php). Its PatternFinder looks quite interesting, and I could support scanning of http/samba/sendmail from maintenance/management of the one virus scanner installation (if we/I work on integrating the ScannerDaemon). Longer term it would help reduce the work on integrating virus scanners to mailscanner, and mailscanner could more concentrate on support for sendmail/exim/etc etc, and protocols such as MIME/TNEF etc etc It also has the advantage as running as a daemon, rather than starting and stopping the virus engine each time. I guess the only draw back is Java, whilst a good language etc etc, it might be a bit 'heavy' for some users compared to the shell scripts. For IC its not a drawback, as we are very very Java orientented anyways. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020413/9343fd8b/attachment.html From nwp at LEMON-COMPUTING.COM Sat Apr 13 12:40:40 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:37 2006 Subject: openantivirus Message-ID: <20020413114039.GG11577@hoiho.nz.lemon-computing.com> Sorry I've broken the thread; first post got bounced 'cos I forgot to set the right "From:" address... On Sat, Apr 13, 2002 at 02:33:54PM +1100, Scott Farrell wrote: > Has anyone looked at integrating any part of the www.openantivirus.org / > ScannerDaemon , ( see url http://www.openantivirus.org/projects.php). Not seriously yet; last time I looked at it (not in relation to mailscanner), it didn't look very worthwhile. Kaffe (which it uses) was also not very stable at the time, as I understood it. > Its PatternFinder looks quite interesting, and I could support scanning of > http/samba/sendmail from maintenance/management of the one virus scanner > installation (if we/I work on integrating the ScannerDaemon). I'll be happy to work on it when I hear from someone that they've used it and it works - well. > Longer term it would help reduce the work on integrating virus scanners to > mailscanner, How? > It also has the advantage as running as a daemon, rather than starting and > stopping the virus engine each time. Several of the currently supported products are available in this form; we currently choose not to use this feature; all the mails in each batch are scanned in one run of the scanner, so this is not as major a performance hit as it might be. There are advantages (related to simplicity) in not using the daemons. I'm inclined to think that it's worth trying one or some, though. > I guess the only draw back is Java, whilst a good language etc etc, it > might be a bit 'heavy' for some users compared to the shell scripts. Drawbacks: Kaffe, reliability or otherwise of signature updates. As I said, if I hear from anyone I vaguely trust that it's worth looking at, I will try it. If I then think that it's worth it, I will add support for it. I'm sure that the ability to use a good free free scanner would please a *lot* of people. Cheers, Nick -- Nick Phillips -- nwp@lemon-computing.com You know that thing you're about to do? Don't. From gerry at DORFAM.CA Sat Apr 13 15:15:34 2002 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:14:37 2006 Subject: Complatency will get you everytime In-Reply-To: <20020413114039.GG11577@hoiho.nz.lemon-computing.com> Message-ID: As I mentioned in an earlier message I haven't been plagued with a virus/worm in quite a while. I dropped several problem mailing lists. Others instituted scanning at the list server. Once my Sophos trial ran out I switched to F-PROT. I was beginning to wonder if it was even working... My daughter uses a windows host (she detests linux...no MSN Messenger etc). I had an old Norton antivirus package on that system but it finally expired and I removed it. Strangely, the system had been a little unstable and removing the Norton package made it rock solid. It only took 3 days for my daughter to infect that host. She was sent an attachment via Yahoo mail that was infected. Yahoo mail is web based and doesn't go through my mailserver. It goes directly to the host. Last night I casually installed McAfee's package and bang...7 worm hits in different directories (two unique worms). I sent one of the files to myself through my mail server and mailscanner with F-PROT immediately found the worm. I didn't even know she was using a web based mailer. I thought all mail was screened coming through my server!!! Gerry -- "The lyfe so short, the craft so long to learne" Chaucer From miguelk at KONSULTEX.COM.BR Sat Apr 13 17:11:18 2002 From: miguelk at KONSULTEX.COM.BR (Miguel Koren O'Brien de Lacy) Date: Thu Jan 12 21:14:37 2006 Subject: Complatency will get you everytime References: Message-ID: <3CB858A6.1D2B4531@konsultex.com.br> Gerry; I assume this is a LAN at home? To scan everything that that goes through your server you may want to look into viralator and other solutions like it. You can find viralator at http://viralator.loddington.com. Another good package is "frox" (search for it on www.freshmeat.net) which is an ftp proxy and has configure switches to scan ftp traffic. A good place to start is www.openantivirus.org Miguel Gerry Doris wrote: > As I mentioned in an earlier message I haven't been plagued with a > virus/worm in quite a while. I dropped several problem mailing lists. > Others instituted scanning at the list server. Once my Sophos trial > ran out I switched to F-PROT. I was beginning to wonder if it was even > working... > > My daughter uses a windows host (she detests linux...no MSN Messenger > etc). I had an old Norton antivirus package on that system but it finally > expired and I removed it. Strangely, the system had been a little > unstable and removing the Norton package made it rock solid. > > It only took 3 days for my daughter to infect that host. She was sent an > attachment via Yahoo mail that was infected. Yahoo mail is web based and > doesn't go through my mailserver. It goes directly to the host. Last > night I casually installed McAfee's package and bang...7 worm hits in > different directories (two unique worms). > > I sent one of the files to myself through my mail server and mailscanner > with F-PROT immediately found the worm. > > I didn't even know she was using a web based mailer. I thought all mail > was screened coming through my server!!! > > Gerry > -- > "The lyfe so short, the craft so long to learne" Chaucer From Q.G.Campbell at NEWCASTLE.AC.UK Mon Apr 15 13:33:11 2002 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:14:37 2006 Subject: Sophos / McAfee Message-ID: I would be grateful for the _exact_ name of the Sophos anti-virus software product that is being run with MailScanner on Linux (RedHat 7.2) boxes? I need this detail to pass to the person here who negotiates the purchase of software licences for this site. We are seeking an 18,000 user licence for this particular Sophos AV software and would welcome any information on what other UK academic sites are paying for the product. I am happy to receive this info off-line and in confidence if that is necessary. Thanks Quentin --- PHONE: +44 191 222 8209 Computing Service, University of Newcastle FAX: +44 191 222 8765 Newcastle upon Tyne, United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." > -----Original Message----- > From: Julian Field [mailto:jkf@ecs.soton.ac.uk] > Sent: 12 April 2002 15:16 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Sophos / McAfee > > > At 14:37 12/04/2002, you wrote: > > > Try the list archives at www.jiscmail.ac.uk/lists/MAILSCANNER.html > > > ...we've been over this a few times. > >But are the archives searchable? > > > Jules - how about a "which AV product should I buy" FAQ > question? ;) > >Is that a volunteer I hear? > > I will collect people's thoughts if you want me to. But an > up-to-date view of people's opinions would help. My attitude > is that if you can afford Sophos then buy it, else go for > F-Prot (but which version?). > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ > From martinh at SOLID-STATE-LOGIC.COM Mon Apr 15 13:42:43 2002 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:14:37 2006 Subject: Sophos / McAfee References: Message-ID: <3CBACAC3.7060203@solid-state-logic.com> Quentin Don't JISC have a deal with sophos??? Just a thought... -- Martin Hepworth Senior Systems Administrator Solid State Logic Ltd +44 (0)1865 842300 Quentin Campbell wrote: > I would be grateful for the _exact_ name of the Sophos anti-virus > software product that is being run with MailScanner on Linux (RedHat > 7.2) boxes? I need this detail to pass to the person here who negotiates > the purchase of software licences for this site. > > We are seeking an 18,000 user licence for this particular Sophos AV > software and would welcome any information on what other UK academic > sites are paying for the product. I am happy to receive this info > off-line and in confidence if that is necessary. > > Thanks > > Quentin > --- > PHONE: +44 191 222 8209 Computing Service, University of Newcastle > FAX: +44 191 222 8765 Newcastle upon Tyne, United Kingdom, NE1 7RU. > ------------------------------------------------------------------------ > "Any opinion expressed above is mine. The University can get its own." > > >>-----Original Message----- >>From: Julian Field [mailto:jkf@ecs.soton.ac.uk] >>Sent: 12 April 2002 15:16 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: Sophos / McAfee >> >> >>At 14:37 12/04/2002, you wrote: >> >>>>Try the list archives at www.jiscmail.ac.uk/lists/MAILSCANNER.html >>>>...we've been over this a few times. >>>> >>>But are the archives searchable? >>> >>>>Jules - how about a "which AV product should I buy" FAQ >>>> >>question? ;) >> >>>Is that a volunteer I hear? >>> >>I will collect people's thoughts if you want me to. But an >>up-to-date view of people's opinions would help. My attitude >>is that if you can afford Sophos then buy it, else go for >>F-Prot (but which version?). >>-- >>Julian Field Teaching Systems Manager >>jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science >>Tel. 023 8059 2817 University of Southampton >> Southampton SO17 1BJ >> >> > > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com ********************************************************************** From Q.G.Campbell at NEWCASTLE.AC.UK Mon Apr 15 13:56:48 2002 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:14:37 2006 Subject: Sophos / McAfee Message-ID: Martin I was not aware of that. JISC is a large organisation - who, I wonder, could I approach about this in the first instance? I will have a look at their web site to see if that provides any leads. Thanks Quentin --- PHONE: +44 191 222 8209 Computing Service, University of Newcastle FAX: +44 191 222 8765 Newcastle upon Tyne, United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." > -----Original Message----- > From: Martin Hepworth [mailto:martinh@solid-state-logic.com] > Sent: 15 April 2002 13:43 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Sophos / McAfee > > > Quentin > > Don't JISC have a deal with sophos??? Just a thought... > > > -- > Martin Hepworth > Senior Systems Administrator > Solid State Logic Ltd > +44 (0)1865 842300 > > Quentin Campbell wrote: > > > I would be grateful for the _exact_ name of the Sophos anti-virus > > software product that is being run with MailScanner on Linux (RedHat > > 7.2) boxes? I need this detail to pass to the person here who > > negotiates the purchase of software licences for this site. > > > > We are seeking an 18,000 user licence for this particular Sophos AV > > software and would welcome any information on what other UK > academic > > sites are paying for the product. I am happy to receive this info > > off-line and in confidence if that is necessary. > > > > Thanks > > > > Quentin > > --- > > PHONE: +44 191 222 8209 Computing Service, University of > Newcastle > > FAX: +44 191 222 8765 Newcastle upon Tyne, United > Kingdom, NE1 7RU. > > > ---------------------------------------------------------------------- > > -- > > "Any opinion expressed above is mine. The University can > get its own." > > > > > >>-----Original Message----- > >>From: Julian Field [mailto:jkf@ecs.soton.ac.uk] > >>Sent: 12 April 2002 15:16 > >>To: MAILSCANNER@JISCMAIL.AC.UK > >>Subject: Re: Sophos / McAfee > >> > >> > >>At 14:37 12/04/2002, you wrote: > >> > >>>>Try the list archives at www.jiscmail.ac.uk/lists/MAILSCANNER.html > >>>>...we've been over this a few times. > >>>> > >>>But are the archives searchable? > >>> > >>>>Jules - how about a "which AV product should I buy" FAQ > >>>> > >>question? ;) > >> > >>>Is that a volunteer I hear? > >>> > >>I will collect people's thoughts if you want me to. But an > up-to-date > >>view of people's opinions would help. My attitude is that > if you can > >>afford Sophos then buy it, else go for F-Prot (but which version?). > >>-- > >>Julian Field Teaching Systems Manager > >>jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > >>Tel. 023 8059 2817 University of Southampton > >> Southampton SO17 1BJ > >> > >> > > > > > > > > > > ********************************************************************** > This email and any files transmitted with it are confidential > and intended solely for the use of the individual or entity > to whom they are addressed. If you have received this email > in error please notify the system manager. > > This footnote also confirms that this email message has been > swept by MIMEsweeper for the presence of computer viruses. > www.mimesweeper.com ********************************************************************** From martinh at SOLID-STATE-LOGIC.COM Mon Apr 15 14:13:12 2002 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:14:37 2006 Subject: Sophos / McAfee References: Message-ID: <3CBAD1E8.2070106@solid-state-logic.com> Quentin I've no idea - several lives ago I used to sell stuff via JISC.. maybe your purchasing dept can help out??? -- Martin Hepworth Senior Systems Administrator Solid State Logic Ltd +44 (0)1865 842300 Quentin Campbell wrote: > Martin > > I was not aware of that. JISC is a large organisation - who, I wonder, > could I approach about this in the first instance? I will have a look at > their web site to see if that provides any leads. > > Thanks > > Quentin > --- > PHONE: +44 191 222 8209 Computing Service, University of Newcastle > FAX: +44 191 222 8765 Newcastle upon Tyne, United Kingdom, NE1 7RU. > ------------------------------------------------------------------------ > "Any opinion expressed above is mine. The University can get its own." > > >>-----Original Message----- >>From: Martin Hepworth [mailto:martinh@solid-state-logic.com] >>Sent: 15 April 2002 13:43 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: Sophos / McAfee >> >> >>Quentin >> >>Don't JISC have a deal with sophos??? Just a thought... >> >> >>-- >>Martin Hepworth >>Senior Systems Administrator >>Solid State Logic Ltd >>+44 (0)1865 842300 >> >>Quentin Campbell wrote: >> >> >>>I would be grateful for the _exact_ name of the Sophos anti-virus >>>software product that is being run with MailScanner on Linux (RedHat >>>7.2) boxes? I need this detail to pass to the person here who >>>negotiates the purchase of software licences for this site. >>> >>>We are seeking an 18,000 user licence for this particular Sophos AV >>>software and would welcome any information on what other UK >>> >>academic >> >>>sites are paying for the product. I am happy to receive this info >>>off-line and in confidence if that is necessary. >>> >>>Thanks >>> >>>Quentin >>>--- >>>PHONE: +44 191 222 8209 Computing Service, University of >>> >>Newcastle >> >>>FAX: +44 191 222 8765 Newcastle upon Tyne, United >>> >>Kingdom, NE1 7RU. >> >>---------------------------------------------------------------------- >> >>>-- >>>"Any opinion expressed above is mine. The University can >>> >>get its own." >> >>> >>>>-----Original Message----- >>>>From: Julian Field [mailto:jkf@ecs.soton.ac.uk] >>>>Sent: 12 April 2002 15:16 >>>>To: MAILSCANNER@JISCMAIL.AC.UK >>>>Subject: Re: Sophos / McAfee >>>> >>>> >>>>At 14:37 12/04/2002, you wrote: >>>> >>>> >>>>>>Try the list archives at www.jiscmail.ac.uk/lists/MAILSCANNER.html >>>>>>...we've been over this a few times. >>>>>> >>>>>> >>>>>But are the archives searchable? >>>>> >>>>> >>>>>>Jules - how about a "which AV product should I buy" FAQ >>>>>> >>>>>> >>>>question? ;) >>>> >>>> >>>>>Is that a volunteer I hear? >>>>> >>>>> >>>>I will collect people's thoughts if you want me to. But an >>>> >>up-to-date >> >>>>view of people's opinions would help. My attitude is that >>>> >>if you can >> >>>>afford Sophos then buy it, else go for F-Prot (but which version?). >>>>-- >>>>Julian Field Teaching Systems Manager >>>>jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science >>>>Tel. 023 8059 2817 University of Southampton >>>> Southampton SO17 1BJ >>>> >>>> >>>> >>> >> >> ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com ********************************************************************** From m.sapsed at BANGOR.AC.UK Mon Apr 15 15:35:41 2002 From: m.sapsed at BANGOR.AC.UK (Martin Sapsed) Date: Thu Jan 12 21:14:37 2006 Subject: Sophos / McAfee References: Message-ID: <3CBAE53D.F48C0F07@bangor.ac.uk> Quentin Campbell wrote: > > I would be grateful for the _exact_ name of the Sophos anti-virus > software product that is being run with MailScanner on Linux (RedHat > 7.2) boxes? I need this detail to pass to the person here who negotiates > the purchase of software licences for this site. > > We are seeking an 18,000 user licence for this particular Sophos AV > software and would welcome any information on what other UK academic > sites are paying for the product. I am happy to receive this info > off-line and in confidence if that is necessary. CHEST have negotiated a deal for UK Educational Institutions with Sophos which gives site licensing at what seem to be quite reasonable rates. Check out the software agreements on the Chest site. Cheers, Martin -- Martin Sapsed To have no errors Information Services Would be life without meaning University of Wales, Bangor, LL57 2UX No struggle, no joy. Fax: +44 (0)1248 383826 From LISTSERV at JISCMAIL.AC.UK Mon Apr 15 19:55:04 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:37 2006 Subject: MAILSCANNER: ehren@PICKERING.COM requested to join Message-ID: <200204151855.TAA18313@magpie.ecs.soton.ac.uk> Mon, 15 Apr 2002 19:55:04 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from "Daryl S. Ehrenheim" You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER ehren@PICKERING.COM Daryl S. Ehrenheim PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER ehren@PICKERING.COM Daryl S. Ehrenheim // EOJ From LISTSERV at JISCMAIL.AC.UK Mon Apr 15 20:36:31 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:37 2006 Subject: MAILSCANNER: nospam@WCC.NET requested to join Message-ID: <200204151936.UAA26461@magpie.ecs.soton.ac.uk> Mon, 15 Apr 2002 20:36:31 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Kip Turk You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER nospam@WCC.NET Kip Turk PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER nospam@WCC.NET Kip Turk // EOJ From LISTSERV at JISCMAIL.AC.UK Mon Apr 15 21:07:08 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:37 2006 Subject: MAILSCANNER: mattb@ZOPE.COM requested to join Message-ID: <200204152007.VAA02226@magpie.ecs.soton.ac.uk> Mon, 15 Apr 2002 21:07:08 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Matt Burleigh You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER mattb@ZOPE.COM Matt Burleigh PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER mattb@ZOPE.COM Matt Burleigh // EOJ From LISTSERV at JISCMAIL.AC.UK Mon Apr 15 11:32:55 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:37 2006 Subject: MAILSCANNER: vermaas@JMDEJONG.NL requested to join Message-ID: <200204151032.LAA11800@magpie.ecs.soton.ac.uk> Mon, 15 Apr 2002 11:32:55 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from "P. Vermaas" The following membership options have been requested: CONCEAL. You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER vermaas@JMDEJONG.NL P. Vermaas PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER vermaas@JMDEJONG.NL P. Vermaas SET MAILSCANNER CONCEAL FOR vermaas@JMDEJONG.NL // EOJ From LISTSERV at JISCMAIL.AC.UK Sun Apr 14 20:22:29 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:37 2006 Subject: MAILSCANNER: timnis@IKI.FI left the JISCmail list Message-ID: <200204141922.UAA22733@magpie.ecs.soton.ac.uk> Sun, 14 Apr 2002 20:22:29 timnis@IKI.FI has just left the MAILSCANNER JISCmail list (MailScanner mailing list). From LISTSERV at JISCMAIL.AC.UK Tue Apr 16 18:49:55 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:37 2006 Subject: MAILSCANNER: jason@MED-WEB.COM requested to join Message-ID: <200204161749.SAA10422@magpie.ecs.soton.ac.uk> Tue, 16 Apr 2002 18:49:55 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Jason Summers You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER jason@MED-WEB.COM Jason Summers PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER jason@MED-WEB.COM Jason Summers // EOJ From fizz at BOMB.NET Tue Apr 16 20:01:12 2002 From: fizz at BOMB.NET (Kelly Hamlin) Date: Thu Jan 12 21:14:37 2006 Subject: strange behavior... Message-ID: <000b01c1e579$13e51bb0$6ccf75cc@fizz> Not sure where the problem lies or if someone has a clue on how to speed this up, but look at this -rw------- 1 root root 2824 Apr 16 13:43 g3GHoXh32259.header -rw------- 1 root root 976 Apr 16 13:43 g3GHoYh32260.header -rw------- 1 root root 826 Apr 16 13:43 g3GHoah32262.header -rw------- 1 root root 575 Apr 16 13:43 g3GHohh32266.header -rw------- 1 root root 441 Apr 16 13:43 g3GHoqh32271.header root@sairys:/var/spool/MailScanner/incoming# date Tue Apr 16 13:47:09 EDT 2002 there are about a hundred messages at a time and it seems those messages sit there for about 5 minutes before anything is done with them, io brought this up before but had no responce. I run about 30-35k mails a day through my primary mail server. Its been starting to backup more and more lately. Im using SA 2.11 and Mailscanner 13-5, im running in Queue delivery and deliver in background. Ive modified mailscanner and changed the sleep(30) to sleep(1) but didnt seem to help any.. Any help would be very grateful! thanks System: Dual PII 300, 128 Megs ram, Slackware 8.0 ////// ( o o ) +--.oooO--(_)--Oooo.-----------------+ | [Kelly Hamlin] | kellyh@cyberstreet.com | http://www.bomb.net | .oooO | ( ) Oooo. +--- \ (----( )----------------------------+ \_) ) / (_/ From fizz at BOMB.NET Tue Apr 16 20:14:13 2002 From: fizz at BOMB.NET (Kelly Hamlin) Date: Thu Jan 12 21:14:37 2006 Subject: More on last subject Message-ID: <000901c1e57a$e54268b0$6ccf75cc@fizz> drwx------ 2 root root 4096 Apr 16 14:02 g3GI4SC01027/ -rw------- 1 root root 886 Apr 16 13:56 g3GI4SC01027.header drwx------ 2 root root 4096 Apr 16 14:02 g3GI4TC01029/ -rw------- 1 root root 594 Apr 16 13:56 g3GI4TC01029.header drwx------ 2 root root 4096 Apr 16 14:02 g3GI4UC01031/ -rw------- 1 root root 831 Apr 16 13:56 g3GI4UC01031.header notice how they are 7 minutes apart? any clues would be great :) ////// ( o o ) +--.oooO--(_)--Oooo.-----------------+ | [Kelly Hamlin] | kellyh@cyberstreet.com | http://www.bomb.net | .oooO | ( ) Oooo. +--- \ (----( )----------------------------+ \_) ) / (_/ From LISTSERV at JISCMAIL.AC.UK Wed Apr 17 04:41:40 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:37 2006 Subject: MAILSCANNER: bidwell@ANDREWS.EDU requested to join Message-ID: <200204170341.EAA02333@magpie.ecs.soton.ac.uk> Wed, 17 Apr 2002 04:41:40 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Daniel Bidwell You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER bidwell@ANDREWS.EDU Daniel Bidwell PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER bidwell@ANDREWS.EDU Daniel Bidwell // EOJ From LISTSERV at JISCMAIL.AC.UK Wed Apr 17 10:57:29 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:37 2006 Subject: MAILSCANNER: shiva@WEBCODING.IT requested to join Message-ID: <200204170957.KAA12769@magpie.ecs.soton.ac.uk> Wed, 17 Apr 2002 10:57:29 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Shiva Shiva You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER shiva@WEBCODING.IT Shiva Shiva PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER shiva@WEBCODING.IT Shiva Shiva // EOJ From jkf at ecs.soton.ac.uk Wed Apr 17 11:38:28 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:37 2006 Subject: More on last subject In-Reply-To: <000901c1e57a$e54268b0$6ccf75cc@fizz> Message-ID: <5.1.0.14.2.20020417113735.03193bd8@imap.ecs.soton.ac.uk> At 20:14 16/04/2002, you wrote: >drwx------ 2 root root 4096 Apr 16 14:02 g3GI4SC01027/ >-rw------- 1 root root 886 Apr 16 13:56 g3GI4SC01027.header >drwx------ 2 root root 4096 Apr 16 14:02 g3GI4TC01029/ >-rw------- 1 root root 594 Apr 16 13:56 g3GI4TC01029.header >drwx------ 2 root root 4096 Apr 16 14:02 g3GI4UC01031/ >-rw------- 1 root root 831 Apr 16 13:56 g3GI4UC01031.header > >notice how they are 7 minutes apart? >any clues would be great :) I would suspect that your DNS lookups are running slowly. Try switching off the spam detection altogether and see if that cures the problem. If it does, then it's definitely a DNS speed problem. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From fizz at BOMB.NET Wed Apr 17 13:34:52 2002 From: fizz at BOMB.NET (Kelly Hamlin) Date: Thu Jan 12 21:14:37 2006 Subject: More on last subject References: <5.1.0.14.2.20020417113735.03193bd8@imap.ecs.soton.ac.uk> Message-ID: <004601c1e60c$457d2530$6ccf75cc@fizz> definatly see an improvement... now. what if anything can i do to help dns speed... ----- Original Message ----- From: "Julian Field" To: Sent: Wednesday, April 17, 2002 6:38 AM Subject: Re: More on last subject > At 20:14 16/04/2002, you wrote: > >drwx------ 2 root root 4096 Apr 16 14:02 g3GI4SC01027/ > >-rw------- 1 root root 886 Apr 16 13:56 g3GI4SC01027.header > >drwx------ 2 root root 4096 Apr 16 14:02 g3GI4TC01029/ > >-rw------- 1 root root 594 Apr 16 13:56 g3GI4TC01029.header > >drwx------ 2 root root 4096 Apr 16 14:02 g3GI4UC01031/ > >-rw------- 1 root root 831 Apr 16 13:56 g3GI4UC01031.header > > > >notice how they are 7 minutes apart? > >any clues would be great :) > > I would suspect that your DNS lookups are running slowly. Try switching off > the spam detection altogether and see if that cures the problem. If it > does, then it's definitely a DNS speed problem. > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ > From marc.perea at ELECTRONIC-GROUP.COM Wed Apr 17 17:31:06 2002 From: marc.perea at ELECTRONIC-GROUP.COM (Marc Perea) Date: Thu Jan 12 21:14:37 2006 Subject: f-protwrapper modification ? In-Reply-To: <20020404112736.11550fba.marc.perea@electronic-group.com> References: <3CAB7076.2010508@southwestern.edu> <20020403230005.GI22344@hoiho.nz.lemon-computing.com> <008201c1db8e$5f391520$1400a8c0@gangfam.com> <20020404045319.GC3518@hoiho.nz.lemon-computing.com> <20020404112736.11550fba.marc.perea@electronic-group.com> Message-ID: <20020417183106.7d8b1de2.marc.perea@electronic-group.com> On Thu, 4 Apr 2002 11:27:36 +0200 Marc Perea wrote: > > Here I copy an example output : > > At Thu Apr 4 02:56:10 2002 the virus scanner said: > /opt/mailscanner/var/incoming/g340ti715079/enano.exe Infection: W32/Hybris.worm.B > > I'm looking for a way to easyly remove the path to the file, so just appears as "file.ext" instead of /opt/mailscanner/var/incoming/XXXXXXX/file.ext > > Cheers, > Hello guys. This mail is only for f-prot users (I have no experience with any other Anti Viruses) To solve the problem above exposed, I've modified the f-protwrapper file that comes by default with the mailscanner package in this way : I've added this variable : HiddenPath=/opt/mailscanner/var And replaced the first line by the second one : exec ${PackageDir}/$Scanner $ScanOptions "$@" exec ${PackageDir}/$Scanner $ScanOptions "$@" | sed "s%$HiddenPath%%g" And voila! no more path revealing to anyone :-) Dear Julian Field : What do you think about including this option into the next f-protwrapper version ? Cheers, -- Marc Perea - System Administration Staff Mail: marc.perea@electronic-group.com Tel: (+34) 93 600 23 23 Fax: (+34) 93 600 23 10 ---------------- Electronic Group - http://www.electronic-group.com From jase at SENSIS.COM Wed Apr 17 18:10:14 2002 From: jase at SENSIS.COM (Desai, Jason) Date: Thu Jan 12 21:14:37 2006 Subject: Bug in Mcafee autoupdate Script Message-ID: I just got this error in the autoupdate script for Mcafee: Undefined subroutine &main::Bailout called at /usr/local/mcafee-wrappers/autoupdate line 69. Looks like Bailout needs to be changed to BailOut. Jason From ehren at PICKERING.COM Wed Apr 17 21:06:12 2002 From: ehren at PICKERING.COM (Daryl S. Ehrenheim) Date: Thu Jan 12 21:14:37 2006 Subject: Lame question? Message-ID: <3CBDD5B4.6040807@pickering.com> I would like to setup mailscanner on our email server and from the online documentation it says to change the following from: sendmail -bd -q15m to sendmail -bd -ODeliveryMode=queueonly -OQueueDirectory=/pathto/sendmail/mqueue.in sendmail -q15m and the lame question that I have is that my startup script looks like the following and so how should I insert the additional line: /bin/su root -c "/path/to/sendmail -bd -q1h" 2> /dev/null This is on an SCO Openserver 5.0.5a machine. I am not too familiar with scripting yet, however this is in the middle of an If, then, else loop. Can I just alter it to look like the following: /bin/su root -c "/path/to/sendmail -bd -ODeliveryMode=queueonly -OQueueDirectory=/pathto/sendmail/mqueue.in" /bin/su root -c "/path/to/sendmail -q1h" 2> /dev/null This server is being used for company email in and out only. Not a large email service provider. However, I do not wnat to make changes that are goig to mess up the email delivery in and out of here so I wanted to make sure that I was doing this correctly. Any help would be appreciated. Thanks, Daryl S. Ehrenheim Pickering Inc. From S.R.Patterson at SOTON.AC.UK Wed Apr 17 21:05:03 2002 From: S.R.Patterson at SOTON.AC.UK (Steven Patterson) Date: Thu Jan 12 21:14:37 2006 Subject: Lame question? In-Reply-To: <3CBDD5B4.6040807@pickering.com> Message-ID: <000001c1e64b$2b735940$9865fea9@sucs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Daryl S. Ehrenheim > Sent: 17 April 2002 21:06 > > This is on an SCO Openserver 5.0.5a machine. I am not too > familiar with scripting yet, however this is in the middle of > an If, then, else loop. Can I just alter it to look like the > following: > > /bin/su root -c "/path/to/sendmail -bd \ > -ODeliveryMode=queueonly -OQueueDirectory=/pathto/sendmail/mqueue.in" > /bin/su root -c "/path/to/sendmail -q1h" 2> /dev/null Yes, though I'd put the "2>/dev/null" on the first line too. If you're worried about what the if-then-else loop does then email that section of the file to me and I'll explain it to you, reassure you that it will work, or admit that I don't have a clue :) Cheers, Steve - -- Steven Patterson, MSci ---------------------- Tel: +44 (0) 2380 595810 | Electronic Information Systems Support and Development | | Computing Services, University of Southampton, UK. | +------ Public PGP Key: http://www.soton.ac.uk/~srp/pubkey.asc ------+ ...... ...... .. Give me ambiguity or give me something else. .. ...... ...... -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBPL3VXq2fOiTs5+WvEQLRqACfSn66eXZyWTAoqS1Ss7oTQ8heyYAAoOOQ U28QESHhtP+xGLF0zqgcwHHG =4b60 -----END PGP SIGNATURE----- From LISTSERV at JISCMAIL.AC.UK Wed Apr 17 19:26:52 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:37 2006 Subject: MAILSCANNER: pac@STINGRAYBOATS.COM requested to join Message-ID: <200204171826.TAA21557@magpie.ecs.soton.ac.uk> Wed, 17 Apr 2002 19:26:52 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Michael Packer You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER pac@STINGRAYBOATS.COM Michael Packer PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER pac@STINGRAYBOATS.COM Michael Packer // EOJ From LISTSERV at JISCMAIL.AC.UK Wed Apr 17 23:21:39 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:37 2006 Subject: MAILSCANNER: dhampton@BEHEMOTHITS.CO.UK requested to join Message-ID: <200204172221.XAA07239@magpie.ecs.soton.ac.uk> Wed, 17 Apr 2002 23:21:39 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Darren Hampton You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER dhampton@BEHEMOTHITS.CO.UK Darren Hampton PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER dhampton@BEHEMOTHITS.CO.UK Darren Hampton // EOJ From ben.tullis at INFOMATRIX.COM Thu Apr 18 10:39:57 2002 From: ben.tullis at INFOMATRIX.COM (Ben Tullis) Date: Thu Jan 12 21:14:37 2006 Subject: Sophos with Debian packages Message-ID: I am preparing for the Debian 3.0 release which includes MailScanner and have a query regarding the Sophos integration. So far, I have been using the tarballs downloaded from www.mailscanner.info and in order to install Sophos I have used the Sophos.install.linux script provided with them. When I move over to Debian 3.0 and start downloading them as part of the package tree, these scripts are no longer present. I am therefore trying to ascertain the correct arguments to give to the install.sh script provided with SAV. Mailscanner and the autoupdate script want Sophos to be in /usr/local/Sophos and I don't want intercheck to be installed so I have tried: ./install.sh -d /usr/local/Sophos -ni but I get complaints about missing virus data and the autoupdate script is unable to determine Sophos version number. I have also tried copying the Sophos.install script from the other distribution but this doesn't work either. Any clues? Thank you. From nwp at LEMON-COMPUTING.COM Thu Apr 18 10:50:10 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:37 2006 Subject: Sophos with Debian packages In-Reply-To: References: Message-ID: <20020418095010.GC13222@hoiho.nz.lemon-computing.com> On Thu, Apr 18, 2002 at 10:39:57AM +0100, Ben Tullis wrote: > When I move over to Debian 3.0 and start downloading them as part of the > package tree, these scripts are no longer present. Hmmm... probably best report it as a wishlist bug against mailscanner on the Debian BTS... I haven't really got used to the Debian package yet myself, so I can't really help off the top of my head. Cheers, Nick -- Nick Phillips -- nwp@lemon-computing.com Love is in the offing. Be affectionate to one who adores you. From LISTSERV at JISCMAIL.AC.UK Thu Apr 18 10:42:44 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:37 2006 Subject: MAILSCANNER: ben.soares@ED.AC.UK left the JISCmail list Message-ID: <200204180942.KAA10674@magpie.ecs.soton.ac.uk> Thu, 18 Apr 2002 10:42:44 Ben Soares has just left the MAILSCANNER JISCmail list (MailScanner mailing list). From jkf at ecs.soton.ac.uk Thu Apr 18 11:39:33 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:37 2006 Subject: Sophos / McAfee In-Reply-To: Message-ID: <5.1.0.14.2.20020418113611.05d86cf0@imap.ecs.soton.ac.uk> At 10:57 18/04/2002, you wrote: >You may recall my recent posting to the list re. the _exact_ name of the >Sophos AV product that you need to run with MailScanner under RedHat >Linux 7.2. I received no replies with a direct answer and one which >indirectly mentions SAVI. I would still like that information! You need a SAVI licence. This is priced per PC you are protecting with the server. >We need this detail in order to navigate the almost inpenetrable mess of >contradictory information from Sophos, its resellers and CHEST regarding >pricing for Sophos AV products. I know what you mean, you would never believe that some of these companies were actually trying to sell anything! >We want to run Sophos AV with MailScanner on just 4 Central Mail Hubs >through which run all mail to/from this campus. Checked mail from these >Hubs may then be delivered to perhaps 50 Mailbox Servers on campus which >in turn are accessed from 3,000+ PC and other workstations. These client >hosts are shared by 6 users on average to read e-mail, etc. > >In all 18,000 users would benefit from the 4 copies of Sophos AV (SAVI?) >running on our Mail Hubs. But the pricing information we have seen >sometimes is based on number of servers/PCs and sometimes on number of >users. It is not clear to us whether we should be seeking a 4-server >licence, a 50-server licence, a 3,000-PC licence or an 18,000 user >licence. You can buy an unlimited licence from them, which with educational discounts should only cost something in the region of ?2K per year. This gets you SAVI for all users, plus desktop Sophos for all your PCs including all those owned by students and staff. That's the licence we have here. >Of course I am looking at this from just our side of our Mail Hubs. >Since outgoing mail will also be checked by the Sophos AV package then >potentially millions of off-campus users "benefit" from the software! Don't tell them that, it will just confuse the issue :) >Any information, advice or experience that you can offer on this would >be gratefully received. If you feel that it is appropriate to edit and >re-post this enquiry to the list under your own name then that is fine. If you still can't get anywhere, I can have a dig and see who did the purchasing for our entire campus for this product. You could then contact them. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From LISTSERV at JISCMAIL.AC.UK Thu Apr 18 13:29:24 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:37 2006 Subject: MAILSCANNER: j.bagshaw@BRADFORD.AC.UK requested to join Message-ID: <200204181229.NAA13021@magpie.ecs.soton.ac.uk> Thu, 18 Apr 2002 13:29:24 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Jon Bagshaw You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER j.bagshaw@BRADFORD.AC.UK Jon Bagshaw PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER j.bagshaw@BRADFORD.AC.UK Jon Bagshaw // EOJ From fizz at BOMB.NET Thu Apr 18 15:50:36 2002 From: fizz at BOMB.NET (Kelly Hamlin) Date: Thu Jan 12 21:14:37 2006 Subject: More on last subject References: <5.1.0.14.2.20020417113735.03193bd8@imap.ecs.soton.ac.uk> <004601c1e60c$457d2530$6ccf75cc@fizz> Message-ID: <000901c1e6e8$66809af0$6ccf75cc@fizz> Would installing named on the machine and pointing its dns to itself help any ya think? ----- Original Message ----- From: "Kelly Hamlin" To: Sent: Wednesday, April 17, 2002 8:34 AM Subject: Re: More on last subject > definatly see an improvement... > > now. what if anything can i do to help dns speed... > > > > ----- Original Message ----- > From: "Julian Field" > To: > Sent: Wednesday, April 17, 2002 6:38 AM > Subject: Re: More on last subject > > > > At 20:14 16/04/2002, you wrote: > > >drwx------ 2 root root 4096 Apr 16 14:02 g3GI4SC01027/ > > >-rw------- 1 root root 886 Apr 16 13:56 > g3GI4SC01027.header > > >drwx------ 2 root root 4096 Apr 16 14:02 g3GI4TC01029/ > > >-rw------- 1 root root 594 Apr 16 13:56 > g3GI4TC01029.header > > >drwx------ 2 root root 4096 Apr 16 14:02 g3GI4UC01031/ > > >-rw------- 1 root root 831 Apr 16 13:56 > g3GI4UC01031.header > > > > > >notice how they are 7 minutes apart? > > >any clues would be great :) > > > > I would suspect that your DNS lookups are running slowly. Try switching > off > > the spam detection altogether and see if that cures the problem. If it > > does, then it's definitely a DNS speed problem. > > -- > > Julian Field Teaching Systems Manager > > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > > Tel. 023 8059 2817 University of Southampton > > Southampton SO17 1BJ > > > From Declan.Grady at NUVOTEM.COM Thu Apr 18 16:05:23 2002 From: Declan.Grady at NUVOTEM.COM (Declan Grady) Date: Thu Jan 12 21:14:37 2006 Subject: F-Prot versions ? In-Reply-To: <20020417183106.7d8b1de2.marc.perea@electronic-group.com> Message-ID: Probably a silly question, but... Which version of F-PROT do I need ? from the page http://www.f-prot.com/f-prot/products/fplin.html I can see there is a small-business version and an Enterprise-business version. I see there is no commad-line tool with the small-business version, so I assume to use f-prot in conjunction with mailscanner I will need the Enterprise edition ? Thanks, Declan From gerry at dorfam.ca Thu Apr 18 16:47:50 2002 From: gerry at dorfam.ca (Gerry Doris) Date: Thu Jan 12 21:14:37 2006 Subject: F-Prot versions ? In-Reply-To: References: Message-ID: <51826.129.80.22.134.1019144870.squirrel@tiger.dorfam.ca> > Probably a silly question, but... Which version of F-PROT do I need ? > > from the page http://www.f-prot.com/f-prot/products/fplin.html I can > see there is a small-business version and an Enterprise-business > version. I see there is no commad-line tool with the small-business > version, so I assume to use f-prot in conjunction with mailscanner I > will need the Enterprise edition ? > > Thanks, > Declan I'm successfully using the small business edition with mailscanner. It just found a virus yesterday so it is working correctly. Gerry -- "The lyfe so short, the craft so long to learne" Chaucer From doko at CS.TU-BERLIN.DE Thu Apr 18 16:57:16 2002 From: doko at CS.TU-BERLIN.DE (Matthias Klose) Date: Thu Jan 12 21:14:37 2006 Subject: Sophos with Debian packages In-Reply-To: <20020418095010.GC13222@hoiho.nz.lemon-computing.com> References: <20020418095010.GC13222@hoiho.nz.lemon-computing.com> Message-ID: <15550.60636.952342.544473@gargle.gargle.HOWL> Nick Phillips writes: > On Thu, Apr 18, 2002 at 10:39:57AM +0100, Ben Tullis wrote: > > > When I move over to Debian 3.0 and start downloading them as part of the > > package tree, these scripts are no longer present. > > Hmmm... probably best report it as a wishlist bug against mailscanner on > the Debian BTS... no, the script is in /etc/mailscanner/autoupdate/sophos From paul-w at BLUEYONDER.CO.UK Fri Apr 19 01:06:35 2002 From: paul-w at BLUEYONDER.CO.UK (Paul Welsh) Date: Thu Jan 12 21:14:37 2006 Subject: F-Prot versions ? References: <06dc02145231242PCOW029M@blueyonder.co.uk> Message-ID: <005501c1e736$16950640$96e230d5@espmail00053> > Date: Thu, 18 Apr 2002 11:47:50 -0400 > From: Gerry Doris > Subject: Re: F-Prot versions ? > > > Probably a silly question, but... Which version of F-PROT do I need ? > > > > from the page http://www.f-prot.com/f-prot/products/fplin.html I can > > see there is a small-business version and an Enterprise-business > > version. I see there is no commad-line tool with the small-business > > version, so I assume to use f-prot in conjunction with mailscanner I > > will need the Enterprise edition ? > > I'm successfully using the small business edition with mailscanner. It > just found a virus yesterday so it is working correctly. I too am using F-Prot Linux for Small Business without a problem. I see that http://www.f-prot.com/f-prot/products/fplin.html says of the Small Business version: "...with scheduled or manual scans of individual files or entire file systems" so I guess that covers it. From david.pollard at MERIDIANINFO.COM Fri Apr 19 01:15:25 2002 From: david.pollard at MERIDIANINFO.COM (David Pollard) Date: Thu Jan 12 21:14:37 2006 Subject: Autoupdate for F-Prot Message-ID: Hi There, Hopefully I have not re-invented the wheel here but I couldn't find any auto update stuff for f-prot so I wrote a little script. It seems to work ok for me. There are install instructions as comments in the top of the file. Let me know what you think and I'm interested if anyone comes up with some improvements. Have Fun David. -------------- next part -------------- A non-text attachment was scrubbed... Name: update.sh Type: application/octet-stream Size: 2859 bytes Desc: update.sh Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020419/06a0c736/update.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: getfiles Type: application/octet-stream Size: 119 bytes Desc: getfiles Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020419/06a0c736/getfiles.obj From ben.palmer at intermatrix-systems.com Fri Apr 19 08:16:28 2002 From: ben.palmer at intermatrix-systems.com (Ben Palmer) Date: Thu Jan 12 21:14:37 2006 Subject: Autoupdate for F-Prot In-Reply-To: Message-ID: <001401c1e772$23b61cb0$1400a8c0@DESKTOP> There is another good script here http://uk2raq.com/updates/f-prot-zip-update.sh Ben -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of David Pollard Sent: 19 April 2002 01:15 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Autoupdate for F-Prot Hi There, Hopefully I have not re-invented the wheel here but I couldn't find any auto update stuff for f-prot so I wrote a little script. It seems to work ok for me. There are install instructions as comments in the top of the file. Let me know what you think and I'm interested if anyone comes up with some improvements. Have Fun David. -- This message has been scanned for viruses and dangerous content by Intermatrix, and is believed to be clean. http://www.intermatrix-systems.com/ -- This message has been scanned for viruses and dangerous content by Intermatrix, and is believed to be clean. http://www.intermatrix-systems.com/ From LISTSERV at JISCMAIL.AC.UK Thu Apr 18 19:52:20 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:37 2006 Subject: MAILSCANNER: dwhiteside+mailscanner@TIERCEL.UWATERLOO.CA requested to join Message-ID: <200204181852.TAA27168@magpie.ecs.soton.ac.uk> Thu, 18 Apr 2002 19:52:20 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Dawn Keenan You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER dwhiteside+mailscanner@TIERCEL.UWATERLOO.CA Dawn Keenan PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER dwhiteside+mailscanner@TIERCEL.UWATERLOO.CA Dawn Keenan // EOJ From jkf at ecs.soton.ac.uk Fri Apr 19 08:43:43 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:37 2006 Subject: More on last subject In-Reply-To: <000901c1e6e8$66809af0$6ccf75cc@fizz> References: <5.1.0.14.2.20020417113735.03193bd8@imap.ecs.soton.ac.uk> <004601c1e60c$457d2530$6ccf75cc@fizz> Message-ID: <5.1.0.14.2.20020419084315.0467abe8@imap.ecs.soton.ac.uk> At 15:50 18/04/2002, you wrote: >Would installing named on the machine and pointing its dns to itself help >any ya think? It can't do any harm. Make sure that the named is responding really quickly (test it with dig or nslookup). >----- Original Message ----- >From: "Kelly Hamlin" >To: >Sent: Wednesday, April 17, 2002 8:34 AM >Subject: Re: More on last subject > > > > definatly see an improvement... > > > > now. what if anything can i do to help dns speed... > > > > > > > > ----- Original Message ----- > > From: "Julian Field" > > To: > > Sent: Wednesday, April 17, 2002 6:38 AM > > Subject: Re: More on last subject > > > > > > > At 20:14 16/04/2002, you wrote: > > > >drwx------ 2 root root 4096 Apr 16 14:02 g3GI4SC01027/ > > > >-rw------- 1 root root 886 Apr 16 13:56 > > g3GI4SC01027.header > > > >drwx------ 2 root root 4096 Apr 16 14:02 g3GI4TC01029/ > > > >-rw------- 1 root root 594 Apr 16 13:56 > > g3GI4TC01029.header > > > >drwx------ 2 root root 4096 Apr 16 14:02 g3GI4UC01031/ > > > >-rw------- 1 root root 831 Apr 16 13:56 > > g3GI4UC01031.header > > > > > > > >notice how they are 7 minutes apart? > > > >any clues would be great :) > > > > > > I would suspect that your DNS lookups are running slowly. Try switching > > off > > > the spam detection altogether and see if that cures the problem. If it > > > does, then it's definitely a DNS speed problem. > > > -- > > > Julian Field Teaching Systems Manager > > > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > > > Tel. 023 8059 2817 University of Southampton > > > Southampton SO17 1BJ > > > > > -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From LISTSERV at JISCMAIL.AC.UK Fri Apr 19 09:40:16 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:38 2006 Subject: MAILSCANNER: lufomat@COPPERNET.ZM left the JISCmail list Message-ID: <200204190840.JAA06201@magpie.ecs.soton.ac.uk> Fri, 19 Apr 2002 09:40:16 lufomat@COPPERNET.ZM has just left the MAILSCANNER JISCmail list (MailScanner mailing list). From vermaas at JMDEJONG.NL Fri Apr 19 14:40:30 2002 From: vermaas at JMDEJONG.NL (P. Vermaas) Date: Thu Jan 12 21:14:38 2006 Subject: alternative mcafee autoupdate script Message-ID: <3CC01E4E.2030104@jmdejong.nl> I attached a modified mcafee autoupdate script. It has the following modifications: - it uses wget and can now be run through a proxy - it uses update.ini, so it will only get a .dat file if a new one is available. Saves bandwidth and load on server. Regards, Peter \/. -------------- next part -------------- A non-text attachment was scrubbed... Name: autoupdate Type: application/x-java-applet Size: 4540 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020419/981bd5ef/autoupdate.bin From LISTSERV at JISCMAIL.AC.UK Fri Apr 19 15:29:09 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:38 2006 Subject: MAILSCANNER: lloyd@UK2.NET requested to join Message-ID: <200204191429.PAA14304@magpie.ecs.soton.ac.uk> Fri, 19 Apr 2002 15:29:09 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Lloyd Palfrey The following membership options have been requested: HTML INDEX CONCEAL. You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER lloyd@UK2.NET Lloyd Palfrey PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER lloyd@UK2.NET Lloyd Palfrey SET MAILSCANNER HTML INDEX CONCEAL FOR lloyd@UK2.NET // EOJ From LISTSERV at JISCMAIL.AC.UK Fri Apr 19 15:29:32 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:38 2006 Subject: MAILSCANNER: al@ORC.SOTON.AC.UK requested to join Message-ID: <200204191429.PAA14386@magpie.ecs.soton.ac.uk> Fri, 19 Apr 2002 15:29:32 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Arthur Longhurst The following membership options have been requested: NOMIME DIGEST. You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER al@ORC.SOTON.AC.UK Arthur Longhurst PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER al@ORC.SOTON.AC.UK Arthur Longhurst SET MAILSCANNER NOMIME DIGEST FOR al@ORC.SOTON.AC.UK // EOJ From andrewh at CQG.COM Fri Apr 19 16:29:32 2002 From: andrewh at CQG.COM (Andrew Hoying) Date: Thu Jan 12 21:14:38 2006 Subject: Mailscanner suddenly started taking up 100% of available memory In-Reply-To: <3CC01E4E.2030104@jmdejong.nl> Message-ID: Yesterday morning, for the first time, mailscanner began consuming several hundred megabytes of memory every hour until the system ran out of memory and killed mailscanner. The process would then repeat every 4 hours or so. Regardless of the fact that I should have resource limits in place to prevent mailscanner from using all the memory, I've never seen this behavior before. I've been running mailscanner on this server since October of last year without any similar problems. I am currently running version 3.13-2. The only thing that changed, and I'm pretty sure that this is the culprit, is that mcafee auto-updated to dat version 4197 on Wednesday. I'm not sure where to begin troubleshooting this particular problem, and certainly am open to suggestions. Thank you, Andrew From al at ORC.SOTON.AC.UK Fri Apr 19 16:22:54 2002 From: al at ORC.SOTON.AC.UK (Arthur Longhurst) Date: Thu Jan 12 21:14:38 2006 Subject: MailScanner slowed by large attachments Message-ID: I run mailscanner on RedHat 7 with SophosAV. We are having problems with mail being delayed intermittently up to 2 hours. It seems that I can reproduce the symptoms by sending an email with a large (4Mb) attachment. All the mail then gets queued (viewing maillog entries) and takes ages to be dealt with until the large attachment has gone through. Looking at "top" the machine doesn't appear to be under undue strain but the mail gets slowed down tremendously. Any ideas how to solve this apart from telling the punters not send large email attachments :o) All the best - Art Optoelectronic Research Centre Network Manager From andrewh at CQG.COM Fri Apr 19 18:19:30 2002 From: andrewh at CQG.COM (Andrew Hoying) Date: Thu Jan 12 21:14:38 2006 Subject: Mailscanner suddenly started taking up 100% of available memory In-Reply-To: Message-ID: Some more information. Here is the process after only 9 minutes: USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 7644 21.0 68.1 107408 85776 ? S 11:07 1:51 /usr/bin/perl /usr/local/MailScanner/bin/mailscanner Fri Apr 19 11:16:14 MDT 2002 And here is the changed files in the last 3 days: [/usr]# find ./ -mtime -3 ./local/uvscan ./local/uvscan/scan.dat ./local/uvscan/names.dat ./local/uvscan/clean.dat ./local/uvscan/readme.txt ./local/uvscan/file_id.diz ./local/uvscan/mcscript.ini ./local/uvscan/packing.lst ./local/uvscan/pkgdesc.ini ./local/uvscan/validate.exe ./local/uvscan/delta.ini ./local/uvscan/dat-4197.tar ./local/uvscan/reseller.txt ./local/MailScanner/etc ./local/MailScanner/var/virus.pid It's to the point where I've been restarting mailscanner every 15 minutes to keep the system running smoothly. Any help at all is greatly appreciated. Thank you, Andrew > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Andrew Hoying > Sent: Friday, April 19, 2002 9:30 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Mailscanner suddenly started taking up 100% of available memory > > > Yesterday morning, for the first time, mailscanner began consuming several > hundred megabytes of memory every hour until the system ran out of memory > and killed mailscanner. The process would then repeat every 4 hours or so. > Regardless of the fact that I should have resource limits in place to > prevent mailscanner from using all the memory, I've never seen > this behavior > before. I've been running mailscanner on this server since October of last > year without any similar problems. I am currently running version 3.13-2. > The only thing that changed, and I'm pretty sure that this is the culprit, > is that mcafee auto-updated to dat version 4197 on Wednesday. I'm not sure > where to begin troubleshooting this particular problem, and certainly am > open to suggestions. > > Thank you, > Andrew > From jason at MED-WEB.COM Fri Apr 19 18:17:44 2002 From: jason at MED-WEB.COM (Jason Summers) Date: Thu Jan 12 21:14:38 2006 Subject: Malformed attachments from MailScanner? Message-ID: <3CC05138.84BDA39B@med-web.com> I'm noticing a problem with some messages that have had attachments removed by MailScanner. It appears that sometimes a bogus blank line is being created after a MIME boundary. This is especially common with messages containing the Klez virus (maybe triggered by two consecutive boundary lines in the source message?). Viewing the source of such a message after MailScanner processing, I see something like this this: ---------------------- ... At Mon Apr 15 18:04:46 2002 the virus scanner said: >>> Virus 'W32/Klez-E' found in file ./SAA24934/Aqq.exe Note to Help Desk: Look on the MailScanner in /var/spool/MailScanner/quaran= tine (message SAA24934). --F5tQ38jj004znQ Content-Type: application/octet-stream; name=MSOE.TXT Content-Transfer-Encoding: base64 Content-ID: ICAgIC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLQ0KICAgICAgICBM6WFtZSBkZSBNaWNyb3NvZnQgT3V0bG9vayhUTSkgRXhw ... ---------------------- Note the blank line after "--F5tQ38jj004znQ". Email clients will then not process the headers of that Part, and instead typically treat them as the beginning of a plain text attachment. In a multipart/alternative message, this undecoded gibberish may be the *only* Part of the message thing that some mail clients will display. Such a message is sure to be very confusing to most end users. Am I the only one who has this problem? Can anyone suggest anything that might improve the situation? (I'm using MailScanner 3.13-2 and MIME-tools 5.411.) -- Jason Summers From andrewh at CQG.COM Fri Apr 19 19:01:04 2002 From: andrewh at CQG.COM (Andrew Hoying) Date: Thu Jan 12 21:14:38 2006 Subject: Mailscanner suddenly started taking up 100% of available memory In-Reply-To: Message-ID: Well, when reverting to an older dat file didn't fix the problem, I broke down and rebooted the system. When it came back up everything worked fine. I'm not sure what caused the problem in the first place, but will keep my eye on the system for any further troubles. It's running redhat 7.1 with kernel version 2.4.14 patched with the grsec patch version 1.8.9. Andrew > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Andrew Hoying > Sent: Friday, April 19, 2002 11:20 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Mailscanner suddenly started taking up 100% of available > memory > > > Some more information. > > Here is the process after only 9 minutes: > > USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND > root 7644 21.0 68.1 107408 85776 ? S 11:07 1:51 > /usr/bin/perl > /usr/local/MailScanner/bin/mailscanner > Fri Apr 19 11:16:14 MDT 2002 > > And here is the changed files in the last 3 days: > > [/usr]# find ./ -mtime -3 > ./local/uvscan > ./local/uvscan/scan.dat > ./local/uvscan/names.dat > ./local/uvscan/clean.dat > ./local/uvscan/readme.txt > ./local/uvscan/file_id.diz > ./local/uvscan/mcscript.ini > ./local/uvscan/packing.lst > ./local/uvscan/pkgdesc.ini > ./local/uvscan/validate.exe > ./local/uvscan/delta.ini > ./local/uvscan/dat-4197.tar > ./local/uvscan/reseller.txt > ./local/MailScanner/etc > ./local/MailScanner/var/virus.pid > > It's to the point where I've been restarting mailscanner every 15 > minutes to > keep the system running smoothly. > > Any help at all is greatly appreciated. > > Thank you, > Andrew > > > -----Original Message----- > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > > Behalf Of Andrew Hoying > > Sent: Friday, April 19, 2002 9:30 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Mailscanner suddenly started taking up 100% of available memory > > > > > > Yesterday morning, for the first time, mailscanner began > consuming several > > hundred megabytes of memory every hour until the system ran out > of memory > > and killed mailscanner. The process would then repeat every 4 > hours or so. > > Regardless of the fact that I should have resource limits in place to > > prevent mailscanner from using all the memory, I've never seen > > this behavior > > before. I've been running mailscanner on this server since > October of last > > year without any similar problems. I am currently running > version 3.13-2. > > The only thing that changed, and I'm pretty sure that this is > the culprit, > > is that mcafee auto-updated to dat version 4197 on Wednesday. > I'm not sure > > where to begin troubleshooting this particular problem, and certainly am > > open to suggestions. > > > > Thank you, > > Andrew > > > From andrewh at CQG.COM Fri Apr 19 20:24:14 2002 From: andrewh at CQG.COM (Andrew Hoying) Date: Thu Jan 12 21:14:38 2006 Subject: Mailscanner suddenly started taking up 100% of available memory In-Reply-To: Message-ID: I guess I spoke to soon, while rebooting it fixed the problem for about a half hour, it started consuming memory again and after 20 minutes since I last restarted the mailscanner process it is using 170MB of memory, with 94MB of locked memory. I really need some help troubleshooting this one, so any suggestions would be greatly appreciated. Thank you, Andrew > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Andrew Hoying > Sent: Friday, April 19, 2002 12:01 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Mailscanner suddenly started taking up 100% of available > memory > > > Well, when reverting to an older dat file didn't fix the problem, I broke > down and rebooted the system. When it came back up everything worked fine. > I'm not sure what caused the problem in the first place, but will keep my > eye on the system for any further troubles. It's running redhat 7.1 with > kernel version 2.4.14 patched with the grsec patch version 1.8.9. > > Andrew > > > -----Original Message----- > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > > Behalf Of Andrew Hoying > > Sent: Friday, April 19, 2002 11:20 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Mailscanner suddenly started taking up 100% of available > > memory > > > > > > Some more information. > > > > Here is the process after only 9 minutes: > > > > USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND > > root 7644 21.0 68.1 107408 85776 ? S 11:07 1:51 > > /usr/bin/perl > > /usr/local/MailScanner/bin/mailscanner > > Fri Apr 19 11:16:14 MDT 2002 > > > > And here is the changed files in the last 3 days: > > > > [/usr]# find ./ -mtime -3 > > ./local/uvscan > > ./local/uvscan/scan.dat > > ./local/uvscan/names.dat > > ./local/uvscan/clean.dat > > ./local/uvscan/readme.txt > > ./local/uvscan/file_id.diz > > ./local/uvscan/mcscript.ini > > ./local/uvscan/packing.lst > > ./local/uvscan/pkgdesc.ini > > ./local/uvscan/validate.exe > > ./local/uvscan/delta.ini > > ./local/uvscan/dat-4197.tar > > ./local/uvscan/reseller.txt > > ./local/MailScanner/etc > > ./local/MailScanner/var/virus.pid > > > > It's to the point where I've been restarting mailscanner every 15 > > minutes to > > keep the system running smoothly. > > > > Any help at all is greatly appreciated. > > > > Thank you, > > Andrew > > > > > -----Original Message----- > > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > > > Behalf Of Andrew Hoying > > > Sent: Friday, April 19, 2002 9:30 AM > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Subject: Mailscanner suddenly started taking up 100% of > available memory > > > > > > > > > Yesterday morning, for the first time, mailscanner began > > consuming several > > > hundred megabytes of memory every hour until the system ran out > > of memory > > > and killed mailscanner. The process would then repeat every 4 > > hours or so. > > > Regardless of the fact that I should have resource limits in place to > > > prevent mailscanner from using all the memory, I've never seen > > > this behavior > > > before. I've been running mailscanner on this server since > > October of last > > > year without any similar problems. I am currently running > > version 3.13-2. > > > The only thing that changed, and I'm pretty sure that this is > > the culprit, > > > is that mcafee auto-updated to dat version 4197 on Wednesday. > > I'm not sure > > > where to begin troubleshooting this particular problem, and > certainly am > > > open to suggestions. > > > > > > Thank you, > > > Andrew > > > > > > From andrewh at CQG.COM Fri Apr 19 22:19:10 2002 From: andrewh at CQG.COM (Andrew Hoying) Date: Thu Jan 12 21:14:38 2006 Subject: Mailscanner suddenly started taking up 100% of available memory - Final Resolution In-Reply-To: Message-ID: Ok, so here's what caused the problem... One of our employees set up a procmail recipe that forwarded to his local mail box and to his AOL account. Sometime yesterday he sent a multipart mime e-mail to his account that AOL rejected and a bounce message was sent to his account. His account forwarded the bounce back to AOL, which got sent back to him with the first two messages attached. This continued until the message had several thousand sub MIME attachments. Every time one came in, about 3 times an hour, mailscanner would open the entire mail up to all it's thousands of sub parts, scan them all for viruses, and then continue on. The problem was that some bug in either perl or mailscanner wasn't releasing some part of the memory required to do this and so every mail ate about 50MB of memory. I'm not sure what part of Mailscanner, if it is even mailscanner, has this bug, but it probably should be researched. Thank you, Andrew Hoying > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Andrew Hoying > Sent: Friday, April 19, 2002 1:24 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Mailscanner suddenly started taking up 100% of available > memory > > > I guess I spoke to soon, while rebooting it fixed the problem for about a > half hour, it started consuming memory again and after 20 minutes since I > last restarted the mailscanner process it is using 170MB of memory, with > 94MB of locked memory. I really need some help troubleshooting > this one, so > any suggestions would be greatly appreciated. > > Thank you, > Andrew > > > -----Original Message----- > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > > Behalf Of Andrew Hoying > > Sent: Friday, April 19, 2002 12:01 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Mailscanner suddenly started taking up 100% of available > > memory > > > > > > Well, when reverting to an older dat file didn't fix the > problem, I broke > > down and rebooted the system. When it came back up everything > worked fine. > > I'm not sure what caused the problem in the first place, but > will keep my > > eye on the system for any further troubles. It's running redhat 7.1 with > > kernel version 2.4.14 patched with the grsec patch version 1.8.9. > > > > Andrew > > > > > -----Original Message----- > > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > > > Behalf Of Andrew Hoying > > > Sent: Friday, April 19, 2002 11:20 AM > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Subject: Re: Mailscanner suddenly started taking up 100% of available > > > memory > > > > > > > > > Some more information. > > > > > > Here is the process after only 9 minutes: > > > > > > USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND > > > root 7644 21.0 68.1 107408 85776 ? S 11:07 1:51 > > > /usr/bin/perl > > > /usr/local/MailScanner/bin/mailscanner > > > Fri Apr 19 11:16:14 MDT 2002 > > > > > > And here is the changed files in the last 3 days: > > > > > > [/usr]# find ./ -mtime -3 > > > ./local/uvscan > > > ./local/uvscan/scan.dat > > > ./local/uvscan/names.dat > > > ./local/uvscan/clean.dat > > > ./local/uvscan/readme.txt > > > ./local/uvscan/file_id.diz > > > ./local/uvscan/mcscript.ini > > > ./local/uvscan/packing.lst > > > ./local/uvscan/pkgdesc.ini > > > ./local/uvscan/validate.exe > > > ./local/uvscan/delta.ini > > > ./local/uvscan/dat-4197.tar > > > ./local/uvscan/reseller.txt > > > ./local/MailScanner/etc > > > ./local/MailScanner/var/virus.pid > > > > > > It's to the point where I've been restarting mailscanner every 15 > > > minutes to > > > keep the system running smoothly. > > > > > > Any help at all is greatly appreciated. > > > > > > Thank you, > > > Andrew > > > > > > > -----Original Message----- > > > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > > > > Behalf Of Andrew Hoying > > > > Sent: Friday, April 19, 2002 9:30 AM > > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > > Subject: Mailscanner suddenly started taking up 100% of > > available memory > > > > > > > > > > > > Yesterday morning, for the first time, mailscanner began > > > consuming several > > > > hundred megabytes of memory every hour until the system ran out > > > of memory > > > > and killed mailscanner. The process would then repeat every 4 > > > hours or so. > > > > Regardless of the fact that I should have resource limits > in place to > > > > prevent mailscanner from using all the memory, I've never seen > > > > this behavior > > > > before. I've been running mailscanner on this server since > > > October of last > > > > year without any similar problems. I am currently running > > > version 3.13-2. > > > > The only thing that changed, and I'm pretty sure that this is > > > the culprit, > > > > is that mcafee auto-updated to dat version 4197 on Wednesday. > > > I'm not sure > > > > where to begin troubleshooting this particular problem, and > > certainly am > > > > open to suggestions. > > > > > > > > Thank you, > > > > Andrew > > > > > > > > > > From chicks at CHICKS.NET Fri Apr 19 22:30:04 2002 From: chicks at CHICKS.NET (Christopher Hicks) Date: Thu Jan 12 21:14:38 2006 Subject: Mailscanner suddenly started taking up 100% of available memory - Final Resolution In-Reply-To: Message-ID: On Fri, 19 Apr 2002, Andrew Hoying wrote: > The problem was that some bug in either perl or mailscanner wasn't > releasing some part of the memory required to do this and so every > mail ate about 50MB of memory. perl doesn't return memory to the system once allocated within perl. That's one reason mailscanner is configured to restart itself every now and then as I understand it. -- "Outside of a dog, a man's best friend is a good book. Inside of a dog, it's too dark to read." - Groucho Marx From sevans at FOUNDATION.SDSU.EDU Fri Apr 19 22:30:18 2002 From: sevans at FOUNDATION.SDSU.EDU (Steve Evans) Date: Thu Jan 12 21:14:38 2006 Subject: Sendmail Logging Message-ID: <7E2D2700ADE29542BAFC135552997E6C4252@mail.foundation.sdsu.edu> I have a sendmail box that acts as a smarthost. Is there a way to tell where the e-mail originated from. (the client's IP address?) I have user that sent SPAM but I'm not sure who it was at this point. Steve Evans Computing Services SDSU Foundation 619 594-0653 From LISTSERV at JISCMAIL.AC.UK Fri Apr 19 19:16:19 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:38 2006 Subject: MAILSCANNER: richard.siddall@ELIRION.NET requested to join Message-ID: <200204191816.TAA29771@magpie.ecs.soton.ac.uk> Fri, 19 Apr 2002 19:16:19 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Richard Siddall You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER richard.siddall@ELIRION.NET Richard Siddall PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER richard.siddall@ELIRION.NET Richard Siddall // EOJ From jkf at ecs.soton.ac.uk Sat Apr 20 11:05:30 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:38 2006 Subject: Sendmail Logging In-Reply-To: <7E2D2700ADE29542BAFC135552997E6C4252@mail.foundation.sdsu. edu> Message-ID: <5.1.0.14.2.20020420110447.032f98a8@imap.ecs.soton.ac.uk> At 22:30 19/04/2002, you wrote: >I have a sendmail box that acts as a smarthost. Is there a way to tell >where the e-mail originated from. (the client's IP address?) I have >user that sent SPAM but I'm not sure who it was at this point. If you have sendmail's logging level set high enough (try 14), then your maillog should show every incoming SMTP connection. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jkf at ecs.soton.ac.uk Sat Apr 20 11:01:03 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:38 2006 Subject: Mailscanner suddenly started taking up 100% of available memory - Final Resolution In-Reply-To: References: Message-ID: <5.1.0.14.2.20020420110034.0333be60@imap.ecs.soton.ac.uk> At 22:30 19/04/2002, you wrote: >On Fri, 19 Apr 2002, Andrew Hoying wrote: > > The problem was that some bug in either perl or mailscanner wasn't > > releasing some part of the memory required to do this and so every > > mail ate about 50MB of memory. > >perl doesn't return memory to the system once allocated within perl. >That's one reason mailscanner is configured to restart itself every now >and then as I understand it. That's precisely why I do it. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jkf at ecs.soton.ac.uk Sat Apr 20 11:03:13 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:38 2006 Subject: MailScanner slowed by large attachments In-Reply-To: Message-ID: <5.1.0.14.2.20020420110143.03341008@imap.ecs.soton.ac.uk> What do the logs look like during this long wait? Are you running with SpamAssassin enabled? Have you tried disabling SpamAssassin support to see what effect that has? 4Mb is not a large attachment, and shouldn't cause any problem. At 16:22 19/04/2002, Arthur Longhurst wrote: >I run mailscanner on RedHat 7 with SophosAV. We are having problems with >mail being delayed intermittently up to 2 hours. It seems that I can >reproduce the symptoms by sending an email with a large (4Mb) attachment. >All the mail then gets queued (viewing maillog entries) and takes ages to >be dealt with until the large attachment has gone through. > >Looking at "top" the machine doesn't appear to be under undue strain but >the mail gets slowed down tremendously. > >Any ideas how to solve this apart from telling the punters not send large >email attachments :o) > >All the best - Art > >Optoelectronic Research Centre Network Manager -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jkf at ecs.soton.ac.uk Sat Apr 20 11:04:28 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:38 2006 Subject: Malformed attachments from MailScanner? In-Reply-To: <3CC05138.84BDA39B@med-web.com> Message-ID: <5.1.0.14.2.20020420110405.03345b20@imap.ecs.soton.ac.uk> Are you running the latest MIME-tools? I haven't seen this happen myself. At 18:17 19/04/2002, you wrote: >I'm noticing a problem with some messages that have had attachments >removed by MailScanner. It appears that sometimes a bogus blank line is >being created after a MIME boundary. This is especially common with >messages containing the Klez virus (maybe triggered by two consecutive >boundary lines in the source message?). Viewing the source of such a >message after MailScanner processing, I see something like this this: > >---------------------- >... >At Mon Apr 15 18:04:46 2002 the virus scanner said: > >>> Virus 'W32/Klez-E' found in file ./SAA24934/Aqq.exe > >Note to Help Desk: Look on the MailScanner in >/var/spool/MailScanner/quaran= >tine (message SAA24934). > >--F5tQ38jj004znQ > >Content-Type: application/octet-stream; > name=MSOE.TXT >Content-Transfer-Encoding: base64 >Content-ID: > >ICAgIC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t >LS0tLS0tLS0tLQ0KICAgICAgICBM6WFtZSBkZSBNaWNyb3NvZnQgT3V0bG9vayhUTSkgRXhw >... >---------------------- > >Note the blank line after "--F5tQ38jj004znQ". > >Email clients will then not process the headers of that Part, and >instead typically treat them as the beginning of a plain text >attachment. In a multipart/alternative message, this undecoded gibberish >may be the *only* Part of the message thing that some mail clients will >display. Such a message is sure to be very confusing to most end users. > >Am I the only one who has this problem? Can anyone suggest anything that >might improve the situation? (I'm using MailScanner 3.13-2 and >MIME-tools 5.411.) > >-- >Jason Summers -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From andrewh at CQG.COM Sun Apr 21 00:54:10 2002 From: andrewh at CQG.COM (Andrew Hoying) Date: Thu Jan 12 21:14:38 2006 Subject: Mailscanner suddenly started taking up 100% of available memory - Final Resolution References: <5.1.0.14.2.20020420110034.0333be60@imap.ecs.soton.ac.uk> Message-ID: <002b01c1e8c6$ae452420$03d396d8@andrew> Is there any way to get perl/mailscanner to reuse memory already allocated to it? Andrew ----- Original Message ----- From: "Julian Field" To: Sent: Saturday, April 20, 2002 4:01 AM Subject: Re: Mailscanner suddenly started taking up 100% of available memory - Final Resolution > At 22:30 19/04/2002, you wrote: > >On Fri, 19 Apr 2002, Andrew Hoying wrote: > > > The problem was that some bug in either perl or mailscanner wasn't > > > releasing some part of the memory required to do this and so every > > > mail ate about 50MB of memory. > > > >perl doesn't return memory to the system once allocated within perl. > >That's one reason mailscanner is configured to restart itself every now > >and then as I understand it. > > That's precisely why I do it. > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ > > From paul_houselander at BRISTOL-CITY.GOV.UK Mon Apr 22 08:30:10 2002 From: paul_houselander at BRISTOL-CITY.GOV.UK (Paul Houselander) Date: Thu Jan 12 21:14:38 2006 Subject: Mailscanner suddenly started taking up 100% of availablememory - Final Resolution Message-ID: This sounds very much like the problem I had last month. See message thread "Server Crash" in the March Archives. It caused my server to fall over everytime I started mailscanner until I manually removed the message from the queue. Would be interested in any suggestions as to stop it happening again. Think I still have a copy of the message somewhere it would help in fixing. Paul >>> andrewh@CQG.COM 04/19/02 10:19pm >>> Ok, so here's what caused the problem... One of our employees set up a procmail recipe that forwarded to his local mail box and to his AOL account. Sometime yesterday he sent a multipart mime e-mail to his account that AOL rejected and a bounce message was sent to his account. His account forwarded the bounce back to AOL, which got sent back to him with the first two messages attached. This continued until the message had several thousand sub MIME attachments. Every time one came in, about 3 times an hour, mailscanner would open the entire mail up to all it's thousands of sub parts, scan them all for viruses, and then continue on. The problem was that some bug in either perl or mailscanner wasn't releasing some part of the memory required to do this and so every mail ate about 50MB of memory. I'm not sure what part of Mailscanner, if it is even mailscanner, has this bug, but it probably should be researched. Thank you, Andrew Hoying > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Andrew Hoying > Sent: Friday, April 19, 2002 1:24 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Mailscanner suddenly started taking up 100% of available > memory > > > I guess I spoke to soon, while rebooting it fixed the problem for about a > half hour, it started consuming memory again and after 20 minutes since I > last restarted the mailscanner process it is using 170MB of memory, with > 94MB of locked memory. I really need some help troubleshooting > this one, so > any suggestions would be greatly appreciated. > > Thank you, > Andrew > > > -----Original Message----- > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > > Behalf Of Andrew Hoying > > Sent: Friday, April 19, 2002 12:01 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Mailscanner suddenly started taking up 100% of available > > memory > > > > > > Well, when reverting to an older dat file didn't fix the > problem, I broke > > down and rebooted the system. When it came back up everything > worked fine. > > I'm not sure what caused the problem in the first place, but > will keep my > > eye on the system for any further troubles. It's running redhat 7.1 with > > kernel version 2.4.14 patched with the grsec patch version 1.8.9. > > > > Andrew > > > > > -----Original Message----- > > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > > > Behalf Of Andrew Hoying > > > Sent: Friday, April 19, 2002 11:20 AM > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Subject: Re: Mailscanner suddenly started taking up 100% of available > > > memory > > > > > > > > > Some more information. > > > > > > Here is the process after only 9 minutes: > > > > > > USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND > > > root 7644 21.0 68.1 107408 85776 ? S 11:07 1:51 > > > /usr/bin/perl > > > /usr/local/MailScanner/bin/mailscanner > > > Fri Apr 19 11:16:14 MDT 2002 > > > > > > And here is the changed files in the last 3 days: > > > > > > [/usr]# find ./ -mtime -3 > > > ./local/uvscan > > > ./local/uvscan/scan.dat > > > ./local/uvscan/names.dat > > > ./local/uvscan/clean.dat > > > ./local/uvscan/readme.txt > > > ./local/uvscan/file_id.diz > > > ./local/uvscan/mcscript.ini > > > ./local/uvscan/packing.lst > > > ./local/uvscan/pkgdesc.ini > > > ./local/uvscan/validate.exe > > > ./local/uvscan/delta.ini > > > ./local/uvscan/dat-4197.tar > > > ./local/uvscan/reseller.txt > > > ./local/MailScanner/etc > > > ./local/MailScanner/var/virus.pid > > > > > > It's to the point where I've been restarting mailscanner every 15 > > > minutes to > > > keep the system running smoothly. > > > > > > Any help at all is greatly appreciated. > > > > > > Thank you, > > > Andrew > > > > > > > -----Original Message----- > > > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > > > > Behalf Of Andrew Hoying > > > > Sent: Friday, April 19, 2002 9:30 AM > > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > > Subject: Mailscanner suddenly started taking up 100% of > > available memory > > > > > > > > > > > > Yesterday morning, for the first time, mailscanner began > > > consuming several > > > > hundred megabytes of memory every hour until the system ran out > > > of memory > > > > and killed mailscanner. The process would then repeat every 4 > > > hours or so. > > > > Regardless of the fact that I should have resource limits > in place to > > > > prevent mailscanner from using all the memory, I've never seen > > > > this behavior > > > > before. I've been running mailscanner on this server since > > > October of last > > > > year without any similar problems. I am currently running > > > version 3.13-2. > > > > The only thing that changed, and I'm pretty sure that this is > > > the culprit, > > > > is that mcafee auto-updated to dat version 4197 on Wednesday. > > > I'm not sure > > > > where to begin troubleshooting this particular problem, and > > certainly am > > > > open to suggestions. > > > > > > > > Thank you, > > > > Andrew > > > > > > > > > > From alan at ESSEX.AC.UK Mon Apr 22 12:47:31 2002 From: alan at ESSEX.AC.UK (Stanier, Alan M) Date: Thu Jan 12 21:14:38 2006 Subject: Malformed attachments from MailScanner? Message-ID: <7AC902A40BEDD411A3A800D0B7847B665F36A9@sernt14.essex.ac.uk> I've noticed this behaviour too (running MIME-tools 5.403 If I edit out the attachment, and decode it, it's a webpage starting MIME::Base64 - Encoding and decoding of base64 strings -------- Alan Stanier Essex University Information Systems Services Systems Group > -----Original Message----- > From: Julian Field [mailto:jkf@ECS.SOTON.AC.UK] > Sent: 20 April 2002 11:04 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Malformed attachments from MailScanner? > > > Are you running the latest MIME-tools? I haven't seen this > happen myself. > > At 18:17 19/04/2002, you wrote: > >I'm noticing a problem with some messages that have had attachments > >removed by MailScanner. It appears that sometimes a bogus > blank line is > >being created after a MIME boundary. This is especially common with > >messages containing the Klez virus (maybe triggered by two > consecutive > >boundary lines in the source message?). Viewing the source of such a > >message after MailScanner processing, I see something like this this: > > > >---------------------- > >... > >At Mon Apr 15 18:04:46 2002 the virus scanner said: > > >>> Virus 'W32/Klez-E' found in file ./SAA24934/Aqq.exe > > > >Note to Help Desk: Look on the MailScanner in > >/var/spool/MailScanner/quaran= > >tine (message SAA24934). > > > >--F5tQ38jj004znQ > > > >Content-Type: application/octet-stream; > > name=MSOE.TXT > >Content-Transfer-Encoding: base64 > >Content-ID: > > > >ICAgIC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tL > S0tLS0tLS0t > >LS0tLS0tLS0tLQ0KICAgICAgICBM6WFtZSBkZSBNaWNyb3NvZnQgT3V0bG9va > yhUTSkgRXhw > >... > >---------------------- > > > >Note the blank line after "--F5tQ38jj004znQ". > > > >Email clients will then not process the headers of that Part, and > >instead typically treat them as the beginning of a plain text > >attachment. In a multipart/alternative message, this > undecoded gibberish > >may be the *only* Part of the message thing that some mail > clients will > >display. Such a message is sure to be very confusing to most > end users. > > > >Am I the only one who has this problem? Can anyone suggest > anything that > >might improve the situation? (I'm using MailScanner 3.13-2 and > >MIME-tools 5.411.) > > > >-- > >Jason Summers > > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ > From LISTSERV at JISCMAIL.AC.UK Mon Apr 22 13:02:31 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:38 2006 Subject: MAILSCANNER: andy.wright@BARDSEY.DEMON.CO.UK requested to join Message-ID: <200204221202.NAA01690@magpie.ecs.soton.ac.uk> Mon, 22 Apr 2002 13:02:31 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Andy Wright You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER andy.wright@BARDSEY.DEMON.CO.UK Andy Wright PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER andy.wright@BARDSEY.DEMON.CO.UK Andy Wright // EOJ From kwang at UCALGARY.CA Mon Apr 22 17:31:40 2002 From: kwang at UCALGARY.CA (Kai Wang) Date: Thu Jan 12 21:14:38 2006 Subject: Inline Text/HTML Warning Message-ID: <3CC43AEC.C7A3E77E@ucalgary.ca> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020422/9b99591b/attachment.html From jason at MED-WEB.COM Mon Apr 22 18:16:05 2002 From: jason at MED-WEB.COM (Jason Summers) Date: Thu Jan 12 21:14:38 2006 Subject: Inline Text/HTML Warning References: <3CC43AEC.C7A3E77E@ucalgary.ca> Message-ID: <3CC44555.DC2A2A80@med-web.com> Kai Wang wrote: > > We are using multiple lines "Inline Text Warning". It is not visible > sometimes. > > ... > > --B08zV50ZceAdh711C0J4008 > > Content-Type: application/octet-stream; > name=text.htm > Content-Transfer-Encoding: base64 > Content-ID: > > PEhUTUw+DQo8SEVBRD4NCjxUSVRMRT5BZGQgc29tZSBUZXh0DQo8L1RJVExFPg0KPFNDUklQ I think this may be the "Malformed attachments" problem I reported a few days ago. It's hard to tell for sure because your message was HTML-ized, but the blank line after the last "--B08zV50ZceAdh711C0J4008" boundary should *not* be there. What email client(s) are you using? Some email clients (Outlook Express) seem to still display the warning message, but in most others, the last (malformed) attachment takes precedence over it. The last attachment is apparently a harmless file added by the Klez virus. I have the problem at least when using MIME-tools 5.411. I haven't yet tried the latest "bleeding-edge" version 5.503. -- Jason Summers From kylist at SHCORP.COM Mon Apr 22 19:41:08 2002 From: kylist at SHCORP.COM (Kurt Yoder) Date: Thu Jan 12 21:14:38 2006 Subject: f-prot linux workstation version Message-ID: <45343.10.10.1.95.1019500868.squirrel@webmail.shcorp.com> Hello list I just bought f-prot antivirus scanner for linux workstation. It was 80$, and no "per-mailbox protected" licensing schemes as with mcafee/sophos. It appears to be working fine so far; it caught both a zipped eicar test string and a double-zipped eicar test string. Mailscanner seems to think f-secure is beta, so I had to tell mailscanner.conf to accept beta in order for it to work. Anyway, this is not OT because: 1. I wanted to let people know f-secure works and is *cheap*, especially for thousands of users/mailboxes 2. the author states in the mailscanner.conf that he wants to know if anyone is using it successfully: I am... (no, I do not work for F-Prot) -- Kurt Yoder Sport & Health network administrator From pac at STINGRAYBOATS.COM Mon Apr 22 19:49:20 2002 From: pac at STINGRAYBOATS.COM (Michael Packer) Date: Thu Jan 12 21:14:38 2006 Subject: f-prot linux workstation version In-Reply-To: <45343.10.10.1.95.1019500868.squirrel@webmail.shcorp.com> Message-ID: I've been using f-prot for about 2 years.... never had a problem, they update their stuff very quickly and the two times I've emailed them with problems they responded very quickly. highly recommend it. pac -- 843 383 4507 x153 Stingray Powerboats http://StingrayBoats.com > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Kurt Yoder > Sent: Monday, April 22, 2002 2:41 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: f-prot linux workstation version > > > Hello list > > I just bought f-prot antivirus scanner for linux workstation. It was 80$, > and no "per-mailbox protected" licensing schemes as with mcafee/sophos. It > appears to be working fine so far; it caught both a zipped eicar > test string > and a double-zipped eicar test string. Mailscanner seems to think f-secure > is beta, so I had to tell mailscanner.conf to accept beta in > order for it to > work. > > Anyway, this is not OT because: > > 1. I wanted to let people know f-secure works and is *cheap*, > especially for > thousands of users/mailboxes > > 2. the author states in the mailscanner.conf that he wants to > know if anyone > is using it successfully: I am... > > (no, I do not work for F-Prot) > > -- > Kurt Yoder > Sport & Health network administrator From wolfgang.lumpp at GMX.NET Mon Apr 22 19:10:00 2002 From: wolfgang.lumpp at GMX.NET (Wolfgang Lumpp) Date: Thu Jan 12 21:14:38 2006 Subject: f-prot linux workstation version In-Reply-To: <45343.10.10.1.95.1019500868.squirrel@webmail.shcorp.com> References: <45343.10.10.1.95.1019500868.squirrel@webmail.shcorp.com> Message-ID: <1886.10.10.2.77.1019499000.squirrel@gateway.lumpp> > > Anyway, this is not OT because: > > 1. I wanted to let people know f-secure works and is *cheap*, > especially for thousands of users/mailboxes and also non-commercial users ;-) > > 2. the author states in the mailscanner.conf that he wants to know if > anyone is using it successfully: I am... > f-prot is running here for appr. 3 weeks without problems. First I've tried with AVP from kaspersky, but the actual version with kavscanner or deamon want work. Don't know why at the moment, need a little bit more time to check. But later on, I will use mailscanner with kavdaemon/client on our main mailgateway at work. And for this, the AVP have to work. Probably someone has the AVP running together with mailscanner? Regards Wolfgang From nwp at LEMON-COMPUTING.COM Mon Apr 22 23:51:15 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:38 2006 Subject: f-prot linux workstation version In-Reply-To: <20020422223222.GC999@hoiho.nz.lemon-computing.com> References: <45343.10.10.1.95.1019500868.squirrel@webmail.shcorp.com> <20020422223222.GC999@hoiho.nz.lemon-computing.com> Message-ID: <20020422225115.GE999@hoiho.nz.lemon-computing.com> On Tue, Apr 23, 2002 at 10:32:22AM +1200, nwp wrote: > On Mon, Apr 22, 2002 at 02:41:08PM -0400, Kurt Yoder wrote: > > Hello list > > > > I just bought f-prot antivirus scanner for linux workstation. It was 80$, > > and no "per-mailbox protected" licensing schemes as with mcafee/sophos. It > > appears to be working fine so far; it caught both a zipped eicar test string > > and a double-zipped eicar test string. Mailscanner seems to think f-secure > > is beta, so I had to tell mailscanner.conf to accept beta in order for it to > > work. > > Do you mean f-prot or f-secure? > > It's confusing, but they are different products, from different companies. > They also require different support in mailscanner. > > > F-secure uses the f-prot engine "under the hood". > > -- > Nick Phillips -- nwp@lemon-computing.com > Good day to deal with people in high places; particularly lonely stewardesses. -- Nick Phillips -- nwp@lemon-computing.com Tomorrow will be cancelled due to lack of interest. From paul-w at BLUEYONDER.CO.UK Tue Apr 23 09:05:03 2002 From: paul-w at BLUEYONDER.CO.UK (Paul Welsh) Date: Thu Jan 12 21:14:38 2006 Subject: f-prot linux workstation version Message-ID: <006201c1ea9d$93af0350$6a0110ac@sbsplc.com> > Date: Mon, 22 Apr 2002 14:41:08 -0400 > From: Kurt Yoder > Subject: f-prot linux workstation version > > I just bought f-prot antivirus scanner for linux workstation. It was 80$, > and no "per-mailbox protected" licensing schemes as with mcafee/sophos. It > > 1. I wanted to let people know f-secure works and is *cheap*, especially for > thousands of users/mailboxes Correct me if I'm wrong, but presumably you are running this on a server and not a workstation. Therefore, you should buy the server version of f-prot. To deliberately buy a workstation version and run it on a server might be a cheap way of doing things, but it's breaking the spirit if not the letter of your licence agreement and it's not what an IT professional should be doing. Anyhow, the f-prot web site (http://www.f-prot.com/f-prot/products/fplin.html) refers to only 3 licence options for its Linux product: 1. F-Prot Linux for Small Business, $300 per server. I'm using this with MailScanner. 2. A free version of F-Prot Linux for Small Business for "personal" users "when used on personal workstations". 3. F-Prot Linux for Enterprise Business, $450 per server. From kylist at SHCORP.COM Tue Apr 23 14:30:23 2002 From: kylist at SHCORP.COM (Kurt Yoder) Date: Thu Jan 12 21:14:38 2006 Subject: f-prot linux workstation version In-Reply-To: <006201c1ea9d$93af0350$6a0110ac@sbsplc.com> References: <006201c1ea9d$93af0350$6a0110ac@sbsplc.com> Message-ID: <47228.10.10.1.95.1019568623.squirrel@webmail.shcorp.com> Paul Welsh said: >> Date: Mon, 22 Apr 2002 14:41:08 -0400 >> From: Kurt Yoder >> Subject: f-prot linux workstation version >> >> I just bought f-prot antivirus scanner for linux workstation. It was >> 80$, and no "per-mailbox protected" licensing schemes as with >> mcafee/sophos. It >> >> 1. I wanted to let people know f-secure works and is *cheap*, >> especially > for >> thousands of users/mailboxes > > Correct me if I'm wrong, but presumably you are running this on a > server and not a workstation. Therefore, you should buy the server > version of f-prot. One would think so. However, I asked the f-prot employee about it and she said that it's fine to buy the workstation license for my purposes. I specifically mentioned that I'd be scanning email for many mailboxes. Apparently, the only difference between server and workstation is some kind of "central management" that's built into the server version but not the workstation version. > To deliberately buy a workstation version and run it on a server might > be a cheap way of doing things, but it's breaking the spirit if not the > letter of your licence agreement and it's not what an IT professional > should be doing. I agree; see above... > Anyhow, the f-prot web site > (http://www.f-prot.com/f-prot/products/fplin.html) refers to only 3 > licence options for its Linux product: > > 1. F-Prot Linux for Small Business, $300 per server. I'm using this > with MailScanner. > 2. A free version of F-Prot Linux for Small Business for "personal" > users "when used on personal workstations". > 3. F-Prot Linux for Enterprise Business, $450 per server. Apparently I ended up buying F-secure, which someone else has told me is a different product made by a different company than F-prot. OK... I don't know why the F-prot salesperson would have directed me to this product, but she did, and it works fine, costs very little, etc. Maybe I was talking to someone from F-secure all along... dunno... -- Kurt Yoder Sport & Health network administrator From Funk.Gabor at HUNETKFT.HU Tue Apr 23 16:12:04 2002 From: Funk.Gabor at HUNETKFT.HU (Funk Gabor) Date: Thu Jan 12 21:14:38 2006 Subject: multiple scanners, problem? Message-ID: <016a01c1ead9$3aae7880$3364a8c0@xxxx.xxx> I was playing around with MailScanner using two scanners. I've set it up to use inoculan 4 and f-prot - in this order. It was successfully catching eicar using each one separately and using the two together as well. Today - in this klez heaven - I received a klez.H, and it wen't throu' with "Found to be clean". I took apart the message and found out, that I have an older f-prot database which doesn't recognize klez.H, but inocucmd recognized it. I then disabled f-prot, leaving inoculan as the only scanner, 10 minutes later another klez.H was found by MailScanner then. I wonder if the results of the different scanners are not properly OR-ed, or I simply screwed up something somewhere. Anyone has similar (or any) experience with multiple scanners? G. From nospam at WCC.NET Tue Apr 23 17:04:48 2002 From: nospam at WCC.NET (Kip Turk) Date: Thu Jan 12 21:14:38 2006 Subject: SpamAssassin MySQL support in Mailscanner Message-ID: Is there any way to use the SpamAssassin MySQL support in MailScanner? I've dug through the sendmail.pl, but it's a bit over my head. In the spamd code, I found this subroutine which seems to do the work: sub handle_user_sql { $current_user = shift; $spamtest->load_scoreonly_sql ($current_user); return 1; } I don't have to have the MySQL support, but I do need to allow blacklists/whitelists on a per user basis. Currently, mailscanner only checks ~/.spamassassin/user_prefs for the user I run it as. That means that everyone would get the same options. I already have code in place that allows users to create a user_prefs file or a sql entry, I just need to know how to get to it. My only other option at this point is to turn off spamassassin in mailscanner, then jump through a "local delivery" with procmail to get the call as the correct user, then forward it on to final delivery (which is not on the scanning system). If this is confusing, blame my allergies and the drugs I'm on. Trying to wrap my head around problems while in this state is decidely suboptimal, but the world doesn't seem to want to stop on my behalf. Thanks for any assistance you can provide. dazed and confused, -- Kip Turk, RHCE spamdies@wcc.net Systems Administrator/Killer of Spam/Writer of Code/Penguin Proponent West Central Net - tel: 915.234.5678 / 800.695.9016 fax: 915.656.0071 -.-. --- -.. . / -- --- -. -.- . -.-- --..-- / .... .- -.-. -.- . .-. From jason at MED-WEB.COM Tue Apr 23 18:13:27 2002 From: jason at MED-WEB.COM (Jason Summers) Date: Thu Jan 12 21:14:38 2006 Subject: How to print the "To:" address in virus reports? Message-ID: <3CC59637.261C854D@med-web.com> Maybe I'm doing something wrong, but the $to variable in files like sender.virus.report.txt does not seem to expand to the "To:" SMTP header as I would have expected. Is there another variable that I can use that expands to the actual "To:" header? Suppose tech-support@example.com is an alias that gets forwarded to joe@internal-server.example.com. If someone then sends a virus to tech-support@example.com, the warning message that the sender receives from MailScanner (running on internal-server) will assert that they sent a message "To: ". That's not correct, and could even inappropriately leak information about your internal network. -- Jason Summers From alfredo at ACYC.COM Tue Apr 23 23:14:59 2002 From: alfredo at ACYC.COM (Alfredo Cole) Date: Thu Jan 12 21:14:38 2006 Subject: Bouncing messages, Red Hat 7.0 Message-ID: <200204232218.g3NMId803340@central.acyc.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi: Since I installed MailScanner a few weeks ago, version 3.12, a lot of my mails keep bouncing. I have even been unsubscribed from many lists because of that. My messages have the following attached to them: X-MailScanner: Found to be clean, Found to be clean, Found to be clean, Found to be clean, Found to be clean, Found to be clean, Found to be clean, Found to be clean, Found to be clean, Found to be clean Which means my messages are going back and forth within mailscanner. What could be the reason for this? Thank you. - -- Alfredo J. Cole http://www.acyc.com (Accounting Systems) http://www.clshonduras.com (Linux Hardware) PGP Key available from certserver.pgp.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.5 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8xdzju5DxuPWE298RAtffAJ0eZnXJxnfCNe7aN0fM6GQWXJRzmACfRUOt a6Pxp0oPmFYMA7CqtyFNFX8= =bXFt -----END PGP SIGNATURE----- From LISTSERV at JISCMAIL.AC.UK Wed Apr 24 00:43:38 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:38 2006 Subject: MAILSCANNER: combstm@APPSTATE.EDU requested to join Message-ID: <200204232343.AAA02550@magpie.ecs.soton.ac.uk> Wed, 24 Apr 2002 00:43:38 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Terry M COmbs The following membership options have been requested: CONCEAL. You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER combstm@APPSTATE.EDU Terry M COmbs PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER combstm@APPSTATE.EDU Terry M COmbs SET MAILSCANNER CONCEAL FOR combstm@APPSTATE.EDU // EOJ From mike at 4frontmedia.net Wed Apr 24 12:27:01 2002 From: mike at 4frontmedia.net (Mike Walker) Date: Thu Jan 12 21:14:38 2006 Subject: Non permitted file endings attached to "Text Only" Outlook e-mails Message-ID: <001f01c1eb82$f4b08710$0100000a@MIKES> Has anybody else experienced this problem? "VBS scripts or non permitted file endings, when attached to an MS Outlook "Text only" e-mail get through to the recipient with the attachment in tact! If you switch to "HTML" and send again the attachment is stripped and the appropriate VirusWarning.txt is added as an attachment. In "Text Only" mode Mailscanner is identifying the message as an undesirable packet as the sender and the server postmaster are both notified that a virus was sent and detected. Anybody got a fix? Mike Walker 4FrontMedia ____________________________________________________________ This message has been scanned for viruses by "VITANIUM" the multi-scan E-mail Virus Protection Service from 4FrontMedia. To safeguard your business call 01233-850906. From michael at evstar.com.hk Wed Apr 24 16:06:49 2002 From: michael at evstar.com.hk (Michael Chan) Date: Thu Jan 12 21:14:38 2006 Subject: Klez Virus get Passed ! Message-ID: <002e01c1eba1$b8549ee0$d802a8c0@314t> Dear all , All the exe , pif , scr , com has been stopped by the MailScanner without any problem , but today the virus "Klez" virus pass the checking of MailScanner , I found this is the raw data of the message : Content-Type: audio/x-midi ; name=Product Catalogue(1).scr Content-Transfer-Encoding: base64 Content-ID: I know this is the problem of "outlook express" which automatically execute the attachment in the message , but can I stop it using MailScanner ? can Anybody tell me the solution ? Thank you ! Regards, Michael Chan From viers at UNILIM.FR Thu Apr 25 07:55:42 2002 From: viers at UNILIM.FR (Nicolas Viers - SCI Limoges) Date: Thu Jan 12 21:14:38 2006 Subject: Mcafee autoupdate Message-ID: <5.0.2.1.2.20020425085315.0203db78@pop.unilim.fr> The ftp server ftp.nai.com does not respond today. Somebody know another one to find the dat files for unix ? I had seen in the list a mail about a new script "autoupdate" with wget instead of ftp. I can't find it in my archive. Could someone mail me this script ? Thanks a lot. ____________________________________________________________ Nicolas Viers | Service Commun Informatique M?l: viers@unilim.fr | 123, avenue Albert Thomas | 87060 Limoges cedex Tel: 05-55-45-77-09 | Fax: 05-55-45-75-95 http://www.unilim.fr/sci ____________________________________________________________ From fizz at BOMB.NET Thu Apr 25 13:28:22 2002 From: fizz at BOMB.NET (Kelly Hamlin) Date: Thu Jan 12 21:14:38 2006 Subject: Whats your config like.. Message-ID: <000701c1ec54$b050d520$6dcf75cc@fizz> Im running a Dual 266 / 512 Megs Ram, on Slackware 8.0 I process anywhere between 25 and 35 thousand emails a day. My question to you is.. What is your setup like and how many emails do you process? Reason im curious is for the last 4 days ive come in to about 10k messages queued up. Its like it just stops working. If i disable spam checks it will clear the queue within about an hour, but what i wanna know is how i can keep it running fast, even with spam checks as our customers have grown to love this feature. Ive installed Named on this machine so it doesnt have to rely on our busy primary and secondary name server for lookups, but in all honesty it hasnt helped a bit. I have sendmail set to 20 children, im using Queue delivery method, and deliver in background. I didnt have this problem except like onec a week untill the beginning of this week where its constantly getting bogged down. Any insight/thoughts/ideas would be great. ////// ( o o ) +--.oooO--(_)--Oooo.-----------------+ | [Kelly Hamlin] | kellyh@cyberstreet.com | http://www.bomb.net | .oooO | ( ) Oooo. +--- \ (----( )----------------------------+ \_) ) / (_/ From LISTSERV at JISCMAIL.AC.UK Thu Apr 25 13:52:32 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:38 2006 Subject: MAILSCANNER: pac@STINGRAYBOATS.COM left the JISCmail list Message-ID: <200204251252.NAA06205@magpie.ecs.soton.ac.uk> Thu, 25 Apr 2002 13:52:32 Michael Packer has just left the MAILSCANNER JISCmail list (MailScanner mailing list). From LISTSERV at JISCMAIL.AC.UK Thu Apr 25 14:34:09 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:38 2006 Subject: MAILSCANNER: mark.roberts@BBSRC.AC.UK left the JISCmail list Message-ID: <200204251334.OAA14097@magpie.ecs.soton.ac.uk> Thu, 25 Apr 2002 14:34:09 Mark Roberts has just left the MAILSCANNER JISCmail list (MailScanner mailing list). From Q.G.Campbell at NEWCASTLE.AC.UK Thu Apr 25 15:45:52 2002 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:14:38 2006 Subject: Whats your config like.. Message-ID: > -----Original Message----- > From: Kelly Hamlin [mailto:fizz@bomb.net] > Sent: 25 April 2002 13:28 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Whats your config like.. > > > Im running a Dual 266 / 512 Megs Ram, on Slackware 8.0 > I process anywhere between 25 and 35 thousand emails a day. > > My question to you is.. What is your setup like and how many > emails do you process? > > Reason im curious is for the last 4 days ive come in to about > 10k messages queued up. Its like it just stops working. If i > disable spam checks it will clear the queue within about an > hour, but what i wanna know is how i can keep it running > fast, even with spam checks as our customers have grown to > love this feature. Kelly You need more and faster boxes! Two dual 1GHz processor Linux boxes with 1GB or 2GB of memory should cope with that load and some to spare. If the two boxes are MX'd to your mail domain(s) then you also have some resiliance should a server fail. This site handles more than 90K incoming messages a day. If you also count outgoing email then our Mail Hubs handle more than 200K incoming/outgoing messages a day. With just MailScanner + McAfee AV software running, we could cope with that message load shared across 4 x Sun SPARC Ultra-5 boxes running Solaris 7 and sendmail. These have 266MHz (approx) CPUs and 384MB memory. Two of the four Mail Hubs are significantly busier than the others and we could not run SpamAssassin on these two without building up large backlogs and even refusing incoming connections at peak times. For this reason we had to disable the use of SpamAssassin. Like you we wanted to run SpamAssassin. The solution was to replace each of the four Sun boxes with dual 1GHz Intel processor boxes (2GB memory). We run RedHat Linux 7.2 in place of Solaris. I simply recompiled our existing sendmail under Linux and run it with the existing sendmail.cf file. Building the Redhat system and installing MailScanner, McAfee software and SpamAssassin was easier than when working with Solaris! For key infrastructure servers I would always recommend using RAID; in our case we mirror all disks (RAID 1). Each server has 4 disks providing a mirrored set of 2 disks; the first is used as the system disk + sendmail log disk + local applications disk while the second disk of the set is the sendmail spool disk. I hope this info is of some help. Quentin --- PHONE: +44 191 222 8209 Computing Service, University of Newcastle FAX: +44 191 222 8765 Newcastle upon Tyne, United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." From jon at XNEXT.COM Thu Apr 25 16:57:19 2002 From: jon at XNEXT.COM (Jonothon Ortiz) Date: Thu Jan 12 21:14:38 2006 Subject: stunnel & mailscanner In-Reply-To: <5.0.2.1.2.20020425085315.0203db78@pop.unilim.fr> Message-ID: Has anyone tried to run stunnel along with mailscanner? From fizz at BOMB.NET Thu Apr 25 17:11:52 2002 From: fizz at BOMB.NET (Kelly Hamlin) Date: Thu Jan 12 21:14:38 2006 Subject: Whats your config like.. References: Message-ID: <001901c1ec73$e96b44c0$6dcf75cc@fizz> I do have a second box setup to be a secondary MX with no child limit. Ive got a couple p3 800's laying around, im gonna see if i cant make use of these. ----- Original Message ----- From: "Quentin Campbell" To: Sent: Thursday, April 25, 2002 10:45 AM Subject: Re: Whats your config like.. > -----Original Message----- > From: Kelly Hamlin [mailto:fizz@bomb.net] > Sent: 25 April 2002 13:28 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Whats your config like.. > > > Im running a Dual 266 / 512 Megs Ram, on Slackware 8.0 > I process anywhere between 25 and 35 thousand emails a day. > > My question to you is.. What is your setup like and how many > emails do you process? > > Reason im curious is for the last 4 days ive come in to about > 10k messages queued up. Its like it just stops working. If i > disable spam checks it will clear the queue within about an > hour, but what i wanna know is how i can keep it running > fast, even with spam checks as our customers have grown to > love this feature. Kelly You need more and faster boxes! Two dual 1GHz processor Linux boxes with 1GB or 2GB of memory should cope with that load and some to spare. If the two boxes are MX'd to your mail domain(s) then you also have some resiliance should a server fail. This site handles more than 90K incoming messages a day. If you also count outgoing email then our Mail Hubs handle more than 200K incoming/outgoing messages a day. With just MailScanner + McAfee AV software running, we could cope with that message load shared across 4 x Sun SPARC Ultra-5 boxes running Solaris 7 and sendmail. These have 266MHz (approx) CPUs and 384MB memory. Two of the four Mail Hubs are significantly busier than the others and we could not run SpamAssassin on these two without building up large backlogs and even refusing incoming connections at peak times. For this reason we had to disable the use of SpamAssassin. Like you we wanted to run SpamAssassin. The solution was to replace each of the four Sun boxes with dual 1GHz Intel processor boxes (2GB memory). We run RedHat Linux 7.2 in place of Solaris. I simply recompiled our existing sendmail under Linux and run it with the existing sendmail.cf file. Building the Redhat system and installing MailScanner, McAfee software and SpamAssassin was easier than when working with Solaris! For key infrastructure servers I would always recommend using RAID; in our case we mirror all disks (RAID 1). Each server has 4 disks providing a mirrored set of 2 disks; the first is used as the system disk + sendmail log disk + local applications disk while the second disk of the set is the sendmail spool disk. I hope this info is of some help. Quentin --- PHONE: +44 191 222 8209 Computing Service, University of Newcastle FAX: +44 191 222 8765 Newcastle upon Tyne, United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." From Q.G.Campbell at NEWCASTLE.AC.UK Thu Apr 25 17:21:59 2002 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:14:38 2006 Subject: Whats your config like.. Message-ID: Kelly Ideally you want to be running two or more boxes of the same type as MX hosts for your domain(s). If each MX host has the same precedence value in the MX record then they should implicitly load share via DNS round-robin selection. Quentin --- PHONE: +44 191 222 8209 Computing Service, University of Newcastle FAX: +44 191 222 8765 Newcastle upon Tyne, United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." > -----Original Message----- > From: Kelly Hamlin [mailto:fizz@bomb.net] > Sent: 25 April 2002 17:12 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Whats your config like.. > > > I do have a second box setup to be a secondary MX with no > child limit. Ive got a couple p3 800's laying around, im > gonna see if i cant make use of these. > > ----- Original Message ----- > From: "Quentin Campbell" > To: > Sent: Thursday, April 25, 2002 10:45 AM > Subject: Re: Whats your config like.. > > > > -----Original Message----- > > From: Kelly Hamlin [mailto:fizz@bomb.net] > > Sent: 25 April 2002 13:28 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Whats your config like.. > > > > > > Im running a Dual 266 / 512 Megs Ram, on Slackware 8.0 > > I process anywhere between 25 and 35 thousand emails a day. > > > > My question to you is.. What is your setup like and how > many emails do > > you process? > > > > Reason im curious is for the last 4 days ive come in to about 10k > > messages queued up. Its like it just stops working. If i > disable spam > > checks it will clear the queue within about an hour, but > what i wanna > > know is how i can keep it running fast, even with spam > checks as our > > customers have grown to love this feature. > > Kelly > > You need more and faster boxes! Two dual 1GHz processor Linux > boxes with 1GB or 2GB of memory should cope with that load > and some to spare. If the two boxes are MX'd to your mail > domain(s) then you also have some resiliance should a server fail. > > This site handles more than 90K incoming messages a day. If > you also count outgoing email then our Mail Hubs handle more > than 200K incoming/outgoing messages a day. > > With just MailScanner + McAfee AV software running, we could > cope with that message load shared across 4 x Sun SPARC > Ultra-5 boxes running Solaris 7 and sendmail. These have > 266MHz (approx) CPUs and 384MB memory. > > Two of the four Mail Hubs are significantly busier than the > others and we could not run SpamAssassin on these two without > building up large backlogs and even refusing incoming > connections at peak times. For this reason we had to disable > the use of SpamAssassin. > > Like you we wanted to run SpamAssassin. The solution was to > replace each of the four Sun boxes with dual 1GHz Intel > processor boxes (2GB memory). We run RedHat Linux 7.2 in > place of Solaris. I simply recompiled our existing sendmail > under Linux and run it with the existing sendmail.cf file. > Building the Redhat system and installing MailScanner, McAfee > software and SpamAssassin was easier than when working with Solaris! > > For key infrastructure servers I would always recommend using > RAID; in our case we mirror all disks (RAID 1). Each server > has 4 disks providing a mirrored set of 2 disks; the first is > used as the system disk + sendmail log disk + local > applications disk while the second disk of the set is the > sendmail spool disk. > > I hope this info is of some help. > > Quentin > --- > PHONE: +44 191 222 8209 Computing Service, University of Newcastle > FAX: +44 191 222 8765 Newcastle upon Tyne, United > Kingdom, NE1 7RU. > -------------------------------------------------------------- > ---------- > "Any opinion expressed above is mine. The University can get its own." > From fizz at BOMB.NET Thu Apr 25 18:11:39 2002 From: fizz at BOMB.NET (Kelly Hamlin) Date: Thu Jan 12 21:14:38 2006 Subject: Whats your config like.. References: Message-ID: <000d01c1ec7c$4355c980$6dcf75cc@fizz> heres something strange.. :) i had about 7000 messages in my outgoing queue and most have been there 2-4 days, i let sendmail run for 30 minutes without acceptning any new connections, then removed all the outgoing queue, and now its keeping up.. What else is wierd, my secondary machine, only has about 1500 in its outgoing queue (mainly undelioverable stuff) and it keeps running good.. Didnt make sense to me, so im posting to let ya know, but i appriciate your input about your config. ----- Original Message ----- From: "Quentin Campbell" To: Sent: Thursday, April 25, 2002 12:21 PM Subject: Re: Whats your config like.. Kelly Ideally you want to be running two or more boxes of the same type as MX hosts for your domain(s). If each MX host has the same precedence value in the MX record then they should implicitly load share via DNS round-robin selection. Quentin --- PHONE: +44 191 222 8209 Computing Service, University of Newcastle FAX: +44 191 222 8765 Newcastle upon Tyne, United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." > -----Original Message----- > From: Kelly Hamlin [mailto:fizz@bomb.net] > Sent: 25 April 2002 17:12 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Whats your config like.. > > > I do have a second box setup to be a secondary MX with no > child limit. Ive got a couple p3 800's laying around, im > gonna see if i cant make use of these. > > ----- Original Message ----- > From: "Quentin Campbell" > To: > Sent: Thursday, April 25, 2002 10:45 AM > Subject: Re: Whats your config like.. > > > > -----Original Message----- > > From: Kelly Hamlin [mailto:fizz@bomb.net] > > Sent: 25 April 2002 13:28 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Whats your config like.. > > > > > > Im running a Dual 266 / 512 Megs Ram, on Slackware 8.0 > > I process anywhere between 25 and 35 thousand emails a day. > > > > My question to you is.. What is your setup like and how > many emails do > > you process? > > > > Reason im curious is for the last 4 days ive come in to about 10k > > messages queued up. Its like it just stops working. If i > disable spam > > checks it will clear the queue within about an hour, but > what i wanna > > know is how i can keep it running fast, even with spam > checks as our > > customers have grown to love this feature. > > Kelly > > You need more and faster boxes! Two dual 1GHz processor Linux > boxes with 1GB or 2GB of memory should cope with that load > and some to spare. If the two boxes are MX'd to your mail > domain(s) then you also have some resiliance should a server fail. > > This site handles more than 90K incoming messages a day. If > you also count outgoing email then our Mail Hubs handle more > than 200K incoming/outgoing messages a day. > > With just MailScanner + McAfee AV software running, we could > cope with that message load shared across 4 x Sun SPARC > Ultra-5 boxes running Solaris 7 and sendmail. These have > 266MHz (approx) CPUs and 384MB memory. > > Two of the four Mail Hubs are significantly busier than the > others and we could not run SpamAssassin on these two without > building up large backlogs and even refusing incoming > connections at peak times. For this reason we had to disable > the use of SpamAssassin. > > Like you we wanted to run SpamAssassin. The solution was to > replace each of the four Sun boxes with dual 1GHz Intel > processor boxes (2GB memory). We run RedHat Linux 7.2 in > place of Solaris. I simply recompiled our existing sendmail > under Linux and run it with the existing sendmail.cf file. > Building the Redhat system and installing MailScanner, McAfee > software and SpamAssassin was easier than when working with Solaris! > > For key infrastructure servers I would always recommend using > RAID; in our case we mirror all disks (RAID 1). Each server > has 4 disks providing a mirrored set of 2 disks; the first is > used as the system disk + sendmail log disk + local > applications disk while the second disk of the set is the > sendmail spool disk. > > I hope this info is of some help. > > Quentin > --- > PHONE: +44 191 222 8209 Computing Service, University of Newcastle > FAX: +44 191 222 8765 Newcastle upon Tyne, United > Kingdom, NE1 7RU. > -------------------------------------------------------------- > ---------- > "Any opinion expressed above is mine. The University can get its own." > From dml at UNB.CA Thu Apr 25 18:24:59 2002 From: dml at UNB.CA (David Lancaster) Date: Thu Jan 12 21:14:38 2006 Subject: Whats your config like.. In-Reply-To: <000d01c1ec7c$4355c980$6dcf75cc@fizz> Message-ID: Just a thought, how good is your IO configuration? We had a SunOS mailserver get bunged up by a slew of spam, and the combination of a slow scsi disk for the mailqueue, and the problem that FFS/UFS has with directories with a large number of files caused a massive IO wait problem... Faster disk and some liberal pruning of spam mails that were sitting in the queue fixed things right up... Similar to your situation, moving the bouncing email out of the queue allowed it to keep up with new incoming mail just fine, the disk is a just a future precaution. Mind you, this was without sendmail alone, without mailscanner... D. On Thu, 25 Apr 2002, Kelly Hamlin wrote: > heres something strange.. :) > i had about 7000 messages in my outgoing queue and most have been there 2-4 > days, i let sendmail run for 30 minutes without acceptning any new > connections, then removed all the outgoing queue, and now its keeping up.. > What else is wierd, my secondary machine, only has about 1500 in its > outgoing queue (mainly undelioverable stuff) and it keeps running good.. > > Didnt make sense to me, so im posting to let ya know, but i appriciate your > input about your config. > > ----- Original Message ----- > From: "Quentin Campbell" > To: > Sent: Thursday, April 25, 2002 12:21 PM > Subject: Re: Whats your config like.. > > > Kelly > > Ideally you want to be running two or more boxes of the same type as MX > hosts for your domain(s). If each MX host has the same precedence value > in the MX record then they should implicitly load share via DNS > round-robin selection. > > Quentin > --- > PHONE: +44 191 222 8209 Computing Service, University of Newcastle > FAX: +44 191 222 8765 Newcastle upon Tyne, United Kingdom, NE1 7RU. > ------------------------------------------------------------------------ > "Any opinion expressed above is mine. The University can get its own." > > > > -----Original Message----- > > From: Kelly Hamlin [mailto:fizz@bomb.net] > > Sent: 25 April 2002 17:12 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Whats your config like.. > > > > > > I do have a second box setup to be a secondary MX with no > > child limit. Ive got a couple p3 800's laying around, im > > gonna see if i cant make use of these. > > > > ----- Original Message ----- > > From: "Quentin Campbell" > > To: > > Sent: Thursday, April 25, 2002 10:45 AM > > Subject: Re: Whats your config like.. > > > > > > > -----Original Message----- > > > From: Kelly Hamlin [mailto:fizz@bomb.net] > > > Sent: 25 April 2002 13:28 > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Subject: Whats your config like.. > > > > > > > > > Im running a Dual 266 / 512 Megs Ram, on Slackware 8.0 > > > I process anywhere between 25 and 35 thousand emails a day. > > > > > > My question to you is.. What is your setup like and how > > many emails do > > > you process? > > > > > > Reason im curious is for the last 4 days ive come in to about 10k > > > messages queued up. Its like it just stops working. If i > > disable spam > > > checks it will clear the queue within about an hour, but > > what i wanna > > > know is how i can keep it running fast, even with spam > > checks as our > > > customers have grown to love this feature. > > > > Kelly > > > > You need more and faster boxes! Two dual 1GHz processor Linux > > boxes with 1GB or 2GB of memory should cope with that load > > and some to spare. If the two boxes are MX'd to your mail > > domain(s) then you also have some resiliance should a server fail. > > > > This site handles more than 90K incoming messages a day. If > > you also count outgoing email then our Mail Hubs handle more > > than 200K incoming/outgoing messages a day. > > > > With just MailScanner + McAfee AV software running, we could > > cope with that message load shared across 4 x Sun SPARC > > Ultra-5 boxes running Solaris 7 and sendmail. These have > > 266MHz (approx) CPUs and 384MB memory. > > > > Two of the four Mail Hubs are significantly busier than the > > others and we could not run SpamAssassin on these two without > > building up large backlogs and even refusing incoming > > connections at peak times. For this reason we had to disable > > the use of SpamAssassin. > > > > Like you we wanted to run SpamAssassin. The solution was to > > replace each of the four Sun boxes with dual 1GHz Intel > > processor boxes (2GB memory). We run RedHat Linux 7.2 in > > place of Solaris. I simply recompiled our existing sendmail > > under Linux and run it with the existing sendmail.cf file. > > Building the Redhat system and installing MailScanner, McAfee > > software and SpamAssassin was easier than when working with Solaris! > > > > For key infrastructure servers I would always recommend using > > RAID; in our case we mirror all disks (RAID 1). Each server > > has 4 disks providing a mirrored set of 2 disks; the first is > > used as the system disk + sendmail log disk + local > > applications disk while the second disk of the set is the > > sendmail spool disk. > > > > I hope this info is of some help. > > > > Quentin > > --- > > PHONE: +44 191 222 8209 Computing Service, University of Newcastle > > FAX: +44 191 222 8765 Newcastle upon Tyne, United > > Kingdom, NE1 7RU. > > -------------------------------------------------------------- > > ---------- > > "Any opinion expressed above is mine. The University can get its own." > > > =========================================================== David Lancaster ITS ESS From todd at DECAGON.COM Thu Apr 25 19:06:30 2002 From: todd at DECAGON.COM (Todd Martin) Date: Thu Jan 12 21:14:38 2006 Subject: Klez-G obscuring From addresses? Message-ID: We've received a relatively high number of Klez-G attempts over the last few days. I noticed this particular virus appears to hide the name of the sender by forging the from address. MailScanner knows who really sent it because the postmaster notification shows the right sender (envelope-from?). I think it would be helpful if the message my users gets either had the from address corrected or a notice in the message who the real sender was. I've also seen a positive correlation between the forged from address and the to address. Several of the incoming virus look to be from users in our domain. This brought on a little finger-pointing and panic. After thinking about this for a few minutes, forged from addresses (and envelope-from) seem easy enough for a virus with it's own SMTP engine to obfuscate at will (like Klez-G). Perhaps this is a moot point. Any opinions out there? ~Todd P.S. Several Klez-G viruses slipped by my mailscanner 3.12 and Sophos 354 (causing some modest havoc). Upgrading to Sophos 356n seems to do the trick. From mmabbas at LONGWOOD.LWC.EDU Thu Apr 25 18:55:44 2002 From: mmabbas at LONGWOOD.LWC.EDU (Mohamed M. Abbas) Date: Thu Jan 12 21:14:38 2006 Subject: HowTo improve mailscanner under load Message-ID: <1019757344.2246.9.camel@mmabbas> Hello All, We've just put mailscanner (after some testing) into a production system for about 2 days, and it does not seem to keep the pace with incoming email's. The mqueue.in directory would have about 1200 messages and would be like that for a while, and messages take a long time to be scanned and moved to the mqueue directory for delivery. Just for reference, we have about 70,000 messages coming through our box daily. I've configured mailscanner with the following settings: Deliver In Background = yes Delivery Method = queue Max Unsafe Messages Per Scan = 50 Is there anything else that I can do to make mailscanner process faster??? Thanks in advance... Mohamed M. Abbas mmabbas@longwood.lwc.edu System Administrator Longwood College From brose at MED.WAYNE.EDU Thu Apr 25 19:22:55 2002 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:14:38 2006 Subject: Klez-G obscuring From addresses? Message-ID: <6D60AC042221344095A0EBBC56EEE79A0A8DA1@med-core03.med.wayne.edu> The only thing you could do is send the warning message to the postmaster at the sending domain. There isn't any way to determine the true sender but maybe the postmaster would know by looking at the IP of the sending system. -----Original Message----- From: Todd Martin [mailto:todd@DECAGON.COM] Sent: Thursday, April 25, 2002 2:07 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Klez-G obscuring From addresses? We've received a relatively high number of Klez-G attempts over the last few days. I noticed this particular virus appears to hide the name of the sender by forging the from address. MailScanner knows who really sent it because the postmaster notification shows the right sender (envelope-from?). I think it would be helpful if the message my users gets either had the from address corrected or a notice in the message who the real sender was. I've also seen a positive correlation between the forged from address and the to address. Several of the incoming virus look to be from users in our domain. This brought on a little finger-pointing and panic. After thinking about this for a few minutes, forged from addresses (and envelope-from) seem easy enough for a virus with it's own SMTP engine to obfuscate at will (like Klez-G). Perhaps this is a moot point. Any opinions out there? ~Todd P.S. Several Klez-G viruses slipped by my mailscanner 3.12 and Sophos 354 (causing some modest havoc). Upgrading to Sophos 356n seems to do the trick. From fizz at BOMB.NET Thu Apr 25 19:26:07 2002 From: fizz at BOMB.NET (Kelly Hamlin) Date: Thu Jan 12 21:14:38 2006 Subject: HowTo improve mailscanner under load References: <1019757344.2246.9.camel@mmabbas> Message-ID: <002301c1ec86$aad36cc0$6dcf75cc@fizz> What virus scanner are you using, and also, do you enable spamassassin? Try disabling Spam Checks and then restart mailscanner, see how well it goes from there.. ----- Original Message ----- From: "Mohamed M. Abbas" To: Sent: Thursday, April 25, 2002 1:55 PM Subject: HowTo improve mailscanner under load > Hello All, > > We've just put mailscanner (after some testing) into a production system > for about 2 days, and it does not seem to keep the pace with incoming > email's. The mqueue.in directory would have about 1200 messages and > would be like that for a while, and messages take a long time to be > scanned and moved to the mqueue directory for delivery. Just for > reference, we have about 70,000 messages coming through our box daily. > > I've configured mailscanner with the following settings: > > Deliver In Background = yes > Delivery Method = queue > Max Unsafe Messages Per Scan = 50 > > Is there anything else that I can do to make mailscanner process > faster??? > > Thanks in advance... > > Mohamed M. Abbas > mmabbas@longwood.lwc.edu > System Administrator > Longwood College > From mike at UNIXSECURITY.ORG Thu Apr 25 20:52:08 2002 From: mike at UNIXSECURITY.ORG (Mike Wallis) Date: Thu Jan 12 21:14:38 2006 Subject: Mailscanner logging and MRTG Message-ID: <3CC85E68.60101@unixsecurity.org> I got bored this morning and decided to try setting up our MRTG to graph Mailscanner info. So, I grabbed the Perl script and the sample config files, which all look fine. However, none of the "mailscanner" strings the Perl script is looking for appear to be present in either my maillog, or syslog. So, the obvious question is: What do I need to do to get Mailscanner to log something besides startup/shutdown, since that appears to be the only thing Mailscanner related in my logs? Mailscanner: 3.13-2 Sendmail: 8.11.6 OS: RH 7.2 -- Mike Wallis mw@unixsecurity.org From LISTSERV at JISCMAIL.AC.UK Thu Apr 25 20:04:07 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:38 2006 Subject: MAILSCANNER: jorgen@GIVERSEN.NET left the JISCmail list Message-ID: <200204251904.UAA29271@magpie.ecs.soton.ac.uk> Thu, 25 Apr 2002 20:04:07 J?rgen Giversen has just left the MAILSCANNER JISCmail list (MailScanner mailing list). From fizz at BOMB.NET Thu Apr 25 21:40:51 2002 From: fizz at BOMB.NET (Kelly Hamlin) Date: Thu Jan 12 21:14:38 2006 Subject: Mailscanner logging and MRTG References: <3CC85E68.60101@unixsecurity.org> Message-ID: <002401c1ec99$7ce44290$6dcf75cc@fizz> did u put -r in your syslog startup? ----- Original Message ----- From: "Mike Wallis" To: Sent: Thursday, April 25, 2002 3:52 PM Subject: Mailscanner logging and MRTG > I got bored this morning and decided to try setting up our MRTG to graph > Mailscanner info. So, I grabbed the Perl script and the sample config > files, which all look fine. However, none of the "mailscanner" strings > the Perl script is looking for appear to be present in either my > maillog, or syslog. > > So, the obvious question is: What do I need to do to get Mailscanner to > log something besides startup/shutdown, since that appears to be the > only thing Mailscanner related in my logs? > > Mailscanner: 3.13-2 > Sendmail: 8.11.6 > OS: RH 7.2 > > -- > Mike Wallis > mw@unixsecurity.org > From mike at ZANKER.ORG Thu Apr 25 21:42:34 2002 From: mike at ZANKER.ORG (Mike Zanker) Date: Thu Jan 12 21:14:38 2006 Subject: MailScanner 3.13-2 Message-ID: <181546770.1019770954@jemima.zanker.org> I'm currently running 3.13-1 but I notice that the web site has 3.13-2. What's the difference between the two? Thanks, Mike -- Mike Zanker Northampton, UK PGP Public Key: pgp@zanker.org From nwp at LEMON-COMPUTING.COM Thu Apr 25 21:51:36 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:38 2006 Subject: stunnel & mailscanner In-Reply-To: References: <5.0.2.1.2.20020425085315.0203db78@pop.unilim.fr> Message-ID: <20020425205136.GA10901@hoiho.nz.lemon-computing.com> On Thu, Apr 25, 2002 at 11:57:19AM -0400, Jonothon Ortiz wrote: > Has anyone tried to run stunnel along with mailscanner? stunnel won't interact with mailscanner at all, if I understand what you mean. So neither will notice the other being there. Cheers, Nick -- Nick Phillips -- nwp@lemon-computing.com Try to value useful qualities in one who loves you. From mike at UNIXSECURITY.ORG Thu Apr 25 22:10:14 2002 From: mike at UNIXSECURITY.ORG (Mike Wallis) Date: Thu Jan 12 21:14:38 2006 Subject: Mailscanner logging and MRTG References: <3CC85E68.60101@unixsecurity.org> <002401c1ec99$7ce44290$6dcf75cc@fizz> Message-ID: <3CC870B6.1010009@unixsecurity.org> Kelly Hamlin wrote: >did u put -r in your syslog startup? > Nope, I hadn't done that. I'll give it a shot. On a side note, are there any plans to enable logging without enabling remote access? -- Mike Wallis mw@unixsecurity.org From fizz at BOMB.NET Thu Apr 25 22:21:58 2002 From: fizz at BOMB.NET (Kelly Hamlin) Date: Thu Jan 12 21:14:38 2006 Subject: Mailscanner logging and MRTG References: <3CC85E68.60101@unixsecurity.org> <002401c1ec99$7ce44290$6dcf75cc@fizz> <3CC870B6.1010009@unixsecurity.org> Message-ID: <001501c1ec9f$3bc5ab90$6dcf75cc@fizz> actually the -r used to be for remote accesss. Newer versions this is untrue. ----- Original Message ----- From: "Mike Wallis" To: Sent: Thursday, April 25, 2002 5:10 PM Subject: Re: Mailscanner logging and MRTG > Kelly Hamlin wrote: > > >did u put -r in your syslog startup? > > > > Nope, I hadn't done that. I'll give it a shot. > > On a side note, are there any plans to enable logging without enabling > remote access? > > -- > Mike Wallis > mw@unixsecurity.org > From nwp at LEMON-COMPUTING.COM Thu Apr 25 22:26:18 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:38 2006 Subject: Mailscanner logging and MRTG In-Reply-To: <3CC870B6.1010009@unixsecurity.org> References: <3CC85E68.60101@unixsecurity.org> <002401c1ec99$7ce44290$6dcf75cc@fizz> <3CC870B6.1010009@unixsecurity.org> Message-ID: <20020425212618.GC10901@hoiho.nz.lemon-computing.com> On Thu, Apr 25, 2002 at 04:10:14PM -0500, Mike Wallis wrote: > On a side note, are there any plans to enable logging without enabling > remote access? It'll probably sneak in there next time there's a release with major changes. Cheers, Nick -- Nick Phillips -- nwp@lemon-computing.com Are you ever going to do the dishes? Or will you change your major to biology? From nwp at LEMON-COMPUTING.COM Thu Apr 25 22:36:33 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:14:38 2006 Subject: Mailscanner logging and MRTG In-Reply-To: <001501c1ec9f$3bc5ab90$6dcf75cc@fizz> References: <3CC85E68.60101@unixsecurity.org> <002401c1ec99$7ce44290$6dcf75cc@fizz> <3CC870B6.1010009@unixsecurity.org> <001501c1ec9f$3bc5ab90$6dcf75cc@fizz> Message-ID: <20020425213633.GD10901@hoiho.nz.lemon-computing.com> On Thu, Apr 25, 2002 at 05:21:58PM -0400, Kelly Hamlin wrote: > actually the -r used to be for remote accesss. Newer versions this is > untrue. Not sure what you mean by "remote access" exactly, but the "-r" flag to syslogd *does* enable pretty much anybody to send stuff to your syslog. Cheers, Nick -- Nick Phillips -- nwp@lemon-computing.com Fine day to work off excess energy. Steal something heavy. From ispmgr at CLAS.NET Thu Apr 25 22:50:48 2002 From: ispmgr at CLAS.NET (Youn Gonzales) Date: Thu Jan 12 21:14:38 2006 Subject: Mailscanner logging and MRTG References: <3CC85E68.60101@unixsecurity.org> Message-ID: <084c01c1eca3$434515f0$813112d0@ISPMGR> add the -r option to your syslog startup scripts and make sure that you have the syslog port open on the ip bound to the interface as the syslog messages do not go through the loopback interface. :-) Youn Gonzales System Administrator Comptia A+, Network+, INET+, Cisco CCNA/CCDA Certified Technician Microsoft Certified Professional The basic tool for the manipulation of reality is the manipulation of words. If you can control the meaning of words, you can control the people who must use the words. Philip K. Dick ----- Original Message ----- From: "Mike Wallis" To: Sent: Thursday, April 25, 2002 2:52 PM Subject: Mailscanner logging and MRTG > I got bored this morning and decided to try setting up our MRTG to graph > Mailscanner info. So, I grabbed the Perl script and the sample config > files, which all look fine. However, none of the "mailscanner" strings > the Perl script is looking for appear to be present in either my > maillog, or syslog. > > So, the obvious question is: What do I need to do to get Mailscanner to > log something besides startup/shutdown, since that appears to be the > only thing Mailscanner related in my logs? > > Mailscanner: 3.13-2 > Sendmail: 8.11.6 > OS: RH 7.2 > > -- > Mike Wallis > mw@unixsecurity.org From mmabbas at LONGWOOD.LWC.EDU Fri Apr 26 01:31:11 2002 From: mmabbas at LONGWOOD.LWC.EDU (Mohamed M. Abbas) Date: Thu Jan 12 21:14:38 2006 Subject: HowTo improve mailscanner under load In-Reply-To: <002301c1ec86$aad36cc0$6dcf75cc@fizz> References: <1019757344.2246.9.camel@mmabbas> <002301c1ec86$aad36cc0$6dcf75cc@fizz> Message-ID: <1019781071.2228.13.camel@mmabbas> On Thu, 2002-04-25 at 14:26, Kelly Hamlin wrote: > What virus scanner are you using, and also, do you enable spamassassin? > > > Try disabling Spam Checks and then restart mailscanner, see how well it goes > from there.. > Forgot to mention that part. I'm using macfee uvscan for HPUX. Also I do not have spam checking truned on, thus not using spamassassin at all... Mohamed M. Abbas mmabbas@longwood.lwc.edu System Administrator Longwood College From Metod.Skufca at ADVANT.SI Fri Apr 26 05:49:11 2002 From: Metod.Skufca at ADVANT.SI (Metod =?ISO-8859-2?Q?=A9kufca?=) Date: Thu Jan 12 21:14:38 2006 Subject: Major Sophos update Message-ID: Hi, Running Mailscanner for quite a while, very pleased. :-)) Now I'm wondering... IDE autoupdate is working fine, but I'm looking for complete automated updates. Does anyone have a effective script for downloading major sophos update file. Something just to change username and pass. Thanx in advance Metod Skufca From LISTSERV at JISCMAIL.AC.UK Fri Apr 26 07:46:21 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:38 2006 Subject: MAILSCANNER: antod@SOFTHOME.NET requested to join Message-ID: <200204260646.HAA18905@magpie.ecs.soton.ac.uk> Fri, 26 Apr 2002 07:46:21 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Anton Todorov The following membership options have been requested: SUBJECTHDR. You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER antod@SOFTHOME.NET Anton Todorov PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER antod@SOFTHOME.NET Anton Todorov SET MAILSCANNER SUBJECTHDR FOR antod@SOFTHOME.NET // EOJ From Q.G.Campbell at NEWCASTLE.AC.UK Fri Apr 26 09:27:49 2002 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:14:38 2006 Subject: Whats your config like.. Message-ID: David The following is a common technique for dealing with long, slow, queues in sendmail. I suspect a similar technique can be applied with Exim. I give some detail for the benefit of those new to sendmail. Before pruning the sendmail "mqueue" directory in these situations it is best to create a parallel queue directory called (say) "mqueue_slow" and move all currently queued mail from "mqueue" into this new queue. You can then restart the sendmail listener with an empty "mqueue". New mail should start flowing immediately. You can then weed out of "mqueue_slow" the spam and other junk messages if you wish. The next step is to run the slow queue on a regular basis until it is empty. In crontab you create a sendmail invocation to run every two or four hours to process mail in this queue. If the slow queue directory was named /var/spool/mqueue_slow then, in an appropriate crontab entry, you would invoke sendmail thus: /usr/lib/sendmail -OQueueDirectory=/var/spool/mqueue_slow -q You should probably add "-OTimeout.queuereturn=5d" to the above line so that the time to live in the queue is extended (assumes that you normally purge a job after 3 days in the queue - increase the above value as appropriate for your site). Note also that "sendmail" may be somewhere other than in /usr/lib. Quentin --- PHONE: +44 191 222 8209 Computing Service, University of Newcastle FAX: +44 191 222 8765 Newcastle upon Tyne, United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." > -----Original Message----- > From: David Lancaster [mailto:dml@unb.ca] > Sent: 25 April 2002 18:25 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Whats your config like.. > > > Just a thought, how good is your IO configuration? > We had a SunOS mailserver get bunged up by a slew of spam, > and the combination of a slow scsi disk for the mailqueue, > and the problem that FFS/UFS has with directories with a > large number of files caused a massive IO wait problem... > > Faster disk and some liberal pruning of spam mails that were > sitting in the queue fixed things right up... Similar to > your situation, moving the bouncing email out of the queue > allowed it to keep up with new incoming mail just fine, the > disk is a just a future precaution. > > Mind you, this was without sendmail alone, without mailscanner... > > D. > > On Thu, 25 Apr 2002, Kelly Hamlin wrote: > > > heres something strange.. :) > > i had about 7000 messages in my outgoing queue and most have been > > there 2-4 days, i let sendmail run for 30 minutes without > acceptning > > any new connections, then removed all the outgoing queue, > and now its > > keeping up.. What else is wierd, my secondary machine, only > has about > > 1500 in its outgoing queue (mainly undelioverable stuff) > and it keeps > > running good.. > > > > Didnt make sense to me, so im posting to let ya know, but i > appriciate > > your input about your config. > > > > ----- Original Message ----- > > From: "Quentin Campbell" > > To: > > Sent: Thursday, April 25, 2002 12:21 PM > > Subject: Re: Whats your config like.. > > > > > > Kelly > > > > Ideally you want to be running two or more boxes of the > same type as > > MX hosts for your domain(s). If each MX host has the same > precedence > > value in the MX record then they should implicitly load > share via DNS > > round-robin selection. > > > > Quentin > > --- > > PHONE: +44 191 222 8209 Computing Service, University of > Newcastle > > FAX: +44 191 222 8765 Newcastle upon Tyne, United > Kingdom, NE1 7RU. > > > ---------------------------------------------------------------------- > > -- > > "Any opinion expressed above is mine. The University can > get its own." > > > > > > > -----Original Message----- > > > From: Kelly Hamlin [mailto:fizz@bomb.net] > > > Sent: 25 April 2002 17:12 > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Subject: Re: Whats your config like.. > > > > > > > > > I do have a second box setup to be a secondary MX with no child > > > limit. Ive got a couple p3 800's laying around, im gonna see if i > > > cant make use of these. > > > > > > ----- Original Message ----- > > > From: "Quentin Campbell" > > > To: > > > Sent: Thursday, April 25, 2002 10:45 AM > > > Subject: Re: Whats your config like.. > > > > > > > > > > -----Original Message----- > > > > From: Kelly Hamlin [mailto:fizz@bomb.net] > > > > Sent: 25 April 2002 13:28 > > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > > Subject: Whats your config like.. > > > > > > > > > > > > Im running a Dual 266 / 512 Megs Ram, on Slackware 8.0 > > > > I process anywhere between 25 and 35 thousand emails a day. > > > > > > > > My question to you is.. What is your setup like and how > > > many emails do > > > > you process? > > > > > > > > Reason im curious is for the last 4 days ive come in to > about 10k > > > > messages queued up. Its like it just stops working. If i > > > disable spam > > > > checks it will clear the queue within about an hour, but > > > what i wanna > > > > know is how i can keep it running fast, even with spam > > > checks as our > > > > customers have grown to love this feature. > > > > > > Kelly > > > > > > You need more and faster boxes! Two dual 1GHz processor > Linux boxes > > > with 1GB or 2GB of memory should cope with that load and some to > > > spare. If the two boxes are MX'd to your mail > > > domain(s) then you also have some resiliance should a server fail. > > > > > > This site handles more than 90K incoming messages a day. > If you also > > > count outgoing email then our Mail Hubs handle more than 200K > > > incoming/outgoing messages a day. > > > > > > With just MailScanner + McAfee AV software running, we could cope > > > with that message load shared across 4 x Sun SPARC Ultra-5 boxes > > > running Solaris 7 and sendmail. These have 266MHz > (approx) CPUs and > > > 384MB memory. > > > > > > Two of the four Mail Hubs are significantly busier than > the others > > > and we could not run SpamAssassin on these two without > building up > > > large backlogs and even refusing incoming connections at > peak times. > > > For this reason we had to disable the use of SpamAssassin. > > > > > > Like you we wanted to run SpamAssassin. The solution was > to replace > > > each of the four Sun boxes with dual 1GHz Intel processor > boxes (2GB > > > memory). We run RedHat Linux 7.2 in place of Solaris. I simply > > > recompiled our existing sendmail under Linux and run it with the > > > existing sendmail.cf file. Building the Redhat system and > installing > > > MailScanner, McAfee software and SpamAssassin was easier > than when > > > working with Solaris! > > > > > > For key infrastructure servers I would always recommend > using RAID; > > > in our case we mirror all disks (RAID 1). Each server has 4 disks > > > providing a mirrored set of 2 disks; the first is used as > the system > > > disk + sendmail log disk + local applications disk while > the second > > > disk of the set is the sendmail spool disk. > > > > > > I hope this info is of some help. > > > > > > Quentin > > > --- > > > PHONE: +44 191 222 8209 Computing Service, University > of Newcastle > > > FAX: +44 191 222 8765 Newcastle upon Tyne, United > > > Kingdom, NE1 7RU. > > > -------------------------------------------------------------- > > > ---------- > > > "Any opinion expressed above is mine. The University can get its > > > own." > > > > > > > > > =========================================================== > David Lancaster > ITS ESS > From marc.perea at ELECTRONIC-GROUP.COM Fri Apr 26 09:50:13 2002 From: marc.perea at ELECTRONIC-GROUP.COM (Marc Perea) Date: Thu Jan 12 21:14:38 2006 Subject: Mailscanner logging and MRTG In-Reply-To: <3CC870B6.1010009@unixsecurity.org> References: <3CC85E68.60101@unixsecurity.org> <002401c1ec99$7ce44290$6dcf75cc@fizz> <3CC870B6.1010009@unixsecurity.org> Message-ID: <20020426105013.72462ce1.marc.perea@electronic-group.com> On Thu, 25 Apr 2002 16:10:14 -0500 Mike Wallis wrote: > Kelly Hamlin wrote: > > >did u put -r in your syslog startup? > > > > Nope, I hadn't done that. I'll give it a shot. > > On a side note, are there any plans to enable logging without enabling > remote access? > Yes Mike. If you search on the mailing-list archives you'll find that you can add the line : Sys::Syslog::setlogsock('unix'); To the logger.pl Start function. It's working fine for me. And also fine for other users of the mail list. Regards, -- Marc Perea - System Administration Staff Mail: marc.perea@electronic-group.com Tel: (+34) 93 600 23 23 Fax: (+34) 93 600 23 10 ---------------- Electronic Group - http://www.electronic-group.com From andy.wright at BARDSEY.DEMON.CO.UK Fri Apr 26 10:19:46 2002 From: andy.wright at BARDSEY.DEMON.CO.UK (andy wright) Date: Thu Jan 12 21:14:38 2006 Subject: Major Sophos update Message-ID: I have tried this using WGET (the on-line help will tell you how to pass username and passwords), but without success. Downloading the tar'd Linux file stops at about 23k rather than the 1MB or so mark. Anyone else had any more luck? Andy. >>> Metod.Skufca@ADVANT.SI 26/04/2002 05:49:11 >>> Hi, Running Mailscanner for quite a while, very pleased. :-)) Now I'm wondering... IDE autoupdate is working fine, but I'm looking for complete automated updates. Does anyone have a effective script for downloading major sophos update file. Something just to change username and pass. Thanx in advance Metod Skufca -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Metod.Skufca at ADVANT.SI Fri Apr 26 10:42:00 2002 From: Metod.Skufca at ADVANT.SI (Metod =?ISO-8859-2?Q?=A9kufca?=) Date: Thu Jan 12 21:14:38 2006 Subject: Major Sophos update Message-ID: wget does everything right, but sophos site is a little tricky. wget does not download requested file becuse sophos have enabled redirection of web page to www.sophos.com/downloads and wget then downloads present *.html page in size of 23k, not the file linux.intel.lib6.tar.Z. There must bi some kind of bypass to get to the file with submiting username and pass. I'm currently expecting reply from sophos tech support. Till then I'm stuck. by Metod Skufca >>> andy wright 26.4.2002 11:19:46 >>> I have tried this using WGET (the on-line help will tell you how to pass username and passwords), but without success. Downloading the tar'd Linux file stops at about 23k rather than the 1MB or so mark. Anyone else had any more luck? Andy. >>> Metod.Skufca@ADVANT.SI 26/04/2002 05:49:11 >>> Hi, Running Mailscanner for quite a while, very pleased. :-)) Now I'm wondering... IDE autoupdate is working fine, but I'm looking for complete automated updates. Does anyone have a effective script for downloading major sophos update file. Something just to change username and pass. Thanx in advance Metod Skufca -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From andy.wright at BARDSEY.DEMON.CO.UK Fri Apr 26 11:06:34 2002 From: andy.wright at BARDSEY.DEMON.CO.UK (andy wright) Date: Thu Jan 12 21:14:39 2006 Subject: Major Sophos update Message-ID: ok, I already have a similar thing working on several Novell servers (I had to write my own equivalent of Wget!). This works fine, but it looks as if the files for Novell are in a diferent location to the Linux ones. Andy. >>> Metod.Skufca@ADVANT.SI 26/04/2002 10:42:00 >>> wget does everything right, but sophos site is a little tricky. wget does not download requested file becuse sophos have enabled redirection of web page to www.sophos.com/downloads and wget then downloads present *.html page in size of 23k, not the file linux.intel.lib6.tar.Z. There must bi some kind of bypass to get to the file with submiting username and pass. I'm currently expecting reply from sophos tech support. Till then I'm stuck. by Metod Skufca >>> andy wright 26.4.2002 11:19:46 >>> I have tried this using WGET (the on-line help will tell you how to pass username and passwords), but without success. Downloading the tar'd Linux file stops at about 23k rather than the 1MB or so mark. Anyone else had any more luck? Andy. >>> Metod.Skufca@ADVANT.SI 26/04/2002 05:49:11 >>> Hi, Running Mailscanner for quite a while, very pleased. :-)) Now I'm wondering... IDE autoupdate is working fine, but I'm looking for complete automated updates. Does anyone have a effective script for downloading major sophos update file. Something just to change username and pass. Thanx in advance Metod Skufca -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mike at ZANKER.ORG Fri Apr 26 11:12:03 2002 From: mike at ZANKER.ORG (Mike Zanker) Date: Thu Jan 12 21:14:39 2006 Subject: SpamAssassin 2.20 Message-ID: <266419661.1019819523@mallard.open.ac.uk> Has anybody tried SpamAssassin 2.20 with MailScanner? Any problems? Thanks, Mike -- Mike Zanker Northampton, UK PGP Public Key: pgp@zanker.org From andy.wright at BARDSEY.DEMON.CO.UK Fri Apr 26 11:24:02 2002 From: andy.wright at BARDSEY.DEMON.CO.UK (andy wright) Date: Thu Jan 12 21:14:39 2006 Subject: Major Sophos update Message-ID: ok, got it! wget -c --http-user= --http-passwd= www.sophos.com/sophos/products/full/linux.intel.libc6.tar.Z (note the uppercase Z at the end) Combined with timestamping this should make it possible to download the file whenever it changes. I haven't got time at the moment to write a script to automate it all, so if anyone else does it let me know :) Andy. >>> Metod.Skufca@ADVANT.SI 26/04/2002 10:42:00 >>> wget does everything right, but sophos site is a little tricky. wget does not download requested file becuse sophos have enabled redirection of web page to www.sophos.com/downloads and wget then downloads present *.html page in size of 23k, not the file linux.intel.lib6.tar.Z. There must bi some kind of bypass to get to the file with submiting username and pass. I'm currently expecting reply from sophos tech support. Till then I'm stuck. by Metod Skufca >>> andy wright 26.4.2002 11:19:46 >>> I have tried this using WGET (the on-line help will tell you how to pass username and passwords), but without success. Downloading the tar'd Linux file stops at about 23k rather than the 1MB or so mark. Anyone else had any more luck? Andy. >>> Metod.Skufca@ADVANT.SI 26/04/2002 05:49:11 >>> Hi, Running Mailscanner for quite a while, very pleased. :-)) Now I'm wondering... IDE autoupdate is working fine, but I'm looking for complete automated updates. Does anyone have a effective script for downloading major sophos update file. Something just to change username and pass. Thanx in advance Metod Skufca -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jkf at ecs.soton.ac.uk Fri Apr 26 12:03:37 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:39 2006 Subject: MailScanner 3.13-2 In-Reply-To: <181546770.1019770954@jemima.zanker.org> Message-ID: <5.1.0.14.2.20020426120309.0678e5c0@imap.ecs.soton.ac.uk> At 21:42 25/04/2002, you wrote: >I'm currently running 3.13-1 but I notice that the web site has 3.13-2. >What's the difference between the two? I mistakenly put "Debug = 1" in the mailscanner.conf file in the Linux RPM. This was fixed in 3.13-2. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jkf at ecs.soton.ac.uk Fri Apr 26 12:01:39 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:39 2006 Subject: Klez-G obscuring From addresses? In-Reply-To: Message-ID: <5.1.0.14.2.20020426120121.06768268@imap.ecs.soton.ac.uk> It's not safe to assume that any address given in a message is genuine. At 19:06 25/04/2002, you wrote: >We've received a relatively high number of Klez-G attempts over the >last few days. > >I noticed this particular virus appears to hide the name of the >sender by forging the from address. MailScanner knows who really sent >it because the postmaster notification shows the right sender >(envelope-from?). > >I think it would be helpful if the message my users gets either had >the from address corrected or a notice in the message who the real >sender was. > >I've also seen a positive correlation between the forged from address >and the to address. Several of the incoming virus look to be from >users in our domain. This brought on a little finger-pointing and >panic. > >After thinking about this for a few minutes, forged from addresses >(and envelope-from) seem easy enough for a virus with it's own SMTP >engine to obfuscate at will (like Klez-G). Perhaps this is a moot >point. Any opinions out there? > >~Todd > >P.S. Several Klez-G viruses slipped by my mailscanner 3.12 and Sophos >354 (causing some modest havoc). Upgrading to Sophos 356n seems to do >the trick. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From jkf at ecs.soton.ac.uk Fri Apr 26 12:17:44 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:39 2006 Subject: SpamAssassin 2.20 In-Reply-To: <266419661.1019819523@mallard.open.ac.uk> Message-ID: <5.1.0.14.2.20020426121706.06785c58@imap.ecs.soton.ac.uk> At 11:12 26/04/2002, you wrote: >Has anybody tried SpamAssassin 2.20 with MailScanner? Any problems? I have just upgraded 2 of my MX's to 2.20 and nothing horrible has happened. I'll mail the list again if any problems appear, but at a first glance it appears to be working. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From joan.bryan at KCL.AC.UK Fri Apr 26 12:25:16 2002 From: joan.bryan at KCL.AC.UK (Joan Bryan) Date: Thu Jan 12 21:14:39 2006 Subject: Mailscanner Logging Anomaly Message-ID: In trying to analyse the number of different viruses received in one day there is a slight anomaly in the reporting of the virus type found and attachments with suspicious extentions in the mailscanner log. In the extraction from the mailscanner log shown below mailscanner has reported finding 2 viruses in a message, however the mail.info message has reported just the one virus type in one message and simply named the suspicious extension in the second message. I wonder if it is possible to separate suspicious extensions from viruses in the mailscanner log in a future release? Thanks very much. Log extract:- Apr 25 01:32:21 angelo mailscanner[19176]: Going to scan 2 messages Apr 25 01:32:22 angelo mailscanner[19176]: Possible MS-Dos program shortcut attack in Geocities_Free_sites.TXT.pif Apr 25 01:32:22 angelo mailscanner[19176]: Found 2 viruses in messages g380WKPL022628 Apr 25 01:32:22 angelo mailscanner[19176]: Scanned 2 messages, 462023 bytes in 1 seconds Apr 25 01:32:23 angelo mailscanner[19176]: Saved infections to /var/spool/MailScanner/quarantine/20020408/g380WKPL022628 Apr 25 01:32:23 angelo mailscanner[19176]: About to deliver 1 messages Apr 25 01:32:23 angelo mailscanner[19176]: Notified senders about 1 infections Apr 25 01:32:23 angelo mailscanner[19176]: Notified virus-info@kcl.ac.uk about 1 infections Apr 25 01:32:24 angelo mailscanner: [ID 702911 mail.info] /var/spool/MailScanner/incoming/g380WKPL022628/Geocities_Free_sites.TXT.pif Apr 25 01:32:24 angelo mailscanner: [ID 702911 mail.info] Found the W95/MTX@M virus !!! Apr 25 01:32:24 angelo mailscanner: [ID 702911 mail.info] The file has been deleted. Apr 25 01:32:24 angelo mailscanner[19176]: Commercial disinfector mcafee returned 3072 Joan Joan Bryan C&IT Services Unix System Team King's College London 020 7848 2671 mailto:joan.bryan@kcl.ac.uk From gerry at DORFAM.CA Fri Apr 26 12:25:48 2002 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:14:39 2006 Subject: SpamAssassin 2.20 In-Reply-To: <5.1.0.14.2.20020426121706.06785c58@imap.ecs.soton.ac.uk> Message-ID: On Fri, 26 Apr 2002, Julian Field wrote: > At 11:12 26/04/2002, you wrote: > >Has anybody tried SpamAssassin 2.20 with MailScanner? Any problems? > > I have just upgraded 2 of my MX's to 2.20 and nothing horrible has > happened. I'll mail the list again if any problems appear, but at a first > glance it appears to be working. > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ > That works just fine. There was a problem with SA 2.20 and Razor 1.20 (which is/was a beta version). SA 2.20 and Razor 1.19 work just fine. Gerry -- "The lyfe so short, the craft so long to learne" Chaucer From mike at ZANKER.ORG Fri Apr 26 12:42:27 2002 From: mike at ZANKER.ORG (Mike Zanker) Date: Thu Jan 12 21:14:39 2006 Subject: MailScanner 3.13-2 In-Reply-To: <5.1.0.14.2.20020426120309.0678e5c0@imap.ecs.soton.ac.uk> References: <5.1.0.14.2.20020426120309.0678e5c0@imap.ecs.soton.ac.uk> Message-ID: <271843600.1019824947@mallard.open.ac.uk> On 26 April 2002 12:03 +0100 Julian Field wrote: > I mistakenly put "Debug = 1" in the mailscanner.conf file in the > Linux RPM. This was fixed in 3.13-2. Of course - I should have remembered that seeing as I reported it to you at the time! Mike -- Mike Zanker Northampton, UK PGP Public Key: pgp@zanker.org From mike at ZANKER.ORG Fri Apr 26 12:48:20 2002 From: mike at ZANKER.ORG (Mike Zanker) Date: Thu Jan 12 21:14:39 2006 Subject: SpamAssassin 2.20 In-Reply-To: <5.1.0.14.2.20020426121706.06785c58@imap.ecs.soton.ac.uk> References: <5.1.0.14.2.20020426121706.06785c58@imap.ecs.soton.ac.uk> Message-ID: <272196678.1019825300@mallard.open.ac.uk> On 26 April 2002 12:17 +0100 Julian Field wrote: > I have just upgraded 2 of my MX's to 2.20 and nothing horrible has > happened. I'll mail the list again if any problems appear, but at a > first glance it appears to be working. Thanks, I'll try it myself then. Mike -- Mike Zanker Northampton, UK PGP Public Key: pgp@zanker.org From Metod.Skufca at ADVANT.SI Fri Apr 26 13:19:19 2002 From: Metod.Skufca at ADVANT.SI (Metod =?ISO-8859-2?Q?=A9kufca?=) Date: Thu Jan 12 21:14:39 2006 Subject: Major Sophos update Message-ID: So... magic was in "-c". Thanx. Metod >>> andy wright 26.4.2002 12:24:02 >>> ok, got it! wget -c --http-user= --http-passwd= www.sophos.com/sophos/products/full/linux.intel.libc6.tar.Z (note the uppercase Z at the end) Combined with timestamping this should make it possible to download the file whenever it changes. I haven't got time at the moment to write a script to automate it all, so if anyone else does it let me know :) Andy. >>> Metod.Skufca@ADVANT.SI 26/04/2002 10:42:00 >>> wget does everything right, but sophos site is a little tricky. wget does not download requested file becuse sophos have enabled redirection of web page to www.sophos.com/downloads and wget then downloads present *.html page in size of 23k, not the file linux.intel.lib6.tar.Z. There must bi some kind of bypass to get to the file with submiting username and pass. I'm currently expecting reply from sophos tech support. Till then I'm stuck. by Metod Skufca >>> andy wright 26.4.2002 11:19:46 >>> I have tried this using WGET (the on-line help will tell you how to pass username and passwords), but without success. Downloading the tar'd Linux file stops at about 23k rather than the 1MB or so mark. Anyone else had any more luck? Andy. >>> Metod.Skufca@ADVANT.SI 26/04/2002 05:49:11 >>> Hi, Running Mailscanner for quite a while, very pleased. :-)) Now I'm wondering... IDE autoupdate is working fine, but I'm looking for complete automated updates. Does anyone have a effective script for downloading major sophos update file. Something just to change username and pass. Thanx in advance Metod Skufca -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From andy.wright at BARDSEY.DEMON.CO.UK Fri Apr 26 13:37:55 2002 From: andy.wright at BARDSEY.DEMON.CO.UK (andy wright) Date: Thu Jan 12 21:14:39 2006 Subject: Major Sophos update Message-ID: No, the -c just does a "continue where left off" if the previous download got interrupted. The trick was to find the correct location to download the file from (ie, not a URL that uses forwarding). Andy. >>> Metod.Skufca@ADVANT.SI 26/04/2002 13:19:19 >>> So... magic was in "-c". Thanx. Metod >>> andy wright 26.4.2002 12:24:02 >>> ok, got it! wget -c --http-user= --http-passwd= www.sophos.com/sophos/products/full/linux.intel.libc6.tar.Z (note the uppercase Z at the end) Combined with timestamping this should make it possible to download the file whenever it changes. I haven't got time at the moment to write a script to automate it all, so if anyone else does it let me know :) Andy. >>> Metod.Skufca@ADVANT.SI 26/04/2002 10:42:00 >>> wget does everything right, but sophos site is a little tricky. wget does not download requested file becuse sophos have enabled redirection of web page to www.sophos.com/downloads and wget then downloads present *.html page in size of 23k, not the file linux.intel.lib6.tar.Z. There must bi some kind of bypass to get to the file with submiting username and pass. I'm currently expecting reply from sophos tech support. Till then I'm stuck. by Metod Skufca >>> andy wright 26.4.2002 11:19:46 >>> I have tried this using WGET (the on-line help will tell you how to pass username and passwords), but without success. Downloading the tar'd Linux file stops at about 23k rather than the 1MB or so mark. Anyone else had any more luck? Andy. >>> Metod.Skufca@ADVANT.SI 26/04/2002 05:49:11 >>> Hi, Running Mailscanner for quite a while, very pleased. :-)) Now I'm wondering... IDE autoupdate is working fine, but I'm looking for complete automated updates. Does anyone have a effective script for downloading major sophos update file. Something just to change username and pass. Thanx in advance Metod Skufca -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From fizz at BOMB.NET Fri Apr 26 13:55:22 2002 From: fizz at BOMB.NET (Kelly Hamlin) Date: Thu Jan 12 21:14:39 2006 Subject: SpamAssassin 2.20 References: <266419661.1019819523@mallard.open.ac.uk> Message-ID: <003401c1ed21$a036e3a0$6dcf75cc@fizz> hopefully its faster :) ----- Original Message ----- From: "Mike Zanker" To: Sent: Friday, April 26, 2002 6:12 AM Subject: SpamAssassin 2.20 > Has anybody tried SpamAssassin 2.20 with MailScanner? Any problems? > > Thanks, > > Mike > -- > Mike Zanker > Northampton, UK > PGP Public Key: pgp@zanker.org > From mike at 4frontmedia.net Fri Apr 26 13:59:37 2002 From: mike at 4frontmedia.net (Mike Walker) Date: Thu Jan 12 21:14:39 2006 Subject: Non permitted file endings attached to "Text Only" Outlook e-mails Message-ID: <014601c1ed22$38efdfc0$0100000a@MIKES> This is still causing a problem - any body got any ideas? :o( __________________________________________________________-- Has anybody else experienced this problem? "VBS scripts or non permitted file endings, when attached to an MS Outlook "Text only" e-mail get through to the recipient with the attachment in tact! If you switch to "HTML" and send again the attachment is stripped and the appropriate VirusWarning.txt is added as an attachment. In "Text Only" mode Mailscanner is identifying the message as an undesirable packet as the sender and the server postmaster are both notified that a virus was sent and detected. Anybody got a fix? Mike Walker 4FrontMedia ____________________________________________________________ This message has been scanned for viruses by "VITANIUM" the multi-scan E-mail Virus Protection Service from 4FrontMedia. To safeguard your business call 01233-850906. From jkf at ecs.soton.ac.uk Fri Apr 26 15:32:52 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:39 2006 Subject: Non permitted file endings attached to "Text Only" Outlook e-mails In-Reply-To: <014601c1ed22$38efdfc0$0100000a@MIKES> Message-ID: <5.1.0.14.2.20020426151743.048fcdb0@imap.ecs.soton.ac.uk> I can't manage to reproduce this problem. If I set Outlook to Text Only and insert an attachment, it still generates a MIME message (being the only proper way to do it), which MailScanner successfully detects and disinfects. At 13:59 26/04/2002, you wrote: >This is still causing a problem - any body got any ideas? :o( >__________________________________________________________-- > >Has anybody else experienced this problem? > >"VBS scripts or non permitted file endings, when attached to an MS >Outlook "Text only" e-mail get through to the recipient with the >attachment in tact! If you switch to "HTML" and send again the >attachment is stripped and the appropriate VirusWarning.txt is added as >an attachment. > >In "Text Only" mode Mailscanner is identifying the message as an >undesirable packet as the sender and the server postmaster are both >notified that a virus was sent and detected. > >Anybody got a fix? > >Mike Walker >4FrontMedia > > > >____________________________________________________________ >This message has been scanned for viruses by "VITANIUM" the >multi-scan E-mail Virus Protection Service from 4FrontMedia. >To safeguard your business call 01233-850906. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From LISTSERV at JISCMAIL.AC.UK Fri Apr 26 18:48:56 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:39 2006 Subject: MAILSCANNER: brucel@EECE.MAINE.EDU requested to join Message-ID: <200204261748.SAA07788@magpie.ecs.soton.ac.uk> Fri, 26 Apr 2002 18:48:56 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Bruce Littlefield The following membership options have been requested: NOMIME DIGEST. You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER brucel@EECE.MAINE.EDU Bruce Littlefield PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER brucel@EECE.MAINE.EDU Bruce Littlefield SET MAILSCANNER NOMIME DIGEST FOR brucel@EECE.MAINE.EDU // EOJ From miguelk at KONSULTEX.COM.BR Sat Apr 27 03:11:27 2002 From: miguelk at KONSULTEX.COM.BR (Miguel Koren) Date: Thu Jan 12 21:14:39 2006 Subject: Major Sophos update In-Reply-To: Message-ID: I had the same problem last week. Tried it with IE, Netscape, Lynx and wget. Miguel On Fri, 26 Apr 2002, andy wright wrote: > I have tried this using WGET (the on-line help will tell you how to pass username and passwords), but without success. Downloading the tar'd Linux file stops at about 23k rather than the 1MB or so mark. > > Anyone else had any more luck? > > Andy. > > >>> Metod.Skufca@ADVANT.SI 26/04/2002 05:49:11 >>> > Hi, > > Running Mailscanner for quite a while, very pleased. :-)) > Now I'm wondering... > IDE autoupdate is working fine, but I'm looking for complete automated updates. > Does anyone have a effective script for downloading major sophos update file. > Something just to change username and pass. > > Thanx in advance > > Metod Skufca > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > From mike at ZANKER.ORG Sat Apr 27 08:48:08 2002 From: mike at ZANKER.ORG (Mike Zanker) Date: Thu Jan 12 21:14:39 2006 Subject: Return-Path header corrupt in virus reports Message-ID: <34386074.1019897288@jemima.zanker.org> I've noticed that the postmaster virus report always seems to have the same corrupt Return-Path header, e.g. Full headers are: Return-Path: Is this a bug or my misconfiguration somewhere? Thanks, Mike -- Mike Zanker Northampton, UK PGP Public Key: pgp@zanker.org From evertjan at VANRAMSELAAR.NL Sat Apr 27 09:07:47 2002 From: evertjan at VANRAMSELAAR.NL (Evert Jan van Ramselaar) Date: Thu Jan 12 21:14:39 2006 Subject: Return-Path header corrupt in virus reports In-Reply-To: <34386074.1019897288@jemima.zanker.org> Message-ID: <001201c1edc2$9e59fb20$65020a0a@galaxy> > -----Original Message----- > From: Mike Zanker > Sent: Saturday, April 27, 2002 9:48 AM > I've noticed that the postmaster virus report always seems to have the > same corrupt Return-Path header, e.g. > > Full headers are: > Return-Path: I reported the same feature/bug some time ago. It is MailScanner corrupting/removing the Return-Path header. -- Evert Jan van Ramselaar Van Ramselaar Info Tech ___ This message has been scanned for viruses and other dangerous content by Van Ramselaar Info Tech and is believed to be clean. See http://www.vr-it.com/emailpolicy.php From mailscanner-sub at WIREHUB.NET Sat Apr 27 22:37:12 2002 From: mailscanner-sub at WIREHUB.NET (Ben C. O. Grimm) Date: Thu Jan 12 21:14:39 2006 Subject: Return-Path header corrupt in virus reports In-Reply-To: References: Message-ID: On 27 Apr 2002 09:48:28 +0200, Mike Zanker wrote: > I've noticed that the postmaster virus report always seems to have the > same corrupt Return-Path header, e.g. > > Full headers are: > Return-Path: > > Is this a bug or my misconfiguration somewhere? It looks like soms kind of Sendmail emulation that doesn't quite work yet. In Sendmailese, the Return-Path has this format: H?P?Return-Path: <$g> -- - Ben C. O. Grimm ----------------- Ben.Grimm@wirehub.net - - Wirehub! Internet Engineering - http://www.wirehub.net/ - - Wirehub! Backbone --- http://doema.wirehub.net/wirehub/ - - Private Ponderings ----------- http://www.bengrimm.net/ - From mdm at INTERNET-TOOLS.COM Mon Apr 29 00:36:05 2002 From: mdm at INTERNET-TOOLS.COM (mark david mcCreary) Date: Thu Jan 12 21:14:39 2006 Subject: debian mailscanner package with sophos Message-ID: I am trying to use the Debian Mailscanner package with Sophos Anti Virus. My thanks to Julian Field for releasing Mailscanner and to Matthias Klose for making it a Debian package. I am interested in using Sophos without the Intercheck facility, so I am compiling the Sophos package like this tar -zxvf linux.intel.libc6.tar.Z cd /usr/local/src/sav-install ./install.sh -ni -d /usr/local/Sophos -m /usr/share/man My next step seems to be to tweak the /etc/mailscanner/wrapper/sophoswrapper file, so that SAV_IDE=$PackageDir/ide becomes SAV_IDE=$PackageDir/sav Since I am not using the Intercheck feature, and do not have any ide directory. It also looks like I need to tweak the /etc/mailscanner/autoupdate/sophos file, but I am a bit confused. I'm thinking that I want to bring down any new virus IDE files into the /usr/local/Sophos/sav directory, where Sophos will then automatically use these newly discovered virus signatures. And this autoupdate/sophos file from the Debian package does not seem to have been tweaked to fit Debian at this time. If anybody has already tweaked this script for Debian, would you please post it. I'm also confused about these line in the /etc/init.d/mailscanner startup script touch /var/lock/subsys/mailscanner rm -f /var/lock/subsys/mailscanner Is the subsys directory supposed to be in that path ? I also expanded the number of known poisoned file names, using data from John Hardin's E-mail Sanitizer at http://www.impsec.org/email-tools/procmail-security.html My filename.rules.conf now looks like this # These are well known viruses. deny pretty\s+park\.exe$ "Pretty Park" virus Pretty Park" virus deny happy99.exe$ "Happy" virus "Happy" virus deny .*romeo.exe$ E-mail Sanitizer E-mail Sanitizer deny alyssa?s?here?.exe$ E-mail Sanitizer E-mail Sanitizer deny amateurs.exe$ E-mail Sanitizer E-mail Sanitizer deny anal.exe$ E-mail Sanitizer E-mail Sanitizer deny anna.exe$ E-mail Sanitizer E-mail Sanitizer deny anniv.doc$ E-mail Sanitizer E-mail Sanitizer deny anti_cih.exe$ E-mail Sanitizer E-mail Sanitizer deny anti_terrorism.exe$ E-mail Sanitizer E-mail Sanitizer deny antivirus.exe$ E-mail Sanitizer E-mail Sanitizer deny ants[0-9]+set.exe$ E-mail Sanitizer E-mail Sanitizer deny aol4free.com$ E-mail Sanitizer E-mail Sanitizer deny asian.exe$ E-mail Sanitizer E-mail Sanitizer deny atchim.exe$ E-mail Sanitizer E-mail Sanitizer deny avp_updates.exe$ E-mail Sanitizer E-mail Sanitizer deny babylonia.exe$ E-mail Sanitizer E-mail Sanitizer deny badass.exe$ E-mail Sanitizer E-mail Sanitizer deny bar.exe$ E-mail Sanitizer E-mail Sanitizer deny binladen_bra[sz]il.exe$ E-mail Sanitizer E-mail Sanitizer deny black.exe$ E-mail Sanitizer E-mail Sanitizer deny blancheneige.exe$ E-mail Sanitizer E-mail Sanitizer deny blonde.exe$ E-mail Sanitizer E-mail Sanitizer deny boys.exe$ E-mail Sanitizer E-mail Sanitizer deny buhh.exe$ E-mail Sanitizer E-mail Sanitizer deny celebrity?rape.exe$ E-mail Sanitizer E-mail Sanitizer deny christmas.exe$ E-mail Sanitizer E-mail Sanitizer deny cheerleader.exe$ E-mail Sanitizer E-mail Sanitizer deny chocolate.exe$ E-mail Sanitizer E-mail Sanitizer deny comical_story.doc$ E-mail Sanitizer E-mail Sanitizer deny common.exe$ E-mail Sanitizer E-mail Sanitizer deny compu_ma.exe$ E-mail Sanitizer E-mail Sanitizer deny creative.exe$ E-mail Sanitizer E-mail Sanitizer deny cum.exe$ E-mail Sanitizer E-mail Sanitizer deny cumshot.exe$ E-mail Sanitizer E-mail Sanitizer deny disk.exe$ E-mail Sanitizer E-mail Sanitizer deny doggy.exe$ E-mail Sanitizer E-mail Sanitizer deny dwarf4you.exe$ E-mail Sanitizer E-mail Sanitizer deny emanuel.exe$ E-mail Sanitizer E-mail Sanitizer deny enanito?fisgon.exe$ E-mail Sanitizer E-mail Sanitizer deny enano.exe$ E-mail Sanitizer E-mail Sanitizer deny enano?porno.exe$ E-mail Sanitizer E-mail Sanitizer deny famous.exe$ E-mail Sanitizer E-mail Sanitizer deny files.exe$ E-mail Sanitizer E-mail Sanitizer deny fist-f?cking.exe$ E-mail Sanitizer E-mail Sanitizer deny gay.exe$ E-mail Sanitizer E-mail Sanitizer deny girls.exe$ E-mail Sanitizer E-mail Sanitizer deny happy[0-9]+.exe$ E-mail Sanitizer E-mail Sanitizer deny hardcore.exe$ E-mail Sanitizer E-mail Sanitizer deny honey.exe$ E-mail Sanitizer E-mail Sanitizer deny horny.exe$ E-mail Sanitizer E-mail Sanitizer deny hot.exe$ E-mail Sanitizer E-mail Sanitizer deny hottest.exe$ E-mail Sanitizer E-mail Sanitizer deny i-watch-u.exe$ E-mail Sanitizer E-mail Sanitizer deny ibmls.exe$ E-mail Sanitizer E-mail Sanitizer deny ie0199.exe$ E-mail Sanitizer E-mail Sanitizer deny ie[0-9]+.exe$ E-mail Sanitizer E-mail Sanitizer deny images_zipped.exe$ E-mail Sanitizer E-mail Sanitizer deny install*.exe$ E-mail Sanitizer E-mail Sanitizer deny invoice.exe$ E-mail Sanitizer E-mail Sanitizer deny javascript.exe$ E-mail Sanitizer E-mail Sanitizer deny jesus.exe$ E-mail Sanitizer E-mail Sanitizer deny joke.exe$ E-mail Sanitizer E-mail Sanitizer deny kinky.exe$ E-mail Sanitizer E-mail Sanitizer deny leather.exe$ E-mail Sanitizer E-mail Sanitizer deny led.exe$ E-mail Sanitizer E-mail Sanitizer deny lesbians.exe$ E-mail Sanitizer E-mail Sanitizer deny list.doc$ E-mail Sanitizer E-mail Sanitizer deny lovers.exe$ E-mail Sanitizer E-mail Sanitizer deny luckey.exe$ E-mail Sanitizer E-mail Sanitizer deny matcher.exe$ E-mail Sanitizer E-mail Sanitizer deny messy.exe$ E-mail Sanitizer E-mail Sanitizer deny missworld.exe$ E-mail Sanitizer E-mail Sanitizer deny misworld.exe$ E-mail Sanitizer E-mail Sanitizer deny mkcompat.exe$ E-mail Sanitizer E-mail Sanitizer deny mmsn_offline.htm$ E-mail Sanitizer E-mail Sanitizer deny ms[0-9-]+.exe$ E-mail Sanitizer E-mail Sanitizer deny mwld.exe$ E-mail Sanitizer E-mail Sanitizer deny mwrld.exe$ E-mail Sanitizer E-mail Sanitizer deny nakedwife.exe$ E-mail Sanitizer E-mail Sanitizer deny navidad.exe$ E-mail Sanitizer E-mail Sanitizer deny ntkrnl.exe$ E-mail Sanitizer E-mail Sanitizer deny oains.exe$ E-mail Sanitizer E-mail Sanitizer deny oral.exe$ E-mail Sanitizer E-mail Sanitizer deny orgy.exe$ E-mail Sanitizer E-mail Sanitizer deny patch*.exe$ E-mail Sanitizer E-mail Sanitizer deny path.xls$ E-mail Sanitizer E-mail Sanitizer deny photos17.exe$ E-mail Sanitizer E-mail Sanitizer deny picture.exe$ E-mail Sanitizer E-mail Sanitizer deny pippo.exe$ E-mail Sanitizer E-mail Sanitizer deny pleasure.exe$ E-mail Sanitizer E-mail Sanitizer deny porkis.exe$ E-mail Sanitizer E-mail Sanitizer deny pretty?park.exe$ E-mail Sanitizer E-mail Sanitizer deny prettypark.exe$ E-mail Sanitizer E-mail Sanitizer deny q[0-9][0-9][0-9]+.exe$ E-mail Sanitizer E-mail Sanitizer deny qi_test.exe$ E-mail Sanitizer E-mail Sanitizer deny quake4demo.exe$ E-mail Sanitizer E-mail Sanitizer deny raquel?darian.exe$ E-mail Sanitizer E-mail Sanitizer deny readme.exe$ E-mail Sanitizer E-mail Sanitizer deny rede.exe$ E-mail Sanitizer E-mail Sanitizer deny romeo.exe$ E-mail Sanitizer E-mail Sanitizer deny sado.exe$ E-mail Sanitizer E-mail Sanitizer deny sample.exe$ E-mail Sanitizer E-mail Sanitizer deny seicho_no_ie.exe$ E-mail Sanitizer E-mail Sanitizer deny serialz.hlp$ E-mail Sanitizer E-mail Sanitizer deny setup*.exe$ E-mail Sanitizer E-mail Sanitizer deny sex.exe$ E-mail Sanitizer E-mail Sanitizer deny sexy.exe$ E-mail Sanitizer E-mail Sanitizer deny shake.exe$ E-mail Sanitizer E-mail Sanitizer deny si.exe$ E-mail Sanitizer E-mail Sanitizer deny slut.exe$ E-mail Sanitizer E-mail Sanitizer deny sm.exe$ E-mail Sanitizer E-mail Sanitizer deny sodomized.exe$ E-mail Sanitizer E-mail Sanitizer deny softwarekey.exe$ E-mail Sanitizer E-mail Sanitizer deny sslpatch.exe$ E-mail Sanitizer E-mail Sanitizer deny story.doc$ E-mail Sanitizer E-mail Sanitizer deny suck.exe$ E-mail Sanitizer E-mail Sanitizer deny sulfnbk.exe$ E-mail Sanitizer E-mail Sanitizer deny suppl.doc$ E-mail Sanitizer E-mail Sanitizer deny surprise!.exe$ E-mail Sanitizer E-mail Sanitizer deny suzete.exe$ E-mail Sanitizer E-mail Sanitizer deny teens.exe$ E-mail Sanitizer E-mail Sanitizer deny update*.exe$ E-mail Sanitizer E-mail Sanitizer deny upgrade*.exe$ E-mail Sanitizer E-mail Sanitizer deny userconf.exe$ E-mail Sanitizer E-mail Sanitizer deny virgins.exe$ E-mail Sanitizer E-mail Sanitizer deny whatever.exe$ E-mail Sanitizer E-mail Sanitizer deny wtc.exe$ E-mail Sanitizer E-mail Sanitizer deny x-mas.exe$ E-mail Sanitizer E-mail Sanitizer deny xena.exe$ E-mail Sanitizer E-mail Sanitizer deny xuxa.exe$ E-mail Sanitizer E-mail Sanitizer deny y2kcount.exe$ E-mail Sanitizer E-mail Sanitizer deny yahoo.exe$ E-mail Sanitizer E-mail Sanitizer deny yawsetup.exe$ E-mail Sanitizer E-mail Sanitizer deny zacker.exe$ E-mail Sanitizer E-mail Sanitizer deny zipped_files.exe$ E-mail Sanitizer E-mail Sanitizer I'm not sure I have this set up exactly right, since one of my tests returned a stored filename message, instead of the known virus message I was expecting. If anybody has any feedback or clues on using Sophos with the Debian Mailscanner package, I would appreciate it. Thanks mark david mcCreary From valianp at SOUTHWESTERN.EDU Mon Apr 29 07:14:29 2002 From: valianp at SOUTHWESTERN.EDU (Peter Valian) Date: Thu Jan 12 21:14:39 2006 Subject: Return-Path header corrupt in virus reports References: Message-ID: <3CCCE4C5.6060208@southwestern.edu> Mike, I have the same thing happening to me! Out of curiosity, are you mail spools NFS mounted? Ben C. O. Grimm wrote: > On 27 Apr 2002 09:48:28 +0200, Mike Zanker wrote: > > >>I've noticed that the postmaster virus report always seems to have the >>same corrupt Return-Path header, e.g. >> >>Full headers are: >> Return-Path: >> >>Is this a bug or my misconfiguration somewhere? >> > > It looks like soms kind of Sendmail emulation that doesn't quite work yet. > In Sendmailese, the Return-Path has this format: > > H?P?Return-Path: <$g> > > -- > - Ben C. O. Grimm ----------------- Ben.Grimm@wirehub.net - > - Wirehub! Internet Engineering - http://www.wirehub.net/ - > - Wirehub! Backbone --- http://doema.wirehub.net/wirehub/ - > - Private Ponderings ----------- http://www.bengrimm.net/ - > -- Peter Valian Network & Systems Administrator Southwestern University Georgetown, Texas 512.863.1586 office 512.863.1605 fax -- From mike at ZANKER.ORG Mon Apr 29 08:21:09 2002 From: mike at ZANKER.ORG (Mike Zanker) Date: Thu Jan 12 21:14:39 2006 Subject: Return-Path header corrupt in virus reports In-Reply-To: <3CCCE4C5.6060208@southwestern.edu> References: <3CCCE4C5.6060208@southwestern.edu> Message-ID: <204667656.1020068469@mallard.open.ac.uk> On 29 April 2002 01:14 -0500 Peter Valian wrote: > I have the same thing happening to me! Out of curiosity, are you mail > spools NFS mounted? No, all on one partition. Mike -- Mike Zanker Northampton, UK PGP Public Key: pgp@zanker.org From LISTSERV at JISCMAIL.AC.UK Sat Apr 27 20:39:54 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:39 2006 Subject: MAILSCANNER: olympio.lista@PRATICA.COM.BR requested to join Message-ID: <200204271939.UAA22879@magpie.ecs.soton.ac.uk> Sat, 27 Apr 2002 20:39:54 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Olympio Renn? You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER olympio.lista@PRATICA.COM.BR Olympio Renn? PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER olympio.lista@PRATICA.COM.BR Olympio Renn? // EOJ From LISTSERV at JISCMAIL.AC.UK Sun Apr 28 01:58:52 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:39 2006 Subject: MAILSCANNER: scottadmin@QUADSIMIA.COM requested to join Message-ID: <200204280058.BAA03722@magpie.ecs.soton.ac.uk> Sun, 28 Apr 2002 01:58:52 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Scott Gregory You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER scottadmin@QUADSIMIA.COM Scott Gregory PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER scottadmin@QUADSIMIA.COM Scott Gregory // EOJ From LISTSERV at JISCMAIL.AC.UK Mon Apr 29 08:06:51 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:39 2006 Subject: MAILSCANNER: qiq@ATREY.KARLIN.MFF.CUNI.CZ requested to join Message-ID: <200204290706.IAA09890@magpie.ecs.soton.ac.uk> Mon, 29 Apr 2002 08:06:51 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Miroslav Spousta The following membership options have been requested: NOMIME DIGEST. You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER qiq@ATREY.KARLIN.MFF.CUNI.CZ Miroslav Spousta PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER qiq@ATREY.KARLIN.MFF.CUNI.CZ Miroslav Spousta SET MAILSCANNER NOMIME DIGEST FOR qiq@ATREY.KARLIN.MFF.CUNI.CZ // EOJ From LISTSERV at JISCMAIL.AC.UK Fri Apr 26 22:18:33 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:39 2006 Subject: MAILSCANNER: george.soley@INTRATECHINC.COM requested to join Message-ID: <200204262118.WAA23677@magpie.ecs.soton.ac.uk> Fri, 26 Apr 2002 22:18:33 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from George Soley You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER george.soley@INTRATECHINC.COM George Soley PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER george.soley@INTRATECHINC.COM George Soley // EOJ From LISTSERV at JISCMAIL.AC.UK Fri Apr 26 22:58:39 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:39 2006 Subject: MAILSCANNER: listas@PEGASO.FISICA.UNAM.MX requested to join Message-ID: <200204262158.WAA26253@magpie.ecs.soton.ac.uk> Fri, 26 Apr 2002 22:58:39 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Javier Martinez You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER listas@PEGASO.FISICA.UNAM.MX Javier Martinez PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER listas@PEGASO.FISICA.UNAM.MX Javier Martinez // EOJ From LISTSERV at JISCMAIL.AC.UK Mon Apr 29 14:36:04 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:39 2006 Subject: MAILSCANNER: freerk@MINDSWITCH.NET requested to join Message-ID: <200204291336.OAA13088@magpie.ecs.soton.ac.uk> Mon, 29 Apr 2002 14:36:04 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Freerk Kalsbeek You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER freerk@MINDSWITCH.NET Freerk Kalsbeek PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER freerk@MINDSWITCH.NET Freerk Kalsbeek // EOJ From LISTSERV at JISCMAIL.AC.UK Mon Apr 29 14:49:19 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:39 2006 Subject: MAILSCANNER: P.G.M.Peters@CIV.UTWENTE.NL requested to join Message-ID: <200204291349.OAA14350@magpie.ecs.soton.ac.uk> Mon, 29 Apr 2002 14:49:19 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Peter Peters You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER P.G.M.Peters@CIV.UTWENTE.NL Peter Peters PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER P.G.M.Peters@CIV.UTWENTE.NL Peter Peters // EOJ From scottadmin at QUADSIMIA.COM Mon Apr 29 14:54:23 2002 From: scottadmin at QUADSIMIA.COM (Scott Gregory) Date: Thu Jan 12 21:14:39 2006 Subject: Malformed attachments from MailScanner? Message-ID: I've seen the behavior where the extra line is inserted before the attachment. I am using the latest version of all the Perl modules used by MailScanner. If you look at the email using (at least) Netscape Messenger, things are messed up as descirbed in earlier post. OutLook and Entourage seem to be more forgiving of the blank line and handle the attachments correctly. I have no data on any other email clients, but if this behavior is not MIME attachment compliant, its bigger than just Messenger. regards, Scott From george.soley at intratechinc.com Mon Apr 29 16:03:58 2002 From: george.soley at intratechinc.com (George Soley) Date: Thu Jan 12 21:14:39 2006 Subject: Can't locate Mail/SpamAssassin/MyMailAudit.pm Message-ID: <00da01c1ef90$5b515330$8e0118ac@soleyg> We are trying to use SpamAssassin 2.20 with MailScanner. The SpamAssassin tests work fine, but when I enable the interface within MailScanner I receive the following errors: Starting MailScanner: Can't locate Mail/SpamAssassin/MyMailAudit.pm in @INC (@INC contains: /usr/local/MailScan ner/bin /usr/lib/perl5/5.6.0/i386-linux /usr/lib/perl5/5.6.0 /usr/lib/perl5/site_perl/5.6.0/i386-linux /usr/lib /perl5/site_perl/5.6.0 /usr/lib/perl5/site_perl .) at /usr/local/MailScanner/bin/sendmail.pl line 47. Compilation failed in require at /usr/local/MailScanner/bin/mailscanner line 67. George Soley -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020429/b3d76a85/attachment.html From valianp at SOUTHWESTERN.EDU Mon Apr 29 16:52:31 2002 From: valianp at SOUTHWESTERN.EDU (Peter Valian) Date: Thu Jan 12 21:14:39 2006 Subject: Return-Path header corrupt in virus reports References: Message-ID: <3CCD6C3F.7010401@southwestern.edu> If someone knows how to fix this please tell me. I have been struggling with it for several months now. I believe these messages are lost. Im getting ready to abandon mailscanner because I don't see a way to fix it. I don't want to leave mailscanner but i cannot sit here and lose mail. please someone help. -p Ben C. O. Grimm wrote: > On 27 Apr 2002 09:48:28 +0200, Mike Zanker wrote: > > >>I've noticed that the postmaster virus report always seems to have the >>same corrupt Return-Path header, e.g. >> >>Full headers are: >> Return-Path: >> >>Is this a bug or my misconfiguration somewhere? > > > It looks like soms kind of Sendmail emulation that doesn't quite work yet. > In Sendmailese, the Return-Path has this format: > > H?P?Return-Path: <$g> > > -- > - Ben C. O. Grimm ----------------- Ben.Grimm@wirehub.net - > - Wirehub! Internet Engineering - http://www.wirehub.net/ - > - Wirehub! Backbone --- http://doema.wirehub.net/wirehub/ - > - Private Ponderings ----------- http://www.bengrimm.net/ - -- Peter Valian Network & Systems Administrator Southwestern University Georgetown, Texas 512.863.1586 office 512.863.1605 fax -- From jkf at ecs.soton.ac.uk Mon Apr 29 17:01:22 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:39 2006 Subject: Return-Path header corrupt in virus reports In-Reply-To: <3CCD6C3F.7010401@southwestern.edu> References: Message-ID: <5.1.0.14.2.20020429170050.033caec0@imap.ecs.soton.ac.uk> At 16:52 29/04/2002, you wrote: >If someone knows how to fix this please tell me. I have been struggling >with it for several months now. I believe these messages are lost. Im >getting ready to abandon mailscanner because I don't see a way to fix >it. I don't want to leave mailscanner but i cannot sit here and lose mail. Can you explain why you think you might be losing mail because of this? I haven't seen any evidence of this happening. >Ben C. O. Grimm wrote: >>On 27 Apr 2002 09:48:28 +0200, Mike Zanker wrote: >> >> >>>I've noticed that the postmaster virus report always seems to have the >>>same corrupt Return-Path header, e.g. >>> >>>Full headers are: >>>Return-Path: >>> >>>Is this a bug or my misconfiguration somewhere? >> >> >>It looks like soms kind of Sendmail emulation that doesn't quite work yet. >>In Sendmailese, the Return-Path has this format: >> >>H?P?Return-Path: <$g> >> >>-- >>- Ben C. O. Grimm ----------------- Ben.Grimm@wirehub.net - >>- Wirehub! Internet Engineering - http://www.wirehub.net/ - >>- Wirehub! Backbone --- http://doema.wirehub.net/wirehub/ - >>- Private Ponderings ----------- http://www.bengrimm.net/ - > > > >-- >Peter Valian >Network & Systems Administrator >Southwestern University >Georgetown, Texas >512.863.1586 office >512.863.1605 fax >-- -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From dustin.baer at IHS.COM Mon Apr 29 16:57:01 2002 From: dustin.baer at IHS.COM (Dustin Baer) Date: Thu Jan 12 21:14:39 2006 Subject: Return-Path header corrupt in virus reports References: <3CCD6C3F.7010401@southwestern.edu> Message-ID: <3CCD6D4D.E9F3A2AB@ihs.com> Peter Valian wrote: > > If someone knows how to fix this please tell me. I have been struggling > with it for several months now. I believe these messages are lost. Im > getting ready to abandon mailscanner because I don't see a way to fix > it. I don't want to leave mailscanner but i cannot sit here and lose mail. > > please someone help. > -p Are you using sendmail? What does `grep Return-Path /path/to/sendmail.cf` say? It should be: H?P?Return-Path: <$g> If it actually says, "H?P?Return-Path: " your sendmail.cf file is messed up. Dustin From valianp at SOUTHWESTERN.EDU Mon Apr 29 17:24:57 2002 From: valianp at SOUTHWESTERN.EDU (Peter Valian) Date: Thu Jan 12 21:14:39 2006 Subject: Return-Path header corrupt in virus reports References: <5.1.0.14.2.20020429170050.033caec0@imap.ecs.soton.ac.uk> Message-ID: <3CCD73D9.9040200@southwestern.edu> Well, here's an example bounce: Date: Thu, 25 Apr 2002 12:02:52 -0500 From: "MailScanner" To: Subject: Warning: E-mail error detected X-MailScanner: Found to be clean Our virus detector failed to completely analyse a message you sent:- To: , , , Subject: Re: Montgomery Date: Thu Apr 25 12:02:52 2002 Any parts of the message that could not be analysed will not have been delivered. If you are using Microsoft Outlook, we strongly recommend you change your outgoing message format from "Rich Text" to "HTML" or "Plain Text". The virus detector said this about the message: Report: Could not parse message g3PH2oK27075 -- MailScanner Email Virus Scanner Julian Field wrote: > At 16:52 29/04/2002, you wrote: > >> If someone knows how to fix this please tell me. I have been struggling >> with it for several months now. I believe these messages are lost. Im >> getting ready to abandon mailscanner because I don't see a way to fix >> it. I don't want to leave mailscanner but i cannot sit here and lose >> mail. > > > Can you explain why you think you might be losing mail because of this? I > haven't seen any evidence of this happening. > >> Ben C. O. Grimm wrote: >> >>> On 27 Apr 2002 09:48:28 +0200, Mike Zanker wrote: >>> >>> >>>> I've noticed that the postmaster virus report always seems to have the >>>> same corrupt Return-Path header, e.g. >>>> >>>> Full headers are: >>>> Return-Path: >>>> >>>> Is this a bug or my misconfiguration somewhere? >>> >>> >>> >>> It looks like soms kind of Sendmail emulation that doesn't quite work >>> yet. >>> In Sendmailese, the Return-Path has this format: >>> >>> H?P?Return-Path: <$g> >>> >>> -- >>> - Ben C. O. Grimm ----------------- Ben.Grimm@wirehub.net - >>> - Wirehub! Internet Engineering - http://www.wirehub.net/ - >>> - Wirehub! Backbone --- http://doema.wirehub.net/wirehub/ - >>> - Private Ponderings ----------- http://www.bengrimm.net/ - >> >> >> >> >> -- >> Peter Valian >> Network & Systems Administrator >> Southwestern University >> Georgetown, Texas >> 512.863.1586 office >> 512.863.1605 fax >> -- > > > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ -- Peter Valian Network & Systems Administrator Southwestern University Georgetown, Texas 512.863.1586 office 512.863.1605 fax -- From valianp at SOUTHWESTERN.EDU Mon Apr 29 17:27:57 2002 From: valianp at SOUTHWESTERN.EDU (Peter Valian) Date: Thu Jan 12 21:14:39 2006 Subject: Return-Path header corrupt in virus reports References: <3CCD6C3F.7010401@southwestern.edu> <3CCD6D4D.E9F3A2AB@ihs.com> Message-ID: <3CCD748D.5020409@southwestern.edu> I am using sendmail-8.11.6-2.7.1 on Redhat 7.1. I am using MailScanner 3.04-1 (planning to upgrade to 3.12-2 later this week). [root@ralph2 /root]# grep Return-Path /etc/sendmail.cf H?P?Return-Path: <$g> Dustin Baer wrote: > Peter Valian wrote: > >>If someone knows how to fix this please tell me. I have been struggling >>with it for several months now. I believe these messages are lost. Im >>getting ready to abandon mailscanner because I don't see a way to fix >>it. I don't want to leave mailscanner but i cannot sit here and lose mail. >> >>please someone help. >>-p > > > Are you using sendmail? What does `grep Return-Path > /path/to/sendmail.cf` say? It should be: > > H?P?Return-Path: <$g> > > If it actually says, "H?P?Return-Path: " your sendmail.cf file is > messed up. > > Dustin -- Peter Valian Network & Systems Administrator Southwestern University Georgetown, Texas 512.863.1586 office 512.863.1605 fax -- From evertjan at VANRAMSELAAR.NL Mon Apr 29 17:57:06 2002 From: evertjan at VANRAMSELAAR.NL (Evert Jan van Ramselaar) Date: Thu Jan 12 21:14:39 2006 Subject: Return-Path header corrupt in virus reports In-Reply-To: <3CCD6D4D.E9F3A2AB@ihs.com> Message-ID: > -----Original Message----- > From: Dustin Baer > Sent: Monday, April 29, 2002 5:57 PM > Are you using sendmail? What does `grep Return-Path > /path/to/sendmail.cf` say? It should be: > > H?P?Return-Path: <$g> > > If it actually says, "H?P?Return-Path: " your sendmail.cf file is > messed up. .......... root@ram1:~ # grep Return-Path /etc/sendmail.cf H?P?Return-Path: <$g> .......... In clean messages, the Return-Path header seems to get removed. In the virus warning msg, it turns up as Return-Path: When I am not using MailScanner, all incoming messages have a Return-Path header. When using MailScanner, all scanned messages don't. -- Evert Jan van Ramselaar Van Ramselaar Info Tech ___ This message has been scanned for viruses and other dangerous content by Van Ramselaar Info Tech and is believed to be clean. See http://www.vr-it.com/emailpolicy.php From freerk at MINDSWITCH.NET Mon Apr 29 20:25:39 2002 From: freerk at MINDSWITCH.NET (Freerk Kalsbeek) Date: Thu Jan 12 21:14:39 2006 Subject: What is the benifit of SpamAssassin run from MailScanner Message-ID: Hi, Since this afternoon I have both MailScanner en SpamAssassin up and running. So far so good. Can someone tell me the benefits of using SpamAssassin run from MailScanner instead of running them seperately? Thanx, Freerk Kalsbeek From jkf at ecs.soton.ac.uk Mon Apr 29 21:14:55 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:39 2006 Subject: What is the benifit of SpamAssassin run from MailScanner In-Reply-To: Message-ID: <5.1.0.14.2.20020429211332.03361a98@imap.ecs.soton.ac.uk> At 20:25 29/04/2002, you wrote: >Can someone tell me the benefits of using SpamAssassin run from MailScanner >instead of running them seperately? For one, the spam detection will be integrated into one place, so either the RBL's or SpamAssassin will cause MailScanner to tag the mail as spam. Also, it should actually be faster, as MailScanner calls the Perl API within SpamAssassin directly, and does not invoke either the "spamassassin" binary or "spamc" in order to do the checks, saving the load on starting those processes. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From LISTSERV at JISCMAIL.AC.UK Mon Apr 29 21:28:10 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:39 2006 Subject: MAILSCANNER: plazonic@MATH.PRINCETON.EDU requested to join Message-ID: <200204292028.VAA11164@magpie.ecs.soton.ac.uk> Mon, 29 Apr 2002 21:28:10 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Josko Plazonic You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER plazonic@MATH.PRINCETON.EDU Josko Plazonic PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER plazonic@MATH.PRINCETON.EDU Josko Plazonic // EOJ From LISTSERV at JISCMAIL.AC.UK Tue Apr 30 06:32:03 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:39 2006 Subject: MAILSCANNER: robert@VCT.SI requested to join Message-ID: <200204300532.GAA16683@magpie.ecs.soton.ac.uk> Tue, 30 Apr 2002 06:32:03 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Robert Manfreda You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER robert@VCT.SI Robert Manfreda PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER robert@VCT.SI Robert Manfreda // EOJ From m.sapsed at BANGOR.AC.UK Tue Apr 30 10:08:49 2002 From: m.sapsed at BANGOR.AC.UK (Martin Sapsed) Date: Thu Jan 12 21:14:39 2006 Subject: Klez Virus get Passed ! References: <002e01c1eba1$b8549ee0$d802a8c0@314t> Message-ID: <3CCE5F21.611F0FD@bangor.ac.uk> Michael Chan wrote: > All the exe , pif , scr , com has been stopped by the MailScanner > without any problem , but today the virus "Klez" virus pass the checking of > MailScanner , I found this is the raw data of the message : > > Content-Type: audio/x-midi ; > name=Product Catalogue(1).scr > Content-Transfer-Encoding: base64 > Content-ID: > > I know this is the problem of "outlook express" which automatically > execute the attachment in the message , but can I stop it using MailScanner > ? Is this because the copy of klez is actually embedded in an HTML attachment? Which virus scanner do you use? Cheers, Martin -- Martin Sapsed To have no errors Information Services Would be life without meaning University of Wales, Bangor, LL57 2UX No struggle, no joy. Fax: +44 (0)1248 383826 From m.sapsed at BANGOR.AC.UK Tue Apr 30 10:06:22 2002 From: m.sapsed at BANGOR.AC.UK (Martin Sapsed) Date: Thu Jan 12 21:14:39 2006 Subject: Klez-G obscuring From addresses? References: Message-ID: <3CCE5E8E.43F27B75@bangor.ac.uk> Todd Martin wrote: > We've received a relatively high number of Klez-G attempts over the > last few days. > > I noticed this particular virus appears to hide the name of the > sender by forging the from address. MailScanner knows who really sent > it because the postmaster notification shows the right sender > (envelope-from?). > > I've also seen a positive correlation between the forged from address > and the to address. Several of the incoming virus look to be from > users in our domain. This brought on a little finger-pointing and > panic. I think you'll find Klez picks both the From: and To: addresses from the address book on the victim's machine. I had a case yesterday where boyfriend suggested that girlfriend's PC was infected. Closer examination of the headers revealed that actually it's boyfriend's PC that's infected! Oh dear! Cheers, Martin -- Martin Sapsed To have no errors Information Services Would be life without meaning University of Wales, Bangor, LL57 2UX No struggle, no joy. Fax: +44 (0)1248 383826 From klon at NYBRO.DK Tue Apr 30 10:54:08 2002 From: klon at NYBRO.DK (Thomas Hanson) Date: Thu Jan 12 21:14:39 2006 Subject: mailscanner stops after a while, why? Message-ID: <00a601c1f02c$f8a0a770$2bde26c0@r58> After a while mailscanner stops scanning mails yet the service is still running. If I stop it manually I get this message: [root admin]# /etc/rc.d/init.d/mailscanner stop Shutting down MailScanner: ERROR!sendmail okERROR! [root admin]# /etc/rc.d/init.d/mailscanner start Starting MailScanner: What do the 2 errors mean? An immediate restart afterwards gives this result : [root admin]# /etc/rc.d/init.d/mailscanner restart Shutting down MailScanner: ERROR!sendmail oksendmail ok Starting MailScanner: [root admin]# So I wonder what the errors mean. I use sophos as my antivirus program. I am using a SUN Cobalt Qube 3 with OS 6.4 Thanks Thomas Hanson -- This message has been scanned for viruses and is believed to be clean. From jkf at ecs.soton.ac.uk Tue Apr 30 11:24:51 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:39 2006 Subject: mailscanner stops after a while, why? In-Reply-To: <00a601c1f02c$f8a0a770$2bde26c0@r58> Message-ID: <5.1.0.14.2.20020430112345.046fdec0@imap.ecs.soton.ac.uk> At 10:54 30/04/2002, you wrote: >After a while mailscanner stops scanning mails yet the service is still >running. >If I stop it manually I get this message: >[root admin]# /etc/rc.d/init.d/mailscanner stop >Shutting down MailScanner: ERROR!sendmail okERROR! >[root admin]# /etc/rc.d/init.d/mailscanner start >Starting MailScanner: > >What do the 2 errors mean? >An immediate restart afterwards gives this result : >[root admin]# /etc/rc.d/init.d/mailscanner restart >Shutting down MailScanner: ERROR!sendmail oksendmail ok >Starting MailScanner: >[root admin]# > >So I wonder what the errors mean. >I use sophos as my antivirus program. I am using a SUN Cobalt Qube 3 with OS >6.4 I admit my init.d scripts aren't perfect. You can run /usr/local/MailScanner/bin/check_mailscanner to see if it is running (it will print the PID which you can then kill), or to start it. You'll still have to make sure the 2 sendmail processes are running though. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From fizz at BOMB.NET Tue Apr 30 13:59:58 2002 From: fizz at BOMB.NET (Kelly Hamlin) Date: Thu Jan 12 21:14:39 2006 Subject: Is this possible? Message-ID: <00ae01c1f046$eebb8c10$48cf75cc@fizz> To remove the DNS checking in spamassassin? and keep the other checks.. ////// ( o o ) +--.oooO--(_)--Oooo.-----------------+ | [Kelly Hamlin] | kellyh@cyberstreet.com | http://www.bomb.net | .oooO | ( ) Oooo. +--- \ (----( )----------------------------+ \_) ) / (_/ From qiq at ATREY.KARLIN.MFF.CUNI.CZ Tue Apr 30 15:45:51 2002 From: qiq at ATREY.KARLIN.MFF.CUNI.CZ (Miroslav Spousta) Date: Thu Jan 12 21:14:39 2006 Subject: Klez Virus get Passed ! In-Reply-To: <3CCE5F21.611F0FD@bangor.ac.uk> References: <002e01c1eba1$b8549ee0$d802a8c0@314t> <3CCE5F21.611F0FD@bangor.ac.uk> Message-ID: <20020430144551.GA7916@atrey.karlin.mff.cuni.cz> Hi! > > All the exe , pif , scr , com has been stopped by the MailScanner > > without any problem , but today the virus "Klez" virus pass the checking of > > MailScanner , I found this is the raw data of the message : > > > > Content-Type: audio/x-midi ; > > name=Product Catalogue(1).scr > > Content-Transfer-Encoding: base64 > > Content-ID: > > I think the problem is with the incorrect MIME header the virus send. MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=T0064s6472n43NPxz1CBE991Y514511 X-MailScanner: clean --T0064s6472n43NPxz1CBE991Y514511 Content-Type: text/html; Content-Transfer-Encoding: quoted-printable --T0064s6472n43NPxz1CBE991Y514511 Content-Type: audio/x-midi; name=Sun Sep.pif Content-Transfer-Encoding: base64 Content-ID: TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAA2AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4g RE9TIG1vZGUuDQ0KJAAAAAAAAAAYmX3gXPgTs1z4E7Nc+BOzJ+Qfs1j4E7Pf5B2zT/gTs7Tn In both cases the name field contains spaces without quotes. Some debugging output from MailScanner: Message g3UCvic28129 looks like this --------------------------- Content-type: multipart/alternative Effective-type: multipart/alternative Body-file: NONE Subject: Questionnaire Num-parts: 3 -- Content-type: text/html Effective-type: text/html Body-file: /var/spool/MailScanner/incoming/g3UCvic28129/msg-28119-1.html -- Content-type: audio/x-midi Effective-type: audio/x-midi Body-file: /var/spool/MailScanner/incoming/g3UCvic28129/Sun Recommended-filename: Sun -- Content-type: text/plain Effective-type: text/plain Body-file: /var/spool/MailScanner/incoming/g3UCvic28129/msg-28119-2.txt -- So the problem seems to be in MIME::Tools Perl module. The only solution I was able to find is to disable ignore_errors in the Parser module: --- explode.pl.orig Mon Mar 25 13:31:29 2002 +++ explode.pl Tue Apr 30 16:03:18 2002 @@ -81,6 +81,7 @@ #$parser->output_dir($path); $parser->extract_uuencode(1); ### default is false, can read uuencode + $parser->ignore_errors(0); $parser->output_to_core('NONE'); unless (open(PIPE, MTA::BuildMessageCmd($header,"$QDir/$dfile")." |")) { Log::WarnLog("Cannot build message from $header and $QDir/$dfile, %s", $!); This way the MailScanner will not ignore incorrect MIME headers and produce this message instead: mailscanner[29087]: Scanning 1 messages, 8742 bytes mailscanner[29087]: Cannot parse /var/spool/MailScanner/incoming/g3UEYbc29537.header and /var/spool/mqueue.in/dfg3UEYbc29537, unexpected end of header mailscanner[29087]: Scanned 1 messages, 8742 bytes in 0 seconds mailscanner[29087]: Saved entire message to /var/spool/MailScanner/quarantine/20020430/g3UEYbc29537 mailscanner[29087]: Deleting unparsable message g3UEYbc29537 from queue Cheers, Mirek From LISTSERV at JISCMAIL.AC.UK Tue Apr 30 18:49:06 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:39 2006 Subject: MAILSCANNER: patrick@IMPTOY.COM requested to join Message-ID: <200204301749.SAA10715@magpie.ecs.soton.ac.uk> Tue, 30 Apr 2002 18:49:06 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from Patrick Hall You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER patrick@IMPTOY.COM Patrick Hall PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER patrick@IMPTOY.COM Patrick Hall // EOJ From patrick at IMPTOY.COM Tue Apr 30 19:12:23 2002 From: patrick at IMPTOY.COM (Patrick Hall) Date: Thu Jan 12 21:14:39 2006 Subject: Accept all outgoing attachments Message-ID: Is there a way bypass the 'filename rules' check for all outgoing mail? TIA, Pat Hall From LISTSERV at JISCMAIL.AC.UK Tue Apr 30 23:41:26 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8d)) Date: Thu Jan 12 21:14:39 2006 Subject: MAILSCANNER: leva@INTERWARE.HU requested to join Message-ID: <200204302241.XAA01867@magpie.ecs.soton.ac.uk> Tue, 30 Apr 2002 23:41:26 A request to join the MAILSCANNER JISCmail list (MailScanner mailing list) has been received from "Kov?cs, Levente" You can, at your discretion, send the following command to jiscmail@JISCMAIL.AC.UK to add this person to the JISCmail list: add MAILSCANNER leva@INTERWARE.HU Kov?cs, Levente PS: In order to facilitate the task, this message has been specially formatted so that you only need to forward it back to jiscmail@JISCMAIL.AC.UK and fill in the password below to have the command executed. Note that while the formats produced by the forwarding function of most mail packages are supported, replying will seldom work, so make sure to forward and not reply. ------------------------------------------------------------------------- // JOB PW=XXXXXXXX ADD MAILSCANNER leva@INTERWARE.HU Kov?cs, Levente // EOJ From jkf at ecs.soton.ac.uk Mon Apr 29 21:13:21 2002 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:14:39 2006 Subject: Return-Path header corrupt in virus reports In-Reply-To: <3CCD73D9.9040200@southwestern.edu> References: <5.1.0.14.2.20020429170050.033caec0@imap.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020429211209.03193440@imap.ecs.soton.ac.uk> What has that bounce got to do with $g? The "unparsable" error message is due to the TNEF decoder not being able to handle the weird and wonderful TNEF formats that some versions of Outlook produce. It's nothing to do with the Return-Path:, which MailScanner makes no use of. At 17:24 29/04/2002, you wrote: >Well, here's an example bounce: > >Date: Thu, 25 Apr 2002 12:02:52 -0500 >From: "MailScanner" >To: >Subject: Warning: E-mail error detected >X-MailScanner: Found to be clean > >Our virus detector failed to completely analyse a message you sent:- > To: , , >, > Subject: Re: Montgomery > Date: Thu Apr 25 12:02:52 2002 >Any parts of the message that could not be analysed will not have been >delivered. > >If you are using Microsoft Outlook, we strongly recommend you change your >outgoing message format from "Rich Text" to "HTML" or "Plain Text". > >The virus detector said this about the message: >Report: Could not parse message g3PH2oK27075 >-- >MailScanner >Email Virus Scanner > > >Julian Field wrote: >>At 16:52 29/04/2002, you wrote: >> >>>If someone knows how to fix this please tell me. I have been struggling >>>with it for several months now. I believe these messages are lost. Im >>>getting ready to abandon mailscanner because I don't see a way to fix >>>it. I don't want to leave mailscanner but i cannot sit here and lose >>>mail. >> >> >>Can you explain why you think you might be losing mail because of this? I >>haven't seen any evidence of this happening. >> >>>Ben C. O. Grimm wrote: >>> >>>>On 27 Apr 2002 09:48:28 +0200, Mike Zanker wrote: >>>> >>>> >>>>>I've noticed that the postmaster virus report always seems to have the >>>>>same corrupt Return-Path header, e.g. >>>>> >>>>>Full headers are: >>>>>Return-Path: >>>>> >>>>>Is this a bug or my misconfiguration somewhere? >>>> >>>> >>>> >>>>It looks like soms kind of Sendmail emulation that doesn't quite work >>>>yet. >>>>In Sendmailese, the Return-Path has this format: >>>> >>>>H?P?Return-Path: <$g> >>>> >>>>-- >>>>- Ben C. O. Grimm ----------------- Ben.Grimm@wirehub.net - >>>>- Wirehub! Internet Engineering - http://www.wirehub.net/ - >>>>- Wirehub! Backbone --- http://doema.wirehub.net/wirehub/ - >>>>- Private Ponderings ----------- http://www.bengrimm.net/ - >>> >>> >>> >>> >>>-- >>>Peter Valian >>>Network & Systems Administrator >>>Southwestern University >>>Georgetown, Texas >>>512.863.1586 office >>>512.863.1605 fax >>>-- >> >> >>-- >>Julian Field Teaching Systems Manager >>jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science >>Tel. 023 8059 2817 University of Southampton >> Southampton SO17 1BJ > > > >-- >Peter Valian >Network & Systems Administrator >Southwestern University >Georgetown, Texas >512.863.1586 office >512.863.1605 fax >-- -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ