From P.G.M.Peters at civ.utwente.nl Thu Aug 1 07:34:20 2002 From: P.G.M.Peters at civ.utwente.nl (Peter Peters) Date: Thu Jan 12 21:15:21 2006 Subject: Kaspersky 4.0.1.0 & MailScanner 3.22-10 ? In-Reply-To: References: Message-ID: On Wed, 31 Jul 2002 11:26:30 -0400, you wrote: > My organization >already uses Kaspersky on the desktops and file servers so we need to go >with Kaspersky on the mail server based on our discount with our reseller. I would recommend against Kaspersky when you already use it on desktops and file servers. If Kaspersky is late with a signature it would be late on all systems. If you use another virusscanner you would have more change that one of them has a signature file in time. On our fileservers (and exchange) and desktops we run NAV. On the central servers we run f-prot. F-prot detected Yaha (they call it Lentin) one or two days before NAV. So when the outbreak started we where protected by f-prot while within the exchange environment the virus could be spread as some people got the virus from outside our own mailservers. And I don't think you would get a deal with Kaspersky that is as cheap as f-prot. We have looked at Kaspersky and it would cost us 14.000 EURO the first year and 9.800 EURO for the next years. -- Peter Peters senior netwerkbeheerder, Centrum voor Informatievoorziening, Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: +31 53 489 2301, fax:+31 53 489 2383, http://www.utwente.nl/civ From hugo.1000 at GMX.NET Thu Aug 1 12:39:19 2002 From: hugo.1000 at GMX.NET (Alf Gunz) Date: Thu Jan 12 21:15:21 2006 Subject: Kaspersky 4.0.1.0 & MailScanner 3.22-10 ? In-Reply-To: Message-ID: Hi, > Anyone have a customized and working kasperskywrapper and > kaspersky.prf they care to share? http://bm.ilo.de/kaspersky.tgz -- mfg alf From hugo.1000 at GMX.NET Thu Aug 1 12:45:12 2002 From: hugo.1000 at GMX.NET (Alf Gunz) Date: Thu Jan 12 21:15:21 2006 Subject: safesasl failed In-Reply-To: <090c01c238d1$b0388690$fe00010a@backup> Message-ID: Hi, > [root /etc]# ls -all sas* > -rw----r-- 1 root root 20480 Jul 31 16:11 sasldb > [root /etc]# If you have passwords in that file you should make it only read-/writable by root ( chmod o-r sasldb). -- mfg alf From kvue at WADSNET.COM Thu Aug 1 13:03:26 2002 From: kvue at WADSNET.COM (Kham Vue) Date: Thu Jan 12 21:15:21 2006 Subject: safesasl failed References: Message-ID: <00fe01c23954$6a60cc80$fe00010a@backup> What is the file for? Spam Assassin? -------------------------------------------------------------- ----- Original Message ----- From: "Alf Gunz" To: Sent: Thursday, August 01, 2002 7:45 AM Subject: Re: safesasl failed > Hi, > > > [root /etc]# ls -all sas* > > -rw----r-- 1 root root 20480 Jul 31 16:11 sasldb > > [root /etc]# > > If you have passwords in that file you should make it only read-/writable > by root ( chmod o-r sasldb). > > -- > mfg alf > > From Mark.Gillis at HTCINC.NET Thu Aug 1 14:50:31 2002 From: Mark.Gillis at HTCINC.NET (Gillis, Mark) Date: Thu Jan 12 21:15:21 2006 Subject: Mailscanner locking up Message-ID: I have put it into production, and according to the laws of Murphy, something dies. mailscanner starts, reporting into mail.log syslog that it is running -- that is the last message I see. Our SMTP workload is very very heavy, with 19000 accounts. Even doing an ls -l on the /var/spool/mqueue.in directory takes forever... sendmail is still running, in the recommended configuration. If anyone has seen Mailscanner challenges like this in the past, I would appriciate any help. Mark HTC Disclaimer: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. From Matthew_doherty at DATAWATCH.COM Thu Aug 1 17:05:10 2002 From: Matthew_doherty at DATAWATCH.COM (Matt Doherty) Date: Thu Jan 12 21:15:21 2006 Subject: Mailscanner locking up Message-ID: are you starting/restarting senmail like this : #~sendmail (start|stop|restart) or like this #~mailscanner (start|stop|restart) Because i had the same problem when i wasnt starting sendmail properly after installing mailscanner.. Now I know to use Mailscanner to start~stop services for sendmail and that solved it for me at least.. Hope this helps ya Good day Matt Doherty IT Dept Datawatch Corp >>In a world without walls or fences, who needs Windows and Gates?<< -----Original Message----- From: Gillis, Mark [mailto:Mark.Gillis@HTCINC.NET] Sent: Thursday, August 01, 2002 10:56 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Mailscanner locking up I have put it into production, and according to the laws of Murphy, something dies. mailscanner starts, reporting into mail.log syslog that it is running -- that is the last message I see. Our SMTP workload is very very heavy, with 19000 accounts. Even doing an ls -l on the /var/spool/mqueue.in directory takes forever... sendmail is still running, in the recommended configuration. If anyone has seen Mailscanner challenges like this in the past, I would appriciate any help. Mark HTC Disclaimer: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020801/fe017af5/attachment.html From combs at magnet.fsu.edu Thu Aug 1 20:03:40 2002 From: combs at magnet.fsu.edu (Tom Combs) Date: Thu Jan 12 21:15:21 2006 Subject: SA blacklist or SM access db Message-ID: <200208011903.g71J3e008445@osprey.magnet.fsu.edu> Hello, Is it more efficient to use the blacklist feature in the spam.assassin.prefs.conf file or to use a REJECT in the sendmail access database? I would think that it would be better to use the sendmail access list because this would cause the message to be kicked out before being delivered to the mqueue.in and thus it would never have to be checked for viruses or spam. Comments? -- Tom Combs E-mail: combs@magnet.fsu.edu National High Magnetic Field Laboratory Phone: (850) 644-1657 1800 E. Paul Dirac Drive Tallahassee, FL 32310 From aalsup at usdla.com Fri Aug 2 19:07:10 2002 From: aalsup at usdla.com (Andy Alsup) Date: Thu Jan 12 21:15:21 2006 Subject: messages from lists serv that redirects Message-ID: <200208021807.g72I7A407921@www.usdla.com> Hi, I host a mail server running mailscanner/spamassassin (Thanks for great software!) I have clients that subscribe to lists hosted by yahoogroups. The list messages are often marked as spam, I assume, because of the advertisements contained in the message. The problem appears to be that the list server redirects (I think that's the term) messages so the To:/From: fields are as the original sender sees them. I guess list members are BCC: For instance, a message looks like this: From: joeuser@blah.com To: list@yahoogroups.com So, I can't put the sender in a whitelist, since it is different every time. Since the list address appears in the To: field, I have seen no effect by placing the list address in a whitelist. How do I work around this? If I told spamassassin that yahoogroups.com was a local domain, would that cause other problems? Thanks Andy --------------------------------------------------------- This message sent using EMUmail -- http://www.emumail.com --------------------------------------------------------- Jumping through hoops to get E-mail on the road? You've got two choices: Join the circus, or use MollyMail. Molly Mail -- http://www.mollymail.com From garner at GARNET.ACNS.FSU.EDU Mon Aug 5 04:03:51 2002 From: garner at GARNET.ACNS.FSU.EDU (Lee Garner) Date: Thu Jan 12 21:15:21 2006 Subject: Sendmail 8.9.3 ==> 8.12.x & MailScanner Message-ID: <200208050303.XAA100344@garnet.acns.fsu.edu> Hi, I'm currently running MailScanner 3.22-7 with Sendmail 8.9.3 and am occasionally experiencing the "Failed to link message body between queues" problem presumably because that version of Sendmail generates message-ids based on the PID of the Sendmail process, and during slow periods a given Sendmail child instance can process multiple messages with the same QID in the queue filename(s). (Or something like that.) Anyway, to get rid of the problem I'd like to upgrade Sendmail to one of the more(most) recent versions, say 8.12.. I'm curious if there are any "gotchas" waiting around the corner once I try the newer Sendmail with MailScanner. One little item I read in the Sendmail release notes concerning moving queue files around sounded like it could be a problem in conjunction with MailScanner (the release notes item talked about Sendmail "moving files back to where they are supposed to be"). Would appreciate any heads-ups from anyone who has already been down this path. Thanks, - Lee +--------------------------------------------+--------------------------------+ | Lee Garner (Sr. Systems Programmer) | E-mail: lee.garner@fsu.edu | | Academic Computing & Network Services | Fax: 850-644-8722 | | Florida State University | Voice: 850-644-2591 | | Tallahassee, Florida 32306-2760 USA | Teleport: 30?25'34N, 84?19'32W| +--------------------------------------------+--------------------------------+ From LISTSERV at JISCMAIL.AC.UK Thu Aug 1 09:23:58 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:21 2006 Subject: MAILSCANNER: gbm@GTCC.NSW.GOV.AU requested to join Message-ID: <200208010823.JAA04000@magpie.ecs.soton.ac.uk> Thu, 1 Aug 2002 09:23:58 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from Gary Milby . You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER gbm@GTCC.NSW.GOV.AU Gary Milby The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+gbm%40GTCC.NSW.GOV.AU+Gary+Milby&L=MAILSCANNER ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From LISTSERV at JISCMAIL.AC.UK Thu Aug 1 13:08:17 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:21 2006 Subject: MAILSCANNER: info@MEVERS.NL requested to join Message-ID: <200208011208.NAA22263@magpie.ecs.soton.ac.uk> Thu, 1 Aug 2002 13:08:17 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from SUBSCRIBE MAILSCANNER Richard M . You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER info@MEVERS.NL SUBSCRIBE MAILSCANNER Richard M The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+info%40MEVERS.NL+SUBSCRIBE+MAILSCANNER+Richard+M&L=MAILSCANNER ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From LISTSERV at JISCMAIL.AC.UK Thu Aug 1 16:56:30 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:21 2006 Subject: MAILSCANNER: tcarrez@SCORT.COM left the list Message-ID: <200208011556.QAA11231@magpie.ecs.soton.ac.uk> Thu, 1 Aug 2002 16:56:30 tcarrez@SCORT.COM has just signed off the MAILSCANNER list (MailScanner mailing list). ------------------------- Original mail header -------------------------- Return-Path: Received: from 130.246.192.52 by JISCMAIL.AC.UK (SMTPL release 1.0f) with TCP; Thu, 1 Aug 2002 16:55:20 +0100 Received: from arges (arges.scort.com [213.41.103.75]) by ori.rl.ac.uk (8.11.1/8.11.1) with ESMTP id g71FtJr10612 for ; Thu, 1 Aug 2002 16:55:19 +0100 Received: from user.scort.com ([213.41.103.70] helo=scort.com) by arges.scort.com with asmtp (Exim 4.05) id 17aIIH-0000ut-00 for jiscmail@jiscmail.ac.uk; Thu, 01 Aug 2002 17:55:17 +0200 Message-ID: <3D4959E8.7080405@scort.com> Date: Thu, 01 Aug 2002 17:55:20 +0200 From: Thierry Carrez Organization: SCORT User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.1b) Gecko/20020722 X-Accept-Language: en-us, en MIME-Version: 1.0 To: jiscmail@jiscmail.ac.uk Subject: leave * References: <3D2D8DA3.7050807@scort.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-MailScanner: Found to be clean X-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (score=0, required 5) From LISTSERV at JISCMAIL.AC.UK Thu Aug 1 17:53:20 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:21 2006 Subject: MAILSCANNER: keith@CIRINC.COM requested to join Message-ID: <200208011653.RAA16291@magpie.ecs.soton.ac.uk> Thu, 1 Aug 2002 17:53:20 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from Keith Stolle . You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER keith@CIRINC.COM Keith Stolle The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+keith%40CIRINC.COM+Keith+Stolle&L=MAILSCANNER ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From LISTSERV at JISCMAIL.AC.UK Thu Aug 1 21:46:55 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:21 2006 Subject: MAILSCANNER: mqyvonet@URESP.ULAVAL.CA requested to join Message-ID: <200208012046.VAA03463@magpie.ecs.soton.ac.uk> Thu, 1 Aug 2002 21:46:55 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from Minh Quang Yvonet . You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER mqyvonet@URESP.ULAVAL.CA Minh Quang Yvonet The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+mqyvonet%40URESP.ULAVAL.CA+Minh+Quang+Yvonet&L=MAILSCANNER ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From LISTSERV at JISCMAIL.AC.UK Fri Aug 2 19:26:05 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:21 2006 Subject: MAILSCANNER: mislist@SONIC.COM requested to join Message-ID: <200208021826.TAA06489@magpie.ecs.soton.ac.uk> Fri, 2 Aug 2002 19:26:05 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from Scott Larson . You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER mislist@SONIC.COM Scott Larson The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+mislist%40SONIC.COM+Scott+Larson&L=MAILSCANNER ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From LISTSERV at JISCMAIL.AC.UK Sat Aug 3 05:11:10 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:21 2006 Subject: MAILSCANNER: msmith645@HOTMAIL.COM left the list Message-ID: <200208030411.FAA05367@magpie.ecs.soton.ac.uk> Sat, 3 Aug 2002 05:11:10 Mike Smith has just signed off the MAILSCANNER list (MailScanner mailing list). ------------------------- Original mail header -------------------------- Return-Path: Received: from 130.246.192.52 by JISCMAIL.AC.UK (SMTPL release 1.0f) with TCP; Sat, 3 Aug 2002 05:01:02 +0100 Received: from hotmail.com (f204.pav2.hotmail.com [64.4.37.204]) by ori.rl.ac.uk (8.11.1/8.11.1) with ESMTP id g73411r25963 for ; Sat, 3 Aug 2002 05:01:02 +0100 Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Fri, 2 Aug 2002 20:59:56 -0700 Received: from 68.1.143.100 by pv2fd.pav2.hotmail.msn.com with HTTP; Sat, 03 Aug 2002 03:59:55 GMT X-Originating-IP: [68.1.143.100] From: "Mike Smith" To: jiscmail@JISCMAIL.AC.UK Date: Fri, 02 Aug 2002 22:59:55 -0500 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 03 Aug 2002 03:59:56.0351 (UTC) FILETIME=[3AAFD4F0:01C23AA2] From LISTSERV at JISCMAIL.AC.UK Sat Aug 3 23:17:38 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:21 2006 Subject: MAILSCANNER: bob@SKYEWEB.COM requested to join Message-ID: <200208032217.XAA22800@magpie.ecs.soton.ac.uk> Sat, 3 Aug 2002 23:17:38 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from Bob Weber . You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER bob@SKYEWEB.COM Bob Weber The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+bob%40SKYEWEB.COM+Bob+Weber&L=MAILSCANNER ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From mailscanner at ecs.soton.ac.uk Mon Aug 5 12:29:26 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:21 2006 Subject: not logging ">>> Virus", only "Found 1 viruses" In-Reply-To: <200207311338.g6VDcGr16487@ori.rl.ac.uk> Message-ID: <5.1.0.14.2.20020805122635.076e5c88@imap.ecs.soton.ac.uk> At 14:38 31/07/2002, you wrote: >Dear All, >I am having the same problem, any ideas???? The McAfee parser doesn't log the report lines as they are broken into 2 and are therefore a real pain to log. The others log them at log level "info". >regards > >Dan > >On Mon, 3 Jun 2002 16:48:37 -0500, Paul Rossman >wrote: > > >Hi everyone, > > > >I'm going crazy trying to figure out why I'm not getting log reports for > >detected viruses.... To be more specific, I'm am getting these: > > > >Jun 3 16:38:18 glacier mailscanner[17266]: Found 1 viruses in messages > >g53Lbt217631 > > > >but not these types: > > > >May 28 21:42:53 quicksilver.ukc.ac.uk mailscanner[27921]: >>> Virus > >'W32/Klez-H' found in file ./17Cnnb-0001PL-00/install.exe > > > >I've looked every where for the keywords "found in" and ">>>" but to no > >relevant success. Looked at the src, in the howto/faq, in my mail archives > >since Jan 2002, and in the online mailing list archives. > > > >I'm using Mcafee: > > > >Virus Scan for Linux v4.16.0 > >Copyright (c) 1992-2001 Networks Associates Technology Inc. All rights >reserved. > >(408) 988-3832 LICENSED COPY - Nov 13 2001 > > > >Scan engine v4.1.60 for Linux. > >Virus data file v4205 created May 29 2002 > >Scanning for 60684 viruses, trojans and variants. > > > >Is that type of specific virus report to syslog a result of the virus >scanner > >(some thing other than mcafee?). > > > >I've included my syslog info below just in case. > > > >Any help would be much appreciated. > > > >Thanks! > >-paul > > > >------- > > > >syslog.conf file on mailserver contains: > > > >## > >## Everything to loghost > >## > >*.* @loghost > > > >------- > > > >syslog.conf file on loghost server contains the following line for mail: > > > >mail.warning;mail.emerg;mail.alert;mail.crit;mail.info;mail.err;mail.notice >;mail.debug;mail.* > > /var/log/maillog > > > >------- -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From pipera at HRZ.UNI-MARBURG.DE Mon Aug 5 13:24:53 2002 From: pipera at HRZ.UNI-MARBURG.DE (Piper Andreas) Date: Thu Jan 12 21:15:21 2006 Subject: not logging ">>> Virus", only "Found 1 viruses" In-Reply-To: Your message of "Mon, 05 Aug 2002 12:29:26 BST." <5.1.0.14.2.20020805122635.076e5c88@imap.ecs.soton.ac.uk> Message-ID: <200208051224.g75COrgG011230@pcrz255.HRZ.Uni-Marburg.DE> Hello, > > The McAfee parser doesn't log the report lines as they are broken into 2 > and are therefore a real pain to log. The others log them at log level "info". I am using the appended patch to enable logging for McAfee VirusScan. This is running now for some weeks on my mailers without problems (running MailScanner-3.21-1). Andreas Piper *** sweep.pl.orig Wed Jul 24 16:08:55 2002 --- sweep.pl Mon Aug 5 14:14:20 2002 *************** *** 567,572 **** --- 567,573 ---- # make an equivalent report line from the last 2 $report = "$lastline$currentline"; + Log::InfoLog($report); # note: '$dot' does not become '.' ($dot, $id, $part, @rest) = split(/\//, $lastline); $infections->{"$id"}{"$part"} .= $report . "\n"; From aldas at post.vilsat.net Mon Aug 5 13:39:33 2002 From: aldas at post.vilsat.net (Aldas Nabazas) Date: Thu Jan 12 21:15:21 2006 Subject: problems with sophos autoupdate Message-ID: <4222030895.20020805143933@post.vilsat.net> Hi, My Sophos 3.57 got out of date, so decided to install 3.59 and also upgraded my Mailscanner to 3.22-10 All works fine, but i get error when i'm trying to download ide files using mailscanner's autoupdate for sophos {noticed that sophos don't provide any update script with their virus scanner} Could not calculate Sophos version number, Bad file descriptor at ./autoupdate line 77. Line 77 warn "@_, $!"; Sophos installed in /usr/local/Sophos dir Thanks. From mailscanner at ecs.soton.ac.uk Mon Aug 5 13:50:55 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:21 2006 Subject: SA blacklist or SM access db In-Reply-To: <200208011903.g71J3e008445@osprey.magnet.fsu.edu> Message-ID: <5.1.0.14.2.20020805135026.05156c78@imap.ecs.soton.ac.uk> At 20:03 01/08/2002, you wrote: > Is it more efficient to use the blacklist feature in the > spam.assassin.prefs.conf file or to use a REJECT in the > sendmail access database? I use the sendmail access database, for precisely the reasons you give below. > I would think that it would be better to use the sendmail > access list because this would cause the message to be > kicked out before being delivered to the mqueue.in and > thus it would never have to be checked for viruses or spam. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From mailscanner at ecs.soton.ac.uk Mon Aug 5 13:44:54 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:21 2006 Subject: not logging ">>> Virus", only "Found 1 viruses" In-Reply-To: <200208051224.g75COrgG011230@pcrz255.HRZ.Uni-Marburg.DE> References: Message-ID: <5.1.0.14.2.20020805134423.052a54f8@imap.ecs.soton.ac.uk> Oops, sorry, didn't read my own code carefully enough. This patch will work fine (and is in the main code). At 13:24 05/08/2002, you wrote: >Hello, > > > > The McAfee parser doesn't log the report lines as they are broken into 2 > > and are therefore a real pain to log. The others log them at log level > "info". > >I am using the appended patch to enable logging for McAfee VirusScan. >This is running now for some weeks on my mailers without problems >(running MailScanner-3.21-1). > >Andreas Piper > >*** sweep.pl.orig Wed Jul 24 16:08:55 2002 >--- sweep.pl Mon Aug 5 14:14:20 2002 >*************** >*** 567,572 **** >--- 567,573 ---- > > # make an equivalent report line from the last 2 > $report = "$lastline$currentline"; >+ Log::InfoLog($report); > # note: '$dot' does not become '.' > ($dot, $id, $part, @rest) = split(/\//, $lastline); > $infections->{"$id"}{"$part"} .= $report . "\n"; -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From mailscanner at ecs.soton.ac.uk Mon Aug 5 13:56:33 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:21 2006 Subject: problems with sophos autoupdate In-Reply-To: <4222030895.20020805143933@post.vilsat.net> Message-ID: <5.1.0.14.2.20020805135511.05232648@imap.ecs.soton.ac.uk> At 13:39 05/08/2002, you wrote: >My Sophos 3.57 got out of date, so decided to install 3.59 and also >upgraded my Mailscanner to 3.22-10 Did you install Sophos 3.59 using my /usr/local/MailScanner/bin/Sophos.install script? >All works fine, but i get error when i'm trying to download ide files >using mailscanner's autoupdate for sophos {noticed that sophos don't >provide any update script with their virus scanner} > >Could not calculate Sophos version number, Bad file descriptor at >./autoupdate line 77. Delete everything under /usr/local/Sophos (except /usr/local/Sophos/bin/*) and install it using my Sophos.install script. That does an "autoupdate" as its last action. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From mailscanner at ecs.soton.ac.uk Mon Aug 5 13:52:45 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:21 2006 Subject: messages from lists serv that redirects In-Reply-To: <200208021807.g72I7A407921@www.usdla.com> Message-ID: <5.1.0.14.2.20020805135139.050f1390@imap.ecs.soton.ac.uk> At 19:07 02/08/2002, you wrote: >I have clients that subscribe to lists hosted by yahoogroups. The list >messages are often marked as spam, I assume, because of the >advertisements contained in the message. > >The problem appears to be that the list server redirects (I think that's >the term) messages so the To:/From: fields are as the original sender >sees them. I guess list members are BCC: > >For instance, a message looks like this: > >From: joeuser@blah.com >To: list@yahoogroups.com But what addresses appear in the envelope? They are what count, not what appears in the headers. You may well find that the envelope sender address is always somehow associated with yahoo. >So, I can't put the sender in a whitelist, since it is different every >time. Since the list address appears in the To: field, I have seen no >effect by placing the list address in a whitelist. > >How do I work around this? If I told spamassassin that yahoogroups.com >was a local domain, would that cause other problems? -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From mailscanner at ecs.soton.ac.uk Mon Aug 5 13:54:42 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:21 2006 Subject: Sendmail 8.9.3 ==> 8.12.x & MailScanner In-Reply-To: <200208050303.XAA100344@garnet.acns.fsu.edu> Message-ID: <5.1.0.14.2.20020805135322.050b6b78@imap.ecs.soton.ac.uk> At 04:03 05/08/2002, you wrote: >I'm currently running MailScanner 3.22-7 with Sendmail 8.9.3 >and am occasionally experiencing the "Failed to link message >body between queues" problem presumably because that version >of Sendmail generates message-ids based on the PID of the >Sendmail process, and during slow periods a given Sendmail >child instance can process multiple messages with the same >QID in the queue filename(s). (Or something like that.) This can occasionally happen with old sendmails, yes. >Anyway, to get rid of the problem I'd like to upgrade Sendmail >to one of the more(most) recent versions, say 8.12.. > >I'm curious if there are any "gotchas" waiting around the >corner once I try the newer Sendmail with MailScanner. One >little item I read in the Sendmail release notes concerning >moving queue files around sounded like it could be a problem >in conjunction with MailScanner (the release notes item talked >about Sendmail "moving files back to where they are supposed >to be"). > >Would appreciate any heads-ups from anyone who has already >been down this path. I've got sendmail 8.12. running quite happily. Don't take too much notice of the submit.cf stuff, just let it do what it wants to with that. The "clientmqueue" doesn't impact MailScanner's operation at all, seems to run just fine here. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From LISTSERV at JISCMAIL.AC.UK Mon Aug 5 13:34:03 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:21 2006 Subject: MAILSCANNER: support@UNOFFICIAL-SUPPORT.COM left the list Message-ID: <200208051234.NAA29024@magpie.ecs.soton.ac.uk> Mon, 5 Aug 2002 13:34:03 support@UNOFFICIAL-SUPPORT.COM has just signed off the MAILSCANNER list (MailScanner mailing list). ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From aldas at post.vilsat.net Mon Aug 5 14:19:43 2002 From: aldas at post.vilsat.net (Aldas Nabazas) Date: Thu Jan 12 21:15:21 2006 Subject: problems with sophos autoupdate In-Reply-To: <5.1.0.14.2.20020805135511.05232648@imap.ecs.soton.ac.uk> References: <5.1.0.14.2.20020805135511.05232648@imap.ecs.soton.ac.uk> Message-ID: <15924441310.20020805151943@post.vilsat.net> JF> At 13:39 05/08/2002, you wrote: >>My Sophos 3.57 got out of date, so decided to install 3.59 and also >>upgraded my Mailscanner to 3.22-10 JF> Did you install Sophos 3.59 using my JF> /usr/local/MailScanner/bin/Sophos.install script? >>All works fine, but i get error when i'm trying to download ide files >>using mailscanner's autoupdate for sophos {noticed that sophos don't >>provide any update script with their virus scanner} >> >>Could not calculate Sophos version number, Bad file descriptor at >>./autoupdate line 77. JF> Delete everything under /usr/local/Sophos (except /usr/local/Sophos/bin/*) JF> and install it using my Sophos.install script. That does an "autoupdate" as JF> its last action. JF> -- JF> Julian Field Teaching Systems Manager JF> jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science JF> Tel. 023 8059 2817 University of Southampton JF> Southampton SO17 1BJ Thank You Julian, yeah it worked , but now when i'm running /usr/local/Sophos/bin/autoupdate , i got this error again looked over your instal script, and can't get why it works for first time, but when i'am running it i got error's? :) From domeng at STII.DOST.GOV.PH Mon Aug 5 14:19:25 2002 From: domeng at STII.DOST.GOV.PH (Domingo Genaro P. Tamayo) Date: Thu Jan 12 21:15:21 2006 Subject: problems with sophos autoupdate In-Reply-To: <4222030895.20020805143933@post.vilsat.net> References: <4222030895.20020805143933@post.vilsat.net> Message-ID: <1083.165.220.14.11.1028553565.squirrel@itdgate.stii.dost.gov.ph> Hi, Got the same problem. Im running Sophos 3.53. Visited the Sophos Site yesterday, and it states there: "3.3. Why doesn't Sophos supply virus identities (IDEs) for versions of Sophos Anti-Virus more than three months old?Sophos recommends that you upgrade Sophos Anti-Virus whenever there is a new release. Currently this is monthly. During any three month period Sophos will have analysed many hundreds of new viruses. Some of these will probably require updates to the scanning technology, often because there are changes in the kind of objects that viruses can infect, e.g. new Microsoft Office file formats. Sophos cannot offer technical support to customers who are not using an up-to-date version of Sophos Anti-Virus for this reason." --http://www.sophos.com/support/faqs/ide.html#3.3 Is this the reason? Thanks. Thanks for mailscanner. > Hi, > > My Sophos 3.57 got out of date, so decided to install 3.59 and also > upgraded my Mailscanner to 3.22-10 > > All works fine, but i get error when i'm trying to download ide files > using mailscanner's autoupdate for sophos {noticed that sophos don't > provide any update script with their virus scanner} > > Could not calculate Sophos version number, Bad file descriptor at > ./autoupdate line 77. > > Line 77 > warn "@_, $!"; > > Sophos installed in /usr/local/Sophos dir > > Thanks. From andersan at LTKALMAR.SE Mon Aug 5 14:51:24 2002 From: andersan at LTKALMAR.SE (Anders Andersson, IT) Date: Thu Jan 12 21:15:21 2006 Subject: Simpel question before uppgrade Message-ID: <7B475DC5E9502B4D91EA73C283AE48D70263EAB6@lkl22.ltkalmar.se> Hi Just thought if there is something I should condsider before I do an uppgrade. I have nothing I really need to save from old config. Should I do a uninstall first or uppgrade the rpm? The few changes I made was messgae files and so it will use uvscan? Kind regards /Anders From mailscanner at ecs.soton.ac.uk Mon Aug 5 15:37:09 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:21 2006 Subject: Simpel question before uppgrade In-Reply-To: <7B475DC5E9502B4D91EA73C283AE48D70263EAB6@lkl22.ltkalmar.se > Message-ID: <5.1.0.14.2.20020805153625.077fa408@imap.ecs.soton.ac.uk> At 14:51 05/08/2002, you wrote: >Hi >Just thought if there is something I should >condsider before I do an uppgrade. >I have nothing I really need to save from old >config. >Should I do a uninstall first or uppgrade the >rpm? >The few changes I made was messgae files and so >it will use uvscan? You should be able to just upgrade the RPM. Take a look in the /usr/local/MailScanner/etc directory after upgrading and you may find some *.rpmnew files which you need to merge into your existing setup. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From smohan at VSNL.COM Mon Aug 5 16:34:00 2002 From: smohan at VSNL.COM (S Mohan) Date: Thu Jan 12 21:15:21 2006 Subject: Sendmail 8.9.3 ==> 8.12.x & MailScanner In-Reply-To: <200208050303.XAA100344@garnet.acns.fsu.edu> Message-ID: <000901c23c95$865423d0$01000001@mohans> I used Sendmail 8.11-6 and mailscanner 3.20. Works on standard install for me. If your problem had something to do with load, it may be very specific. Mohan -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Lee Garner Sent: Monday, August 05, 2002 8:34 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Sendmail 8.9.3 ==> 8.12.x & MailScanner Hi, I'm currently running MailScanner 3.22-7 with Sendmail 8.9.3 and am occasionally experiencing the "Failed to link message body between queues" problem presumably because that version of Sendmail generates message-ids based on the PID of the Sendmail process, and during slow periods a given Sendmail child instance can process multiple messages with the same QID in the queue filename(s). (Or something like that.) Anyway, to get rid of the problem I'd like to upgrade Sendmail to one of the more(most) recent versions, say 8.12.. I'm curious if there are any "gotchas" waiting around the corner once I try the newer Sendmail with MailScanner. One little item I read in the Sendmail release notes concerning moving queue files around sounded like it could be a problem in conjunction with MailScanner (the release notes item talked about Sendmail "moving files back to where they are supposed to be"). Would appreciate any heads-ups from anyone who has already been down this path. Thanks, - Lee +--------------------------------------------+-------------------------- ------+ | Lee Garner (Sr. Systems Programmer) | E-mail: lee.garner@fsu.edu | | Academic Computing & Network Services | Fax: 850-644-8722 | | Florida State University | Voice: 850-644-2591 | | Tallahassee, Florida 32306-2760 USA | Teleport: 30°25'34N, 84°19'32W| +--------------------------------------------+-------------------------- ------+ From andersan at LTKALMAR.SE Mon Aug 5 16:50:43 2002 From: andersan at LTKALMAR.SE (Anders Andersson, IT) Date: Thu Jan 12 21:15:22 2006 Subject: SV: Simpel question before uppgrade Message-ID: <7B475DC5E9502B4D91EA73C283AE48D70263EAB7@lkl22.ltkalmar.se> Looks like it passed without any problem. But since my changes where almost none I guess I might as well rename old conf files and use the new ones. Ive got a slight problem that Im sure it my fault but Im hoping you might give me a clue. When I try to use autoupdate script for uvscan I get this [root@knubbis uvscan]# ./autoupdate Can't locate Net/FTP.pm in @INC (@INC contains: /usr/lib/perl5/5.6.1/i386-linux /usr/lib/perl5/5.6.1 /usr/lib/perl5/site_perl/5.6.1/i386-linux /usr/lib/perl5/site_perl/5.6.1 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.6.1/i386-linux /usr/lib/perl5/vendor_perl/5.6.1 /usr/lib/perl5/vendor_perl .) at ./autoupdate line 17. BEGIN failed--compilation aborted at ./autoupdate line 17. [root@knubbis uvscan]# As far as I can figure out (newbie) Im missing something in perl but noot sure how to fix this. =( Thanks again for all the help /Anders > -----Ursprungligt meddelande----- > Fr?n: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > Skickat: den 5 augusti 2002 16:37 > Till: MAILSCANNER@JISCMAIL.AC.UK > ?mne: Re: Simpel question before uppgrade > > > At 14:51 05/08/2002, you wrote: > >Hi > >Just thought if there is something I should > >condsider before I do an uppgrade. > >I have nothing I really need to save from old > >config. > >Should I do a uninstall first or uppgrade the > >rpm? > >The few changes I made was messgae files and so > >it will use uvscan? > > You should be able to just upgrade the RPM. > Take a look in the /usr/local/MailScanner/etc directory after > upgrading and > you may find some *.rpmnew files which you need to merge into > your existing > setup. > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ > From Denis.Beauchemin at USHERBROOKE.CA Mon Aug 5 17:02:40 2002 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:15:22 2006 Subject: Cosmetic problems not fixed Message-ID: <1028563360.6773.5.camel@dbeauchemin.si.usherb.ca> Hi, A few weeks ago (before my summer vacation) I asked for some cosmetic changes in the text of the error reports and Julian said they would be incorporated into the new version. Well, I am now using mailscanner-3.22-8 and it is still not perfect: R?sultats de l'antivirus: /g75DxwL05963/VALUE2.exe Found the W32/Klez.h@MM virus !!! Les fichiers ?.EXE? sont trop souvent infect?s par des virus in VALUE2.exe The path is still part of the virus report (McAfee) and I still get the "in VALUE2.exe" at the end of my French translation. Any hope of fixing this? Apart from those small problems, this is really a GREAT software. Thanks! Denis -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x2252 F: 819.821.8045 From LISTSERV at JISCMAIL.AC.UK Mon Aug 5 17:02:55 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:22 2006 Subject: MAILSCANNER: jorge.bras@IESTRADAS.PT left the list Message-ID: <200208051602.RAA15344@magpie.ecs.soton.ac.uk> Mon, 5 Aug 2002 17:02:55 Jorge Bras has just signed off the MAILSCANNER list (MailScanner mailing list). ------------------------- Original mail header -------------------------- Return-Path: Received: from 130.246.192.52 by JISCMAIL.AC.UK (SMTPL release 1.0f) with TCP; Mon, 5 Aug 2002 17:02:14 +0100 Received: from sim44.i.iestradas.pt (www.jae.pt [194.65.130.50] (may be forged)) by ori.rl.ac.uk (8.11.1/8.11.1) with ESMTP id g75G2Cr04908 for ; Mon, 5 Aug 2002 17:02:13 +0100 Received: by sim44.i.iestradas.pt (Postfix, from userid 500) id 21F58C439; Mon, 5 Aug 2002 11:55:13 -0400 (EDT) Date: Mon, 5 Aug 2002 16:55:13 +0100 From: Jorge Bras To: LISTSERV@JISCMAIL.AC.UK Message-ID: <20020805165513.B9452@iestradas.pt> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i From mailscanner at ecs.soton.ac.uk Mon Aug 5 17:09:53 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:22 2006 Subject: Cosmetic problems not fixed In-Reply-To: <1028563360.6773.5.camel@dbeauchemin.si.usherb.ca> Message-ID: <5.1.0.14.2.20020805170830.052fce50@imap.ecs.soton.ac.uk> At 17:02 05/08/2002, you wrote: >A few weeks ago (before my summer vacation) I asked for some cosmetic >changes in the text of the error reports and Julian said they would be >incorporated into the new version. > >Well, I am now using mailscanner-3.22-8 and it is still not perfect: > >R?sultats de l'antivirus: > /g75DxwL05963/VALUE2.exe Found the W32/Klez.h@MM virus !!! > Les fichiers ?.EXE? sont trop souvent infect?s par des virus in VALUE2.exe > >The path is still part of the virus report (McAfee) You only get the last bit of the path, not the whole path from / any more. So you aren't giving away any information about your setup. > and I still get the >"in VALUE2.exe" at the end of my French translation. Can you tell me roughly where this is printed, and what the output appears in? Looking for "in" in all the source is not really practical. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From lbergman at abi.tconline.net Mon Aug 5 17:04:12 2002 From: lbergman at abi.tconline.net (Lewis Bergman) Date: Thu Jan 12 21:15:22 2006 Subject: Cosmetic problems not fixed In-Reply-To: <1028563360.6773.5.camel@dbeauchemin.si.usherb.ca> References: <1028563360.6773.5.camel@dbeauchemin.si.usherb.ca> Message-ID: <200208051104.12257.lbergman@abi.tconline.net> On Monday 05 August 2002 11:02 am, Denis Beauchemin wrote: > Hi, > > A few weeks ago (before my summer vacation) I asked for some cosmetic > changes in the text of the error reports and Julian said they would be > incorporated into the new version. > > Well, I am now using mailscanner-3.22-8 and it is still not perfect: > > R?sultats de l'antivirus: > /g75DxwL05963/VALUE2.exe Found the W32/Klez.h@MM virus !!! > Les fichiers ?.EXE? sont trop souvent infect?s par des virus in > VALUE2.exe > > The path is still part of the virus report (McAfee) and I still get the > "in VALUE2.exe" at the end of my French translation. > > Any hope of fixing this? Apart from those small problems, this is > really a GREAT software. Aren't we a little curt? Did you try setting the new variable for this? -- Lewis Bergman Texas Communications 4309 Maple St. Abilene, TX 79602-8044 915-695-6962 ext 115 From Denis.Beauchemin at USHERBROOKE.CA Mon Aug 5 18:39:42 2002 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:15:22 2006 Subject: Cosmetic problems not fixed In-Reply-To: <5.1.0.14.2.20020805170830.052fce50@imap.ecs.soton.ac.uk> References: <5.1.0.14.2.20020805170830.052fce50@imap.ecs.soton.ac.uk> Message-ID: <1028569182.7337.18.camel@dbeauchemin.si.usherb.ca> Julian, I have the following in mailscanner.conf: Hide Incoming Work Dir = yes Virus Scanner = mcafee Sweep = /usr/local/uvscan/mcafeewrapper As for the "in VALUE2.exe" part, it comes from deleted.virus.message.txt: R?sultats de l'antivirus: $report So basically all the text comes from the "$report" variable. Thanks! Denis BTW I believe the rpm -Uvh I did to upgrade MailScanner replaced my version of autoupdate with a new one without saving the old one as .rpmsav (I modified it because we mirror the McAfee site locally). On Mon, 2002-08-05 at 12:09, Julian Field wrote: > At 17:02 05/08/2002, you wrote: > >A few weeks ago (before my summer vacation) I asked for some cosmetic > >changes in the text of the error reports and Julian said they would be > >incorporated into the new version. > > > >Well, I am now using mailscanner-3.22-8 and it is still not perfect: > > > >R?sultats de l'antivirus: > > /g75DxwL05963/VALUE2.exe Found the W32/Klez.h@MM virus !!! > > Les fichiers ?.EXE? sont trop souvent infect?s par des virus in VALUE2.exe > > > >The path is still part of the virus report (McAfee) > > You only get the last bit of the path, not the whole path from / any more. > So you aren't giving away any information about your setup. > > > and I still get the > >"in VALUE2.exe" at the end of my French translation. > > Can you tell me roughly where this is printed, and what the output appears > in? Looking for "in" in all the source is not really practical. > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ > -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x2252 F: 819.821.8045 From mailscanner at ecs.soton.ac.uk Mon Aug 5 18:58:00 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:22 2006 Subject: Cosmetic problems not fixed In-Reply-To: <1028569182.7337.18.camel@dbeauchemin.si.usherb.ca> References: <5.1.0.14.2.20020805170830.052fce50@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020805170830.052fce50@imap.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020805185602.02ec0758@imap.ecs.soton.ac.uk> At 18:39 05/08/2002, you wrote: >I have the following in mailscanner.conf: >Hide Incoming Work Dir = yes >Virus Scanner = mcafee >Sweep = /usr/local/uvscan/mcafeewrapper Good. >As for the "in VALUE2.exe" part, it comes from >deleted.virus.message.txt: >R?sultats de l'antivirus: >$report > >So basically all the text comes from the "$report" variable. You will need to edit sweep.pl line 1082, which currently says Log::InfoLog($Config::NameLog[$i] . " in $attach"); >BTW I believe the rpm -Uvh I did to upgrade MailScanner replaced my >version of autoupdate with a new one without saving the old one as >.rpmsav (I modified it because we mirror the McAfee site locally). Yes, it will. Virtually no-one alters this file so it is not treated as a config file. >On Mon, 2002-08-05 at 12:09, Julian Field wrote: > > At 17:02 05/08/2002, you wrote: > > >A few weeks ago (before my summer vacation) I asked for some cosmetic > > >changes in the text of the error reports and Julian said they would be > > >incorporated into the new version. > > > > > >Well, I am now using mailscanner-3.22-8 and it is still not perfect: > > > > > >R?sultats de l'antivirus: > > > /g75DxwL05963/VALUE2.exe Found the W32/Klez.h@MM virus !!! > > > Les fichiers ?.EXE? sont trop souvent infect?s par des virus in > VALUE2.exe > > > > > >The path is still part of the virus report (McAfee) > > > > You only get the last bit of the path, not the whole path from / any more. > > So you aren't giving away any information about your setup. > > > > > and I still get the > > >"in VALUE2.exe" at the end of my French translation. > > > > Can you tell me roughly where this is printed, and what the output appears > > in? Looking for "in" in all the source is not really practical. > > -- > > Julian Field Teaching Systems Manager > > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > > Tel. 023 8059 2817 University of Southampton > > Southampton SO17 1BJ > > >-- >Denis Beauchemin, analyste >Universit? de Sherbrooke, S.T.I. >T: 819.821.8000x2252 F: 819.821.8045 -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From LISTSERV at JISCMAIL.AC.UK Mon Aug 5 19:23:34 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:22 2006 Subject: MAILSCANNER: japerez@CORREO.UAA.MX requested to join Message-ID: <200208051823.TAA25522@magpie.ecs.soton.ac.uk> Mon, 5 Aug 2002 19:23:34 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from Jos? Antonio P?rez Hern?ndez . The following subscription options have been requested: HTML INDEX. You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER japerez@CORREO.UAA.MX Jos? Antonio P?rez Hern?ndez The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+japerez%40CORREO.UAA.MX+Jos%E9+Antonio+P%E9rez+Hern%E1ndez&L=MAILSCANNER This first link will add the subscriber to the list. You can then set the subscription options with this link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=SET+MAILSCANNER+HTML+INDEX+FOR+japerez%40CORREO.UAA.MX&L=MAILSCANNER ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From Chris.Campbell at FAC.COM Mon Aug 5 20:05:43 2002 From: Chris.Campbell at FAC.COM (Chris Campbell) Date: Thu Jan 12 21:15:22 2006 Subject: evite.com Message-ID: Does anyone know how to allow evite.com emails to not be tagged as spam? The evite.com RULE seems not to even be getting the hit, so making a -50 on the EVITE rule didnt work for me. The emails have the FROM as the senders personal email account, so I cannot simply whitelist evite.com :/ Thanks in advance. ..................................... Christopher S. Campbell UNIX Admin First Albany Corp 518.447.8544 chris.campbell@fac.com From japerez at CORREO.UAA.MX Mon Aug 5 20:14:56 2002 From: japerez at CORREO.UAA.MX (=?iso-8859-1?Q?Jos=E9?= Antonio =?iso-8859-1?Q?P=E9rez=20Hern=E1ndez?=) Date: Thu Jan 12 21:15:22 2006 Subject: QUESTION: Self copy of messages doesn't work, why? Message-ID: <3D4ECEB0.5FE0D4AE@correo.uaa.mx> Hi list. Hope this have been resolved before, if not, I'd like read your advice: I'm trying set up a Debian mail server with Exim 3.35 and Mailscanner 3.13.2; the clients are Netscape Messenger 4.78 & 6 on WinXX. Everything seems to be OK, except for the automatic function for saving a copy of outgoing messages on Sent folder. Netscape fails this with a message like " the command has not finish correctly. The server response is APPEND[TRYCREATE] failed." I accept the warning box and the message is delivered. I've checked the owner and group permisions, the content of .mailboxlist, and config options for Exim and Mailscanner. If this matter has been resolved, please tell me how was treated 'cause I'd searched the list archive and found nothing. TIA Jose Antonio P?rez -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020805/a6b9f921/attachment.html From mailscanner at ecs.soton.ac.uk Mon Aug 5 20:24:43 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:22 2006 Subject: evite.com In-Reply-To: Message-ID: <5.1.0.14.2.20020805202351.02e90180@imap.ecs.soton.ac.uk> At 20:05 05/08/2002, you wrote: >Does anyone know how to allow evite.com emails to not be tagged as spam? >The evite.com RULE seems not to even be getting the hit, so making a -50 on >the EVITE rule didnt work for me. The emails have the FROM as the senders >personal email account, so I cannot simply whitelist evite.com :/ Even the envelope sender address isn't evite.com? Check your maillog to see where it thinks they come from.m >Thanks in advance. > > >..................................... >Christopher S. Campbell >UNIX Admin >First Albany Corp >518.447.8544 >chris.campbell@fac.com -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From mailscanner at ecs.soton.ac.uk Mon Aug 5 20:28:36 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:22 2006 Subject: QUESTION: Self copy of messages doesn't work, why? In-Reply-To: <3D4ECEB0.5FE0D4AE@correo.uaa.mx> Message-ID: <5.1.0.14.2.20020805202718.02e877d0@imap.ecs.soton.ac.uk> At 20:14 05/08/2002, you wrote: >I'm trying set up a Debian mail server with Exim 3.35 and Mailscanner >3.13.2; the clients are Netscape Messenger 4.78 & 6 on WinXX. Everything >seems to be OK, except for the automatic function for saving a copy of >outgoing messages on Sent folder. Netscape fails this with a message like >" the command has not finish correctly. The server response is >APPEND[TRYCREATE] failed." I accept the warning box and the message is >delivered. >I've checked the owner and group permisions, the content of .mailboxlist, >and config options for Exim and Mailscanner. How is this a MailScanner problem? It looks more like an IMAP/MUA problem, in which MailScanner is not involved. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From Chris.Campbell at FAC.COM Mon Aug 5 20:44:40 2002 From: Chris.Campbell at FAC.COM (Chris Campbell) Date: Thu Jan 12 21:15:22 2006 Subject: evite.com Message-ID: Nope, the relay is citysearch.com, but I don;t know how to whitelist based on relay.... ..................................... Christopher S. Campbell UNIX Admin First Albany Corp Julian Field cc: Sent by: Subject: Re: evite.com MailScanner mailing list 08/05/2002 03:24 PM Please respond to MailScanner mailing list At 20:05 05/08/2002, you wrote: >Does anyone know how to allow evite.com emails to not be tagged as spam? >The evite.com RULE seems not to even be getting the hit, so making a -50 on >the EVITE rule didnt work for me. The emails have the FROM as the senders >personal email account, so I cannot simply whitelist evite.com :/ Even the envelope sender address isn't evite.com? Check your maillog to see where it thinks they come from.m >Thanks in advance. > > >..................................... >Christopher S. Campbell >UNIX Admin >First Albany Corp -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From mailscanner at ecs.soton.ac.uk Mon Aug 5 21:33:28 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:22 2006 Subject: evite.com In-Reply-To: Message-ID: <5.1.0.14.2.20020805213312.02bcb358@imap.ecs.soton.ac.uk> At 20:44 05/08/2002, you wrote: >Nope, the relay is citysearch.com, but I don;t know how to whitelist based >on relay.... You need to look at the From address, not the relay. >..................................... >Christopher S. Campbell >UNIX Admin >First Albany Corp > > > > > > > Julian Field > MAILSCANNER@JISCMAIL.AC.UK > TON.AC.UK> cc: > Sent by: Subject: Re: evite.com > MailScanner mailing > list > IL.AC.UK> > > > 08/05/2002 03:24 PM > Please respond to > MailScanner mailing > list > > > > > > >At 20:05 05/08/2002, you wrote: > >Does anyone know how to allow evite.com emails to not be tagged as spam? > >The evite.com RULE seems not to even be getting the hit, so making a -50 >on > >the EVITE rule didnt work for me. The emails have the FROM as the senders > >personal email account, so I cannot simply whitelist evite.com :/ > >Even the envelope sender address isn't evite.com? Check your maillog to see >where it thinks they come from.m > > > > >Thanks in advance. > > > > > >..................................... > >Christopher S. Campbell > >UNIX Admin > >First Albany Corp > > >-- >Julian Field Teaching Systems Manager >jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science >Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From Denis.Beauchemin at USHERBROOKE.CA Mon Aug 5 21:35:57 2002 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:15:22 2006 Subject: Cosmetic problems not fixed In-Reply-To: <5.1.0.14.2.20020805185602.02ec0758@imap.ecs.soton.ac.uk> References: <5.1.0.14.2.20020805170830.052fce50@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020805170830.052fce50@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020805185602.02ec0758@imap.ecs.soton.ac.uk> Message-ID: <1028579758.6697.95.camel@dbeauchemin.si.usherb.ca> Julian, Thanks! It worked after restarting MailScanner (didn't think I would have to). Now, could this be configurable with some mailscanner.conf directive? I'm sure people who translated the messages in different languages would also like to get rid of this text. Also: the path is still partially shown in the $report variable. To get rid of it I had to modify sweep.pl around line 564: # McAfee prints the whole path as opposed to # ./messages/part so make it the same $lastline =~ s/$BaseDir//; my($mylastline) = ($lastline); $mylastline =~ s-^.*/--; # make an equivalent report line from the last 2 #$report = "$lastline$currentline"; $report = "$mylastline$currentline"; Now the report looks like (which is what I believed the "Hide Incoming Work Dir = yes" would have done): R?sultats de l'antivirus: Research.com Found the W32/Magistr.b@MM virus !!! Les fichiers ?.COM? sont trop souvent infect?s par des virus The only thing left to do: translate the messages from McAfee... 8-( Denis On Mon, 2002-08-05 at 13:58, Julian Field wrote: > >As for the "in VALUE2.exe" part, it comes from > >deleted.virus.message.txt: > >R?sultats de l'antivirus: > >$report > > > >So basically all the text comes from the "$report" variable. > > You will need to edit sweep.pl line 1082, which currently says > Log::InfoLog($Config::NameLog[$i] . " in $attach"); -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x2252 F: 819.821.8045 From Chris.Campbell at FAC.COM Mon Aug 5 21:36:12 2002 From: Chris.Campbell at FAC.COM (Chris Campbell) Date: Thu Jan 12 21:15:22 2006 Subject: evite.com Message-ID: The FROM address gets labeled as whatever the user puts as his/her email address when making the evite. ..................................... Christopher S. Campbell UNIX Admin First Albany Corp 518.447.8544 chris.campbell@fac.com Julian Field cc: Sent by: Subject: Re: evite.com MailScanner mailing list 08/05/2002 04:33 PM Please respond to MailScanner mailing list At 20:44 05/08/2002, you wrote: >Nope, the relay is citysearch.com, but I don;t know how to whitelist based >on relay.... You need to look at the From address, not the relay. >..................................... >Christopher S. Campbell >UNIX Admin >First Albany Corp > > > > > > > Julian Field > MAILSCANNER@JISCMAIL.AC.UK > TON.AC.UK> cc: > Sent by: Subject: Re: evite.com > MailScanner mailing > list > IL.AC.UK> > > > 08/05/2002 03:24 PM > Please respond to > MailScanner mailing > list > > > > > > >At 20:05 05/08/2002, you wrote: > >Does anyone know how to allow evite.com emails to not be tagged as spam? > >The evite.com RULE seems not to even be getting the hit, so making a -50 >on > >the EVITE rule didnt work for me. The emails have the FROM as the senders > >personal email account, so I cannot simply whitelist evite.com :/ > >Even the envelope sender address isn't evite.com? Check your maillog to see >where it thinks they come from.m > > > > >Thanks in advance. > > > > > >..................................... > >Christopher S. Campbell > >UNIX Admin > >First Albany Corp > > >-- >Julian Field Teaching Systems Manager >jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science >Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From mailscanner at ecs.soton.ac.uk Mon Aug 5 21:51:53 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:22 2006 Subject: evite.com In-Reply-To: Message-ID: <5.1.0.14.2.20020805215049.02bc7268@imap.ecs.soton.ac.uk> At 21:36 05/08/2002, you wrote: >The FROM address gets labeled as whatever the user puts as his/her email >address when making the evite. So they fake the sender as well as the From address? :-( Can you mail me the maillog entries you see when one of these messages arrives please? > Julian Field > MAILSCANNER@JISCMAIL.AC.UK > TON.AC.UK> cc: > Sent by: Subject: Re: evite.com > MailScanner mailing > list > IL.AC.UK> > > > 08/05/2002 04:33 PM > Please respond to > MailScanner mailing > list > > > > > > >At 20:44 05/08/2002, you wrote: > >Nope, the relay is citysearch.com, but I don;t know how to whitelist based > >on relay.... > >You need to look at the From address, not the relay. > > > > > > >..................................... > >Christopher S. Campbell > >UNIX Admin > >First Albany Corp > > > > > > > > > > > > > > Julian Field > > > MAILSCANNER@JISCMAIL.AC.UK > > TON.AC.UK> cc: > > Sent by: Subject: Re: evite.com > > MailScanner mailing > > list > > > IL.AC.UK> > > > > > > 08/05/2002 03:24 PM > > Please respond to > > MailScanner mailing > > list > > > > > > > > > > > > > >At 20:05 05/08/2002, you wrote: > > >Does anyone know how to allow evite.com emails to not be tagged as spam? > > >The evite.com RULE seems not to even be getting the hit, so making a -50 > >on > > >the EVITE rule didnt work for me. The emails have the FROM as the >senders > > >personal email account, so I cannot simply whitelist evite.com :/ > > > >Even the envelope sender address isn't evite.com? Check your maillog to >see > >where it thinks they come from.m > > > > > > > > >Thanks in advance. > > > > > > > > >..................................... > > >Christopher S. Campbell > > >UNIX Admin > > >First Albany Corp > > > > > >-- > >Julian Field Teaching Systems Manager > >jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > >Tel. 023 8059 2817 University of Southampton > > Southampton SO17 1BJ > >-- >Julian Field Teaching Systems Manager >jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science >Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From aldas at post.vilsat.net Tue Aug 6 08:05:22 2002 From: aldas at post.vilsat.net (Aldas Nabazas) Date: Thu Jan 12 21:15:22 2006 Subject: problems with sophos autoupdate In-Reply-To: <15924441310.20020805151943@post.vilsat.net> References: <5.1.0.14.2.20020805135511.05232648@imap.ecs.soton.ac.uk> <15924441310.20020805151943@post.vilsat.net> Message-ID: <1122589691.20020806090522@post.vilsat.net> JF>> At 13:39 05/08/2002, you wrote: >>>My Sophos 3.57 got out of date, so decided to install 3.59 and also >>>upgraded my Mailscanner to 3.22-10 JF>> Did you install Sophos 3.59 using my JF>> /usr/local/MailScanner/bin/Sophos.install script? >>>All works fine, but i get error when i'm trying to download ide files >>>using mailscanner's autoupdate for sophos {noticed that sophos don't >>>provide any update script with their virus scanner} >>> >>>Could not calculate Sophos version number, Bad file descriptor at >>>./autoupdate line 77. JF>> Delete everything under /usr/local/Sophos (except /usr/local/Sophos/bin/*) JF>> and install it using my Sophos.install script. That does an "autoupdate" as JF>> its last action. JF>> -- JF>> Julian Field Teaching Systems Manager JF>> jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science JF>> Tel. 023 8059 2817 University of Southampton JF>> Southampton SO17 1BJ That was yesterday Thank You Julian, yeah it worked , but now when i'm running /usr/local/Sophos/bin/autoupdate , i got this error again looked over your instal script, and can't get why it works for first time, but when i'am running it i got errors? :) The problem was here original autoupdate : $VDLDir = "../lib"; my autoupdate : $VDLDir = "/usr/local/Sophos/lib"; I don't know maybe i've chaged it or maybe not, well it doesn't matter now, i'm glad that it is working perfect as it worked till upgrade. {i have never upgraded mailscanner and sophos before} Sorry :) From P.G.M.Peters at civ.utwente.nl Tue Aug 6 08:49:28 2002 From: P.G.M.Peters at civ.utwente.nl (Peter Peters) Date: Thu Jan 12 21:15:22 2006 Subject: Cosmetic problems not fixed In-Reply-To: <1028579758.6697.95.camel@dbeauchemin.si.usherb.ca> References: <5.1.0.14.2.20020805170830.052fce50@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020805170830.052fce50@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020805185602.02ec0758@imap.ecs.soton.ac.uk> <1028579758.6697.95.camel@dbeauchemin.si.usherb.ca> Message-ID: <86vukugl8v3frcbp43us7f0medt395punu@4ax.com> On Mon, 5 Aug 2002 16:35:57 -0400, you wrote: >Also: the path is still partially shown in the $report variable. To get >rid of it I had to modify sweep.pl around line 564: Without it you wouldn't know where to look for the infected file. You could have hundreds of files with the same name but in different "message" dirs. We got over 7000 virusses yesterday (in 45.000 messages). -- Peter Peters senior netwerkbeheerder, Centrum voor Informatievoorziening, Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: +31 53 489 2301, fax:+31 53 489 2383, http://www.utwente.nl/civ From andersan at LTKALMAR.SE Tue Aug 6 09:38:09 2002 From: andersan at LTKALMAR.SE (Anders Andersson, IT) Date: Thu Jan 12 21:15:22 2006 Subject: Mcafee problem when updating Message-ID: <7B475DC5E9502B4D91EA73C283AE48D70263EABB@lkl22.ltkalmar.se> Ive tried to use the update script but something is not working. Im not sure but it looks like Im missing the ftp program its using. Is it my fault or mailscanner? Probably mine but not sure..... [root@knubbis uvscan]# ./autoupdate Can't locate Net/FTP.pm in @INC (@INC contains: /usr/lib/perl5/5.6.1/i386-linux /usr/lib/perl5/5.6.1 /usr/lib/perl5/site_perl/5.6.1/i386-linux /usr/lib/perl5/site_perl/5.6.1 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.6.1/i386-linux /usr/lib/perl5/vendor_perl/5.6.1 /usr/lib/perl5/vendor_perl .) at ./autoupdate line 17. BEGIN failed--compilation aborted at ./autoupdate line 17. Kind regards /Anders From LISTSERV at JISCMAIL.AC.UK Tue Aug 6 08:11:02 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:22 2006 Subject: MAILSCANNER: dhlii@1DLA.COM requested to join Message-ID: <200208060711.IAA01779@magpie.ecs.soton.ac.uk> Tue, 6 Aug 2002 08:11:02 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from David Lynch . You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER dhlii@1DLA.COM David Lynch The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+dhlii%401DLA.COM+David+Lynch&L=MAILSCANNER ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From scheuerm at rzsun08.uni-trier.de Tue Aug 6 10:06:42 2002 From: scheuerm at rzsun08.uni-trier.de (Horst Scheuermann) Date: Thu Jan 12 21:15:22 2006 Subject: Mcafee problem when updating Message-ID: <200208060906.LAA10041@rzsun08.uni-trier.de> > > Ive tried to use the update script but something is > not working. Im not sure but it looks like Im missing > the ftp program its using. Is it my fault or mailscanner? > Probably mine but not sure..... > > [root@knubbis uvscan]# ./autoupdate > Can't locate Net/FTP.pm in @INC (@INC contains: > /usr/lib/perl5/5.6.1/i386-linux /usr/lib/perl5/5.6.1 > /usr/lib/perl5/site_perl/5.6.1/i386-linux /usr/lib/perl5/site_perl/5.6.1 > /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.6.1/i386-linux > /usr/lib/perl5/vendor_perl/5.6.1 /usr/lib/perl5/vendor_perl .) at > ./autoupdate line 17. > BEGIN failed--compilation aborted at ./autoupdate line 17. perl -MCPAN -e shell o conf prerequisites_policy ask install Net::FTP -- Horst Scheuermann Universitaets-Rechenzentrum Trier __o 16 Universitaetsring 19 D-54286 Trier _`\<,_ Telefon: 0651 201 3436 Telefax: 0651 201 3921 (_)/ (_) scheuermann@uni-trier.de - Often in error; Never in Doubt! ~~~~~~~~~~~~ From m.sapsed at BANGOR.AC.UK Tue Aug 6 10:50:51 2002 From: m.sapsed at BANGOR.AC.UK (Martin Sapsed) Date: Thu Jan 12 21:15:22 2006 Subject: Cosmetic problems not fixed References: <5.1.0.14.2.20020805170830.052fce50@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020805170830.052fce50@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020805185602.02ec0758@imap.ecs.soton.ac.uk> <1028579758.6697.95.camel@dbeauchemin.si.usherb.ca> Message-ID: <3D4F9BFB.80702@bangor.ac.uk> Denis Beauchemin wrote: > On Mon, 2002-08-05 at 13:58, Julian Field wrote: > >>You will need to edit sweep.pl line 1082, which currently says >> Log::InfoLog($Config::NameLog[$i] . " in $attach"); Wouldn't it simplify things for translators if only the variable $attach was add by the perl and the " in" bit was in the template file? That way the "customers" have complete control over what appears. (As an aside I've sometimes thought that the " in " doesn't really fit with the rest of the message anyway...) Cheers, Martin -- Martin Sapsed Information Services "Who do you say I am?" University of Wales, Bangor Jesus of Nazareth From Denis.Beauchemin at USHERBROOKE.CA Tue Aug 6 13:32:29 2002 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:15:22 2006 Subject: Cosmetic problems not fixed In-Reply-To: <86vukugl8v3frcbp43us7f0medt395punu@4ax.com> References: <5.1.0.14.2.20020805170830.052fce50@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020805170830.052fce50@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020805185602.02ec0758@imap.ecs.soton.ac.uk> <1028579758.6697.95.camel@dbeauchemin.si.usherb.ca> <86vukugl8v3frcbp43us7f0medt395punu@4ax.com> Message-ID: <1028637150.6697.128.camel@dbeauchemin.si.usherb.ca> Peter, I am using "$Config::QuarantineDir/*/$id" in the message template to get to this information. Denis On Tue, 2002-08-06 at 03:49, Peter Peters wrote: > On Mon, 5 Aug 2002 16:35:57 -0400, you wrote: > > >Also: the path is still partially shown in the $report variable. To get > >rid of it I had to modify sweep.pl around line 564: > > Without it you wouldn't know where to look for the infected file. You > could have hundreds of files with the same name but in different > "message" dirs. > > We got over 7000 virusses yesterday (in 45.000 messages). > > -- > Peter Peters > senior netwerkbeheerder, Centrum voor Informatievoorziening, > Universiteit Twente, Postbus 217, 7500 AE Enschede > telefoon: +31 53 489 2301, fax:+31 53 489 2383, http://www.utwente.nl/civ > -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x2252 F: 819.821.8045 From andersan at LTKALMAR.SE Tue Aug 6 13:58:32 2002 From: andersan at LTKALMAR.SE (Anders Andersson, IT) Date: Thu Jan 12 21:15:22 2006 Subject: More newbie questions =) Message-ID: <7B475DC5E9502B4D91EA73C283AE48D70263EAC6@lkl22.ltkalmar.se> Hi I did the upgrade but I'm confused, is the *.rpmnew my old conf files? Ive found 2 files but cant see the differense - mailscanner.conf.rpmnew - virus.to.delete.conf.rpmnew Just to be sure I'm not missing anything I think I should uninstall mailscanner and then reinstall the new rpm. It's easier for people like me, anything to consider regarding sendmail before unistalling? I guess a normal rpm -ev should work? Is it possible to have a certain group that can recieve *.exe ie. techs at work, even though standard is to remove the file type. Kind regards /Anders From lbergman at abi.tconline.net Tue Aug 6 15:14:54 2002 From: lbergman at abi.tconline.net (Lewis Bergman) Date: Thu Jan 12 21:15:22 2006 Subject: More newbie questions =) In-Reply-To: <7B475DC5E9502B4D91EA73C283AE48D70263EAC6@lkl22.ltkalmar.se> References: <7B475DC5E9502B4D91EA73C283AE48D70263EAC6@lkl22.ltkalmar.se> Message-ID: <200208060914.54608.lbergman@abi.tconline.net> > I did the upgrade but I'm confused, > is the *.rpmnew my old conf files? > Ive found 2 files but cant see the differense > - mailscanner.conf.rpmnew > - virus.to.delete.conf.rpmnew rpmnew, as the name suggests, is the new files just installed from the rpm. This allows you to do an upgrade, turn on mailscanner, and then go back and update your conf files while the server is up. If the *.rpmnew and their counterparts are the same then you didn't make any changes. Don't reinstall. -- Lewis Bergman Texas Communications 4309 Maple St. Abilene, TX 79602-8044 915-695-6962 ext 115 From japerez at CORREO.UAA.MX Tue Aug 6 19:12:26 2002 From: japerez at CORREO.UAA.MX (Jos=?ISO-8859-1?Q?=E9_Antonio_P=E9rez_Hern=E1ndez?=) Date: Thu Jan 12 21:15:22 2006 Subject: SUMARY: Self copy of messages doesn't work, why? Message-ID: <200208061812.g76ICSr27184@ori.rl.ac.uk> Following your comment, I replaced the IMAP package and the problem was resolved. Sorry for the misunderstanding with the list and thanx again. On Mon, 5 Aug 2002 20:28:36 +0100, Julian Field wrote: >At 20:14 05/08/2002, you wrote: >>I'm trying set up a Debian mail server with Exim 3.35 and Mailscanner >>3.13.2; the clients are Netscape Messenger 4.78 & 6 on WinXX. Everything >>seems to be OK, except for the automatic function for saving a copy of >>outgoing messages on Sent folder. Netscape fails this with a message like >>" the command has not finish correctly. The server response is >>APPEND[TRYCREATE] failed." I accept the warning box and the message is >>delivered. >>I've checked the owner and group permisions, the content of .mailboxlist, >>and config options for Exim and Mailscanner. > >How is this a MailScanner problem? >It looks more like an IMAP/MUA problem, in which MailScanner is not involved. >-- >Julian Field Teaching Systems Manager >jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science >Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ Following From derek at csolve.net Tue Aug 6 22:30:41 2002 From: derek at csolve.net (Derek Buttineau) Date: Thu Jan 12 21:15:22 2006 Subject: Odd Question Message-ID: <027801c23d90$9815b6a0$8850a4cf@derek> Sorry if this has been asked before.. I attempted looking through the archives.. both my own personal and web based but couldn't seem to see anything similar. The question.. or rather the situation I have is this: In a situation where MailScanner is scanning on a per account basis for Spam.. if there are multiple recipients all headed towards the same MX with users that have different spam delivery methods (IE.. Some are set to delete and some are set to deliver).. the message will be delivered to all recipients if even one of the recipients is set to deliver.. (IE.. if there are 8 recipients.. 7 set to delete, one to deliver.. the message will be delivered).. I need to see if it's possible to deliver the message to only the one person that wants it delivered, and not deliver the remaining 7. What I'm wondering, and I may be off base, as unfortunately my knowledge of Mime is somewhat lacking.. is if the header info of the message could be rewritten to exclude those recipients who have chosen not to receive the message.. If anyone has any thoughts or suggestions, it would be greatly appreciated. Thanks, Derek From LISTSERV at JISCMAIL.AC.UK Tue Aug 6 19:39:53 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:22 2006 Subject: MAILSCANNER: zabriskw@ITECH.NET requested to join Message-ID: <200208061839.TAA06867@magpie.ecs.soton.ac.uk> Tue, 6 Aug 2002 19:39:53 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from Kris Zabriskie . You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER zabriskw@ITECH.NET Kris Zabriskie The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+zabriskw%40ITECH.NET+Kris+Zabriskie&L=MAILSCANNER ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From LISTSERV at JISCMAIL.AC.UK Tue Aug 6 19:44:19 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:22 2006 Subject: MAILSCANNER: baron@ITECH.NET requested to join Message-ID: <200208061844.TAA07218@magpie.ecs.soton.ac.uk> Tue, 6 Aug 2002 19:44:19 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from Joshua Baron . You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER baron@ITECH.NET Joshua Baron The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+baron%40ITECH.NET+Joshua+Baron&L=MAILSCANNER ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From LISTSERV at JISCMAIL.AC.UK Tue Aug 6 23:01:48 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:22 2006 Subject: MAILSCANNER: stefano@CDH.IT requested to join Message-ID: <200208062201.XAA19788@magpie.ecs.soton.ac.uk> Tue, 6 Aug 2002 23:01:48 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from Stefano Carlotto . You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER stefano@CDH.IT Stefano Carlotto The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+stefano%40CDH.IT+Stefano+Carlotto&L=MAILSCANNER ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From LISTSERV at JISCMAIL.AC.UK Wed Aug 7 08:30:50 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:22 2006 Subject: MAILSCANNER: alxwg@MAXIS.NET.MY requested to join Message-ID: <200208070730.IAA17844@magpie.ecs.soton.ac.uk> Wed, 7 Aug 2002 08:30:50 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from Alex Wong . You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER alxwg@MAXIS.NET.MY Alex Wong The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+alxwg%40MAXIS.NET.MY+Alex+Wong&L=MAILSCANNER ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From P.G.M.Peters at civ.utwente.nl Wed Aug 7 10:18:27 2002 From: P.G.M.Peters at civ.utwente.nl (Peter Peters) Date: Thu Jan 12 21:15:22 2006 Subject: Odd Question In-Reply-To: <027801c23d90$9815b6a0$8850a4cf@derek> References: <027801c23d90$9815b6a0$8850a4cf@derek> Message-ID: On Tue, 6 Aug 2002 17:30:41 -0400, you wrote: >What I'm wondering, and I may be off base, as unfortunately my knowledge of >Mime is somewhat lacking.. is if the header info of the message could be >rewritten to exclude those recipients who have chosen not to receive the >message.. It has nothing to do with MIME but with the way sendmail stores the messages in the queue. The messages are not stored per recipient but per message (logical). If you want to make a differentiation between the recipients of a message you will have to copy the message (all files in the queue pertaining to that message) for each and every recipient (you could make a distinction about what is intended) and deliver them seperatly. This would make things (much) slower and I wouldn't bet on it working all the time. -- Peter Peters senior netwerkbeheerder, Centrum voor Informatievoorziening, Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: +31 53 489 2301, fax:+31 53 489 2383, http://www.utwente.nl/civ From stefano at CDH.IT Wed Aug 7 11:05:23 2002 From: stefano at CDH.IT (Stefano Carlotto) Date: Thu Jan 12 21:15:22 2006 Subject: sendmail log altered Message-ID: <5.1.1.6.0.20020807120011.023e4a10@mail.cdh.it> May be this is a normal thing, but i doublechecked on every FAQ i could find with no answer. since I installed mailscanner, and so split sendmail process in two different ones, launched by /usr/sbin/sendmail -bd -ODeliveryMode=queueonly -OQueueDirectory=/var/spool/mqueue.in /usr/sbin/sendmail -q15m i have different logging of sendmail process in syslog. I mean. before for every mail passing in this system, I have a row logging from= and a row logging to= Now i have only two row with to= is it possibile to have from: logging back again? thanks Stefano Carlotto Ampersand Srl From mailscanner at ecs.soton.ac.uk Wed Aug 7 11:24:24 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:22 2006 Subject: Cosmetic problems not fixed In-Reply-To: <3D4F9BFB.80702@bangor.ac.uk> References: <5.1.0.14.2.20020805170830.052fce50@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020805170830.052fce50@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020805185602.02ec0758@imap.ecs.soton.ac.uk> <1028579758.6697.95.camel@dbeauchemin.si.usherb.ca> Message-ID: <5.1.0.14.2.20020807112318.04832e58@imap.ecs.soton.ac.uk> At 10:50 06/08/2002, you wrote: >Denis Beauchemin wrote: >>On Mon, 2002-08-05 at 13:58, Julian Field wrote: >> >>>You will need to edit sweep.pl line 1082, which currently says >>> Log::InfoLog($Config::NameLog[$i] . " in $attach"); > >Wouldn't it simplify things for translators if only the variable $attach >was add by the perl and the " in" bit was in the template file? But what then happens when you have more than 1 report for the same file? This is why it cannot go in the template file. > That way >the "customers" have complete control over what appears. (As an aside I've >sometimes thought that the " in " doesn't really fit with the rest of the >message anyway...) Suggestions for better wording always welcome... -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From mailscanner at ecs.soton.ac.uk Wed Aug 7 11:26:34 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:22 2006 Subject: More newbie questions =) In-Reply-To: <7B475DC5E9502B4D91EA73C283AE48D70263EAC6@lkl22.ltkalmar.se > Message-ID: <5.1.0.14.2.20020807112600.047ad2d8@imap.ecs.soton.ac.uk> At 13:58 06/08/2002, you wrote: >Is it possible to have a certain group that can >recieve *.exe ie. techs at work, even though standard >is to remove the file type. This is one of the features on the wishlist for version 4. But don't hold your breath, that's going to be a while yet. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From mailscanner at ecs.soton.ac.uk Wed Aug 7 11:29:06 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:22 2006 Subject: Odd Question In-Reply-To: <027801c23d90$9815b6a0$8850a4cf@derek> Message-ID: <5.1.0.14.2.20020807112728.047ad548@imap.ecs.soton.ac.uk> At 22:30 06/08/2002, you wrote: >In a situation where MailScanner is scanning on a per account basis for >Spam.. if there are multiple recipients all headed towards the same MX with >users that have different spam delivery methods (IE.. Some are set to delete >and some are set to deliver).. the message will be delivered to all >recipients if even one of the recipients is set to deliver.. (IE.. if there >are 8 recipients.. 7 set to delete, one to deliver.. the message will be >delivered).. I need to see if it's possible to deliver the message to only >the one person that wants it delivered, and not deliver the remaining 7. Rather than try to mess with the header files more than I absolutely have to, the entire message is either wholly delivered, or wholly not delivered. Therefore the 7 will unfortunately get the spam because the 8th wanted it. I might rewrite this later, but not right now. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From mailscanner at ecs.soton.ac.uk Wed Aug 7 11:36:28 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:22 2006 Subject: sendmail log altered In-Reply-To: <5.1.1.6.0.20020807120011.023e4a10@mail.cdh.it> Message-ID: <5.1.0.14.2.20020807113511.02aed3f0@imap.ecs.soton.ac.uk> At 11:05 07/08/2002, you wrote: >since I installed mailscanner, and so split sendmail process in two >different ones, >launched by > /usr/sbin/sendmail -bd -ODeliveryMode=queueonly >-OQueueDirectory=/var/spool/mqueue.in > /usr/sbin/sendmail -q15m >i have different logging of sendmail process in syslog. >before for every mail passing in this system, I have a row logging >from= and a row logging to= > >Now i have only two row with to= > >is it possibile to have from: logging back again? MailScanner does not directly affect the sendmail logging. I would suspect you either need to increase the LogLevel parameter in your sendmail.cf or increase the logging of facility "mail" in your /etc/syslog.conf. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From stefano at CDH.IT Wed Aug 7 11:54:25 2002 From: stefano at CDH.IT (Stefano Carlotto) Date: Thu Jan 12 21:15:22 2006 Subject: sendmail log altered In-Reply-To: <5.1.0.14.2.20020807113511.02aed3f0@imap.ecs.soton.ac.uk> References: <5.1.1.6.0.20020807120011.023e4a10@mail.cdh.it> Message-ID: <5.1.1.6.0.20020807124855.03169e78@mail.cdh.it> >>since I installed mailscanner, and so split sendmail process in two >>different ones, >>launched by >> /usr/sbin/sendmail -bd -ODeliveryMode=queueonly >>-OQueueDirectory=/var/spool/mqueue.in >> /usr/sbin/sendmail -q15m >>i have different logging of sendmail process in syslog. >>before for every mail passing in this system, I have a row logging >>from= and a row logging to= >> >>Now i have only two row with to= >> >>is it possibile to have from: logging back again? > >MailScanner does not directly affect the sendmail logging. I would suspect >you either need to increase the LogLevel parameter in your sendmail.cf or >increase the logging of facility "mail" in your /etc/syslog.conf. yes, i think is something relative to sendmail. just before the splitting of sendmail everything was logged as usual... hoping someone had got the same problem and solved ^_^ thanks From P.G.M.Peters at civ.utwente.nl Wed Aug 7 12:20:27 2002 From: P.G.M.Peters at civ.utwente.nl (Peter Peters) Date: Thu Jan 12 21:15:22 2006 Subject: sendmail log altered In-Reply-To: <5.1.1.6.0.20020807120011.023e4a10@mail.cdh.it> References: <5.1.1.6.0.20020807120011.023e4a10@mail.cdh.it> Message-ID: On Wed, 7 Aug 2002 12:05:23 +0200, you wrote: >launched by > /usr/sbin/sendmail -bd -ODeliveryMode=queueonly >-OQueueDirectory=/var/spool/mqueue.in > /usr/sbin/sendmail -q15m > >i have different logging of sendmail process in syslog. > >I mean. >before for every mail passing in this system, I have a row logging >from= and a row logging to= > >Now i have only two row with to= > >is it possibile to have from: logging back again? I see thousands of "stand-alone" to= lines. They are generated bij the sendmail processing the queue. You can find these lines allways after the MailScanner lines where he tells he has processed a number of messages from mqueue.in. The sendmail accepting the connections should still generate from= and to= lines. Mine is. You can find them before the MailScanner lines. If you stop both MailScanner and the sendmail processing the queue (leaving only the queueonly-sendmail) you should check whether that sendmail logs connections (you can try it yourself if you don't get connections that often). -- Peter Peters senior netwerkbeheerder, Centrum voor Informatievoorziening, Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: +31 53 489 2301, fax:+31 53 489 2383, http://www.utwente.nl/civ From Denis.Beauchemin at USHERBROOKE.CA Wed Aug 7 13:32:41 2002 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:15:22 2006 Subject: Cosmetic problems not fixed In-Reply-To: <5.1.0.14.2.20020807112318.04832e58@imap.ecs.soton.ac.uk> References: <5.1.0.14.2.20020805170830.052fce50@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020805170830.052fce50@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020805185602.02ec0758@imap.ecs.soton.ac.uk> <1028579758.6697.95.camel@dbeauchemin.si.usherb.ca> <5.1.0.14.2.20020807112318.04832e58@imap.ecs.soton.ac.uk> Message-ID: <1028723561.7336.201.camel@dbeauchemin.si.usherb.ca> Julian, How about putting the name of the attachment between parenthesis: Log::InfoLog($Config::NameLog[$i] . " ($attach)"); Denis On Wed, 2002-08-07 at 06:24, Julian Field wrote: > >> > >>>You will need to edit sweep.pl line 1082, which currently says > >>> Log::InfoLog($Config::NameLog[$i] . " in $attach"); > > -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x2252 F: 819.821.8045 From P.G.M.Peters at civ.utwente.nl Wed Aug 7 13:40:26 2002 From: P.G.M.Peters at civ.utwente.nl (Peter Peters) Date: Thu Jan 12 21:15:22 2006 Subject: sendmail log altered In-Reply-To: <5.1.1.6.0.20020807133114.03007600@mail.cdh.it> References: <5.1.1.6.0.20020807120011.023e4a10@mail.cdh.it> <5.1.1.6.0.20020807120011.023e4a10@mail.cdh.it> <5.1.1.6.0.20020807133114.03007600@mail.cdh.it> Message-ID: On Wed, 07 Aug 2002 13:31:52 +0200, you wrote: >>I see thousands of "stand-alone" to= lines. They are generated bij the >>sendmail processing the queue. You can find these lines allways after >>the MailScanner lines where he tells he has processed a number of >>messages from mqueue.in. >> >>The sendmail accepting the connections should still generate from= and >>to= lines. Mine is. You can find them before the MailScanner lines. >> >>If you stop both MailScanner and the sendmail processing the queue >>(leaving only the queueonly-sendmail) you should check whether that >>sendmail logs connections (you can try it yourself if you don't get >>connections that often). > >done. it only logs to: lines, and no from: lines. I have never seen sendmail only log the to='s and not the from='s when another system connects. You are sure you killed the correct sendmail? You can verify that by looking in /var/spool/mqueue.in and /var/spool/mqueue. The /var/spool/mqueue.in dir should grow when messages enter your system and the /var/spool/mqueue dit should stay the same. When you start MailScanner you should observe /var/spool/mqueue.in becoming empty (if no new messages are delivered) and /var/spool/mqueue should get filled. Check from what dir the messages are delivered when you try a /usr/sbin/sendmail -v -q -OQueueDirectory=/var/spool/mqueue.in (ofcourse the messages will not be scanned) With /usr/sbin/sendmail -v -q -OQueueDirectory=/var/spool/mqueue you can check whether the scanned messages get delivered. -- Peter Peters senior netwerkbeheerder, Centrum voor Informatievoorziening, Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: +31 53 489 2301, fax:+31 53 489 2383, http://www.utwente.nl/civ From dhlii at 1DLA.COM Wed Aug 7 13:44:06 2002 From: dhlii at 1DLA.COM (David H. Lynch Jr.) Date: Thu Jan 12 21:15:22 2006 Subject: How do I get MailScanner to pass Spamassassin Headers through ? Message-ID: <000501c23e10$205c8b90$64a9a6cd@1dla.com> I am using Exim and Spamassassin under Debian, with Outlook clients. Prior to adding MailScanner - which I am mostly happy with, to the mix, I had Spamassassin setup to add its report to the message headers as below: X-Spam-Status: Yes, hits=11 required=5 tests=NO_REAL_NAME,FROM_ENDS_IN_NUM S,EXCUSE_15,REMOVE_PAGE,THIS_AINT_SPAM,RCVD_IN_OSIRUSOFT_COM X-Spam-Flag: YES X-Spam-Prev-Content-Type: text/plain; charset="iso-8859-1" I do not believe I have changed my Spamassassin configuration but now I only get what basically is a digested version of this from MailScanner. I am particularly interested in the header X-Xpam-Flag: YES Outlook is not particularly good at parsing headers to make filtering decisions. I would love to be dealing with better capabilities, but the clients I have use outlook and will likely for some time to come. In the meantime, we do not block any suspected SPAM (alright we do block some ridiculously high scorers), for the most part we leave it up to the recipient to implement filters based on the headers that Spamassassin adds. the presence or absence of a simple header with a yes or no value is inside Outlooks limited filtering capability. If numeric comparisons are then I am not as well versed with outlook as I thought. Anyway, do I have something in MailScanner configured wrong ? Is there some way to keep it from stripping out the Spamassassin headers ? I checked the past couple months of mailing list archives and while I did not read every messages, I read anything that looked like it might have some bearing. I learned allot, but not the answer I am looking for. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020807/a6f3b41b/attachment.html From P.G.M.Peters at civ.utwente.nl Wed Aug 7 14:15:21 2002 From: P.G.M.Peters at civ.utwente.nl (Peter Peters) Date: Thu Jan 12 21:15:22 2006 Subject: How do I get MailScanner to pass Spamassassin Headers through ? In-Reply-To: <000501c23e10$205c8b90$64a9a6cd@1dla.com> References: <000501c23e10$205c8b90$64a9a6cd@1dla.com> Message-ID: <1a72lugpsb8cafl6qh2h45s1q21i61t2tp@4ax.com> On Wed, 7 Aug 2002 08:44:06 -0400, you wrote: > Outlook is not particularly good at parsing headers to make >filtering decisions. I have made something to help our people install filters in outlook. You should be able to view it also on http://home.student.utwente.nl/p.g.m.peters/outlookrule_viewlet.html -- Peter Peters senior netwerkbeheerder, Centrum voor Informatievoorziening, Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: +31 53 489 2301, fax:+31 53 489 2383, http://www.utwente.nl/civ From Matthew_doherty at DATAWATCH.COM Wed Aug 7 14:34:17 2002 From: Matthew_doherty at DATAWATCH.COM (Matt Doherty) Date: Thu Jan 12 21:15:22 2006 Subject: which webmail Message-ID: Avoid all. They all stink I have had lots of experience with squirrel mail, neomail and Joydesk. They all have their quirks. Neomail was my favorite out of the 3, but still stinks. Squirrel was great but real slow. Joydesk has a message board, calendar and Outlook synchronizing feature, a feature rich webmail app that uses interbase instead of MYSQL which is really sad.. Microsoft Outlook tends to mess things up if you have clients sending and receiving with Outlook with any one of those webmail apps I just mentioned. (hint, Microsoft RichTextFormat = winmail.dat attachments with blank emails) So, it would be a great idea to ask everyone not to use Microsoft Outlook with webmail or with anything in that matter. depends on what mode outlook was installed in. Internet only or exchange. It is fixable and there are workarounds, but its not worth the sweat and time to play help desk over a Outlook issue. Confusing as hell My company and I are removing our web based mail because its just not perfect enough to satisfy everyone. Currently Joydesk from www.virtualtek.com .. Qpopper, sendmail with mailscanner and spamassassin, in my opinion, is the best stable way to go for now. I cannot seem to find any other webmail better than any of those 3 I mentioned above. And the author of Neomail himself says webmail sucks. heheee Matt Doherty IT Dept Datawatch Corp >>In a world without walls or fences, who needs Windows and Gates?<< -----Original Message----- From: Todd Martin [mailto:todd-lists@DECAGON.COM] Sent: Wednesday, August 07, 2002 1:33 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: OT: which webmail Please forgive the off topic question... I'm looking for recommendations for an open source unix-hosted webmail package. What's your favorite? Which ones should I avoid? Please reply directly to me -- so I can minimize my OT foot print 8-). Thanks, ~Todd -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020807/146a83e3/attachment.html From chris at HARVESTROAD.COM Wed Aug 7 14:37:52 2002 From: chris at HARVESTROAD.COM (Chris Waltham) Date: Thu Jan 12 21:15:22 2006 Subject: which webmail In-Reply-To: Message-ID: <5.1.0.14.2.20020807213723.03007cb8@mail.harvestroad.com> I've had good experiences with IMP by the Horde guys (www.horde.org I think). You need PHP and IMAP though, and it probably doesn't work for IIS.. At 09:34 PM 7/08/2002, you wrote: >Avoid all. They all stink >I have had lots of experience with squirrel mail, neomail and Joydesk. >They all have their quirks. Neomail was my favorite out of the 3, but >still stinks. Squirrel was great but real slow. Joydesk has a message >board, calendar and Outlook synchronizing feature, a feature rich webmail >app that uses interbase instead of MYSQL which is really sad.. Microsoft >Outlook tends to mess things up if you have clients sending and receiving >with Outlook with any one of those webmail apps I just mentioned. (hint, >Microsoft RichTextFormat = winmail.dat attachments with blank emails) So, >it would be a great idea to ask everyone not to use Microsoft Outlook with >webmail or with anything in that matter. depends on what mode outlook was >installed in. Internet only or exchange. It is fixable and there are >workarounds, but its not worth the sweat and time to play help desk over a >Outlook issue. Confusing as hell >My company and I are removing our web based mail because its just not >perfect enough to satisfy everyone. Currently Joydesk from >www.virtualtek.com .. Qpopper, sendmail with >mailscanner and spamassassin, in my opinion, is the best stable way to go >for now. I cannot seem to find any other webmail better than any of those >3 I mentioned above. And the author of Neomail himself says webmail sucks. >heheee > >Matt Doherty >IT Dept >Datawatch Corp > > >>In a world without walls or fences, who needs Windows and Gates?<< >-----Original Message----- >From: Todd Martin [mailto:todd-lists@DECAGON.COM] >Sent: Wednesday, August 07, 2002 1:33 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: OT: which webmail > >Please forgive the off topic question... > >I'm looking for recommendations for an open source unix-hosted >webmail package. What's your favorite? Which ones should I avoid? > >Please reply directly to me -- so I can minimize my OT foot print 8-). > >Thanks, > >~Todd -- Chris Waltham Systems Administrator HarvestRoad, Limited. chris@harvestroad.com phone: (08) 9338-3000 From mike at ZANKER.ORG Wed Aug 7 14:46:06 2002 From: mike at ZANKER.ORG (Mike Zanker) Date: Thu Jan 12 21:15:22 2006 Subject: which webmail In-Reply-To: References: Message-ID: <185933281.1028731566@mallard.open.ac.uk> On 07 August 2002 09:34 -0400 Matt Doherty wrote: > Avoid all. They all stink > I have had lots of experience with squirrel mail, neomail and > Joydesk. Not surprised in that case. Have you tried IMP? Works great for me as an alternative to my favourite mail client, Mulberry, when I'm out and about. Mike -- Mike Zanker Northampton, UK PGP Public Key: pgp@zanker.org From LISTSERV at JISCMAIL.AC.UK Wed Aug 7 11:37:02 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:22 2006 Subject: MAILSCANNER: mark@VEVERS.NET requested to join Message-ID: <200208071037.LAA03340@magpie.ecs.soton.ac.uk> Wed, 7 Aug 2002 11:37:02 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from Mark Vevers . You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER mark@VEVERS.NET Mark Vevers The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+mark%40VEVERS.NET+Mark+Vevers&L=MAILSCANNER ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From Matthew_doherty at DATAWATCH.COM Wed Aug 7 14:53:13 2002 From: Matthew_doherty at DATAWATCH.COM (Matt Doherty) Date: Thu Jan 12 21:15:22 2006 Subject: which webmail Message-ID: Im reading IMP now. Looks good! but needs to be like Joydesk to make others happy. (I thinks thats dumb too) Needs to have Outlook sychronization at the same time like Joydesk.. IMP is sweet though! Matt Doherty IT Dept Datawatch Corp >>In a world without walls or fences, who needs Windows and Gates?<< -----Original Message----- From: Mike Zanker [mailto:mike@ZANKER.ORG] Sent: Wednesday, August 07, 2002 10:47 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: which webmail On 07 August 2002 09:34 -0400 Matt Doherty wrote: > Avoid all. They all stink > I have had lots of experience with squirrel mail, neomail and > Joydesk. Not surprised in that case. Have you tried IMP? Works great for me as an alternative to my favourite mail client, Mulberry, when I'm out and about. Mike -- Mike Zanker Northampton, UK PGP Public Key: pgp@zanker.org -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020807/0cd3352f/attachment.html From matt at kaminer.com Wed Aug 7 15:03:08 2002 From: matt at kaminer.com (Matt Kaminer) Date: Thu Jan 12 21:15:22 2006 Subject: which webmail In-Reply-To: References: Message-ID: <39050.65.205.80.66.1028728988.squirrel@webmail.mmc.net> No way! Squirrelmail is absolutely the best. I use it exclusively. Never had a problem. Its quick, reliable, LEAN, and full of customizations. If you are looking for simple web email. then loko no further. SM is by far the best. BTW, RedHat, Mandrake, and MAC Web Server X are all now including Squirrelmail with their baseline distros. They wouldnt do that if they didnt feel it was the BEST! See, for example: http://www.apple.com/server/web.html -Matt (A happy, loyal Squirrelmail user) Matt Doherty said: > Avoid all. They all stink > I have had lots of experience with squirrel mail, neomail and Joydesk. > They all have their quirks. Neomail was my favorite out of the 3, but > still stinks. Squirrel was great but real slow. Joydesk has a message > board, calendar and Outlook synchronizing feature, a feature rich > webmail app that uses interbase instead of MYSQL which is really sad.. > Microsoft Outlook tends to mess things up if you have clients sending > and receiving with Outlook with any one of those webmail apps I just > mentioned. (hint, Microsoft RichTextFormat = winmail.dat attachments > with blank emails) So, it would be a great idea to ask everyone not to > use Microsoft Outlook with webmail or with anything in that matter. > depends on what mode outlook was installed in. Internet only or > exchange. It is fixable and there are workarounds, but its not worth > the sweat and time to play help desk over a Outlook issue. Confusing as > hell > My company and I are removing our web based mail because its just not > perfect enough to satisfy everyone. Currently Joydesk from > www.virtualtek.com .. Qpopper, sendmail with mailscanner and > spamassassin, in my opinion, is the best stable way to go for now. I > cannot seem to find any other webmail better than any of those 3 I > mentioned above. And the author of Neomail himself says webmail sucks. > heheee > Matt Doherty > IT Dept > Datawatch Corp > >>>In a world without walls or fences, who needs Windows and Gates?<< > > -----Original Message----- > From: Todd Martin [mailto:todd-lists@DECAGON.COM] > Sent: Wednesday, August 07, 2002 1:33 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: OT: which webmail > > > Please forgive the off topic question... > > I'm looking for recommendations for an open source unix-hosted > webmail package. What's your favorite? Which ones should I avoid? > > Please reply directly to me -- so I can minimize my OT foot print 8-). > > Thanks, > > ~Todd From Mark.Gillis at HTCINC.NET Wed Aug 7 15:53:12 2002 From: Mark.Gillis at HTCINC.NET (Gillis, Mark) Date: Thu Jan 12 21:15:23 2006 Subject: Anecdote: My life with mailscanner (so far) Message-ID: Greetings again. In the past, I had a few questionable experiences with MailScanner, in regards to our environment. It just was not keeping up with the workload... that's more understandable now. We have 19000 users, and process about 300,000 messages per day, the vast majority of which are inbound. Most of that is spam, as well. All of this running on one large Compaq Tru64 Unix box was too much for MailScanner -- it was too much for one server! We have now separated smtp and pop onto separate servers, and are only scanning outbound messages. MailScanner is processing about 22,000 messages per day on the outbound server, and is keeping up quite happily. One issue I still have is a poser: last night, MailScanner just up and puked, reporting (to the console, not to syslogd) "Out of memory!". I fiddled with mailscanner.conf, to no avail. None of the messages in mqueue.in were grossly large, biggest being about 250K. But it would not run. Finally, I had to stop sendmail, mv mqueue.in mqueue.test, mkdir mqueue.in, restart sendmail, and restart mailscanner. It has been running since without a hiccup. I still have the files in mqueue.test, trying to deduce what caused the out of memory error. Anybody else seen something like this? _____________________________________________ Mark Gillis Sr. Systems Administrator HORRY TELEPHONE COOPERATIVE, INC. (HTC) INFORMATION SERVICES 3480 Highway 701 North Conway, SC 29526 843.369.8145 mark.gillis@htcinc.net HTC Disclaimer: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. From baron at ITECH.NET Wed Aug 7 16:07:17 2002 From: baron at ITECH.NET (Joshua Baron) Date: Thu Jan 12 21:15:23 2006 Subject: True64 Unix changes to check_mailscanner Message-ID: First of all I wanted to say how satisfied I am with the mailscanner product. This product has many robust features and is working very well in our environment now that we have gotten a few of our bugs worked out. With the help of information from searching this list we just corrected our latest and hopefully last bug with mailscanner in the Tru64 unix enviroment. The parse errors that seem to have plagued some of the mailscanner users where causing us major issues with our customers mail. After reading through the list we had found that the check_mailscanner was kicking off multiple instances of mailscanner. After some modification to the check_mailscanner script True64 is now happy as can be. The syntax of the ps command on true64 was a bit diffrent then the examples included in the file. If the developers read over this maybe they will include this within thier check_mailscanner file, for the True64 users of thier product. As we make modifications for our environment i may post other changes we make. check_mailscanner modifications for true64 unix: # process=mailscanner virusdir=/usr/local/mailscanner/bin config=/usr/local/mailscanner/etc/mailscanner.conf # Version for Compaq True64 Unix systems: pid=`/usr/bin/ps ax | /usr/bin/grep mailscanner | /usr/bin/grep -v grep | /usr/bin/grep -v check_mailscanner | /usr/bin/sed -e 's/^ *//' -e 's/ .*//'` if [ "$pid" = "" ]; then # Restart it PATH=${virusdir}:$PATH echo Starting virus scanner... $process $config else echo Running with pid $pid fi # This list has been invaluable In getting this product up and running. Thanks for the help -Joshua Baron From Mark.Gillis at HTCINC.NET Wed Aug 7 16:25:05 2002 From: Mark.Gillis at HTCINC.NET (Gillis, Mark) Date: Thu Jan 12 21:15:23 2006 Subject: True64 Unix changes to check_mailscanner Message-ID: This is highly intereting to me, as we are a Tru64 shop also. Running mailscanner on an Alpha 1000/500 with Tru64 5.1a. I have not experienced the problem you describe (!)... ps lives in both /sbin and /usr/bin, and seems to give the same feedback... check_mailscanner is one thing I have not had a problem with. I have found the .solaris scripts to be usually close enough... usually.. -----Original Message----- From: Joshua Baron [mailto:baron@ITECH.NET] Sent: Wednesday, August 07, 2002 11:07 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: True64 Unix changes to check_mailscanner First of all I wanted to say how satisfied I am with the mailscanner product. This product has many robust features and is working very well in our environment now that we have gotten a few of our bugs worked out. With the help of information from searching this list we just corrected our latest and hopefully last bug with mailscanner in the Tru64 unix enviroment. The parse errors that seem to have plagued some of the mailscanner users where causing us major issues with our customers mail. After reading through the list we had found that the check_mailscanner was kicking off multiple instances of mailscanner. After some modification to the check_mailscanner script True64 is now happy as can be. The syntax of the ps command on true64 was a bit diffrent then the examples included in the file. If the developers read over this maybe they will include this within thier check_mailscanner file, for the True64 users of thier product. As we make modifications for our environment i may post other changes we make. check_mailscanner modifications for true64 unix: # process=mailscanner virusdir=/usr/local/mailscanner/bin config=/usr/local/mailscanner/etc/mailscanner.conf # Version for Compaq True64 Unix systems: pid=`/usr/bin/ps ax | /usr/bin/grep mailscanner | /usr/bin/grep -v grep | /usr/bin/grep -v check_mailscanner | /usr/bin/sed -e 's/^ *//' -e 's/ .*//'` if [ "$pid" = "" ]; then # Restart it PATH=${virusdir}:$PATH echo Starting virus scanner... $process $config else echo Running with pid $pid fi # This list has been invaluable In getting this product up and running. Thanks for the help -Joshua Baron HTC Disclaimer: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. From m.sapsed at BANGOR.AC.UK Wed Aug 7 16:53:09 2002 From: m.sapsed at BANGOR.AC.UK (Martin Sapsed) Date: Thu Jan 12 21:15:23 2006 Subject: Cosmetic problems not fixed References: <5.1.0.14.2.20020805170830.052fce50@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020805170830.052fce50@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020805185602.02ec0758@imap.ecs.soton.ac.uk> <1028579758.6697.95.camel@dbeauchemin.si.usherb.ca> <5.1.0.14.2.20020807112318.04832e58@imap.ecs.soton.ac.uk> Message-ID: <3D514265.7030909@bangor.ac.uk> Julian Field wrote: > But what then happens when you have more than 1 report for the same file? > This is why it cannot go in the template file. Let's take this example: Shortcuts to MS-Dos programs are very dangerous in email in Jun26.pif I presume the code in question takes the bit up to "email" from the relevant entry in filename.rules.conf and the adds " in " and the filename? In this example you get the type of not quite English to which I was referring. Would some punctuation like a : or something be suitable instead? That way a translator can change filename.rules.conf and not worry about bits of English lurking in the perl. Or are you saying, Julian, that there is a more complex situation which the current code handles but this alternative wouldn't? Apologies if I'm missing the point. > Suggestions for better wording always welcome... Depends on how well one understands when the bits of wording are used...? (Another aside is that I wouldn't be surprised if we were required to have bilingual Welsh/English messages for everything if we ever advance from the current small scale trial...) Cheers, Martin -- Martin Sapsed Information Services "Who do you say I am?" University of Wales, Bangor Jesus of Nazareth From davidnorman at NTLWORLD.COM Wed Aug 7 16:47:50 2002 From: davidnorman at NTLWORLD.COM (David Norman) Date: Thu Jan 12 21:15:23 2006 Subject: User Unknown Message-ID: <20020807154750.UCCC16050.mta01-svc.ntlworld.com@[10.137.100.61]> Hello I have just installed a Red Hat Linux 7.3 system running Mailscanner. The system will be acting at as a mail gateway scanning mail and forwarding onto an internal lan mail server. I have made use of the /etc/mail/mailertable file to forward on scanned mail to the appropriate lan mail server. I have added appropriate domain into /etc/mail/relay-domains When inbound mail for the domain comes in sendmail is bouncing the mail with 550 User Unknown I have test machine running under the same conditions on test network which is working fine. I am racking my brains as to what I have missed out. Can anybody give me a few pointers as to what I have forgotten ? Thanks David From Matthew_doherty at DATAWATCH.COM Wed Aug 7 17:30:49 2002 From: Matthew_doherty at DATAWATCH.COM (Matt Doherty) Date: Thu Jan 12 21:15:23 2006 Subject: User Unknown Message-ID: I have RedHat 7.2 doing the same. sendmail only on the receiving one to scan and pass it along to the one running both pop and sendmail. It is also important to have high priority mail sent to the mailscanning server and another MX record set to low priority pointing to the server of which your pop service and senmail are on. Im wondering if your DNS is misconfigured. for both MX records.. Matt Doherty IT Dept Datawatch Corp >>In a world without walls or fences, who needs Windows and Gates?<< -----Original Message----- From: David Norman [mailto:davidnorman@NTLWORLD.COM] Sent: Wednesday, August 07, 2002 1:04 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: User Unknown Hello I have just installed a Red Hat Linux 7.3 system running Mailscanner. The system will be acting at as a mail gateway scanning mail and forwarding onto an internal lan mail server. I have made use of the /etc/mail/mailertable file to forward on scanned mail to the appropriate lan mail server. I have added appropriate domain into /etc/mail/relay-domains When inbound mail for the domain comes in sendmail is bouncing the mail with 550 User Unknown I have test machine running under the same conditions on test network which is working fine. I am racking my brains as to what I have missed out. Can anybody give me a few pointers as to what I have forgotten ? Thanks David -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020807/b6b68346/attachment.html From mailscanner at ecs.soton.ac.uk Wed Aug 7 17:45:30 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:23 2006 Subject: True64 Unix changes to check_mailscanner In-Reply-To: Message-ID: <5.1.0.14.2.20020807174410.02beeb00@imap.ecs.soton.ac.uk> Will his mods to the check_mailscanner script actually break your Tru64 setup? If you think they are ok, I will add them (commented out but labelled) to the distribution. At 16:25 07/08/2002, you wrote: >This is highly intereting to me, as we are a Tru64 shop also. Running >mailscanner on an Alpha 1000/500 with Tru64 5.1a. > >I have not experienced the problem you describe (!)... ps lives in both >/sbin and /usr/bin, and seems to give the same feedback... >check_mailscanner is one thing I have not had a problem with. > >I have found the .solaris scripts to be usually close enough... usually.. > > >-----Original Message----- >From: Joshua Baron [mailto:baron@ITECH.NET] >Sent: Wednesday, August 07, 2002 11:07 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: True64 Unix changes to check_mailscanner > > >First of all I wanted to say how satisfied I am with the mailscanner >product. This product has many robust features and is working very well in >our environment now that we have gotten a few of our bugs worked out. > >With the help of information from searching this list we just corrected >our latest and hopefully last bug with mailscanner in the Tru64 unix >enviroment. The parse errors that seem to have plagued some of the >mailscanner >users where causing us major issues with our customers mail. After reading >through the list we had found that the check_mailscanner was kicking off >multiple >instances of mailscanner. > >After some modification to the check_mailscanner script True64 is now >happy as can be. The syntax of the ps command on true64 was a bit diffrent >then the examples included in the file. If the developers read over this >maybe they will include this within thier check_mailscanner file, for the >True64 users of thier product. As we make modifications for our >environment i may post other changes we make. > >check_mailscanner modifications for true64 unix: ># >process=mailscanner >virusdir=/usr/local/mailscanner/bin >config=/usr/local/mailscanner/etc/mailscanner.conf ># Version for Compaq True64 Unix systems: >pid=`/usr/bin/ps ax | >/usr/bin/grep mailscanner | >/usr/bin/grep -v grep | >/usr/bin/grep -v check_mailscanner | >/usr/bin/sed -e 's/^ *//' -e 's/ .*//'` >if [ "$pid" = "" ]; then > # Restart it > PATH=${virusdir}:$PATH > echo Starting virus scanner... > $process $config >else > echo Running with pid $pid >fi ># > >This list has been invaluable In getting this product up and running. >Thanks for the help > >-Joshua Baron > > >HTC Disclaimer: The information contained in this message may be >privileged and confidential and protected from disclosure. If the reader >of this message is not the intended recipient, or an employee or agent >responsible for delivering this message to the intended recipient, you are >hereby notified that any dissemination, distribution or copying of this >communication is strictly prohibited. If you have received this >communication in error, please notify us immediately by replying to the >message and deleting it from your computer. Thank you. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From mailscanner at ecs.soton.ac.uk Wed Aug 7 17:31:56 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:23 2006 Subject: How do I get MailScanner to pass Spamassassin Headers through ? In-Reply-To: <000501c23e10$205c8b90$64a9a6cd@1dla.com> Message-ID: <5.1.0.14.2.20020807172708.04ab3fc0@imap.ecs.soton.ac.uk> At 13:44 07/08/2002, you wrote: > I am using Exim and Spamassassin under Debian, with Outlook clients. > Prior to adding MailScanner - which I am mostly happy with, to the > mix, I had Spamassassin setup to add its report to the message headers as > below: > X-Spam-Status: Yes, hits=11 required=5 > tests=NO_REAL_NAME,FROM_ENDS_IN_NUM > S,EXCUSE_15,REMOVE_PAGE,THIS_AINT_SPAM,RCVD_IN_OSIRUSOFT_COM >X-Spam-Flag: YES >X-Spam-Prev-Content-Type: text/plain; charset="iso-8859-1" > > > I do not believe I have changed my Spamassassin configuration but now > I only get what basically is a digested version of this from MailScanner. > I am particularly interested in the header >X-Xpam-Flag: YES If you enable "Use SpamAssassin = yes" in mailscanner.conf, then you will get an "X-MailScanner-SpamCheck" header if it spam. If SpamAssassin is what made MailScanner think the message was spam, then you will get the report containing the list of successful tests in that header. You will not get the header unless it is spam (unless you force it to always include the SpamAssassin header). To make the filtering process in Outlook even easier, MailScanner will add "{SPAM?}" at the start of the subject line if MailScanner thought it was spam. So your clients don't even have to work out how to filter on the presence of an arbitrary header, they just have to filter on "{SPAM?}" appearing in the subject line, which the Outlook/Eudora filtering wizards make very simple. You can of course change the "{SPAM?}" text to anything you like, and you can rename the "X-MailScanner-SpamCheck" header as well. > > Outlook is not particularly good at parsing headers to make filtering > decisions. I would love to be dealing with better capabilities, but the > clients I have use outlook and will likely for some time to come. In the > meantime, we do not block any suspected SPAM (alright we do block some > ridiculously high scorers), for the most part we leave it up to the > recipient to implement filters based on the headers that Spamassassin > adds. the presence or absence of a simple header with a yes or no value > is inside Outlooks limited filtering capability. If numeric comparisons > are then I am not as well versed with outlook as I thought. > > Anyway, do I have something in MailScanner configured wrong ? Is > there some way to keep it from stripping out the Spamassassin headers ? I > checked the past couple months of mailing list archives and while I did > not read every messages, I read anything that looked like it might have > some bearing. I learned allot, but not the answer I am looking for. > > Thank you. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From mailscanner at ecs.soton.ac.uk Wed Aug 7 17:42:44 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:23 2006 Subject: Anecdote: My life with mailscanner (so far) In-Reply-To: Message-ID: <5.1.0.14.2.20020807173801.02d3b1b8@imap.ecs.soton.ac.uk> At 15:53 07/08/2002, you wrote: >Greetings again. In the past, I had a few questionable experiences with >MailScanner, in regards to our environment. It just was not keeping up with >the workload... that's more understandable now. > >We have 19000 users, and process about 300,000 messages per day, the vast >majority of which are inbound. Most of that is spam, as well. > >All of this running on one large Compaq Tru64 Unix box was too much for >MailScanner -- it was too much for one server! Supporting 19k users 300k messsages per day and all their POP requests on 1 server!!! No wonder it couldn't cope... I would do it with at least 3: 1 for inbound, 1 for outbound and 1 for POP, as an *absolute minimum*. Only MailScanning outbound mail is a very odd setup, you really should be scanning at least incoming mail for virus protection. >We have now separated smtp and pop onto separate servers, and are only >scanning outbound messages. MailScanner is processing about 22,000 messages >per day on the outbound server, and is keeping up quite happily. > >One issue I still have is a poser: last night, MailScanner just up and >puked, reporting (to the console, not to syslogd) "Out of memory!". I >fiddled with mailscanner.conf, to no avail. None of the messages in >mqueue.in were grossly large, biggest being about 250K. But it would not >run. Finally, I had to stop sendmail, mv mqueue.in mqueue.test, mkdir >mqueue.in, restart sendmail, and restart mailscanner. It has been running >since without a hiccup. Try reducing the max size of a message batch. How much memory has your Compaq box got? And I hope you are running MailTools-5.411a and not any of the 5.5 series (which the author acknowledges have massive memory leaks). >I still have the files in mqueue.test, trying to deduce what caused the out >of memory error. Anybody else seen something like this? Nope, never seen that. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From mailscanner at ecs.soton.ac.uk Wed Aug 7 17:49:47 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:23 2006 Subject: Cosmetic problems not fixed In-Reply-To: <3D514265.7030909@bangor.ac.uk> References: <5.1.0.14.2.20020805170830.052fce50@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020805170830.052fce50@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020805185602.02ec0758@imap.ecs.soton.ac.uk> <1028579758.6697.95.camel@dbeauchemin.si.usherb.ca> <5.1.0.14.2.20020807112318.04832e58@imap.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020807174718.02d5b2a0@imap.ecs.soton.ac.uk> At 16:53 07/08/2002, you wrote: >Julian Field wrote: >>But what then happens when you have more than 1 report for the same file? >>This is why it cannot go in the template file. > >Let's take this example: > >Shortcuts to MS-Dos programs are very dangerous in email in Jun26.pif It will now say Shortcuts to MS-Dos programs are very dangerous in email (Jun26.pif) as suggested by someone (sorry, I've forgotten who it was already :) Hopefully this is nice and language-independent enough for everyone. >I presume the code in question takes the bit up to "email" from the >relevant entry in filename.rules.conf and the adds " in " and the filename? >In this example you get the type of not quite English to which I was >referring. Would some punctuation like a : or something be suitable >instead? That way a translator can change filename.rules.conf and not worry >about bits of English lurking in the perl. Or are you saying, Julian, that >there is a more complex situation which the current code handles but this >alternative wouldn't? Apologies if I'm missing the point. > >>Suggestions for better wording always welcome... > >Depends on how well one understands when the bits of wording are used...? > >(Another aside is that I wouldn't be surprised if we were required to have >bilingual Welsh/English messages for everything if we ever advance from the >current small scale trial...) > >Cheers, > >Martin > >-- >Martin Sapsed >Information Services "Who do you say I am?" >University of Wales, Bangor Jesus of Nazareth -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From mailscanner at ecs.soton.ac.uk Wed Aug 7 17:25:52 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:23 2006 Subject: Cosmetic problems not fixed In-Reply-To: <1028723561.7336.201.camel@dbeauchemin.si.usherb.ca> References: <5.1.0.14.2.20020807112318.04832e58@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020805170830.052fce50@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020805170830.052fce50@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020805185602.02ec0758@imap.ecs.soton.ac.uk> <1028579758.6697.95.camel@dbeauchemin.si.usherb.ca> <5.1.0.14.2.20020807112318.04832e58@imap.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020807172532.04a6eb68@imap.ecs.soton.ac.uk> At 13:32 07/08/2002, you wrote: >How about putting the name of the attachment between parenthesis: > Log::InfoLog($Config::NameLog[$i] . " ($attach)"); Good idea. Done. >On Wed, 2002-08-07 at 06:24, Julian Field wrote: > > >> > > >>>You will need to edit sweep.pl line 1082, which currently says > > >>> Log::InfoLog($Config::NameLog[$i] . " in $attach"); > > > >-- >Denis Beauchemin, analyste >Universit? de Sherbrooke, S.T.I. >T: 819.821.8000x2252 F: 819.821.8045 -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From Mark.Gillis at HTCINC.NET Wed Aug 7 18:45:11 2002 From: Mark.Gillis at HTCINC.NET (Gillis, Mark) Date: Thu Jan 12 21:15:23 2006 Subject: Anecdote: My life with mailscanner (so far) Message-ID: > -----Original Message----- > From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > Sent: Wednesday, August 07, 2002 12:43 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Anecdote: My life with mailscanner (so far) > > > > Supporting 19k users 300k messsages per day and all their POP > requests on 1 > server!!! > No wonder it couldn't cope... That's what I said! Management just needed to be convinced of that... > > I would do it with at least 3: 1 for inbound, 1 for outbound > and 1 for POP, > as an *absolute minimum*. > We are going there. I plan to have 2 smtp and 2 pop, each clustered together. I inherited this design, so I'll need to do some convincing on the need to spend a little bit. > Only MailScanning outbound mail is a very odd setup, you > really should be > scanning at least incoming mail for virus protection. > Political decision. We have a large user base, many of whom, it seems, have never heard of anti-virus outside the context of chicken soup. Our users were pouring several thousand virus copies a day into the world. In order to become better netizens, we are shutting off the outflow of virus effluent. Some other ISP were quite miffed at us, and I could see why. When we go to 4 servers, we'll scan both in and outbound. > >We have now separated smtp and pop onto separate servers, > and are only > >scanning outbound messages. MailScanner is processing about > 22,000 messages > >per day on the outbound server, and is keeping up quite happily. > > > >One issue I still have is a poser: last night, MailScanner > just up and > >puked, reporting (to the console, not to syslogd) "Out of > memory!". I > >fiddled with mailscanner.conf, to no avail. None of the messages in > >mqueue.in were grossly large, biggest being about 250K. But > it would not > >run. Finally, I had to stop sendmail, mv mqueue.in > mqueue.test, mkdir > >mqueue.in, restart sendmail, and restart mailscanner. It > has been running > >since without a hiccup. > > Try reducing the max size of a message batch. How much memory has your > Compaq box got? And I hope you are running MailTools-5.411a > and not any of > the 5.5 series (which the author acknowledges have massive > memory leaks). Hmm.... this may be something. I have 512MB on the server, and that should be adequate (?). However, the version of MailTools I pulled from CPAN is 1.47.... dated Jul 5 2002. Is there a later? Where? > > >I still have the files in mqueue.test, trying to deduce what > caused the out > >of memory error. Anybody else seen something like this? > > Nope, never seen that. Hope is that I never will again, either. > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ > HTC Disclaimer: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. From Mark.Gillis at HTCINC.NET Wed Aug 7 19:05:36 2002 From: Mark.Gillis at HTCINC.NET (Gillis, Mark) Date: Thu Jan 12 21:15:23 2006 Subject: True64 Unix changes to check_mailscanner Message-ID: > -----Original Message----- > From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > Sent: Wednesday, August 07, 2002 12:46 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: True64 Unix changes to check_mailscanner > > > Will his mods to the check_mailscanner script actually break > your Tru64 > setup? If you think they are ok, I will add them (commented out but > labelled) to the distribution. I have made the Tru64 mods suggested by Joshua, and find that they do indeed work as advertised, on my little Tru64 Alpha 1000 test server. However, I was already using the Solaris-type scripts, which also seem to be working for me. Joshua, what platform/Tru64 version are you running with MailScanner?? I have 5.1a, but I have also run it on 4.0f... is there something I am missing?? > > At 16:25 07/08/2002, you wrote: > >This is highly intereting to me, as we are a Tru64 shop > also. Running > >mailscanner on an Alpha 1000/500 with Tru64 5.1a. > > > >I have not experienced the problem you describe (!)... ps > lives in both > >/sbin and /usr/bin, and seems to give the same feedback... > >check_mailscanner is one thing I have not had a problem with. > > > >I have found the .solaris scripts to be usually close > enough... usually.. > > > > > >-----Original Message----- > >From: Joshua Baron [mailto:baron@ITECH.NET] > >Sent: Wednesday, August 07, 2002 11:07 AM > >To: MAILSCANNER@JISCMAIL.AC.UK > >Subject: True64 Unix changes to check_mailscanner > > > > > >First of all I wanted to say how satisfied I am with the mailscanner > >product. This product has many robust features and is > working very well in > >our environment now that we have gotten a few of our bugs worked out. > > > >With the help of information from searching this list we > just corrected > >our latest and hopefully last bug with mailscanner in the Tru64 unix > >enviroment. The parse errors that seem to have plagued some of the > >mailscanner > >users where causing us major issues with our customers mail. > After reading > >through the list we had found that the check_mailscanner was > kicking off > >multiple > >instances of mailscanner. > > > >After some modification to the check_mailscanner script True64 is now > >happy as can be. The syntax of the ps command on true64 was > a bit diffrent > >then the examples included in the file. If the developers > read over this > >maybe they will include this within thier check_mailscanner > file, for the > >True64 users of thier product. As we make modifications for our > >environment i may post other changes we make. > > > >check_mailscanner modifications for true64 unix: > ># > >process=mailscanner > >virusdir=/usr/local/mailscanner/bin > >config=/usr/local/mailscanner/etc/mailscanner.conf > ># Version for Compaq True64 Unix systems: > >pid=`/usr/bin/ps ax | > >/usr/bin/grep mailscanner | > >/usr/bin/grep -v grep | > >/usr/bin/grep -v check_mailscanner | > >/usr/bin/sed -e 's/^ *//' -e 's/ .*//'` > >if [ "$pid" = "" ]; then > > # Restart it > > PATH=${virusdir}:$PATH > > echo Starting virus scanner... > > $process $config > >else > > echo Running with pid $pid > >fi > ># > > > >This list has been invaluable In getting this product up and running. > >Thanks for the help > > > >-Joshua Baron > > > > > >HTC Disclaimer: The information contained in this message may be > >privileged and confidential and protected from disclosure. > If the reader > >of this message is not the intended recipient, or an > employee or agent > >responsible for delivering this message to the intended > recipient, you are > >hereby notified that any dissemination, distribution or > copying of this > >communication is strictly prohibited. If you have received this > >communication in error, please notify us immediately by > replying to the > >message and deleting it from your computer. Thank you. > > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ > HTC Disclaimer: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. From LISTSERV at JISCMAIL.AC.UK Wed Aug 7 19:01:25 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:23 2006 Subject: MAILSCANNER: gdr@GNO.ORG requested to join Message-ID: <200208071801.TAA11611@magpie.ecs.soton.ac.uk> Wed, 7 Aug 2002 19:01:25 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from Devin Reade . You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER gdr@GNO.ORG Devin Reade The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+gdr%40GNO.ORG+Devin+Reade&L=MAILSCANNER ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From mailscanner at ecs.soton.ac.uk Wed Aug 7 19:39:19 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:23 2006 Subject: Anecdote: My life with mailscanner (so far) In-Reply-To: Message-ID: <5.1.0.14.2.20020807193812.02c3c8b0@imap.ecs.soton.ac.uk> At 18:45 07/08/2002, you wrote: > > Try reducing the max size of a message batch. How much memory has your > > Compaq box got? And I hope you are running MailTools-5.411a > > and not any of > > the 5.5 series (which the author acknowledges have massive > > memory leaks). > >Hmm.... this may be something. I have 512MB on the server, and that should >be adequate (?). However, the version of MailTools I pulled from CPAN is >1.47.... dated Jul 5 2002. Is there a later? Where? You can get the real thing from the author's site: www.zeegee.com. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From nwp at LEMON-COMPUTING.COM Wed Aug 7 19:52:30 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:15:23 2006 Subject: True64 Unix changes to check_mailscanner In-Reply-To: References: Message-ID: <20020807185230.GU6477@smoke.lemon.localdomain> On Wed, Aug 07, 2002 at 11:07:17AM -0400, Joshua Baron wrote: > then the examples included in the file. If the developers read over this > maybe they will include this within thier check_mailscanner file, for the > True64 users of thier product. As we make modifications for our > environment i may post other changes we make. I've actually already made a bunch of changes to check_mailscanner, but they are only currently used if you use the auto-installer. We don't currently ship the auto-installer, as Jules hasn't got round to using it yet, and we were going to put it in version 4. However, since it seems that version 4 is going to be a complete rewrite and will take a while. I guess we should/could consider putting it out sooner than that. (I'd like to anyway cos I wrote it and it feels like it's going to go to waste otherwise ;) ) In the meantime, could you possibly check whether the attached check_mailscanner.in, when renamed to check_mailscanner and suitably edited to replace the autoconf placeholders (@something@), works on Tru64? Cheers, Nick -- Nick Phillips -- nwp@lemon-computing.com Your love life will be... interesting. -------------- next part -------------- #!/bin/sh # # check_mailscanner # # $Id: check_mailscanner.in,v 1.2 2002/05/29 07:08:00 nwp Exp $ # # Script to check whether mailscanner process is running, and # start it up if not. # # Copyright (C) 2002 Julian Field, Nick Phillips # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # # The author, Julian Field, can be contacted by email at # Jules@JulianField.net # or by paper mail at # Julian Field # Dept of Electronics & Computer Science # University of Southampton # Southampton # SO17 1BJ # United Kingdom # # Check that the virus scanner is still running. # Re-start it if necessary. # This can also be used from the init script to # start it in the first place. process=mailscanner virusdir=@sbindir@ config=@sysconfdir@/mailscanner.conf # These seem to get put all over the shop... AWK=@AWK@ GREP=@GREP@ # ...but surely everyone has these in /bin? PS=/bin/ps UNAME=/bin/uname if test -z `$UNAME | $GREP BSD` ; then # not BSD; everything else seems to do POSIX pid=`COLUMNS=500 $PS -ef | $GREP '[ ]'$virusdir/$process | $AWK '{print $2}'` else # (Open|Free|Net)BSD pid=`$PS -axww | $GREP '[ ]'$virusdir/$process | $AWK '{print $1}'` fi if [ "$pid" = "" ]; then # Restart it PATH=${virusdir}:$PATH echo Starting virus scanner... $process $config else echo Running with pid $pid fi From LISTSERV at JISCMAIL.AC.UK Wed Aug 7 19:52:22 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:23 2006 Subject: MAILSCANNER: dwhiteside+mailscanner@TIERCEL.UWATERLOO.CA requested to join Message-ID: <200208071852.TAA15763@magpie.ecs.soton.ac.uk> Wed, 7 Aug 2002 19:52:22 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from Dawn Keenan . You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER dwhiteside+mailscanner@TIERCEL.UWATERLOO.CA Dawn Keenan The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+dwhiteside%2Bmailscanner%40TIERCEL.UWATERLOO.CA+Dawn+Keenan&L=MAILSCANNER ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From Mark.Gillis at HTCINC.NET Wed Aug 7 20:43:12 2002 From: Mark.Gillis at HTCINC.NET (Gillis, Mark) Date: Thu Jan 12 21:15:23 2006 Subject: True64 Unix changes to check_mailscanner Message-ID: Your mileage may vary, but I had to make a few changes to your script to get it to go in my Tru64 test box. Specifically, the locations of awk and grep, and the format of the ps | grep construct. Searching for $virusdir$config rather than $virusdir$process yielded better results for me. Otherwise, it always started mailscanner, already running or not. Attached herein. > -----Original Message----- > From: Nick Phillips [mailto:nwp@LEMON-COMPUTING.COM] > Sent: Wednesday, August 07, 2002 2:53 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: True64 Unix changes to check_mailscanner > > > On Wed, Aug 07, 2002 at 11:07:17AM -0400, Joshua Baron wrote: > > > then the examples included in the file. If the developers > read over this > > maybe they will include this within thier check_mailscanner > file, for the > > True64 users of thier product. As we make modifications for our > > environment i may post other changes we make. > > I've actually already made a bunch of changes to > check_mailscanner, but > they are only currently used if you use the auto-installer. > > We don't currently ship the auto-installer, as Jules hasn't > got round to > using it yet, and we were going to put it in version 4. > However, since it > seems that version 4 is going to be a complete rewrite and > will take a while. > I guess we should/could consider putting it out sooner than that. > > (I'd like to anyway cos I wrote it and it feels like it's > going to go to > waste otherwise ;) ) > > In the meantime, could you possibly check whether the attached > check_mailscanner.in, when renamed to check_mailscanner and > suitably edited > to replace the autoconf placeholders (@something@), works on Tru64? > > > > Cheers, > > > Nick > > -- > Nick Phillips -- nwp@lemon-computing.com > Your love life will be... interesting. > HTC Disclaimer: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. -------------- next part -------------- A non-text attachment was scrubbed... Name: check_mailscanner.out Type: application/octet-stream Size: 1994 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020807/2d2b3fbb/check_mailscanner.obj From rabollinger at ATTBI.COM Wed Aug 7 22:12:19 2002 From: rabollinger at ATTBI.COM (Richard Bollinger) Date: Thu Jan 12 21:15:23 2006 Subject: Minor Installation Oddity: /var/spool/MailScanner mustn't be soft-linked Message-ID: <024001c23e57$1e127c40$8b030180@elliottturbo.com> Apparently the /var/spool/MailScanner directory has to be *exactly* there. I had soft-linked it to another drive and things fell apart if a virus was found. Same symptom even if the entire /var/spool directory was soft-linked elsewhere. The virus wasn't properly quarantined (in fact the email was sent on unchanged) and the notifications were all broken. I put it back at /var/spool/MailScanner and everything worked fine. /var/spool/mqueue.in and /var/spool/mqueue are both soft linked to another drive. That seems to be OK. We're running these versions: Slackware 8.0 base distribution Linux 2.4.18 kernel uvscan 4.14.0 sendmail 8.11.6 perl 5.6.1 MailScanner-3.22.10 io-stringy-1.220.tar.gz mime-base64-2.12.tar.gz mailtools-1.47.tar.gz file-spec-0.82.tar.gz mime-tools-5.411a.tar.gz file-temp-0.12.tar.gz convert-tnef-0.17.tar.gz Ideas? Thanks, Rich Bollinger, Elliott Company From mailscanner at ecs.soton.ac.uk Wed Aug 7 22:18:04 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:23 2006 Subject: Minor Installation Oddity: /var/spool/MailScanner mustn't be soft-linked In-Reply-To: <024001c23e57$1e127c40$8b030180@elliottturbo.com> Message-ID: <5.1.0.14.2.20020807221509.04d4b168@imap.ecs.soton.ac.uk> At 22:12 07/08/2002, you wrote: >Apparently the /var/spool/MailScanner directory has to be *exactly* >there. I had soft-linked it to >another drive and things fell apart if a virus was found. Same symptom >even if the entire >/var/spool directory was soft-linked elsewhere. > >The virus wasn't properly quarantined (in fact the email was sent on >unchanged) and the >notifications were all broken. > >I put it back at /var/spool/MailScanner and everything worked fine. > >/var/spool/mqueue.in and /var/spool/mqueue are both soft linked to another >drive. That seems to be >OK. Never come across anyone who wanted to do that before, sorry. As a general rule, if you put softlink the directories MailScanner uses, then put the *real* path in the mailscanner.conf file, not any path that follows soft-links. This occurs primarily with the 2 queue directories. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From LISTSERV at JISCMAIL.AC.UK Wed Aug 7 22:13:51 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:23 2006 Subject: MAILSCANNER: roger@INFOMED.SLD.CU requested to join Message-ID: <200208072113.WAA25034@magpie.ecs.soton.ac.uk> Wed, 7 Aug 2002 22:13:51 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from Roger Penha . You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER roger@INFOMED.SLD.CU Roger Penha The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+roger%40INFOMED.SLD.CU+Roger+Penha&L=MAILSCANNER ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From davidnorman at NTLWORLD.COM Wed Aug 7 23:29:57 2002 From: davidnorman at NTLWORLD.COM (David Norman) Date: Thu Jan 12 21:15:23 2006 Subject: User Unknown References: Message-ID: <002f01c23e61$f5c874a0$c800a8c0@hawkslade.lan> Thanks for your advice, after careful analysis I have resolved my problem, configuration error in mailscanner.conf ----- Original Message ----- From: Matt Doherty To: MAILSCANNER@JISCMAIL.AC.UK Sent: Wednesday, August 07, 2002 5:30 PM Subject: Re: User Unknown I have RedHat 7.2 doing the same. sendmail only on the receiving one to scan and pass it along to the one running both pop and sendmail. It is also important to have high priority mail sent to the mailscanning server and another MX record set to low priority pointing to the server of which your pop service and senmail are on. Im wondering if your DNS is misconfigured. for both MX records.. Matt Doherty IT Dept Datawatch Corp >>In a world without walls or fences, who needs Windows and Gates?<< -----Original Message----- From: David Norman [mailto:davidnorman@NTLWORLD.COM] Sent: Wednesday, August 07, 2002 1:04 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: User Unknown Hello I have just installed a Red Hat Linux 7.3 system running Mailscanner. The system will be acting at as a mail gateway scanning mail and forwarding onto an internal lan mail server. I have made use of the /etc/mail/mailertable file to forward on scanned mail to the appropriate lan mail server. I have added appropriate domain into /etc/mail/relay-domains When inbound mail for the domain comes in sendmail is bouncing the mail with 550 User Unknown I have test machine running under the same conditions on test network which is working fine. I am racking my brains as to what I have missed out. Can anybody give me a few pointers as to what I have forgotten ? Thanks David From baron at ITECH.NET Thu Aug 8 00:00:11 2002 From: baron at ITECH.NET (Joshua Baron) Date: Thu Jan 12 21:15:23 2006 Subject: True64 Unix changes to check_mailscanner In-Reply-To: Message-ID: I'm Glad some of you found my post useful. Our main problem prior to our changes with the check_mailscanner file was everytime cron would kickoff the file using the basic setup for solaris it would kick off another instance of mailscanner. causing parse errors. (not normal outlook tnef errors) I found that the changes I submitted had helped our priblems with it reloading every 5 mins (frequency of our check_scanmails cronjob) Paths may vary depending how the admin has thier true64 box setup. our current setup for our production server is an alpha server 300/266 running true64 5.1A, our test box is an alpha station 200 running 5.1A as well. I will take a look at these atached files when i get into work tommarow. -Joshua Baron On Wed, 7 Aug 2002, Gillis, Mark wrote: Your mileage may vary, but I had to make a few changes to your script to get it to go in my Tru64 test box. Specifically, the locations of awk and grep, and the format of the ps | grep construct. Searching for $virusdir$config rather than $virusdir$process yielded better results for me. Otherwise, it always started mailscanner, already running or not. Attached herein. > -----Original Message----- > From: Nick Phillips [mailto:nwp@LEMON-COMPUTING.COM] > Sent: Wednesday, August 07, 2002 2:53 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: True64 Unix changes to check_mailscanner > > > On Wed, Aug 07, 2002 at 11:07:17AM -0400, Joshua Baron wrote: > > > then the examples included in the file. If the developers > read over this > > maybe they will include this within thier check_mailscanner > file, for the > > True64 users of thier product. As we make modifications for our > > environment i may post other changes we make. > > I've actually already made a bunch of changes to > check_mailscanner, but > they are only currently used if you use the auto-installer. > > We don't currently ship the auto-installer, as Jules hasn't > got round to > using it yet, and we were going to put it in version 4. > However, since it > seems that version 4 is going to be a complete rewrite and > will take a while. > I guess we should/could consider putting it out sooner than that. > > (I'd like to anyway cos I wrote it and it feels like it's > going to go to > waste otherwise ;) ) > > In the meantime, could you possibly check whether the attached > check_mailscanner.in, when renamed to check_mailscanner and > suitably edited > to replace the autoconf placeholders (@something@), works on Tru64? > > > > Cheers, > > > Nick > > -- > Nick Phillips -- nwp@lemon-computing.com > Your love life will be... interesting. > HTC Disclaimer: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. From ralloway at CHARTERPA.NET Thu Aug 8 04:06:03 2002 From: ralloway at CHARTERPA.NET (Richard D Alloway) Date: Thu Jan 12 21:15:23 2006 Subject: DansGuardian Anti-Virus Plugin Patch Available (based off the MailScanner!) In-Reply-To: <3D45B49F.7000603@pcxperience.com> Message-ID: I don't suppose anyone has considered working on an inverse project? I'd like to be able to use the content filtering heuristics of DansGuardian within MailScanner! Thanks! -Rich On Mon, 29 Jul 2002, James A. Pattie wrote: > Hello everyone. > > Just announcing that I've made available for beta testing the first > version of my Anti-Virus plugin for DansGuardian (www.dansguardian.org) > that is based largely off of the scanning code and support scripts that > MailScanner uses. DansGuardian is a web proxy that does content > filtering, PICS ratings, etc. > > You can get the patch from www.pcxperience.org > > Currently I have only tested F-Prot and so would appreciate any debug > help from those users that are using other virus engines. > > > Thanks Julian for making such a great product! > > -- > James A. Pattie > james@pcxperience.com > > Linux -- SysAdmin / Programmer > Xperience, Inc. > http://www.pcxperience.com/ > http://www.xperienceinc.com/ > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > From todd-lists at DECAGON.COM Thu Aug 8 06:54:27 2002 From: todd-lists at DECAGON.COM (Todd Martin) Date: Thu Jan 12 21:15:23 2006 Subject: Webmail survey says... Message-ID: Thanks for all the great (and surprisingly plentiful) responses. Julian and others asked for a summary report back to the list -- I guess the question wasn't as OT as I thought... Here's the packages people mentioned using in no particular order: SquirrelMail http://www.squirrelmail.org IMP http://imp.horde.org IMHO (IMap HOst) http://www.lysator.liu.se/~stewa/IMHO/dev.html WebMail http://www.netwinsite.com (not open source) TWIG http://twig.screwdriver.net Openwebmail http://www.openwebmail.org/ Joydesk www.virtualtek.com Neomail http://neomail.sourceforge.net/ sqwebmail http://www.inter7.com/sqwebmail/ nullwebmail http://nullwebmail.sourceforge.net/ For you Qmailers...there is a list of webmail packages on http://qmail.org/top.html. AFAIK Qmail will work with most (any?) IMAP/POP webmail too. SquirrelMail and IMP got the highest raves by far. IMP is generally acknowledged to have many requirements (I'll say -- just take a look at the FreeBSD ports dependency list for this package!). Matt Laney suggests SquirrelMail is good for small number of users (~500) and SqWebMail can handle "large undertakings". He also points out SqWebMail only supports maildirs (qmail, postfix, maildrop/courier). S Mohan has tried several and has his own (very helpful) summary. I hope he will forgive me for quoting him in full here: I've looked at - meaning installed and played around the following. 1. Popper. 2. Postaci. 3. SquirrelMail. 4. WWW Mail. 5. Jwebmail. 6. Horde/IMP. 7. atdot. 8. Openwebmail. 9. Neomail. I started with atdot, moved on to wwwmail initially. By then I had got used to web based email and then started doing a detailed search. My feedback is as follows: Popper has a Outlook97 like interface and runs on PHP/MySQL. Postaci also requires MySQL. WWWMail/atdot/Openwebmail runs on perl and standard flat files. SquirrelMail runs on PHP/MySQL. My criteria were the following: 1. Ease of standard install. 2. Folder support, personalisation support, multiple bag aggregation/popping, mail routing rules, inline attachment handling. I tried to avoid MySQL as I wanted my users to use webmail as well as pop their mailbags. I also found perl was faster than PHP. My pick of the lot was SquirrelMail and Openwebmail ( An tremendous improvement over Neomail). I chose Openwebmail as it did not require MySQL, was fast and in specific terms handled inline attachments the best. It also has passowrd change from within and thus obviated the need for me to set up a separate web page for password change. Good features: 1. Vacation/ Autoreply. 2. Icons/ styles. 3. Customised signatures etc. 4. Login history. 5. Filtering based on rules, faked smtp, javascript disabling. 6. Ability to turn on and off features globally. 7. Active mailing list, Good Support from T Chung - website maintainer. 8. SMTP, Sender blocking per user etc. Openwebmail is tied down to sendmail and uses sendmail features to implement a few things while SquirrelMail will work with both. There were a lot more but I did a feature scan, screenshot survey before I looked at the packages above. To echo S Mohan: "HTH" -- I know it did for me. ~Todd From stefano at CDH.IT Thu Aug 8 10:44:56 2002 From: stefano at CDH.IT (Stefano Carlotto) Date: Thu Jan 12 21:15:23 2006 Subject: sendmail log altered Message-ID: <5.1.1.6.0.20020808114452.03153e50@mail.cdh.it> some news on the from: missing line. today I made some tries, and i found that if the sender use smtp ( HELO ), sendmail logs from: line, if the sender use esmtp ( EHLO ), sendmail do not logs from: line... someone has got some ideas? From dhlii at 1DLA.COM Thu Aug 8 11:28:22 2002 From: dhlii at 1DLA.COM (David H. Lynch Jr.) Date: Thu Jan 12 21:15:23 2006 Subject: How do I get MailScanner to pass Spamassassin Headers through ? In-Reply-To: <5.1.0.14.2.20020807172708.04ab3fc0@imap.ecs.soton.ac.uk> Message-ID: <002a01c23ec6$669eb900$9814dfce@1dla.com> Apparently I had the always include Spamassassin header option turned on. I can probably live with filtering based on the presence or absence of the X-Mailscanner-spamcheck: header. Modifying the subject is a non-starter. I guess there are places in the world that do so, not only do my users get POed if the easily visible parts of an e-mail get modified, but pretty much all e-mail users I know get ticked if you modify their messages. Headers that they do not ordinarily see do not count, but any of the fields that are ordinarily visible or the body of the message are out of bounds. I nearly had a revolt when we first installed Spamassassin. I am not sure whether the report was in the body, or the subject line or possible some of both, but no one was happy. In my dream world I still think I would like to see the Spamassassin report headers optionally left in the message if that is the way I choose to setup MailScanner. Thank You, at least I have a workable answer. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Wednesday, August 07, 2002 12:32 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: How do I get MailScanner to pass Spamassassin Headers through ? At 13:44 07/08/2002, you wrote: > I am using Exim and Spamassassin under Debian, with Outlook clients. > Prior to adding MailScanner - which I am mostly happy with, to >the mix, I had Spamassassin setup to add its report to the message >headers as > below: > X-Spam-Status: Yes, hits=11 required=5 > tests=NO_REAL_NAME,FROM_ENDS_IN_NUM > S,EXCUSE_15,REMOVE_PAGE,THIS_AINT_SPAM,RCVD_IN_OSIRUSOFT_COM >X-Spam-Flag: YES >X-Spam-Prev-Content-Type: text/plain; charset="iso-8859-1" > > > I do not believe I have changed my Spamassassin configuration but >now I only get what basically is a digested version of this from >MailScanner. I am particularly interested in the header >X-Xpam-Flag: YES If you enable "Use SpamAssassin = yes" in mailscanner.conf, then you will get an "X-MailScanner-SpamCheck" header if it spam. If SpamAssassin is what made MailScanner think the message was spam, then you will get the report containing the list of successful tests in that header. You will not get the header unless it is spam (unless you force it to always include the SpamAssassin header). To make the filtering process in Outlook even easier, MailScanner will add "{SPAM?}" at the start of the subject line if MailScanner thought it was spam. So your clients don't even have to work out how to filter on the presence of an arbitrary header, they just have to filter on "{SPAM?}" appearing in the subject line, which the Outlook/Eudora filtering wizards make very simple. You can of course change the "{SPAM?}" text to anything you like, and you can rename the "X-MailScanner-SpamCheck" header as well. > > Outlook is not particularly good at parsing headers to make > filtering decisions. I would love to be dealing with better > capabilities, but the clients I have use outlook and will likely for > some time to come. In the meantime, we do not block any suspected SPAM > (alright we do block some ridiculously high scorers), for the most > part we leave it up to the recipient to implement filters based on the > headers that Spamassassin adds. the presence or absence of a simple > header with a yes or no value is inside Outlooks limited filtering > capability. If numeric comparisons are then I am not as well versed > with outlook as I thought. > > Anyway, do I have something in MailScanner configured wrong ? Is > there some way to keep it from stripping out the Spamassassin headers > ? I checked the past couple months of mailing list archives and while > I did not read every messages, I read anything that looked like it > might have some bearing. I learned allot, but not the answer I am > looking for. > > Thank you. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From dahlberg at BUCKNELL.EDU Thu Aug 8 11:47:33 2002 From: dahlberg at BUCKNELL.EDU (Michael Dahlberg) Date: Thu Jan 12 21:15:23 2006 Subject: Logging Problems Message-ID: <20020808104733.GA708@bucknell.edu> After upgrading to Mailscanner 3.22-10 and the latest set of Solaris 8 patches, I'm getting no Mailscanner logging information. (1) Syslog does not start with the '-t' option (2) I'm using Sendmail 8.12.4, not the one installed with Solaris. In mailscanner.conf I kept logging set to mail and tried "HUP"ing syslogd...no luck. I set logging to local4 in mailscanner.conf and setup syslog to log local4, priority debug to /var/log/mscanlog and HUP'ed syslogd...no luck. Any suggestions would be most appreciated. Mike Michael Dahlberg Systems Integrator Bucknell University dahlberg@bucknell.edu From andersan at LTKALMAR.SE Thu Aug 8 12:46:03 2002 From: andersan at LTKALMAR.SE (Anders Andersson, IT) Date: Thu Jan 12 21:15:23 2006 Subject: Question about spamassasin Message-ID: <7B475DC5E9502B4D91EA73C283AE48D70263EAD2@lkl22.ltkalmar.se> Hi I will try to add spamassasin to my working mailscanner. Ive looked around but there is some things I cant figure out. Should I use spamassin with sendmail or mailscanner? With sendmail I think I have to go threw Milter? If I understand it right mailscanner will call for spamassasin just like it does with AV-programs? Best practise, use whitelist etc in mailscanner or spamassasin? Any performance differense I should consider between the 2 ways of using it? Kind regards /Anders Oh, thanks for the help with Net::FTP, I got it running but something got screwed. I get all kind of strange msg when using other perl scripts so I wanna try out spamassasin before I reinstall my server =) From Mark.Gillis at HTCINC.NET Thu Aug 8 13:40:55 2002 From: Mark.Gillis at HTCINC.NET (Gillis, Mark) Date: Thu Jan 12 21:15:23 2006 Subject: Contents of a message can kill MailScanner? Message-ID: I do not know if this is a MailScanner issue, or a Sophos issue. Here's the error message from syslog: Commercial virus checker failed with real error: Modification of a read-only value attempted at /usr/local/lib/perl5/5.8.0/alpha-dec_osf/Sys/Syslog.pm line 296, line 1. Whereupon mailscanner died. This continued to occur after each restart. I tried changing the conf options regarding TNEF, same results. I moved the files comprising the first message in mqueue.in to /tmp and restarted MailScanner... it then caught up and is running normally. The message in question looks very much like a run-of-the-mill Klez copy, judging by the text of the message. I will continue to play with it -- if anybody else would like to look at it, let me know. Why is it always me that stubs his toe on the fun ones? Thanks, mark HTC Disclaimer: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. From mailscanner at ecs.soton.ac.uk Thu Aug 8 13:58:18 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:23 2006 Subject: How do I get MailScanner to pass Spamassassin Headers through ? In-Reply-To: <002a01c23ec6$669eb900$9814dfce@1dla.com> References: <5.1.0.14.2.20020807172708.04ab3fc0@imap.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020808135749.02becef8@imap.ecs.soton.ac.uk> At 11:28 08/08/2002, you wrote: > In my dream world I still think I would like to see the >Spamassassin report headers optionally left in the message if that is >the way I choose to setup MailScanner. It's not simply a matter of "leaving" them in the message. They aren't there to start with. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From mailscanner at ecs.soton.ac.uk Thu Aug 8 13:59:44 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:23 2006 Subject: Logging Problems In-Reply-To: <20020808104733.GA708@bucknell.edu> Message-ID: <5.1.0.14.2.20020808135851.02cf9f28@imap.ecs.soton.ac.uk> At 11:47 08/08/2002, you wrote: >After upgrading to Mailscanner 3.22-10 and the latest set of Solaris 8 >patches, I'm getting no Mailscanner logging information. (1) Syslog >does not start with the '-t' option (2) I'm using Sendmail 8.12.4, not >the one installed with Solaris. In mailscanner.conf I kept logging set >to mail and tried "HUP"ing syslogd...no luck. I set logging to local4 >in mailscanner.conf and setup syslog to log local4, priority debug to >/var/log/mscanlog and HUP'ed syslogd...no luck. Read the man page for your syslogd and work out how to make it log messages that arrive via UDP. In Solaris there is one option to remove from its default command-line in the init.d script. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From stefano at CDH.IT Thu Aug 8 13:59:50 2002 From: stefano at CDH.IT (Stefano Carlotto) Date: Thu Jan 12 21:15:23 2006 Subject: sendmail log altered Message-ID: <5.1.1.6.0.20020808145947.03eab938@mail.cdh.it> increasing log level of sendmail from standard 9 to 10 seems to solve this problem. hope it's useful for someone From mailscanner at ecs.soton.ac.uk Thu Aug 8 14:02:38 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:23 2006 Subject: Question about spamassasin In-Reply-To: <7B475DC5E9502B4D91EA73C283AE48D70263EAD2@lkl22.ltkalmar.se > Message-ID: <5.1.0.14.2.20020808140000.02ce1bb0@imap.ecs.soton.ac.uk> At 12:46 08/08/2002, you wrote: >I will try to add spamassasin to my working mailscanner. >Ive looked around but there is some things I cant figure >out. There are some notes in the Installation FAQ on the MailScanner web site about installing and building SpamAssassin. >Should I use spamassin with sendmail or mailscanner? MailScanner. >With sendmail I think I have to go threw Milter? Ignore all that. >If I understand it right mailscanner will call for >spamassasin just like it does with AV-programs? No, it interfaces directly to the SpamAssassin perl API, it doesn't use any extra programs (such as the spamassassin script, or spamc or spamd) to talk to SpamAssassin. >Best practise, use whitelist etc in mailscanner >or spamassasin? If you use RBLs in your MailScanner setup then you probably want to do most of your whitelisting in MailScanner. However, SpamAssassins auto-whitelisting feature is pretty good, and you turn that on via a mailscanner.conf entry. >Any performance differense I should consider between >the 2 ways of using it? Get MailScanner to call it. No process startup cost at all. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From Mark.Gillis at HTCINC.NET Thu Aug 8 14:42:48 2002 From: Mark.Gillis at HTCINC.NET (Gillis, Mark) Date: Thu Jan 12 21:15:23 2006 Subject: Contents of a message can kill MailScanner? Message-ID: That subroutine seems to be in sweep.pl.. I un-commented the print "$line"; line you already had in there, changed .conf to point to my test mqueue directory, and ran mailscanner from the command line. Same results, and the print $line did not seem to engage. I tried simply print "$line" as well as print STDERR "$line", same results. please let me know if I am barking up the wrong tree. > -----Original Message----- > From: Nick Phillips [mailto:nwp@LEMON-COMPUTING.COM] > Sent: Thursday, August 08, 2002 8:55 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Contents of a message can kill MailScanner? > > > On Thu, Aug 08, 2002 at 08:40:55AM -0400, Gillis, Mark wrote: > > I do not know if this is a MailScanner issue, or a Sophos issue. > > MailScanner. > > > Here's the error message from syslog: > > > > Commercial virus checker failed with real error: > Modification of a read-only > > value attempted at > /usr/local/lib/perl5/5.8.0/alpha-dec_osf/Sys/Syslog.pm > > line 296, line 1. > > It looks like Perl 5.8 probably has a different/new > Sys::Syslog implementation, > which is causing problems with something that is happening > during processing > of the output from Sophos. It would be good to be able to see > the message > that sophos is generating at that point; if you insert a > "print STDERR $line" > at an appropriate point in the ProcessSophosOutput function and start > mailscanner from a terminal window, you should see this. > > If you don't know what I'm talking about, shout. > > I don't have perl 5.8 yet, so won't be able to debug this on > my systems yet. > If no-one else has found the problem in the meantime, I'll be > able to start > playing with it the week after next when I get home again. > > > > Why is it always me that stubs his toe on the fun ones? > > Can you say "early adopter"? ;) > > > > Cheers, > > > Nick > -- > Nick Phillips -- nwp@lemon-computing.com > Bank error in your favor. Collect $200. > HTC Disclaimer: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. From dahlberg at bucknell.edu Thu Aug 8 14:44:05 2002 From: dahlberg at bucknell.edu (Michael Dahlberg) Date: Thu Jan 12 21:15:23 2006 Subject: Logging Problems In-Reply-To: <5.1.0.14.2.20020808135851.02cf9f28@imap.ecs.soton.ac.uk> References: <20020808104733.GA708@bucknell.edu> <5.1.0.14.2.20020808135851.02cf9f28@imap.ecs.soton.ac.uk> Message-ID: <20020808134404.GA227@bucknell.edu> Yes.. that's the -t switch. From the Solaris 8 syslogd man page: -t Disable the syslogd UPD port to turn off logging of remote messages. Unfortunately, the syslog daemon that starts from /etc/init.d does not start with the -t option. Therefore that's not the problem. Mike Michael Dahlberg Systems Integrator Bucknell University dahlberg@bucknell.edu Julian Field [mailscanner@ECS.SOTON.AC.UK] wrote: > At 11:47 08/08/2002, you wrote: > >After upgrading to Mailscanner 3.22-10 and the latest set of Solaris 8 > >patches, I'm getting no Mailscanner logging information. (1) Syslog > >does not start with the '-t' option (2) I'm using Sendmail 8.12.4, not > >the one installed with Solaris. In mailscanner.conf I kept logging set > >to mail and tried "HUP"ing syslogd...no luck. I set logging to local4 > >in mailscanner.conf and setup syslog to log local4, priority debug to > >/var/log/mscanlog and HUP'ed syslogd...no luck. > > Read the man page for your syslogd and work out how to make it log messages > that arrive via UDP. In Solaris there is one option to remove from its > default command-line in the init.d script. > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ From gdr at GNO.ORG Thu Aug 8 14:47:21 2002 From: gdr at GNO.ORG (Devin Reade) Date: Thu Jan 12 21:15:23 2006 Subject: Webmail survey says... In-Reply-To: References: Message-ID: <7790000.1028814441@[192.168.50.4]> Having just joined this list, I didn't see the original survey. However one product that was not mentioned was SilkyMail . This was based on IMP, but they supposedly cleaned it up a bit and offer optional commercial support. I have no first hand experience with Silkymail (as yet). Like IMP, it's really a web-to-IMAP interface, with address books, user prefs, etc. -- Devin Reade From matt at kaminer.com Thu Aug 8 14:06:19 2002 From: matt at kaminer.com (Matt Kaminer) Date: Thu Jan 12 21:15:23 2006 Subject: Webmail survey says... In-Reply-To: References: Message-ID: <29448.65.205.80.66.1028811979.squirrel@webmail.mmc.net> You do not need MySQL to run SquirrelMail. Only if you want to support back end databases. We have 30 users and have do not run MySQL. Todd Martin said: > Thanks for all the great (and surprisingly plentiful) responses. > Julian and others asked for a summary report back to the list -- I > guess the question wasn't as OT as I thought... > > Here's the packages people mentioned using in no particular order: > SquirrelMail http://www.squirrelmail.org > IMP http://imp.horde.org > IMHO (IMap HOst) http://www.lysator.liu.se/~stewa/IMHO/dev.html > WebMail http://www.netwinsite.com (not open source) > TWIG http://twig.screwdriver.net > Openwebmail http://www.openwebmail.org/ > Joydesk www.virtualtek.com > Neomail http://neomail.sourceforge.net/ > sqwebmail http://www.inter7.com/sqwebmail/ > nullwebmail http://nullwebmail.sourceforge.net/ > > For you Qmailers...there is a list of webmail packages on > http://qmail.org/top.html. AFAIK Qmail will work with most (any?) > IMAP/POP webmail too. > > SquirrelMail and IMP got the highest raves by far. IMP is generally > acknowledged to have many requirements (I'll say -- just take a look at > the FreeBSD ports dependency list for this package!). > > Matt Laney suggests SquirrelMail is good for small number of users > (~500) and SqWebMail can handle "large undertakings". He also points > out SqWebMail only supports maildirs (qmail, postfix, > maildrop/courier). > > S Mohan has tried several and has his own (very helpful) summary. I > hope he will forgive me for quoting him in full here: > > I've looked at - meaning installed and played around the following. 1. > Popper. > 2. Postaci. > 3. SquirrelMail. > 4. WWW Mail. > 5. Jwebmail. > 6. Horde/IMP. > 7. atdot. > 8. Openwebmail. > 9. Neomail. > > I started with atdot, moved on to wwwmail initially. By then I had got > used to web based email and then started doing a detailed search. My > feedback is as follows: > > Popper has a Outlook97 like interface and runs on PHP/MySQL. Postaci > also requires MySQL. WWWMail/atdot/Openwebmail runs on perl and > standard flat files. SquirrelMail runs on PHP/MySQL. > > My criteria were the following: > 1. Ease of standard install. > 2. Folder support, personalisation support, multiple bag > aggregation/popping, mail routing rules, inline attachment handling. > > I tried to avoid MySQL as I wanted my users to use webmail as well as > pop their mailbags. I also found perl was faster than PHP. My pick of > the lot was SquirrelMail and Openwebmail ( An tremendous improvement > over Neomail). I chose Openwebmail as it did not require MySQL, was > fast and in specific terms handled inline attachments the best. It also > has passowrd change from within and thus obviated the need for me to > set up a separate web page for password change. > > Good features: > 1. Vacation/ Autoreply. > 2. Icons/ styles. > 3. Customised signatures etc. > 4. Login history. > 5. Filtering based on rules, faked smtp, javascript disabling. > 6. Ability to turn on and off features globally. > 7. Active mailing list, Good Support from T Chung - website maintainer. > 8. SMTP, Sender blocking per user etc. > > Openwebmail is tied down to sendmail and uses sendmail features to > implement a few things while SquirrelMail will work with both. > > There were a lot more but I did a feature scan, screenshot survey > before I looked at the packages above. > > To echo S Mohan: "HTH" -- I know it did for me. > > ~Todd From james at PCXPERIENCE.COM Thu Aug 8 15:17:44 2002 From: james at PCXPERIENCE.COM (James A. Pattie) Date: Thu Jan 12 21:15:23 2006 Subject: DansGuardian Anti-Virus Plugin Patch Available (based off the MailScanner!) References: Message-ID: <3D527D88.7050504@pcxperience.com> That was going to be the next project I worked on. :) Basically we would just have to take the c++ modules that DansGuardian has for the content filtering and embed them in MailScanner via something like Inline::CPP. The hardest part will be the config files - do we use the same as DansGuardian or do we want our own copy? Then after embedding the c++ modules, we would need to figure out where they are to be called, etc. We probably will have to modify them slightly in regards to data structures, etc. Richard D Alloway wrote: > I don't suppose anyone has considered working on an inverse project? > > I'd like to be able to use the content filtering heuristics of > DansGuardian within MailScanner! > > Thanks! > > -Rich > > On Mon, 29 Jul 2002, James A. Pattie wrote: > > >>Hello everyone. >> >>Just announcing that I've made available for beta testing the first >>version of my Anti-Virus plugin for DansGuardian (www.dansguardian.org) >>that is based largely off of the scanning code and support scripts that >>MailScanner uses. DansGuardian is a web proxy that does content >>filtering, PICS ratings, etc. >> >>You can get the patch from www.pcxperience.org >> >>Currently I have only tested F-Prot and so would appreciate any debug >>help from those users that are using other virus engines. >> >> >>Thanks Julian for making such a great product! >> >>-- >>James A. Pattie >>james@pcxperience.com >> >>Linux -- SysAdmin / Programmer >>Xperience, Inc. >>http://www.pcxperience.com/ >>http://www.xperienceinc.com/ >> >> >>-- >>This message has been scanned for viruses and >>dangerous content by MailScanner, and is >>believed to be clean. >> > > -- James A. Pattie james@pcxperience.com Linux -- SysAdmin / Programmer Xperience, Inc. http://www.pcxperience.com/ http://www.xperienceinc.com/ -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From japerez at CORREO.UAA.MX Thu Aug 8 15:50:46 2002 From: japerez at CORREO.UAA.MX (Jos=?ISO-8859-1?Q?=E9_Antonio_P=E9rez_Hern=E1ndez?=) Date: Thu Jan 12 21:15:23 2006 Subject: OT: which webmail Message-ID: <200208081450.g78Eosr02459@ori.rl.ac.uk> Hi. I found a page in CRU.FR which talks about programs for mail access through web gateways (it's basically a comparison of characteristis): http://www.cru.fr/http-mail/ HTH Salu2. Jos? Antonio From mike at CAMAROSS.NET Thu Aug 8 16:11:01 2002 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:15:23 2006 Subject: Question about spamassasin References: <5.1.0.14.2.20020808140000.02ce1bb0@imap.ecs.soton.ac.uk> Message-ID: <021801c23eed$cf41c340$6501a8c0@home.wideopenthrottle.org> Wasn't there talk a little while back about installing SA before installing MS due to the changes MS makes to perl? Mike ----- Original Message ----- From: "Julian Field" To: Sent: Thursday, August 08, 2002 8:02 AM Subject: Re: Question about spamassasin > At 12:46 08/08/2002, you wrote: > >I will try to add spamassasin to my working mailscanner. > >Ive looked around but there is some things I cant figure > >out. > > There are some notes in the Installation FAQ on the MailScanner web site > about installing and building SpamAssassin. > > >Should I use spamassin with sendmail or mailscanner? > > MailScanner. > > >With sendmail I think I have to go threw Milter? > > Ignore all that. > > >If I understand it right mailscanner will call for > >spamassasin just like it does with AV-programs? > > No, it interfaces directly to the SpamAssassin perl API, it doesn't use any > extra programs (such as the spamassassin script, or spamc or spamd) to talk > to SpamAssassin. > > >Best practise, use whitelist etc in mailscanner > >or spamassasin? > > If you use RBLs in your MailScanner setup then you probably want to do most > of your whitelisting in MailScanner. However, SpamAssassins > auto-whitelisting feature is pretty good, and you turn that on via a > mailscanner.conf entry. > > >Any performance differense I should consider between > >the 2 ways of using it? > > Get MailScanner to call it. No process startup cost at all. > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ > From mike at CAMAROSS.NET Thu Aug 8 16:14:50 2002 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:15:23 2006 Subject: OT: which webmail References: <200208081450.g78Eosr02459@ori.rl.ac.uk> Message-ID: <024001c23eee$5756cc80$6501a8c0@home.wideopenthrottle.org> I use Endymion Mailman and have been happy with it for years. http://www.endymion.com/products/mailman/ Mike ----- Original Message ----- From: "Jos? Antonio P?rez Hern?ndez" To: Sent: Thursday, August 08, 2002 9:50 AM Subject: Re: OT: which webmail > Hi. > I found a page in CRU.FR which talks about programs for mail access through web gateways > (it's basically a comparison of characteristis): > > http://www.cru.fr/http-mail/ > > HTH > > Salu2. > Jos? Antonio > From nospam at WCC.NET Thu Aug 8 16:23:27 2002 From: nospam at WCC.NET (Kip Turk) Date: Thu Jan 12 21:15:23 2006 Subject: Slow virus scanning Message-ID: I'm noticing a major slowdown on one of my scanning systems due to slow passes through McAfee. On my dual P3 1.2GHz machine with 1GB of RAM, I get the following: Aug 8 10:03:35 mspiggy1 mailscanner[20400]: Scanned 100 messages, 2543512 bytes in 120 seconds Aug 8 10:06:18 mspiggy1 mailscanner[20400]: Scanned 100 messages, 6419661 bytes in 155 seconds Aug 8 10:06:29 mspiggy1 mailscanner[20400]: Scanned 100 messages, 1965103 bytes in 6 seconds Aug 8 10:06:42 mspiggy1 mailscanner[20400]: Scanned 100 messages, 848385 bytes in 8 seconds Aug 8 10:06:54 mspiggy1 mailscanner[20400]: Scanned 100 messages, 924177 bytes in 7 seconds Aug 8 10:07:06 mspiggy1 mailscanner[20400]: Scanned 100 messages, 1052457 bytes in 9 seconds Aug 8 10:07:21 mspiggy1 mailscanner[20400]: Scanned 100 messages, 2507492 bytes in 12 seconds Aug 8 10:10:26 mspiggy1 mailscanner[20400]: Scanned 100 messages, 7166859 bytes in 180 seconds Aug 8 10:10:38 mspiggy1 mailscanner[20400]: Scanned 100 messages, 3183740 bytes in 6 seconds Aug 8 10:13:18 mspiggy1 mailscanner[20400]: Scanned 100 messages, 7290147 bytes in 159 seconds So a big chunk of the messages are taking inordinately long amounts of time to scan. On my second box (dual P3 600MHz with 512MB RAM) all the scans are in the 1 to 10 second range. The systems are both running mailscanner 2.31 with identical versions of McAfee and mailscanner.conf. Any ideas why my bigger box is moving mail so slow? I'm ending up with 1000+ messages waiting to be scanned and even isolating this box from the world, it takes 15 minutes or so to fully flush mqueue.in. I'm about to test F-Prot, but thought I'd look for other ideas also. Thanks, -- Kip Turk, RHCE spamdies@wcc.net Systems Administrator/Killer of Spam/Writer of Code/Penguin Proponent West Central Net - tel: 915.234.5678 / 800.695.9016 fax: 915.656.0071 -.-. --- -.. . / -- --- -. -.- . -.-- --..-- / .... .- -.-. -.- . .-. From LISTSERV at JISCMAIL.AC.UK Thu Aug 8 15:59:51 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:23 2006 Subject: MAILSCANNER: roger@INFOMED.SLD.CU left the list Message-ID: <200208081459.PAA07633@magpie.ecs.soton.ac.uk> Thu, 8 Aug 2002 15:59:51 Roger Penha has just signed off the MAILSCANNER list (MailScanner mailing list). ------------------------- Original mail header -------------------------- Return-Path: Received: from 130.246.135.154 by JISCMAIL.AC.UK (SMTPL release 1.0f) with TCP; Thu, 8 Aug 2002 15:58:18 +0100 Received: from mail.sld.cu (mail.sld.cu [216.72.25.69]) by nori.rl.ac.uk (8.11.1/8.11.1) with ESMTP id g78EwBh20248 for ; Thu, 8 Aug 2002 15:58:12 +0100 Received: (from daemon@localhost) by mail.sld.cu (8.11.6/8.11.6) id g78ESL422561 for ; Thu, 8 Aug 2002 10:28:21 -0400 Received: from UNKNOWN(196.1.112.17), claiming to be "infomed.sld.cu" via SMTP by mail.sld.cu, id smtpdV0AEmh; Thu Aug 8 10:28:20 2002 Received: from imed.sld.cu (imed-2.sld.cu [196.1.112.24]) by infomed.sld.cu (8.11.6/8.11.6) with ESMTP id g78ERRV22708 for ; Thu, 8 Aug 2002 10:27:27 -0400 Received: (from apache@localhost) by imed.sld.cu (8.11.6/8.11.6) id g78ERQI29537 for LISTSERV@JISCMAIL.AC.UK; Thu, 8 Aug 2002 10:27:26 -0400 Received: from 63.170.173.234 ( [63.170.173.234]) as user roger@infomed.sld.cu by webmail.sld.cu with HTTP; Thu, 8 Aug 2002 10:27:26 -0400 Message-ID: <1028816846.3d527fce624b3@webmail.sld.cu> Date: Thu, 8 Aug 2002 10:27:26 -0400 From: =?ISO-8859-1?B?Um9nZXIgUGXxYSBFc2NvYmlv?= To: LISTSERV@JISCMAIL.AC.UK MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit User-Agent: Internet Messaging Program (IMP) 3.1 X-Originating-IP: 63.170.173.234 X-MailScanner: Found to be clean From andersan at LTKALMAR.SE Thu Aug 8 16:48:55 2002 From: andersan at LTKALMAR.SE (Anders Andersson, IT) Date: Thu Jan 12 21:15:23 2006 Subject: SV: Question about spamassasin Message-ID: <7B475DC5E9502B4D91EA73C283AE48D70263EAD4@lkl22.ltkalmar.se> > -----Ursprungligt meddelande----- > Fr?n: Mike Kercher [mailto:mike@CAMAROSS.NET] > Skickat: den 8 augusti 2002 17:11 > Till: MAILSCANNER@JISCMAIL.AC.UK > ?mne: Re: Question about spamassasin > > > Wasn't there talk a little while back about installing SA > before installing > MS due to the changes MS makes to perl? > > Mike Better wait then to reinstall my computer until I see if someone can verify that. Searched the archives but nothing there. > > ----- Original Message ----- > From: "Julian Field" > To: > Sent: Thursday, August 08, 2002 8:02 AM > Subject: Re: Question about spamassasin > > > > At 12:46 08/08/2002, you wrote: > > >I will try to add spamassasin to my working mailscanner. > > >Ive looked around but there is some things I cant figure > > >out. > > > > There are some notes in the Installation FAQ on the > MailScanner web site > > about installing and building SpamAssassin. > > > > >Should I use spamassin with sendmail or mailscanner? > > > > MailScanner. > > > > >With sendmail I think I have to go threw Milter? > > > > Ignore all that. > > > > >If I understand it right mailscanner will call for > > >spamassasin just like it does with AV-programs? > > > > No, it interfaces directly to the SpamAssassin perl API, it > doesn't use > any > > extra programs (such as the spamassassin script, or spamc > or spamd) to > talk > > to SpamAssassin. > > > > >Best practise, use whitelist etc in mailscanner > > >or spamassasin? > > > > If you use RBLs in your MailScanner setup then you probably > want to do > most > > of your whitelisting in MailScanner. However, SpamAssassins > > auto-whitelisting feature is pretty good, and you turn that on via a > > mailscanner.conf entry. > > > > >Any performance differense I should consider between > > >the 2 ways of using it? > > > > Get MailScanner to call it. No process startup cost at all. > > -- > > Julian Field Teaching Systems Manager > > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > > Tel. 023 8059 2817 University of Southampton > > Southampton SO17 1BJ > > > From mailscanner at ecs.soton.ac.uk Thu Aug 8 16:57:04 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:23 2006 Subject: Slow virus scanning In-Reply-To: Message-ID: <5.1.0.14.2.20020808165411.058fc228@imap.ecs.soton.ac.uk> Search the directory given in your mailscanner.conf file as Incoming Work Dir = /var/spool/MailScanner/incoming for any "core" files. I intended to fix that in a previous version, but only noticed on Tuesday that it had somehow become "$F" instead of the "$f" it was supposed to be, which stopped the core file deletion code from working properly. Must have been the keyboard fairies :-) If you want to fix the code yourself, look in workarea.pl for the word "core" and you will find a line starting "$F". Change that to "$f" and it will do something rather more useful... At 16:23 08/08/2002, you wrote: >I'm noticing a major slowdown on one of my scanning systems due to slow >passes through McAfee. On my dual P3 1.2GHz machine with 1GB of RAM, I >get the following: > >Aug 8 10:03:35 mspiggy1 mailscanner[20400]: Scanned 100 messages, >2543512 bytes in 120 seconds >Aug 8 10:06:18 mspiggy1 mailscanner[20400]: Scanned 100 messages, >6419661 bytes in 155 seconds >Aug 8 10:06:29 mspiggy1 mailscanner[20400]: Scanned 100 messages, >1965103 bytes in 6 seconds >Aug 8 10:06:42 mspiggy1 mailscanner[20400]: Scanned 100 messages, >848385 bytes in 8 seconds >Aug 8 10:06:54 mspiggy1 mailscanner[20400]: Scanned 100 messages, >924177 bytes in 7 seconds >Aug 8 10:07:06 mspiggy1 mailscanner[20400]: Scanned 100 messages, >1052457 bytes in 9 seconds >Aug 8 10:07:21 mspiggy1 mailscanner[20400]: Scanned 100 messages, >2507492 bytes in 12 seconds >Aug 8 10:10:26 mspiggy1 mailscanner[20400]: Scanned 100 messages, >7166859 bytes in 180 seconds >Aug 8 10:10:38 mspiggy1 mailscanner[20400]: Scanned 100 messages, >3183740 bytes in 6 seconds >Aug 8 10:13:18 mspiggy1 mailscanner[20400]: Scanned 100 messages, >7290147 bytes in 159 seconds > >So a big chunk of the messages are taking inordinately long amounts of >time to scan. On my second box (dual P3 600MHz with 512MB RAM) all the >scans are in the 1 to 10 second range. The systems are both running >mailscanner 2.31 with identical versions of McAfee and mailscanner.conf. >Any ideas why my bigger box is moving mail so slow? I'm ending up with >1000+ messages waiting to be scanned and even isolating this box from >the world, it takes 15 minutes or so to fully flush mqueue.in. I'm >about to test F-Prot, but thought I'd look for other ideas also. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From mailscanner at ecs.soton.ac.uk Thu Aug 8 16:53:37 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:23 2006 Subject: Question about spamassasin In-Reply-To: <021801c23eed$cf41c340$6501a8c0@home.wideopenthrottle.org> References: <5.1.0.14.2.20020808140000.02ce1bb0@imap.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020808165316.02cf72f0@imap.ecs.soton.ac.uk> At 16:11 08/08/2002, you wrote: >Wasn't there talk a little while back about installing SA before installing >MS due to the changes MS makes to perl? There was? What changes? >Mike > >----- Original Message ----- >From: "Julian Field" >To: >Sent: Thursday, August 08, 2002 8:02 AM >Subject: Re: Question about spamassasin > > > > At 12:46 08/08/2002, you wrote: > > >I will try to add spamassasin to my working mailscanner. > > >Ive looked around but there is some things I cant figure > > >out. > > > > There are some notes in the Installation FAQ on the MailScanner web site > > about installing and building SpamAssassin. > > > > >Should I use spamassin with sendmail or mailscanner? > > > > MailScanner. > > > > >With sendmail I think I have to go threw Milter? > > > > Ignore all that. > > > > >If I understand it right mailscanner will call for > > >spamassasin just like it does with AV-programs? > > > > No, it interfaces directly to the SpamAssassin perl API, it doesn't use >any > > extra programs (such as the spamassassin script, or spamc or spamd) to >talk > > to SpamAssassin. > > > > >Best practise, use whitelist etc in mailscanner > > >or spamassasin? > > > > If you use RBLs in your MailScanner setup then you probably want to do >most > > of your whitelisting in MailScanner. However, SpamAssassins > > auto-whitelisting feature is pretty good, and you turn that on via a > > mailscanner.conf entry. > > > > >Any performance differense I should consider between > > >the 2 ways of using it? > > > > Get MailScanner to call it. No process startup cost at all. > > -- > > Julian Field Teaching Systems Manager > > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > > Tel. 023 8059 2817 University of Southampton > > Southampton SO17 1BJ > > -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From mailscanner at ecs.soton.ac.uk Thu Aug 8 16:52:13 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:23 2006 Subject: Logging Problems In-Reply-To: <20020808134404.GA227@bucknell.edu> References: <5.1.0.14.2.20020808135851.02cf9f28@imap.ecs.soton.ac.uk> <20020808104733.GA708@bucknell.edu> <5.1.0.14.2.20020808135851.02cf9f28@imap.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020808165131.02cd3120@imap.ecs.soton.ac.uk> At 14:44 08/08/2002, you wrote: >Yes.. that's the -t switch. From the Solaris 8 syslogd man page: > -t Disable the syslogd UPD port to turn off logging of > remote messages. >Unfortunately, the syslog daemon that starts from /etc/init.d >does not start with the -t option. Therefore that's not the >problem. In which case it must be your /etc/syslog.conf file. Make sure you are logging "mail" at "info" and above. Use the "logger" command (if you have one) to test it out. >Mike > >Michael Dahlberg >Systems Integrator >Bucknell University >dahlberg@bucknell.edu > >Julian Field [mailscanner@ECS.SOTON.AC.UK] wrote: > > At 11:47 08/08/2002, you wrote: > > >After upgrading to Mailscanner 3.22-10 and the latest set of Solaris 8 > > >patches, I'm getting no Mailscanner logging information. (1) Syslog > > >does not start with the '-t' option (2) I'm using Sendmail 8.12.4, not > > >the one installed with Solaris. In mailscanner.conf I kept logging set > > >to mail and tried "HUP"ing syslogd...no luck. I set logging to local4 > > >in mailscanner.conf and setup syslog to log local4, priority debug to > > >/var/log/mscanlog and HUP'ed syslogd...no luck. > > > > Read the man page for your syslogd and work out how to make it log messages > > that arrive via UDP. In Solaris there is one option to remove from its > > default command-line in the init.d script. > > -- > > Julian Field Teaching Systems Manager > > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > > Tel. 023 8059 2817 University of Southampton > > Southampton SO17 1BJ -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From mike at CAMAROSS.NET Thu Aug 8 17:07:07 2002 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:15:23 2006 Subject: Question about spamassasin References: <5.1.0.14.2.20020808140000.02ce1bb0@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020808165316.02cf72f0@imap.ecs.soton.ac.uk> Message-ID: <02dc01c23ef5$a5280c10$6501a8c0@home.wideopenthrottle.org> Forgive my terminology...perl gets upgraded :) This is what I was referring to: ----- Original Message ----- From: "Julian Field" To: Sent: Wednesday, May 22, 2002 3:19 AM Subject: Re: MS not starting after SpamAssassin install > At 01:26 22/05/2002, you wrote: > > I have Mailscanner running. when I installed spamassassin I tried running > >./check_mailscanner and ./check_mailscanner.linux but they come up w/ > >this... > > In the process of installing SpamAssassin, your copy of Perl got upgraded > too. The "old version hunting" that Perl does isn't quite enough for > SpamAssassin to work. So you'll need to re-install SpamAssassin. Then it > should go. ----- Original Message ----- From: "Julian Field" To: Sent: Thursday, August 08, 2002 10:53 AM Subject: Re: Question about spamassasin > At 16:11 08/08/2002, you wrote: > >Wasn't there talk a little while back about installing SA before installing > >MS due to the changes MS makes to perl? > > There was? What changes? > > > >Mike > > > >----- Original Message ----- > >From: "Julian Field" > >To: > >Sent: Thursday, August 08, 2002 8:02 AM > >Subject: Re: Question about spamassasin > > > > > > > At 12:46 08/08/2002, you wrote: > > > >I will try to add spamassasin to my working mailscanner. > > > >Ive looked around but there is some things I cant figure > > > >out. > > > > > > There are some notes in the Installation FAQ on the MailScanner web site > > > about installing and building SpamAssassin. > > > > > > >Should I use spamassin with sendmail or mailscanner? > > > > > > MailScanner. > > > > > > >With sendmail I think I have to go threw Milter? > > > > > > Ignore all that. > > > > > > >If I understand it right mailscanner will call for > > > >spamassasin just like it does with AV-programs? > > > > > > No, it interfaces directly to the SpamAssassin perl API, it doesn't use > >any > > > extra programs (such as the spamassassin script, or spamc or spamd) to > >talk > > > to SpamAssassin. > > > > > > >Best practise, use whitelist etc in mailscanner > > > >or spamassasin? > > > > > > If you use RBLs in your MailScanner setup then you probably want to do > >most > > > of your whitelisting in MailScanner. However, SpamAssassins > > > auto-whitelisting feature is pretty good, and you turn that on via a > > > mailscanner.conf entry. > > > > > > >Any performance differense I should consider between > > > >the 2 ways of using it? > > > > > > Get MailScanner to call it. No process startup cost at all. > > > -- > > > Julian Field Teaching Systems Manager > > > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > > > Tel. 023 8059 2817 University of Southampton > > > Southampton SO17 1BJ > > > > > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ > From andersan at LTKALMAR.SE Thu Aug 8 17:20:15 2002 From: andersan at LTKALMAR.SE (Anders Andersson, IT) Date: Thu Jan 12 21:15:23 2006 Subject: SV: Question about spamassasin Message-ID: <7B475DC5E9502B4D91EA73C283AE48D70263EAD5@lkl22.ltkalmar.se> Oh, so I can safely start fixing my broken computer. So to be on the safe side: F-prot and Uvscan Spamassasin Mailscanner Anything else? Thanks for all the help /Anders This time Im gona install everything for pearl first so I dont have to use CPAN again :) > -----Ursprungligt meddelande----- > Fr?n: Mike Kercher [mailto:mike@CAMAROSS.NET] > Skickat: den 8 augusti 2002 18:07 > Till: MAILSCANNER@JISCMAIL.AC.UK > ?mne: Re: Question about spamassasin > > > Forgive my terminology...perl gets upgraded :) > > This is what I was referring to: > > ----- Original Message ----- > From: "Julian Field" > To: > Sent: Wednesday, May 22, 2002 3:19 AM > Subject: Re: MS not starting after SpamAssassin install > > > > At 01:26 22/05/2002, you wrote: > > > I have Mailscanner running. when I installed > spamassassin I tried > running > > >./check_mailscanner and ./check_mailscanner.linux but they > come up w/ > > >this... > > > > In the process of installing SpamAssassin, your copy of > Perl got upgraded > > too. The "old version hunting" that Perl does isn't quite enough for > > SpamAssassin to work. So you'll need to re-install > SpamAssassin. Then it > > should go. > > > > ----- Original Message ----- > From: "Julian Field" > To: > Sent: Thursday, August 08, 2002 10:53 AM > Subject: Re: Question about spamassasin > > > > At 16:11 08/08/2002, you wrote: > > >Wasn't there talk a little while back about installing SA before > installing > > >MS due to the changes MS makes to perl? > > > > There was? What changes? > > > > > > >Mike > > > > > >----- Original Message ----- > > >From: "Julian Field" > > >To: > > >Sent: Thursday, August 08, 2002 8:02 AM > > >Subject: Re: Question about spamassasin > > > > > > > > > > At 12:46 08/08/2002, you wrote: > > > > >I will try to add spamassasin to my working mailscanner. > > > > >Ive looked around but there is some things I cant figure > > > > >out. > > > > > > > > There are some notes in the Installation FAQ on the > MailScanner web > site > > > > about installing and building SpamAssassin. > > > > > > > > >Should I use spamassin with sendmail or mailscanner? > > > > > > > > MailScanner. > > > > > > > > >With sendmail I think I have to go threw Milter? > > > > > > > > Ignore all that. > > > > > > > > >If I understand it right mailscanner will call for > > > > >spamassasin just like it does with AV-programs? > > > > > > > > No, it interfaces directly to the SpamAssassin perl > API, it doesn't > use > > >any > > > > extra programs (such as the spamassassin script, or > spamc or spamd) to > > >talk > > > > to SpamAssassin. > > > > > > > > >Best practise, use whitelist etc in mailscanner > > > > >or spamassasin? > > > > > > > > If you use RBLs in your MailScanner setup then you > probably want to do > > >most > > > > of your whitelisting in MailScanner. However, SpamAssassins > > > > auto-whitelisting feature is pretty good, and you turn > that on via a > > > > mailscanner.conf entry. > > > > > > > > >Any performance differense I should consider between > > > > >the 2 ways of using it? > > > > > > > > Get MailScanner to call it. No process startup cost at all. > > > > -- > > > > Julian Field Teaching Systems Manager > > > > jkf@ecs.soton.ac.uk Dept. of Electronics & > Computer Science > > > > Tel. 023 8059 2817 University of Southampton > > > > Southampton SO17 1BJ > > > > > > > > -- > > Julian Field Teaching Systems Manager > > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > > Tel. 023 8059 2817 University of Southampton > > Southampton SO17 1BJ > > > From zabriskw at ITECH.NET Thu Aug 8 17:15:24 2002 From: zabriskw at ITECH.NET (Kris Zabriskie) Date: Thu Jan 12 21:15:23 2006 Subject: Web Search Message-ID: <002501c23ef6$cd6a7c20$9802a8c0@saturn> Hello everyone. I am running MailScanner on a Tru64 machine (V.5.1) and am very happy with the performance of it. I am curious however if there is a program/script that will allow users to check and see what email has been quarantined for that user. I am working on writing a CGI script in C that will verify a user name and password then search through the quarantine directories and show them the e-mails that MailScanner has pulled. The script will also allow them to toss it back into the queue for delivery. Is anyone aware of something that might help with this? Kris Zabriskie -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020808/082a0829/attachment.html From LISTSERV at JISCMAIL.AC.UK Thu Aug 8 17:35:58 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:23 2006 Subject: MAILSCANNER: patrick@IMPTOY.COM left the list Message-ID: <200208081635.RAA16322@magpie.ecs.soton.ac.uk> Thu, 8 Aug 2002 17:35:58 Patrick Hall has just signed off the MAILSCANNER list (MailScanner mailing list). ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From ralloway at CHARTERPA.NET Thu Aug 8 17:35:30 2002 From: ralloway at CHARTERPA.NET (Richard D Alloway) Date: Thu Jan 12 21:15:23 2006 Subject: DansGuardian Anti-Virus Plugin Patch Available (based off the MailScanner!) In-Reply-To: <20020808075949.GX6477@smoke.lemon.localdomain> Message-ID: That would be just wonderful! Is there an estimated time of release for the Big New Version ? :) Thanks! -Rich On Thu, 8 Aug 2002, Nick Phillips wrote: > On Wed, Aug 07, 2002 at 11:06:03PM -0400, Richard D Alloway wrote: > > I don't suppose anyone has considered working on an inverse project? > > > > I'd like to be able to use the content filtering heuristics of > > DansGuardian within MailScanner! > > We're trying to design the Big New Version in such a way that you can > have completely modular scanning, so at that point it would be (relatively) > easy for someone to implement such a beast. > > > Cheers, > > > Nick > -- > Nick Phillips -- nwp@lemon-computing.com > Tuesday After Lunch is the cosmic time of the week. > From lbergman at abi.tconline.net Thu Aug 8 17:25:12 2002 From: lbergman at abi.tconline.net (Lewis Bergman) Date: Thu Jan 12 21:15:23 2006 Subject: Web Search In-Reply-To: <002501c23ef6$cd6a7c20$9802a8c0@saturn> References: <002501c23ef6$cd6a7c20$9802a8c0@saturn> Message-ID: <200208081125.12719.lbergman@abi.tconline.net> On Thursday 08 August 2002 11:15 am, Kris Zabriskie wrote: > Hello everyone. I am running MailScanner on a Tru64 machine (V.5.1) and am > very happy with the performance of it. I am curious however if there is a > program/script that will allow users to check and see what email has been > quarantined for that user. I am working on writing a CGI script in C that > will verify a user name and password then search through the quarantine > directories and show them the e-mails that MailScanner has pulled. The > script will also allow them to toss it back into the queue for delivery. > Is anyone aware of something that might help with this? > > Kris Zabriskie No but sounds pretty nifty. If you get it running I'll be happy to try it on an x86 ;) -- Lewis Bergman Texas Communications 4309 Maple St. Abilene, TX 79602-8044 915-695-6962 ext 115 From ralloway at CHARTERPA.NET Thu Aug 8 17:49:22 2002 From: ralloway at CHARTERPA.NET (Richard D Alloway) Date: Thu Jan 12 21:15:23 2006 Subject: DansGuardian Anti-Virus Plugin Patch Available (based off the MailScanner!) In-Reply-To: <3D527D88.7050504@pcxperience.com> Message-ID: On Thu, 8 Aug 2002, James A. Pattie wrote: > That was going to be the next project I worked on. :) Great! > Basically we would just have to take the c++ modules that DansGuardian > has for the content filtering and embed them in MailScanner via > something like Inline::CPP. The hardest part will be the config files - > do we use the same as DansGuardian or do we want our own copy? I would imagine that it would be a good idea to have the option of seperate config files, but perhaps default to using the (possibly) existing DansGuardian config files. My company is hopefully purchasing the $450 USD license so we would have unlimited users, servers, and sites. This would make it quite legal to install another copy of DG on the MailScanner box. > Then after embedding the c++ modules, we would need to figure out where > they are to be called, etc. We probably will have to modify them > slightly in regards to data structures, etc. I'm not familiar with how MailScanner/SpamAssassin/DansGuardian work internally, but how about taking the score returned by SpamAssassin and use DG to increase the score (SAHits?) based on the content of the message? If DG finds that the content is not appropriate, then increase the score by, say, 100 and configure MailScanner's High Score to 99 and High Score Action to delete. Just my $0.02 :) -Rich > Richard D Alloway wrote: > > I don't suppose anyone has considered working on an inverse project? > > > > I'd like to be able to use the content filtering heuristics of > > DansGuardian within MailScanner! > > > > Thanks! > > > > -Rich > > > > On Mon, 29 Jul 2002, James A. Pattie wrote: > > > > > >>Hello everyone. > >> > >>Just announcing that I've made available for beta testing the first > >>version of my Anti-Virus plugin for DansGuardian (www.dansguardian.org) > >>that is based largely off of the scanning code and support scripts that > >>MailScanner uses. DansGuardian is a web proxy that does content > >>filtering, PICS ratings, etc. > >> > >>You can get the patch from www.pcxperience.org > >> > >>Currently I have only tested F-Prot and so would appreciate any debug > >>help from those users that are using other virus engines. > >> > >> > >>Thanks Julian for making such a great product! > >> > >>-- > >>James A. Pattie > >>james@pcxperience.com > >> > >>Linux -- SysAdmin / Programmer > >>Xperience, Inc. > >>http://www.pcxperience.com/ > >>http://www.xperienceinc.com/ > >> > >> > >>-- > >>This message has been scanned for viruses and > >>dangerous content by MailScanner, and is > >>believed to be clean. > >> > > > > > > > -- > James A. Pattie > james@pcxperience.com > > Linux -- SysAdmin / Programmer > Xperience, Inc. > http://www.pcxperience.com/ > http://www.xperienceinc.com/ > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > From ralloway at CHARTERPA.NET Thu Aug 8 17:52:24 2002 From: ralloway at CHARTERPA.NET (Richard D Alloway) Date: Thu Jan 12 21:15:23 2006 Subject: DansGuardian Anti-Virus Plugin Patch Available (based off the MailScanner!) In-Reply-To: <20020808164513.GH6477@smoke.lemon.localdomain> Message-ID: On Thu, 8 Aug 2002, Nick Phillips wrote: > On Thu, Aug 08, 2002 at 12:35:30PM -0400, Richard D Alloway wrote: > > > Is there an estimated time of release for the Big New Version ? :) > > Not yet. > > Ambiguity intentional. *laugh* I will sit by patiently, in that case :) Thanks again! -Rich > Cheers, > > Nick > -- > Nick Phillips -- nwp@lemon-computing.com > A long-forgotten loved one will appear soon. > > Buy the negatives at any price. From mailscanner at ecs.soton.ac.uk Thu Aug 8 17:53:12 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:23 2006 Subject: DansGuardian Anti-Virus Plugin Patch Available (based off the MailScanner!) In-Reply-To: References: <20020808075949.GX6477@smoke.lemon.localdomain> Message-ID: <5.1.0.14.2.20020808175219.058b49c8@imap.ecs.soton.ac.uk> At 17:35 08/08/2002, you wrote: >Is there an estimated time of release for the Big New Version ? :) No, not yet. We haven't decided what the configuration file is going to look like yet (it might look like an Apache conf file, but there again it might not :) -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From mailscanner at ecs.soton.ac.uk Thu Aug 8 17:54:42 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:23 2006 Subject: Question about spamassasin In-Reply-To: <02dc01c23ef5$a5280c10$6501a8c0@home.wideopenthrottle.org> References: <5.1.0.14.2.20020808140000.02ce1bb0@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020808165316.02cf72f0@imap.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020808175334.09bc94c0@imap.ecs.soton.ac.uk> At 17:07 08/08/2002, you wrote: >Forgive my terminology...perl gets upgraded :) If you think your Perl may get upgraded (against your wishes) by the SpamAssassin install, then do that first. Using CPAN I stop it by thumping Ctrl-C *once* when it starts trying to do the autoconfiguration stuff for new version of Perl. >This is what I was referring to: > >----- Original Message ----- >From: "Julian Field" >To: >Sent: Wednesday, May 22, 2002 3:19 AM >Subject: Re: MS not starting after SpamAssassin install > > > > At 01:26 22/05/2002, you wrote: > > > I have Mailscanner running. when I installed spamassassin I tried >running > > >./check_mailscanner and ./check_mailscanner.linux but they come up w/ > > >this... > > > > In the process of installing SpamAssassin, your copy of Perl got upgraded > > too. The "old version hunting" that Perl does isn't quite enough for > > SpamAssassin to work. So you'll need to re-install SpamAssassin. Then it > > should go. > > > >----- Original Message ----- >From: "Julian Field" >To: >Sent: Thursday, August 08, 2002 10:53 AM >Subject: Re: Question about spamassasin > > > > At 16:11 08/08/2002, you wrote: > > >Wasn't there talk a little while back about installing SA before >installing > > >MS due to the changes MS makes to perl? > > > > There was? What changes? > > > > > > >Mike > > > > > >----- Original Message ----- > > >From: "Julian Field" > > >To: > > >Sent: Thursday, August 08, 2002 8:02 AM > > >Subject: Re: Question about spamassasin > > > > > > > > > > At 12:46 08/08/2002, you wrote: > > > > >I will try to add spamassasin to my working mailscanner. > > > > >Ive looked around but there is some things I cant figure > > > > >out. > > > > > > > > There are some notes in the Installation FAQ on the MailScanner web >site > > > > about installing and building SpamAssassin. > > > > > > > > >Should I use spamassin with sendmail or mailscanner? > > > > > > > > MailScanner. > > > > > > > > >With sendmail I think I have to go threw Milter? > > > > > > > > Ignore all that. > > > > > > > > >If I understand it right mailscanner will call for > > > > >spamassasin just like it does with AV-programs? > > > > > > > > No, it interfaces directly to the SpamAssassin perl API, it doesn't >use > > >any > > > > extra programs (such as the spamassassin script, or spamc or spamd) to > > >talk > > > > to SpamAssassin. > > > > > > > > >Best practise, use whitelist etc in mailscanner > > > > >or spamassasin? > > > > > > > > If you use RBLs in your MailScanner setup then you probably want to do > > >most > > > > of your whitelisting in MailScanner. However, SpamAssassins > > > > auto-whitelisting feature is pretty good, and you turn that on via a > > > > mailscanner.conf entry. > > > > > > > > >Any performance differense I should consider between > > > > >the 2 ways of using it? > > > > > > > > Get MailScanner to call it. No process startup cost at all. > > > > -- > > > > Julian Field Teaching Systems Manager > > > > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > > > > Tel. 023 8059 2817 University of Southampton > > > > Southampton SO17 1BJ > > > > > > > > -- > > Julian Field Teaching Systems Manager > > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > > Tel. 023 8059 2817 University of Southampton > > Southampton SO17 1BJ > > -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From mdunder at GE.UCL.AC.UK Thu Aug 8 18:06:11 2002 From: mdunder at GE.UCL.AC.UK (Mike Dunderdale) Date: Thu Jan 12 21:15:24 2006 Subject: Web Search In-Reply-To: <200208081125.12719.lbergman@abi.tconline.net> Message-ID: And I'll try it on a Solaris box.. ;) M. On Thu, 8 Aug 2002, Lewis Bergman wrote: > On Thursday 08 August 2002 11:15 am, Kris Zabriskie wrote: > > Hello everyone. I am running MailScanner on a Tru64 machine (V.5.1) and am > > very happy with the performance of it. I am curious however if there is a > > program/script that will allow users to check and see what email has been > > quarantined for that user. I am working on writing a CGI script in C that > > will verify a user name and password then search through the quarantine > > directories and show them the e-mails that MailScanner has pulled. The > > script will also allow them to toss it back into the queue for delivery. > > Is anyone aware of something that might help with this? > > > > Kris Zabriskie > No but sounds pretty nifty. If you get it running I'll be happy to try it on > an x86 ;) > -- > Lewis Bergman > Texas Communications > 4309 Maple St. > Abilene, TX 79602-8044 > 915-695-6962 ext 115 > ------------------------------------------------------------------------- Mike Dunderdale | tel: ++44 20 7679 2756 IT Systems Manager, Geomatic Engineering | fax: ++44 20 7380 0453 mike.dunderdale@ge.ucl.ac.uk | mob: ++44 7939 455 245 From james at PCXPERIENCE.COM Thu Aug 8 18:18:50 2002 From: james at PCXPERIENCE.COM (James A. Pattie) Date: Thu Jan 12 21:15:24 2006 Subject: DansGuardian Anti-Virus Plugin Patch Available (based off the MailScanner!) References: Message-ID: <3D52A7FA.3020405@pcxperience.com> Richard D Alloway wrote: > I'm not familiar with how MailScanner/SpamAssassin/DansGuardian work > internally, but how about taking the score returned by SpamAssassin and > use DG to increase the score (SAHits?) based on the content of the > message? > > If DG finds that the content is not appropriate, then increase the score > by, say, 100 and configure MailScanner's High Score to 99 and High Score > Action to delete. > That's one possibility (I didn't even think about). I was planning to make it be a toggle. either you don't allow the email at all, if innapropriate content is found, or you allow it and sanitize it (replace bad words with *'s, etc.) or just allow it but set some sort of header, etc. Also, I was thinking about having an email be sent to the admin or some defined person with either a copy of the email or the pertinent info so they can potentially talk to the sender, if needed by the companies policies, etc. > Just my $0.02 :) > > -Rich > -- James A. Pattie james@pcxperience.com Linux -- SysAdmin / Programmer Xperience, Inc. http://www.pcxperience.com/ http://www.xperienceinc.com/ -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From nospam at WCC.NET Thu Aug 8 18:25:20 2002 From: nospam at WCC.NET (Kip Turk) Date: Thu Jan 12 21:15:24 2006 Subject: Slow virus scans "fixed" Message-ID: I got my virus scanner working quickly again. On the large server, I had to set "Scanning By Domain = yes" and "Domains To Scan = /etc/mail/relay-domains". Once I restarted mailscanner with those settings, my mqueue.in flushed 900+ e-mail in less than 30 seconds. I didn't notice an inordinate number of outbound messages in the queue prior to the change. Could there be a glitch in the code? Protecting just my local users, I'm able to up the number/size of messages per batch and also run McAfee and F-Prot in tandem, which is what I was after overall. I've got more servers coming in next week so I can do more testing, but the current settings will hold me until then. Thanks for the help, -- Kip Turk, RHCE spamdies@wcc.net Systems Administrator/Killer of Spam/Writer of Code/Penguin Proponent West Central Net - tel: 915.234.5678 / 800.695.9016 fax: 915.656.0071 -.-. --- -.. . / -- --- -. -.- . -.-- --..-- / .... .- -.-. -.- . .-. From chicks at CHICKS.NET Thu Aug 8 18:31:31 2002 From: chicks at CHICKS.NET (Christopher Hicks) Date: Thu Jan 12 21:15:24 2006 Subject: Question about spamassasin In-Reply-To: <5.1.0.14.2.20020808175334.09bc94c0@imap.ecs.soton.ac.uk> Message-ID: On Thu, 8 Aug 2002, Julian Field wrote: > If you think your Perl may get upgraded (against your wishes) by the > SpamAssassin install, then do that first. > > Using CPAN I stop it by thumping Ctrl-C *once* when it starts trying to do > the autoconfiguration stuff for new version of Perl. Many, many people have had this problem. If you start CPAN and immediately upgrade just the CPAN module itself (not Bundle::CPAN or anything else) to the latest and greatest before you go about upgrading the rest of the world willy-nilly then the latest CPAN will recognize that it doesn't want to upgrade your perl on you. I've had to do this on a few dozen mostly RH Linux machines running perl 5.6 and 5.6.1 and it has made my life much easier. A deeper discussion can be found at: http://perlmonks.org/index.pl?node_id=97806 -- "The first rule of Perl club is you do not talk about Perl club." -- Chip Salzenberg From ralloway at CHARTERPA.NET Fri Aug 9 00:38:20 2002 From: ralloway at CHARTERPA.NET (Richard D Alloway) Date: Thu Jan 12 21:15:24 2006 Subject: DansGuardian Anti-Virus Plugin Patch Available (based off the MailScanner!) In-Reply-To: <3D52A7FA.3020405@pcxperience.com> Message-ID: On Thu, 8 Aug 2002, James A. Pattie wrote: > Richard D Alloway wrote: > > I'm not familiar with how MailScanner/SpamAssassin/DansGuardian work > > internally, but how about taking the score returned by SpamAssassin and > > use DG to increase the score (SAHits?) based on the content of the > > message? > > > > If DG finds that the content is not appropriate, then increase the score > > by, say, 100 and configure MailScanner's High Score to 99 and High Score > > Action to delete. > > > That's one possibility (I didn't even think about). I was planning to > make it be a toggle. either you don't allow the email at all, if > innapropriate content is found, or you allow it and sanitize it (replace > bad words with *'s, etc.) or just allow it but set some sort of header, > etc. I think it would be great to be able to choose which you would like. I think the setting of the header or a change of the subject line (like the current {SPAM?} prepend) would be of lesser value, at least to my customers. Perhaps replace bad words with *s and "quarantine" the email in case DansGuardian accidently flags a legit email and the customer wants the original. Most pr0n spam would most likely be removed due to the high SA score, anyhow, so "sanitizing" with *s for legitimate email with harsh language would be good! > Also, I was thinking about having an email be sent to the admin or > some defined person with either a copy of the email or the pertinent > info so they can potentially talk to the sender, if needed by the > companies policies, etc. Yet another good idea! -Rich > > Just my $0.02 :) > > > > -Rich > > > > > -- > James A. Pattie > james@pcxperience.com > > Linux -- SysAdmin / Programmer > Xperience, Inc. > http://www.pcxperience.com/ > http://www.xperienceinc.com/ > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > From smohan at VSNL.COM Fri Aug 9 01:16:48 2002 From: smohan at VSNL.COM (S Mohan) Date: Thu Jan 12 21:15:24 2006 Subject: OT: which webmail In-Reply-To: <024001c23eee$5756cc80$6501a8c0@home.wideopenthrottle.org> Message-ID: <000b01c23f3a$0f8b84d0$01000001@mohans> I've been following this thread since my post. I missed out a couple of things which worked in favour of Openwebmail for me. 1. Neat User interface. Looks better than SquirrelMail my other choice. 2. Excellent search and filtering facility. I did not look for this feature when I chose openwebmail but it has turned out to be a killer feature on use. Works Like the Find function on messages in Outlook. 3. Multi-domain support. I run a multi-domain mailing system and each domain can have different defaults. It allows email id based login as in such an environment, the in the email id and the real username are different. 4. I found the filter rule to weed out virus/ SPAM (when used with Mailscanner) based om subject tag. 5. The best use of screen real estate. 6. Minimal or full header display toggle which allows a user to trace mail origin in case he gets junk mail. Many of these features helped me let users understand mailing better as they did not have to go thro' the pain of editing with vi, seeing maillogs, message transcripts etc. While I did try IMP, I had problems installing it on a RH 6.2 m/c. Did not go thro' easily on dependencies. As of now, I think only Openwebmail provides multi-domain per domain configuration. Mohan -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mike Kercher Sent: Thursday, August 08, 2002 8:45 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: OT: which webmail I use Endymion Mailman and have been happy with it for years. http://www.endymion.com/products/mailman/ Mike ----- Original Message ----- From: "José Antonio Pérez Hernández" To: Sent: Thursday, August 08, 2002 9:50 AM Subject: Re: OT: which webmail > Hi. > I found a page in CRU.FR which talks about programs for mail access through web gateways > (it's basically a comparison of characteristis): > > http://www.cru.fr/http-mail/ > > HTH > > Salu2. > José Antonio > From LISTSERV at JISCMAIL.AC.UK Thu Aug 8 19:17:16 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:24 2006 Subject: MAILSCANNER: mailscannermarcw@RUTABAGA.CC.NDSU.NODAK.EDU requested to join Message-ID: <200208081817.TAA23935@magpie.ecs.soton.ac.uk> Thu, 8 Aug 2002 19:17:16 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from Marc Wallman . You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER mailscannermarcw@RUTABAGA.CC.NDSU.NODAK.EDU Marc Wallman The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+mailscannermarcw%40RUTABAGA.CC.NDSU.NODAK.EDU+Marc+Wallman&L=MAILSCANNER ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From LISTSERV at JISCMAIL.AC.UK Thu Aug 8 22:43:49 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:24 2006 Subject: MAILSCANNER: NFeasey@UTPRESS.UTORONTO.CA requested to join Message-ID: <200208082143.WAA07710@magpie.ecs.soton.ac.uk> Thu, 8 Aug 2002 22:43:49 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from Nicholas Feasey . You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER NFeasey@UTPRESS.UTORONTO.CA Nicholas Feasey The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+NFeasey%40UTPRESS.UTORONTO.CA+Nicholas+Feasey&L=MAILSCANNER ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From pcraven at LGU.AC.UK Fri Aug 9 11:42:22 2002 From: pcraven at LGU.AC.UK (Philip Craven) Date: Thu Jan 12 21:15:24 2006 Subject: Logging Problems References: <20020808104733.GA708@bucknell.edu> Message-ID: <3D539C8E.C9671032@lgu.ac.uk> I'm convinced this is caused by the latest syslogd patch for Solaris 8. If you have patch 110945-06 installed, try backing it out. Michael Dahlberg wrote: > > After upgrading to Mailscanner 3.22-10 and the latest set of Solaris 8 > patches, I'm getting no Mailscanner logging information. (1) Syslog > does not start with the '-t' option (2) I'm using Sendmail 8.12.4, not > the one installed with Solaris. In mailscanner.conf I kept logging set > to mail and tried "HUP"ing syslogd...no luck. I set logging to local4 > in mailscanner.conf and setup syslog to log local4, priority debug to > /var/log/mscanlog and HUP'ed syslogd...no luck. > > Any suggestions would be most appreciated. > > Mike > > Michael Dahlberg > Systems Integrator > Bucknell University > dahlberg@bucknell.edu -- Philip Craven Senior Systems Officer (UNIX) ICT Services, Academic Services London Metropolitan University (City Campus) 100 Minories, Tower Hill, London EC3N 1JY 020 7320 3156 From gerry at DORFAM.CA Fri Aug 9 12:23:12 2002 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:15:24 2006 Subject: OT: which webmail In-Reply-To: <000b01c23f3a$0f8b84d0$01000001@mohans> Message-ID: While I'm interested in the subject (I've found SquirrelMail to be great) I am curious why this thread is on the mailscanner list. Isn't it a little off topic or is Julian about to add webmail to mailscanner (I wouldn't put it past him!). -- Gerry "The lyfe so short, the craft so long to learne" Chaucer From mailscanner at ecs.soton.ac.uk Fri Aug 9 12:31:14 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:24 2006 Subject: OT: which webmail In-Reply-To: References: <000b01c23f3a$0f8b84d0$01000001@mohans> Message-ID: <5.1.0.14.2.20020809123030.02da1878@imap.ecs.soton.ac.uk> At 12:23 09/08/2002, you wrote: >While I'm interested in the subject (I've found SquirrelMail to be great) >I am curious why this thread is on the mailscanner list. Isn't it a >little off topic or is Julian about to add webmail to mailscanner (I >wouldn't put it past him!). Agreed. I didn't have any problem with the initial request for info (and the posted summary) but please can the discussion be taken elsewhere? Thanks folks! -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From LISTSERV at JISCMAIL.AC.UK Fri Aug 9 18:45:43 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:24 2006 Subject: MAILSCANNER: sean@NISD.NET requested to join Message-ID: <200208091745.SAA27291@magpie.ecs.soton.ac.uk> Fri, 9 Aug 2002 18:45:43 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from Sean Embry . You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER sean@NISD.NET Sean Embry The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+sean%40NISD.NET+Sean+Embry&L=MAILSCANNER ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From LISTSERV at JISCMAIL.AC.UK Fri Aug 9 20:09:06 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:24 2006 Subject: MAILSCANNER: ryan.henry.ml@EPSIIA.COM requested to join Message-ID: <200208091909.UAA03344@magpie.ecs.soton.ac.uk> Fri, 9 Aug 2002 20:09:06 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from Ryan Henry . You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER ryan.henry.ml@EPSIIA.COM Ryan Henry The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+ryan.henry.ml%40EPSIIA.COM+Ryan+Henry&L=MAILSCANNER ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From LISTSERV at JISCMAIL.AC.UK Sat Aug 10 06:33:05 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:24 2006 Subject: MAILSCANNER: mslist@PENFOLD.OWT.COM requested to join Message-ID: <200208100533.GAA06356@magpie.ecs.soton.ac.uk> Sat, 10 Aug 2002 06:33:05 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from Russ Hughes . You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER mslist@PENFOLD.OWT.COM Russ Hughes The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+mslist%40PENFOLD.OWT.COM+Russ+Hughes&L=MAILSCANNER ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From isp-list at TULSACONNECT.COM Sat Aug 10 14:57:51 2002 From: isp-list at TULSACONNECT.COM (ISP List) Date: Thu Jan 12 21:15:24 2006 Subject: MailScanner/SA crash (regex limit?) Message-ID: <5.1.1.6.2.20020810085440.03d3b8f8@securemail.tulsaconnect.com> Had my first MailScanner problem in quite a while this morning (well, it isn't really MailScanner, I suspect it is SpamAssassin, or rather some Perl limitation). Error is as follows: Quantifier in {,} bigger than 32766 before HERE mark in regex m/^45962\ \ Subject: (.{ << HERE 45953})/ MailScanner would croak after the above error, and ~7,000 messages backed up in the few hours it was looping with this error. I turned off SpamAssassin checking, and things went through OK. Suggestions as to ways to prevent this from occuring in the future? Why would MailScanner not just bypass the message causing it to croak and move on to the next one? --Mike From LISTSERV at JISCMAIL.AC.UK Sat Aug 10 12:31:29 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:24 2006 Subject: MAILSCANNER: sibert@KYXAR.FR requested to join Message-ID: <200208101131.MAA21800@magpie.ecs.soton.ac.uk> Sat, 10 Aug 2002 12:31:29 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from Rodolphe SIBERT . You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER sibert@KYXAR.FR Rodolphe SIBERT The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+sibert%40KYXAR.FR+Rodolphe+SIBERT&L=MAILSCANNER ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From mailscanner at ecs.soton.ac.uk Sat Aug 10 16:30:41 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:24 2006 Subject: MailScanner/SA crash (regex limit?) In-Reply-To: <5.1.1.6.2.20020810085440.03d3b8f8@securemail.tulsaconnect. com> Message-ID: <5.1.0.14.2.20020810162805.02c07130@imap.ecs.soton.ac.uk> What version of Perl are you using? If not 5.6.1, then that might be worth a try. Don't try using 5.8 yet! Call SpamAssassin inside an eval isn't something I had thought of doing, but you are quite right, it would be a good idea. That will probably not make it into a minor release (if there are going to be any imminently, which I can't currently see any reason for), but I will get it into the major release that will happen once I've done the "big rewrite" that is just starting at the moment. So it's definitely a neat idea, and I will do it at some point! Jules. At 14:57 10/08/2002, you wrote: >Had my first MailScanner problem in quite a while this morning (well, it >isn't really MailScanner, I suspect it is SpamAssassin, or rather some Perl >limitation). Error is as follows: > >Quantifier in {,} bigger than 32766 before HERE mark in regex m/^45962\ \ >Subject: (.{ << HERE 45953})/ > >MailScanner would croak after the above error, and ~7,000 messages backed >up in the few hours it was looping with this error. I turned off >SpamAssassin checking, and things went through OK. Suggestions as to ways >to prevent this from occuring in the future? Why would MailScanner not >just bypass the message causing it to croak and move on to the next one? > >--Mike -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From mailscanner at ecs.soton.ac.uk Sat Aug 10 16:53:25 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:24 2006 Subject: MailScanner/SA crash (regex limit?) In-Reply-To: <5.1.1.6.2.20020810085440.03d3b8f8@securemail.tulsaconnect. com> Message-ID: <5.1.0.14.2.20020810164236.02f1f830@imap.ecs.soton.ac.uk> I've just had a look at the latest code, and it should be relatively easy to fix. All the code is there already, just it may stop when it encounters a SpamAssassin problem (other than a timeout). There may be a log message starting with "SpamAssassin failed with real error:". Did you get that log message? What version were you running? What were the last things that MailScanner logged? Is there any chance of a copy of the message that caused the error please? I will obviously only use it for testing the code to get this problem fixed, and I will keep it entirely confidential. I've never been able to crash SpamAssassin in this way, making it a little difficult to test! At 14:57 10/08/2002, you wrote: >Had my first MailScanner problem in quite a while this morning (well, it >isn't really MailScanner, I suspect it is SpamAssassin, or rather some Perl >limitation). Error is as follows: > >Quantifier in {,} bigger than 32766 before HERE mark in regex m/^45962\ \ >Subject: (.{ << HERE 45953})/ > >MailScanner would croak after the above error, and ~7,000 messages backed >up in the few hours it was looping with this error. I turned off >SpamAssassin checking, and things went through OK. Suggestions as to ways >to prevent this from occuring in the future? Why would MailScanner not >just bypass the message causing it to croak and move on to the next one? > >--Mike -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From isp-list at TULSACONNECT.COM Sat Aug 10 17:11:16 2002 From: isp-list at TULSACONNECT.COM (ISP List) Date: Thu Jan 12 21:15:24 2006 Subject: MailScanner/SA crash (regex limit?) In-Reply-To: <5.1.0.14.2.20020810162805.02c07130@imap.ecs.soton.ac.uk> References: <5.1.1.6.2.20020810085440.03d3b8f8@securemail.tulsaconnect. com> Message-ID: <5.1.1.6.2.20020810111104.022c4020@securemail.tulsaconnect.com> At 04:30 PM 8/10/2002 +0100, you wrote: >What version of Perl are you using? If not 5.6.1, then that might be worth >a try. Don't try using 5.8 yet! [root@mx10 /usr/local/bin/mailscanner/etc]$ perl -v This is perl, v5.6.1 built for i386-freebsd --Mike From isp-list at TULSACONNECT.COM Sat Aug 10 17:15:42 2002 From: isp-list at TULSACONNECT.COM (ISP List) Date: Thu Jan 12 21:15:24 2006 Subject: MailScanner/SA crash (regex limit?) In-Reply-To: <5.1.0.14.2.20020810164236.02f1f830@imap.ecs.soton.ac.uk> References: <5.1.1.6.2.20020810085440.03d3b8f8@securemail.tulsaconnect. com> Message-ID: <5.1.1.6.2.20020810111207.022b08a8@securemail.tulsaconnect.com> >There may be a log message >starting with "SpamAssassin failed with real error:". Did you get that log >message? Nope. >What version were you running? 3.21 >What were the last things that MailScanner logged? Nothing useful - the error message was output to the console, and not to syslog anywhere. Aug 10 01:00:01 mx10 mailscanner[72413]: MailScanner E-Mail Virus Scanner version 3.21 starting. Aug 10 01:00:01 mx10 mailscanner[72413]: Configuring mailscanner for Exim mailer... Aug 10 01:00:01 mx10 mailscanner[72413]: Using locktype = posix Aug 10 01:00:01 mx10 mailscanner[72413]: Creating hardcoded struct_flock subroutine for freebsd (BSD-type) Aug 10 01:00:02 mx10 mailscanner[72417]: Startup: found 3839 messages waiting Aug 10 01:00:02 mx10 mailscanner[72417]: Startup: removed 2 duplicated files from outgoing queue Aug 10 01:00:02 mx10 mailscanner[72417]: Scanning 20 messages, 1146127 bytes Aug 10 01:00:15 mx10 mailscanner[72417]: Possible malicious batch file script in Jul 3.bat Aug 10 01:00:15 mx10 mailscanner[72417]: Possible virus hidden in a screensaver in http.scr Aug 10 01:00:15 mx10 mailscanner[72417]: Found 5 viruses in messages 17dItX-000G8R-00,17dIta-000G8t-00,17dIsU-000G8E-00 Aug 10 01:00:15 mx10 mailscanner[72417]: Scanned 20 messages, 1146127 bytes in 2 seconds Aug 10 01:15:00 mx10 mailscanner[72791]: MailScanner E-Mail Virus Scanner version 3.21 starting. Aug 10 01:15:00 mx10 mailscanner[72791]: Configuring mailscanner for Exim mailer... Aug 10 01:15:00 mx10 mailscanner[72791]: Using locktype = posix Aug 10 01:15:00 mx10 mailscanner[72791]: Creating hardcoded struct_flock subroutine for freebsd (BSD-type) Aug 10 01:15:01 mx10 mailscanner[72796]: Startup: found 3966 messages waiting Aug 10 01:15:01 mx10 mailscanner[72796]: Startup: removed 2 duplicated files from outgoing queue Aug 10 01:15:01 mx10 mailscanner[72796]: Scanning 20 messages, 1146127 bytes Aug 10 01:15:13 mx10 mailscanner[72796]: Possible malicious batch file script in Jul 3.bat Aug 10 01:15:13 mx10 mailscanner[72796]: Possible virus hidden in a screensaver in http.scr Aug 10 01:15:13 mx10 mailscanner[72796]: Found 5 viruses in messages 17dItX-000G8R-00,17dIta-000G8t-00,17dIsU-000G8E-00 Aug 10 01:15:13 mx10 mailscanner[72796]: Scanned 20 messages, 1146127 bytes in 1 seconds (did the above over and over as it restarted itself after 15 minutes via my cron job) >Is there any chance of a copy of the message that caused the error please? Unfortunately not :( >I will obviously only use it for testing the code to get this problem >fixed, and I will keep it entirely confidential. > >I've never been able to crash SpamAssassin in this way, making it a little >difficult to test! The problem can be reproduced from a Perl-perspective by issuing: perl -ce '/(a|bb){123456}/' --Mike From mailscanner at ecs.soton.ac.uk Sat Aug 10 18:12:41 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:24 2006 Subject: MailScanner/SA crash (regex limit?) -- Exim issue In-Reply-To: <5.1.1.6.2.20020810085440.03d3b8f8@securemail.tulsaconnect. com> Message-ID: <5.1.0.14.2.20020810175626.02d1ab40@imap.ecs.soton.ac.uk> Right, I've found this one. You must be using Exim, and you had a message (that was spam) with a Subject: line which was 45,962 characters long! This was too long for a particular regular expression construct in Perl (which appears to have a 32,766 character limit for this construct) and so Perl died when it was trying to add "{SPAM?}" on the front of the Subject: line. This problem does not affect sendmail users in any way, so they need not worry. It wasn't directly SpamAssassin at all. The current code does indeed cope perfectly well with SpamAssassin failures, and will just skip the analysis of the message that caused the problem and continue on with the next one. I have attached a patch to fix this. I have checked the patch on 3.22-10 and 3.21-1 and the "patch" command happily applies it to either version, so you will not have to upgrade your installed version (3.21-1) as well. The patch protects Exim users from any variation of this attack, leaving the Subject: line alone if it is too long to be safely modified. So Exim users should apply this patch. I won't immediately make a new release for this unless people want me to. If you do want me to, then please mail me and I'll do it! Many thanks for reporting this problem. At 14:57 10/08/2002, you wrote: >Had my first MailScanner problem in quite a while this morning (well, it >isn't really MailScanner, I suspect it is SpamAssassin, or rather some Perl >limitation). Error is as follows: > >Quantifier in {,} bigger than 32766 before HERE mark in regex m/^45962\ \ >Subject: (.{ << HERE 45953})/ > >MailScanner would croak after the above error, and ~7,000 messages backed >up in the few hours it was looping with this error. I turned off >SpamAssassin checking, and things went through OK. Suggestions as to ways >to prevent this from occuring in the future? Why would MailScanner not >just bypass the message causing it to croak and move on to the next one? -------------- next part -------------- A non-text attachment was scrubbed... Name: 3.22-10.mta-specific.pl.patch Type: application/octet-stream Size: 1363 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020810/73b5ea75/3.22-10.mta-specific.pl.obj -------------- next part -------------- -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From isp-list at TULSACONNECT.COM Sat Aug 10 19:00:41 2002 From: isp-list at TULSACONNECT.COM (ISP List) Date: Thu Jan 12 21:15:24 2006 Subject: MailScanner/SA crash (regex limit?) -- Exim issue In-Reply-To: <5.1.0.14.2.20020810175626.02d1ab40@imap.ecs.soton.ac.uk> References: <5.1.1.6.2.20020810085440.03d3b8f8@securemail.tulsaconnect. com> Message-ID: <5.1.1.6.2.20020810130022.03c6fbb0@securemail.tulsaconnect.com> At 06:12 PM 8/10/2002 +0100, you wrote: >Right, I've found this one. > >You must be using Exim, and you had a message (that was spam) with a >Subject: line which was 45,962 characters long! >This was too long for a particular regular expression construct in Perl >(which appears to have a 32,766 character limit for this construct) and so >Perl died when it was trying to add "{SPAM?}" on the front of the Subject: >line. > >This problem does not affect sendmail users in any way, so they need not >worry. > >It wasn't directly SpamAssassin at all. The current code does indeed cope >perfectly well with SpamAssassin failures, and will just skip the analysis >of the message that caused the problem and continue on with the next one. > >I have attached a patch to fix this. I have checked the patch on 3.22-10 >and 3.21-1 and the "patch" command happily applies it to either version, so >you will not have to upgrade your installed version (3.21-1) as well. The >patch protects Exim users from any variation of this attack, leaving the >Subject: line alone if it is too long to be safely modified. > >So Exim users should apply this patch. I won't immediately make a new >release for this unless people want me to. If you do want me to, then >please mail me and I'll do it! > >Many thanks for reporting this problem. ..many thanks for taking the time on a Saturday to fix it! --Mike From mailscanner at ecs.soton.ac.uk Sun Aug 11 00:38:45 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:24 2006 Subject: Fwd: [SNS Advisory No.55 rev.2] Eudora 5.x for Windows Buffer Overflow Vulnerability Message-ID: <5.1.0.14.2.20020810225139.02ef4188@imap.ecs.soton.ac.uk> The following was reported on the Bugtraq mailing list on Thursday, and I have just got around to reading it. Apologies for the 2 day delay. Please note that there have so far been no reported sightings of the exploit being used in a real attack, but it's best to be prepared... From discussion on the list, there appears to be some confusion about exactly what versions/languages of Eudora are exploitable, and under what versions of Windows. I have written a patch which will detect an attack and neutralize it, so that the attack no longer exists in the replacement warning message that is sent on to the intended recipient. The patch is attached to this message. Notes about this patch: (A) The attached patch file affects 2 files: mailscanner and sweep.pl. You should save copies of these in case the "patch" command makes a mess. If you apply the patch using patch < 3.22-10.Eudora.bug.patch and get a load of errors, your version of patch is too old to understand multiple files in 1 patch. I recommend you upgrade your copy of "patch" to a more recent version and try again. However, if you cannot upgrade it for some reason or applying the patch still gives you errors, try this: 1. Restore the files "mailscanner" and "sweep.pl" from the copies you just made. 2. Edit the patch file (it's plain text) and split it into 2 files: 1 that only edits "mailscanner" and 1 that only edits "sweep.pl". 3. Apply each of the 2 new patch files in turn using a syntax similar to the example "patch" command above. (B) I have only tested this patch against MailScanner 3.22-10, so proceed with caution if you are running an older version! The new code should work fine in quite old versions of MailScanner, but the "patch" command may not be able to patch the files automatically for you, so in this case you will have to edit the code yourself. (C) If you would like me to produce 3.22-11 containing this patch (and the exploit of Exim I mentioned earlier today) then drop me a line and I'll do it in the morning. >Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm >List-Id: >List-Post: >List-Help: >List-Unsubscribe: >List-Subscribe: >Delivered-To: mailing list bugtraq@securityfocus.com >Delivered-To: moderator for bugtraq@securityfocus.com >Date: Thu, 08 Aug 2002 10:15:21 +0900 >From: Atsushi Nishimura >To: bugtraq@securityfocus.com, news@securiteam.com >Subject: [SNS Advisory No.55 rev.2] Eudora 5.x for Windows Buffer Overflow >Vulnerability >X-Mailer: Becky! ver. 2.05.04 >X-ECS-MailScanner: Found to be clean, Found to be clean > >---------------------------------------------------------------------- >SNS Advisory No.55 >Eudora 5.x for Windows Buffer Overflow Vulnerability rev.2 > >Problem first discovered: 6 Jun 2002 >Published: 5 Aug 2002 >Last revised: 8 Aug 2002 >---------------------------------------------------------------------- > >Overview: >--------- > Eudora 5.x for Windows contains a buffer overflow vulnerability, > which could allow a remote attacker to execute arbitrary code. > >Problem Description: >-------------------- > Eudora developed and distributed by QUALCOMM Inc. > (http://www.qualcomm.com/), is a Mail User Agent running on Windows > 95/98/2000/ME/NT 4.0 and MacOS 8.1 or later. > > The buffer overflow occurs when Eudora receives a message using 139 bytes > or more of string as a boundary, which is used to divide a multi-part > message into separate parts. In our verification environment, we have > found that this could allow arbitrary commands to be executed. > >Tested Version: >--------------- > Eudora 5.0-J for Windows (Ver.5.0.2-Jr2 trial) [Japanese] > Eudora 5.1.1 for Windows (Sponsored Mode) [English] > >Tested OS: >---------- > Microsoft Windows 2000 Professional SP2 [Japanese] > Microsoft Windows 98 SE [Japanese] > >Solution: >--------- > You can limit your exposure to this problem by using a content filtering > software which screen out email messages using 139 bytes or more of > string as a boundary. > > QUALCOMM Inc. reported that this problem will be fixed in the next > release [English]. > > Livin' on the EDGE Co., Ltd. eported that this problem will be fixed in > Eudora5.1-J for Windows [Japanese] of the next release. > >Communication background: >------------------------- > 6 Jun 2002 : We discovered the vulnerability. > 6 Jun 2002 : We reported the findings to win-eudora-bugs@kuni.co.jp > 14 Jun 2002 : the findings were reported again to > win-eudora-bugs@kuni.co.jp > 17 Jun 2002 : We contacted QUALCOMM Inc. . > 18 Jun 2002 : QUALCOMM Inc. sent a reply stating that they had started an > investigation of the problem. > 3 Jul 2002 : We asked QUALCOMM Inc. about the progress of the > investigation > 19 Jul 2002 : We asked QUALCOMM Inc. again about the progress of the > investigation > 24 Jul 2002 : We informed QUALCOMM Inc. about the announcement schedule > of this advisory > 25 Jul 2002 : QUALCOMM Inc. reported that this problem will be fixed in > the next release > 5 Aug 2002 : We decided to disclose this vulnerability due to concern > over the potential consequences this issue may cause. > win-eudora-bugs@kuni.co.jp has not provided any comments > on this issue as of August 5, 2002. > 6 Aug 2002 : It turns out that connection has not reached Livin' on the > EDGE Co., Ltd. (user support of Japanese version). Livin' > on the EDGE Co., Ltd. reported that this problem will be > fixed in the next release immediately. > >Discovered by: >-------------- > Nobuo Miwa (LAC / n-miwa@lac.co.jp) > >Revision History: >----------------- > 5 Aug 2002 : * Initial release > 8 Aug 2002 : * Added the detail of problem description > * Changed "Livin' on the EDGE Co., Ltd." into > "win-eudora-bugs@kuni.co.jp" > * Added mitigation strategy to Solution > * Added the information from Livin' on the EDGE Co., Ltd. to > Solution > * Added the report from Livin' on the EDGE Co., Ltd. to > Communication background > >Disclaimer: >----------- > All information in these advisories are subject to change without any > advanced notices neither mutual consensus, and each of them is released > as it is. LAC Co.,Ltd. is not responsible for any risks of occurrences > caused by applying those information. > >------------------------------------------------------------------ >SecureNet Service(SNS) Security Advisory >Computer Security Laboratory, LAC http://www.lac.co.jp/security/ -------------- next part -------------- A non-text attachment was scrubbed... Name: 3.22-10.Eudora.bug.patch Type: application/octet-stream Size: 2619 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020811/0c6edb7c/3.22-10.Eudora.bug.obj -------------- next part -------------- -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From nwp at LEMON-COMPUTING.COM Sun Aug 11 11:19:29 2002 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:15:24 2006 Subject: MailScanner/SA crash (regex limit?) -- Exim issue In-Reply-To: <5.1.0.14.2.20020810175626.02d1ab40@imap.ecs.soton.ac.uk> References: <5.1.1.6.2.20020810085440.03d3b8f8@securemail.tulsaconnect.com> <5.1.0.14.2.20020810175626.02d1ab40@imap.ecs.soton.ac.uk> Message-ID: <20020811101929.GC19904@smoke.lemon.localdomain> On Sat, Aug 10, 2002 at 06:12:41PM +0100, Julian Field wrote: > So Exim users should apply this patch. I won't immediately make a new > release for this unless people want me to. If you do want me to, then > please mail me and I'll do it! Looks like you need to s/is/if/ in a couple of places. -- Nick Phillips -- nwp@lemon-computing.com Be security conscious -- National defense is at stake. From mailscanner at ecs.soton.ac.uk Sun Aug 11 11:52:07 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:24 2006 Subject: MailScanner/SA crash -- Exim issue, revised patch In-Reply-To: <20020811101929.GC19904@smoke.lemon.localdomain> References: <5.1.0.14.2.20020810175626.02d1ab40@imap.ecs.soton.ac.uk> <5.1.1.6.2.20020810085440.03d3b8f8@securemail.tulsaconnect.com> <5.1.0.14.2.20020810175626.02d1ab40@imap.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020811115015.02d3c488@imap.ecs.soton.ac.uk> At 11:19 11/08/2002, you wrote: >On Sat, Aug 10, 2002 at 06:12:41PM +0100, Julian Field wrote: > > > So Exim users should apply this patch. I won't immediately make a new > > release for this unless people want me to. If you do want me to, then > > please mail me and I'll do it! > >Looks like you need to s/is/if/ in a couple of places. Honestly don't know how that happened :-( Attached is a revised patch. -------------- next part -------------- A non-text attachment was scrubbed... Name: 3.22-10.mta-specific.pl.patch Type: application/octet-stream Size: 1363 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020811/5a4061bc/3.22-10.mta-specific.pl.obj -------------- next part -------------- -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From rishi at THEARGONCOMPANY.COM Sun Aug 11 12:16:21 2002 From: rishi at THEARGONCOMPANY.COM (Rishi Gangoly) Date: Thu Jan 12 21:15:24 2006 Subject: Viruses To Quietly Delete feature not working on my Cobalt RaQ4 server References: <5.1.0.14.2.20020727153446.031612c0@imap.ecs.soton.ac.uk> <033801c2361d$c0d792e0$1500a8c0@gangfam.com> <034d01c23620$16f05de0$1500a8c0@gangfam.com> Message-ID: <025c01c24128$899f2200$1500a8c0@gangfam.com> Hi I am unable to get the option "The Viruses To Quietly Delete" to work. I have a Cobalt RaQ4 server..... Has anyone has the same problem? Any tips on where to look to diagnose the problem? Version Info MailScanner: 3.22 Release: 10 F-PROT 3.12a SIGN.DEF created 2. August 2002 SIGN2.DEF created 1. August 2002 MACRO.DEF created 31. July 2002 Regards Rishi From rishi at THEARGONCOMPANY.COM Sun Aug 11 12:26:35 2002 From: rishi at THEARGONCOMPANY.COM (Rishi Gangoly) Date: Thu Jan 12 21:15:24 2006 Subject: Viruses To Quietly Delete feature not working on my Cobalt RaQ4 server Message-ID: <035701c24129$f78135a0$1500a8c0@gangfam.com> Please ignore the previous message. Stupid me... It is actually working. So sorry to bother you guys. Regards Rishi Gangoly Manager - Technical Operations The Argon Company Mobile: +91-98205-04274 ----- Original Message ----- From: "Rishi Gangoly" To: Sent: Sunday, August 11, 2002 4:46 PM Subject: Viruses To Quietly Delete feature not working on my Cobalt RaQ4 server > Hi > > I am unable to get the option "The Viruses To Quietly Delete" to work. > > I have a Cobalt RaQ4 server..... > > Has anyone has the same problem? > Any tips on where to look to diagnose the problem? > > Version Info > MailScanner: 3.22 Release: 10 > F-PROT 3.12a > SIGN.DEF created 2. August 2002 > SIGN2.DEF created 1. August 2002 > MACRO.DEF created 31. July 2002 > > > Regards > > Rishi > > From isp-list at TULSACONNECT.COM Sun Aug 11 13:55:12 2002 From: isp-list at TULSACONNECT.COM (ISP List) Date: Thu Jan 12 21:15:24 2006 Subject: MailScanner/SA crash -- Exim issue, revised patch In-Reply-To: <5.1.0.14.2.20020811115015.02d3c488@imap.ecs.soton.ac.uk> References: <20020811101929.GC19904@smoke.lemon.localdomain> <5.1.0.14.2.20020810175626.02d1ab40@imap.ecs.soton.ac.uk> <5.1.1.6.2.20020810085440.03d3b8f8@securemail.tulsaconnect.com> <5.1.0.14.2.20020810175626.02d1ab40@imap.ecs.soton.ac.uk> Message-ID: <5.1.1.6.2.20020811075428.0383feb8@securemail.tulsaconnect.com> >Honestly don't know how that happened :-( > >Attached is a revised patch. Patch seemed to apply correctly. I'll let you know if I see any future problems of this nature (fwiw, mailscanner had been running for over a month w/o incident) --Mike From isp-list at TULSACONNECT.COM Sun Aug 11 14:24:40 2002 From: isp-list at TULSACONNECT.COM (ISP List) Date: Thu Jan 12 21:15:24 2006 Subject: Fwd: [SNS Advisory No.55 rev.2] Eudora 5.x for Windows Buffer Overflow Vulnerability In-Reply-To: <5.1.0.14.2.20020810225139.02ef4188@imap.ecs.soton.ac.uk> Message-ID: <5.1.1.6.2.20020811082233.03be9478@securemail.tulsaconnect.com> >(C) If you would like me to produce 3.22-11 containing this patch (and the >exploit of Exim I mentioned earlier today) then drop me a line and I'll do >it in the morning. I think it is probably worth a minor new release (3.22-11) to include both the Exim and Eudora exploit patches. --Mike From mailscanner at ecs.soton.ac.uk Sun Aug 11 15:25:06 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:24 2006 Subject: ANNOUNCE: Version 3.22-11 released Message-ID: <5.1.0.14.2.20020811151606.03f9db28@imap.ecs.soton.ac.uk> As requested: This is a minor release, with only 4 changes from the previous version. I would advise all Exim users to upgrade, and anyone who has a lot of Eudora users. -- Added check for Eudora "long MIME boundary" attack described on Bugtraq. -- Fixed Exim Very-Long-Subject-Line problem. -- Fixed deletion of core files found in working directory. -- Added logging to McAfee parser so McAfee logs viruses better. Download, as usual, from www.mailscanner.info -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From mailscanner at ecs.soton.ac.uk Sun Aug 11 15:16:03 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:24 2006 Subject: Fwd: [SNS Advisory No.55 rev.2] Eudora 5.x for Windows Buffer Overflow Vulnerability In-Reply-To: <5.1.1.6.2.20020811082233.03be9478@securemail.tulsaconnect. com> References: <5.1.0.14.2.20020810225139.02ef4188@imap.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020811151451.03f92308@imap.ecs.soton.ac.uk> At 14:24 11/08/2002, you wrote: >>(C) If you would like me to produce 3.22-11 containing this patch (and the >>exploit of Exim I mentioned earlier today) then drop me a line and I'll do >>it in the morning. > >I think it is probably worth a minor new release (3.22-11) to include both >the Exim and Eudora exploit patches. Good idea. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From japio at ouwehand-it.nl Mon Aug 12 01:05:33 2002 From: japio at ouwehand-it.nl (Jaap Jan Ouwehand) Date: Thu Jan 12 21:15:24 2006 Subject: no virus-info in maillog Message-ID: <3d56fbcd114651.51245820@ouwehand-is.nl> Hello, First I wanna say mailscanner is a great program. I have a little question about logging. In the mailscanner I'm running I have no virus-information in the 'maillog'. Example: Jul 14 22:21:46 fonzie mailscanner[7922]: >>> Virus 'W32/Klez-H' found in file ./g6EKLYO08157/HREF.scr Running with: MailScanner-3.22-8, Sophos, sendmail, on Redhat6.0 How do I get this information back in the maillog? Jaap Jan Ouwehand ========================================================================== This message has been scanned for viruses, spam and dangerous content by Ouwehand Internet Services MailScanner, and is believed to be clean. For more information see: www.e-mailscanner.nl or call +31 (0)75 657 1635. ========================================================================== From LISTSERV at JISCMAIL.AC.UK Mon Aug 12 03:44:48 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:24 2006 Subject: MAILSCANNER: helio@HELIO.COM.BR requested to join Message-ID: <200208120244.DAA15166@magpie.ecs.soton.ac.uk> Mon, 12 Aug 2002 03:44:48 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from Helio Silva . You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER helio@HELIO.COM.BR Helio Silva The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+helio%40HELIO.COM.BR+Helio+Silva&L=MAILSCANNER ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From LISTSERV at JISCMAIL.AC.UK Mon Aug 12 04:16:33 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:24 2006 Subject: MAILSCANNER: info@BLACKNIGHT-SOLUTIONS.COM requested to join Message-ID: <200208120316.EAA16670@magpie.ecs.soton.ac.uk> Mon, 12 Aug 2002 04:16:33 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from Michele Neylon . You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER info@BLACKNIGHT-SOLUTIONS.COM Michele Neylon The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+info%40BLACKNIGHT-SOLUTIONS.COM+Michele+Neylon&L=MAILSCANNER ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From howard at harper-adams.ac.uk Mon Aug 12 11:26:37 2002 From: howard at harper-adams.ac.uk (Howard Robinson) Date: Thu Jan 12 21:15:24 2006 Subject: Quarantine Message-ID: <200208121020.g7CAKZJ31594@blackhole.harper-adams.ac.uk> Hello List Members, We have been using mailscanner & Sophos for just over a year and we are very pleased with it. A couple or so questions We have been saving rejected messages in the quarantine directory and have been asked to retrieve only a couple since MailScanner was set up. Generally do users find that they use the quarantined files? My gut feeling is to delete virus infected files however files rejected because the filename rules, and are clean, could be treated differently as they can be renamed to something 'safe' before passing on to the intended recipient. Is It possible the current version? Would this be useful on future releases? Mine would be a yes vote. Regards Howard Robinson (Senior Technical Development Officer) Harper Adams University College Edgmond Newport Shropshire TF10 8NB UK E-mail: hrobinson@harper-adams.ac.uk Tel. : +44(0)1952 820280 Via switchboard : +44(0)1952 815253 Direct line Fax. : +44(0)1952 814783 College Web site http://www.harper-adams.ac.uk From mailscanner at ecs.soton.ac.uk Mon Aug 12 11:40:23 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:24 2006 Subject: Quarantine In-Reply-To: <200208121020.g7CAKZJ31594@blackhole.harper-adams.ac.uk> Message-ID: <5.1.0.14.2.20020812113916.037fcd40@imap.ecs.soton.ac.uk> At 11:26 12/08/2002, you wrote: >My gut feeling is to delete virus infected files however files rejected >because the filename rules, and are clean, could be treated >differently as they can be renamed to something 'safe' before >passing on to the intended recipient. How might the "safe renaming" happen? We need a general rule that can be applied to any "dangerous" filename. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From howard at harper-adams.ac.uk Mon Aug 12 11:46:26 2002 From: howard at harper-adams.ac.uk (Howard Robinson) Date: Thu Jan 12 21:15:24 2006 Subject: Quarantine In-Reply-To: <5.1.0.14.2.20020812113916.037fcd40@imap.ecs.soton.ac.uk> References: <200208121020.g7CAKZJ31594@blackhole.harper-adams.ac.uk> Message-ID: <200208121040.g7CAeIJ32268@blackhole.harper-adams.ac.uk> On 12 Aug 02, at 11:40, Julian Field wrote: > At 11:26 12/08/2002, you wrote: > >My gut feeling is to delete virus infected files however files rejected > >because the filename rules, and are clean, could be treated differently > >as they can be renamed to something 'safe' before passing on to the > >intended recipient. > > How might the "safe renaming" happen? We need a general rule that can be > applied to any "dangerous" filename. Sorry Julian I meant that the renaming could be done manually after a request from a recipient. -- Julian Field > Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics > & Computer Science Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ Regards Howard Robinson (Senior Technical Development Officer) Harper Adams University College Edgmond Newport Shropshire TF10 8NB UK E-mail: hrobinson@harper-adams.ac.uk Tel. : +44(0)1952 820280 Via switchboard : +44(0)1952 815253 Direct line Fax. : +44(0)1952 814783 College Web site http://www.harper-adams.ac.uk From isp-list at TULSACONNECT.COM Mon Aug 12 14:22:16 2002 From: isp-list at TULSACONNECT.COM (ISP List) Date: Thu Jan 12 21:15:24 2006 Subject: ANNOUNCE: Version 3.22-11 released In-Reply-To: <5.1.0.14.2.20020811151606.03f9db28@imap.ecs.soton.ac.uk> Message-ID: <5.1.1.6.2.20020812082130.0223d750@securemail.tulsaconnect.com> At 03:25 PM 8/11/2002 +0100, you wrote: >As requested: > >This is a minor release, with only 4 changes from the previous version. I >would advise all Exim users to upgrade, and anyone who has a lot of Eudora >users. > >-- Added check for Eudora "long MIME boundary" attack described on Bugtraq. >-- Fixed Exim Very-Long-Subject-Line problem. >-- Fixed deletion of core files found in working directory. >-- Added logging to McAfee parser so McAfee logs viruses better. Thanks. I went ahead and upgraded, and so far, so good. I can confirm the McAfee parser works as expected, too. --Mike From LISTSERV at JISCMAIL.AC.UK Mon Aug 12 16:37:44 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:24 2006 Subject: MAILSCANNER: steinkel@PA.NET requested to join Message-ID: <200208121537.QAA22456@magpie.ecs.soton.ac.uk> Mon, 12 Aug 2002 16:37:44 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from Leland Steinke . You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER steinkel@PA.NET Leland Steinke The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+steinkel%40PA.NET+Leland+Steinke&L=MAILSCANNER ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From kylist at SHCORP.COM Mon Aug 12 17:47:22 2002 From: kylist at SHCORP.COM (Kurt Yoder) Date: Thu Jan 12 21:15:24 2006 Subject: reject overly long mime boundary? In-Reply-To: <20020430144551.GA7916@atrey.karlin.mff.cuni.cz> References: <20020430144551.GA7916@atrey.karlin.mff.cuni.cz> Message-ID: <42764.10.10.1.95.1029170842.squirrel@webmail.shcorp.com> Hello list On bugtraq, there's a new issue about the Eudora mail client being vulnerable to mime boundaries that are 139 characters or longer. Is there any way to reject messages with mime boundaries over 138 characters using mailscanner's config files? I know that filename-based rejections work... Thanks -- Kurt Yoder Sport & Health network administrator From kylist at SHCORP.COM Mon Aug 12 18:10:33 2002 From: kylist at SHCORP.COM (Kurt Yoder) Date: Thu Jan 12 21:15:24 2006 Subject: Fwd: [SNS Advisory No.55 rev.2] Eudora 5.x for Windows Buffer In-Reply-To: <5.1.0.14.2.20020811151451.03f92308@imap.ecs.soton.ac.uk> References: <5.1.0.14.2.20020811151451.03f92308@imap.ecs.soton.ac.uk> Message-ID: <42821.10.10.1.95.1029172233.squirrel@webmail.shcorp.com> Julian Field said: > At 14:24 11/08/2002, you wrote: >>>(C) If you would like me to produce 3.22-11 containing this patch (and >>>the exploit of Exim I mentioned earlier today) then drop me a line and >>>I'll do it in the morning. >> >>I think it is probably worth a minor new release (3.22-11) to include >>both the Exim and Eudora exploit patches. > > Good idea. Sorry, I should have looked a bit harder before I posted that last question. So I will need to patch/upgrade to fix this issue? There's no way to do this using a config file on an older version? I'm running 3.12.5. -- Kurt Yoder Sport & Health network administrator From sevans at FOUNDATION.SDSU.EDU Mon Aug 12 18:16:56 2002 From: sevans at FOUNDATION.SDSU.EDU (Steve Evans) Date: Thu Jan 12 21:15:24 2006 Subject: Quarantine Message-ID: <6214C3F9233D764C9E7029396C355015331350@mail.foundation.sdsu.edu> One possibility is to rename anything with a restricted file extension to filename.extension.txt. So setup.exe would become setup.exe.txt. I personally would never do this because of my bussiness situation but I could see how it would be usefull for an ISP. Of course if the virus scanner marks it as a virus then it won't rename it, just block it, and it would have to be an option. Maybe even by file extension, like exe's get renamed, vbs's just get blocked. Steve Evans Computing Services (619) 594-0653 -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: Monday, August 12, 2002 3:40 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Quarantine At 11:26 12/08/2002, you wrote: >My gut feeling is to delete virus infected files however files rejected >because the filename rules, and are clean, could be treated differently >as they can be renamed to something 'safe' before passing on to the >intended recipient. How might the "safe renaming" happen? We need a general rule that can be applied to any "dangerous" filename. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From mkettler at EVI-INC.COM Mon Aug 12 18:42:33 2002 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:15:24 2006 Subject: reject overly long mime boundary? In-Reply-To: <42764.10.10.1.95.1029170842.squirrel@webmail.shcorp.com> References: <20020430144551.GA7916@atrey.karlin.mff.cuni.cz> <20020430144551.GA7916@atrey.karlin.mff.cuni.cz> Message-ID: <5.1.0.14.0.20020812134101.03275920@192.168.50.2> Julian's release of 3.22.11 just a few hours prior to your email addresses this issue, along with an exim issue. to re-quote Julian: As requested: This is a minor release, with only 4 changes from the previous version. I would advise all Exim users to upgrade, and anyone who has a lot of Eudora users. -- Added check for Eudora "long MIME boundary" attack described on Bugtraq. -- Fixed Exim Very-Long-Subject-Line problem. -- Fixed deletion of core files found in working directory. -- Added logging to McAfee parser so McAfee logs viruses better. At 12:47 PM 8/12/2002 -0400, Kurt Yoder wrote: >Hello list > >On bugtraq, there's a new issue about the Eudora mail client being >vulnerable to mime boundaries that are 139 characters or longer. Is there >any way to reject messages with mime boundaries over 138 characters using >mailscanner's config files? I know that filename-based rejections work... > >Thanks > >-- >Kurt Yoder >Sport & Health network administrator From gerry at dorfam.ca Mon Aug 12 19:15:15 2002 From: gerry at dorfam.ca (Gerry Doris) Date: Thu Jan 12 21:15:24 2006 Subject: Whitelist Problem Message-ID: <16339.129.80.22.134.1029176115.squirrel@tiger.dorfam.ca> I hate to admit this but I can't get the whitelist to work correctly. I added the following line to /usr/local/MailScanner/etc/whitelist.conf (I'm going from memory and I'm not exactly sure of the filename) From: lyris.gamespy.com I assumed that would be enough to have all mail arriving from that location to be passed through without marking it as spam. However, any mail showing up is still processed and marked by spamassassin. What have I missed? Gerry From mailscanner at ecs.soton.ac.uk Mon Aug 12 19:15:28 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:24 2006 Subject: Fwd: [SNS Advisory No.55 rev.2] Eudora 5.x for Windows Buffer In-Reply-To: <42821.10.10.1.95.1029172233.squirrel@webmail.shcorp.com> References: <5.1.0.14.2.20020811151451.03f92308@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020811151451.03f92308@imap.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020812191340.02bd6770@imap.ecs.soton.ac.uk> At 18:10 12/08/2002, you wrote: >Julian Field said: > > At 14:24 11/08/2002, you wrote: > >>>(C) If you would like me to produce 3.22-11 containing this patch (and > >>>the exploit of Exim I mentioned earlier today) then drop me a line and > >>>I'll do it in the morning. > >> > >>I think it is probably worth a minor new release (3.22-11) to include > >>both the Exim and Eudora exploit patches. > > > > Good idea. > >Sorry, I should have looked a bit harder before I posted that last question. >So I will need to patch/upgrade to fix this issue? There's no way to do this >using a config file on an older version? I'm running 3.12.5. If you read a bit harder still, you will see my previous posting containing a patch for this. On your version, I would advise you to apply the changes by hand as the code might be a bit different. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From mailscanner at ecs.soton.ac.uk Mon Aug 12 19:22:26 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:24 2006 Subject: Whitelist Problem In-Reply-To: <16339.129.80.22.134.1029176115.squirrel@tiger.dorfam.ca> Message-ID: <5.1.0.14.2.20020812192004.03ea7518@imap.ecs.soton.ac.uk> At 19:15 12/08/2002, you wrote: >I hate to admit this but I can't get the whitelist to work correctly. > >I added the following line to /usr/local/MailScanner/etc/whitelist.conf >(I'm going from memory and I'm not exactly sure of the filename) > >From: lyris.gamespy.com > >I assumed that would be enough to have all mail arriving from that >location to be passed through without marking it as spam. However, any >mail showing up is still processed and marked by spamassassin. > >What have I missed? The address that is relevant here is the envelope sender address, not the From: header. Check your maillog to see if you are matching the right thing. Also if you ask it to always include the spamassassin header, does it say anything about whitelisting? -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From dbaker at DKBURNAP.COM Mon Aug 12 19:58:53 2002 From: dbaker at DKBURNAP.COM (David Baker) Date: Thu Jan 12 21:15:24 2006 Subject: Logging question Message-ID: I use a universal sendmail server running Mailscanner to filter mail for multiple businesses. Is there any way to provide statistical information on the processing that Mailscanner makes? I would like to be able to give each client a report on their mail activity. Thanks, David Baker Director David K. Burnap Internet Solutions 7106 Corporate Way Dayton, Ohio 45459-4271 Phone: (937) 913-2858 Fax: (937) 434-1260 Cell: (937) 416-0129 Email: dbaker@dkburnap.com From Stephane.Lentz at ANSF.ALCATEL.FR Mon Aug 12 20:21:25 2002 From: Stephane.Lentz at ANSF.ALCATEL.FR (Stephane Lentz) Date: Thu Jan 12 21:15:24 2006 Subject: preliminary Trend Interscan/Filescan support Message-ID: <20020812192125.GA20232@iww.netfr.alcatel.fr> Julian, Nick and other Mailscanner users, I've started to add support for Trend Micro Interscan / Filescan (both come with the command scanner /etc/iscan/vscan). The filescanner is free for personnal use and there is some evaluation version for Interscan Viruswall which can be downloaded at http://www.antivirus.com/download (versions exist for HP-UX, Linux, Solaris. Here's attached a diff of sweep.pl for MailScanner-3.22-11 and the wrapper script. It's not working completely yet : I'm getting some errors I don't understand while sending some viruses : i in the syslog log I get : Aug 12 21:22:05 angel mailscanner[4648]: Going to scan 1 messages Aug 12 21:22:05 angel mailscanner[4648]: Commencing scanning by trend... Aug 12 21:22:06 angel mailscanner[4648]: *** Found virus WORM_FRETHEM.L in file /var/spool/MailScanner/incoming/g7CJLkJs004645/sample Aug 12 21:22:06 angel mailscanner[4648]: Completed scanning by trend Aug 12 21:22:06 angel mailscanner[4648]: Found 1 viruses in messages var Aug 12 21:22:06 angel mailscanner[4648]: Scanned 1 messages, 68245 bytes in 1 seconds Aug 12 21:22:06 angel mailscanner[4648]: Saved infections to /var/spool/MailScanner/quarantine/20020812/var Aug 12 21:22:06 angel mailscanner[4648]: About to deliver 1 messages Aug 12 21:22:06 angel mailscanner[4648]: Deleting unparsable message var from queue Aug 12 21:22:06 angel mailscanner[4648]: About to deliver 1 messages Aug 12 21:22:06 angel mailscanner[4648]: Notified postmaster about 1 infections Aug 12 21:22:06 angel mailscanner[4648]: Looks like a problem... dumping status information Aug 12 21:22:06 angel mailscanner[4648]: Minimum acceptable stability = 4 (supported) Aug 12 21:22:06 angel mailscanner[4648]: Using Scanner "trend" Aug 12 21:22:06 angel mailscanner[4648]: Scanner "antivir": scanning code status 1 - disinfect code status 1 Aug 12 21:22:06 angel mailscanner[4648]: Scanner "f-secure": scanning code status 3 - disinfect code status 3 Aug 12 21:22:06 angel mailscanner[4648]: Scanner "none": scanning code status 0 - disinfect code status 0 Aug 12 21:22:06 angel mailscanner[4648]: Scanner "nod32": scanning code status 4 - disinfect code status 4 Aug 12 21:22:06 angel mailscanner[4648]: Scanner "inoculate": scanning code status 4 - disinfect code status 4 Aug 12 21:22:06 angel mailscanner[4648]: Scanner "inoculan": scanning code status 4 - disinfect code status 4 Aug 12 21:22:06 angel mailscanner[4648]: Scanner "mcafee": scanning code status 4 - disinfect code status 4 Aug 12 21:22:06 angel mailscanner[4648]: Scanner "panda": scanning code status 1 - disinfect code status 1 Aug 12 21:22:06 angel mailscanner[4648]: Scanner "kaspersky": scanning code status 3 - disinfect code status 2 Aug 12 21:22:06 angel mailscanner[4648]: Scanner "rav": scanning code status 1 - disinfect code status 1 Aug 12 21:22:06 angel mailscanner[4648]: Scanner "sophos": scanning code status 4 - disinfect code status 4 Aug 12 21:22:06 angel mailscanner[4648]: Scanner "trend": scanning code status 4 - disinfect code status 2 Aug 12 21:22:06 angel mailscanner[4648]: Scanner "command": scanning code status 4 - disinfect code status 4 Aug 12 21:22:06 angel mailscanner[4648]: Scanner "f-prot": scanning code status 4 - disinfect code status 4 Aug 12 21:22:06 angel mailscanner[4648]: FATAL: Encountered code that does not meet configured acceptable stability Aug 12 21:22:06 angel mailscanner[4648]: FATAL: *Please go and READ* http://www.sng.ecs.soton.ac.uk/mailscanner/install/codestatus.shtml => I don't get it. Why "Deleting unparsable message var from queue" ? The mail I get back is : ============= Date: Mon, 12 Aug 2002 21:22:06 +0200 From: "MailScanner" Subject: Warning: E-mail viruses detected To: postmaster@angel.faithnomore.org The following e-mail messages were found to have viruses in them: Sender: Recipient: Subject: MessageID: var Report: *** Found virus WORM_FRETHEM.L in file /var/spool/MailScanner/incoming/g7CJLkJs004645/sample -- MailScanner Email Virus Scanner ============= >From time to time while restarting mailscanner (I've not launched it through some cron) I also get : ( cd / ; /opt/mailscanner/bin/mailscanner ) In Debugging mode, not forking... /bin/cp: cannot stat `/var/spool/MailScanner/incoming/var/spool': No such file or directory FATAL: *Please go and READ* http://www.sng.ecs.soton.ac.uk/mailscanner/install/codestatus.shtml at /opt/mailscanner/bin/logger.pl line 64. regards, SL/ --- Stephane Lentz / Alcanet International - Internet Services -------------- next part -------------- --- sweep.pl.orig Mon Aug 12 19:09:33 2002 +++ sweep.pl Mon Aug 12 19:40:45 2002 @@ -173,6 +173,16 @@ SupportScanning => $S_UNSUPPORTED, SupportDisinfect => $S_UNSUPPORTED, }, + "trend" => { + Lock => 'Trend.lock', + CommonOptions => '-a', + DisinfectOptions => '-c', + ScanOptions => '', + InitParser => \&InitTrendParser, + ProcessOutput => \&ProcessTrendOutput, + SupportScanning => $S_SUPPORTED, + SupportDisinfect => $S_ALPHA, + }, "none" => { Lock => 'NoneBusy.lock', CommonOptions => '', @@ -507,6 +517,11 @@ ; } +# Initialise any state variables the RAV output parser uses +sub InitTrendParser { + ; +} + # These functions must be called with, in order: # * The line of output from the scanner # * A reference to the hash containing problem details @@ -1009,6 +1024,57 @@ $types->{"$id"}{"$part"} .= "v"; # so we know what to tell sender return 1; } + return 0; +} + +sub ProcessTrendOutput { + my($line, $infections, $types, $BaseDir) = @_; + + my($report, $infected, $dot, $id, $part, @rest); + +# Sample output: +# +# [root@angel bin]# /etc/iscan/vscan -a /root/sample +# Virus Scanner v3.1, VSAPI v6.150-1001 +# Trend Micro Inc. 1996,1997 +# Pattern version 333 +# Pattern number 46783 +# Configuration: -a -r -nl -c1 -c2 -u -s +# /root/sample +# check compressed file:No_Name +# decompress ok:No_Name +# check compressed file:decrypt-password.exe +# decompress ok:decrypt-password.exe +# *** Found virus WORM_FRETHEM.L in file /root/sample +# *** 1 decrypt-password.exe in /root/sample(type Mime Base 64) + +# ============================== +# Directory: +# Searched : 0 +# File: +# Searched : 1 +# Scan : 1 +# Infected : 1 +# Infected : 1(Include files been compressed) +# Time: +# Start : 8/12/02 19:16:15 +# Stop : 8/12/02 19:16:15 +# Used : 00:00 + + chomp $line; + + Log::WarnLog($line) if $line =~ /read pattern failed/i; + return 0 unless $line =~ /Found virus/i; + Log::InfoLog($line); + $report = $line; + $infected = $line; + $infected =~ s/^.*Found\s*in\s*file\s*//i; + # if ($line =~ /\*\*\* Found virus (.*) in file (.*)/i) { + ($dot,$id,$part,@rest) = split(/\//, $infected); + $infections->{"$id"}{"$part"} .= $report . "\n"; + $types->{"$id"}{"$part"} .= "v"; # so we know what to tell sender + return 1; + return 0; } -------------- next part -------------- #!/bin/sh # MailScanner - SMTP E-Mail Virus Scanner # Copyright (C) 2001 Julian Field # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # # The author, Julian Field, can be contacted by email at # Jules@JulianField.net # or by paper mail at # Julian Field # Dept of Electronics & Computer Science # University of Southampton # Southampton # SO17 1BJ # United Kingdom # PackageDir=/etc/iscan prog=vscan # `basename $0` datDIR=$PackageDir # Dynamic lib : libvsapi.so LD_LIBRARY_PATH=$PackageDir export LD_LIBRARY_PATH exec ${PackageDir}/$prog "$@" From mailscanner at ecs.soton.ac.uk Mon Aug 12 20:50:54 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:24 2006 Subject: Logging question In-Reply-To: Message-ID: <5.1.0.14.2.20020812204933.02c9bd38@imap.ecs.soton.ac.uk> At 19:58 12/08/2002, you wrote: >I use a universal sendmail server running Mailscanner to filter mail for >multiple businesses. Is there any way to provide statistical information on >the processing that Mailscanner makes? > >I would like to be able to give each client a report on their mail activity. This is not currently provided by MailScanner, but by analysing your sendmail logs you should be able to work out what you need. As a more general question, what statistical logging would people like MailScanner to produce? -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From mailscanner at ecs.soton.ac.uk Mon Aug 12 20:54:28 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:24 2006 Subject: preliminary Trend Interscan/Filescan support In-Reply-To: <20020812192125.GA20232@iww.netfr.alcatel.fr> Message-ID: <5.1.0.14.2.20020812205233.02c4ecb8@imap.ecs.soton.ac.uk> At 20:21 12/08/2002, you wrote: >Julian, Nick and other Mailscanner users, > >I've started to add support for Trend Micro Interscan / >Filescan (both come with the command scanner /etc/iscan/vscan). >The filescanner is free for personnal use and there is some >evaluation version for Interscan Viruswall which can be >downloaded at http://www.antivirus.com/download (versions exist >for HP-UX, Linux, Solaris. > >Here's attached a diff of sweep.pl for MailScanner-3.22-11 and >the wrapper script. > >It's not working completely yet : I'm getting some errors I >don't understand while sending some viruses : You need to remove all of the directory components from the filename reported by Trend. Take a look at the McAfee parser, it removes all the leading directory components for exactly the same reason. That will solve most/all of your problems. >in the syslog log I get : >Aug 12 21:22:05 angel mailscanner[4648]: Going to scan 1 messages >Aug 12 21:22:05 angel mailscanner[4648]: Commencing scanning by trend... >Aug 12 21:22:06 angel mailscanner[4648]: *** Found virus WORM_FRETHEM.L in >file /var/spool/MailScanner/incoming/g7CJLkJs004645/sample >Aug 12 21:22:06 angel mailscanner[4648]: Completed scanning by trend >Aug 12 21:22:06 angel mailscanner[4648]: Found 1 viruses in messages var >Aug 12 21:22:06 angel mailscanner[4648]: Scanned 1 messages, 68245 bytes >in 1 seconds >Aug 12 21:22:06 angel mailscanner[4648]: Saved infections to >/var/spool/MailScanner/quarantine/20020812/var >Aug 12 21:22:06 angel mailscanner[4648]: About to deliver 1 messages >Aug 12 21:22:06 angel mailscanner[4648]: Deleting unparsable message var >from queue >Aug 12 21:22:06 angel mailscanner[4648]: About to deliver 1 messages >Aug 12 21:22:06 angel mailscanner[4648]: Notified postmaster about 1 >infections >Aug 12 21:22:06 angel mailscanner[4648]: Looks like a problem... dumping >status information >Aug 12 21:22:06 angel mailscanner[4648]: Minimum acceptable stability = 4 >(supported) >Aug 12 21:22:06 angel mailscanner[4648]: Using Scanner "trend" >Aug 12 21:22:06 angel mailscanner[4648]: Scanner "antivir": scanning code >status 1 - disinfect code status 1 >Aug 12 21:22:06 angel mailscanner[4648]: Scanner "f-secure": scanning code >status 3 - disinfect code status 3 >Aug 12 21:22:06 angel mailscanner[4648]: Scanner "none": scanning code >status 0 - disinfect code status 0 >Aug 12 21:22:06 angel mailscanner[4648]: Scanner "nod32": scanning code >status 4 - disinfect code status 4 >Aug 12 21:22:06 angel mailscanner[4648]: Scanner "inoculate": scanning >code status 4 - disinfect code status 4 >Aug 12 21:22:06 angel mailscanner[4648]: Scanner "inoculan": scanning code >status 4 - disinfect code status 4 >Aug 12 21:22:06 angel mailscanner[4648]: Scanner "mcafee": scanning code >status 4 - disinfect code status 4 >Aug 12 21:22:06 angel mailscanner[4648]: Scanner "panda": scanning code >status 1 - disinfect code status 1 >Aug 12 21:22:06 angel mailscanner[4648]: Scanner "kaspersky": scanning >code status 3 - disinfect code status 2 >Aug 12 21:22:06 angel mailscanner[4648]: Scanner "rav": scanning code >status 1 - disinfect code status 1 >Aug 12 21:22:06 angel mailscanner[4648]: Scanner "sophos": scanning code >status 4 - disinfect code status 4 >Aug 12 21:22:06 angel mailscanner[4648]: Scanner "trend": scanning code >status 4 - disinfect code status 2 >Aug 12 21:22:06 angel mailscanner[4648]: Scanner "command": scanning code >status 4 - disinfect code status 4 >Aug 12 21:22:06 angel mailscanner[4648]: Scanner "f-prot": scanning code >status 4 - disinfect code status 4 >Aug 12 21:22:06 angel mailscanner[4648]: FATAL: Encountered code that does >not meet configured acceptable stability >Aug 12 21:22:06 angel mailscanner[4648]: FATAL: *Please go and READ* >http://www.sng.ecs.soton.ac.uk/mailscanner/install/codestatus.shtml > >=> I don't get it. Why "Deleting unparsable message var from queue" ? > >The mail I get back is : >============= >Date: Mon, 12 Aug 2002 21:22:06 +0200 >From: "MailScanner" >Subject: Warning: E-mail viruses detected >To: postmaster@angel.faithnomore.org > >The following e-mail messages were found to have viruses in them: > > Sender: >Recipient: > Subject: >MessageID: var > Report: *** Found virus WORM_FRETHEM.L in file > /var/spool/MailScanner/incoming/g7CJLkJs004645/sample > >-- >MailScanner >Email Virus Scanner >============= > > > > >From time to time while restarting mailscanner (I've not launched it > through some cron) I also get : >( cd / ; /opt/mailscanner/bin/mailscanner ) >In Debugging mode, not forking... >/bin/cp: cannot stat `/var/spool/MailScanner/incoming/var/spool': No such >file or directory >FATAL: *Please go and READ* >http://www.sng.ecs.soton.ac.uk/mailscanner/install/codestatus.shtml at >/opt/mailscanner/bin/logger.pl line 64. > >regards, > >SL/ >--- >Stephane Lentz / Alcanet International - Internet Services > -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From lbergman at abi.tconline.net Mon Aug 12 21:19:41 2002 From: lbergman at abi.tconline.net (Lewis Bergman) Date: Thu Jan 12 21:15:24 2006 Subject: Logging question In-Reply-To: <5.1.0.14.2.20020812204933.02c9bd38@imap.ecs.soton.ac.uk> References: <5.1.0.14.2.20020812204933.02c9bd38@imap.ecs.soton.ac.uk> Message-ID: <200208121519.42043.lbergman@abi.tconline.net> On Monday 12 August 2002 02:50 pm, Julian Field wrote: > At 19:58 12/08/2002, you wrote: > >I use a universal sendmail server running Mailscanner to filter mail for > >multiple businesses. Is there any way to provide statistical information > > on the processing that Mailscanner makes? > > > >I would like to be able to give each client a report on their mail > > activity. > > This is not currently provided by MailScanner, but by analysing your > sendmail logs you should be able to work out what you need. > > As a more general question, what statistical logging would people like > MailScanner to produce? I would love to be able to produce stats on: Total number of mail total virus's detected list top 5 and number total spam total spam ACTION (deleted, store, forward) list top 5 rule's scored total rejected via DNS list of top 3 and number And of course, it would be really nifty to be able to graph all that by mrtg. Glad I don't ask for much ;) -- Lewis Bergman Texas Communications 4309 Maple St. Abilene, TX 79602-8044 915-695-6962 ext 115 From sean at NISD.NET Mon Aug 12 21:31:07 2002 From: sean at NISD.NET (Sean Embry) Date: Thu Jan 12 21:15:24 2006 Subject: Logging question Message-ID: I've used sendmail_stats for over 2 years. I love it. http://www.reedmedia.net/software/sendmail_stats/ Sean Embry Systems/Database Administrator Northside Independent School District San Antonio TX 78238 (210) 706-8790 >>> dbaker@DKBURNAP.COM 08/12/02 01:58PM >>> I use a universal sendmail server running Mailscanner to filter mail for multiple businesses. Is there any way to provide statistical information on the processing that Mailscanner makes? I would like to be able to give each client a report on their mail activity. Thanks, David Baker Director David K. Burnap Internet Solutions 7106 Corporate Way Dayton, Ohio 45459-4271 Phone: (937) 913-2858 Fax: (937) 434-1260 Cell: (937) 416-0129 Email: dbaker@dkburnap.com From Matthew_doherty at DATAWATCH.COM Mon Aug 12 21:51:32 2002 From: Matthew_doherty at DATAWATCH.COM (Matt Doherty) Date: Thu Jan 12 21:15:25 2006 Subject: Logging question Message-ID: You might like this a tid bit better!! :) SMA, version 1.1 Heres an example from my server http://datawatch.com/report.html I have a script that runs daily.. Cheers! Matt Doherty IT Dept Datawatch Corp >>In a world without walls or fences, who needs Windows and Gates?<< -----Original Message----- From: Sean Embry [mailto:sean@NISD.NET] Sent: Monday, August 12, 2002 5:42 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Logging question I've used sendmail_stats for over 2 years. I love it. http://www.reedmedia.net/software/sendmail_stats/ Sean Embry Systems/Database Administrator Northside Independent School District San Antonio TX 78238 (210) 706-8790 >>> dbaker@DKBURNAP.COM 08/12/02 01:58PM >>> I use a universal sendmail server running Mailscanner to filter mail for multiple businesses. Is there any way to provide statistical information on the processing that Mailscanner makes? I would like to be able to give each client a report on their mail activity. Thanks, David Baker Director David K. Burnap Internet Solutions 7106 Corporate Way Dayton, Ohio 45459-4271 Phone: (937) 913-2858 Fax: (937) 434-1260 Cell: (937) 416-0129 Email: dbaker@dkburnap.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020812/dfd4b1e1/attachment.html From brose at MED.WAYNE.EDU Mon Aug 12 21:56:27 2002 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:15:25 2006 Subject: Logging question Message-ID: I use this internally also except I've added a lot more such as 100 rejects for RBLs or local sendmail blacklisting. The pretty mrtg stuff is for the public. -----Original Message----- From: Sean Embry [mailto:sean@NISD.NET] Sent: Monday, August 12, 2002 4:31 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Logging question I've used sendmail_stats for over 2 years. I love it. http://www.reedmedia.net/software/sendmail_stats/ Sean Embry Systems/Database Administrator Northside Independent School District San Antonio TX 78238 (210) 706-8790 >>> dbaker@DKBURNAP.COM 08/12/02 01:58PM >>> I use a universal sendmail server running Mailscanner to filter mail for multiple businesses. Is there any way to provide statistical information on the processing that Mailscanner makes? I would like to be able to give each client a report on their mail activity. Thanks, David Baker Director David K. Burnap Internet Solutions 7106 Corporate Way Dayton, Ohio 45459-4271 Phone: (937) 913-2858 Fax: (937) 434-1260 Cell: (937) 416-0129 Email: dbaker@dkburnap.com From gerry at dorfam.ca Mon Aug 12 22:29:11 2002 From: gerry at dorfam.ca (Gerry Doris) Date: Thu Jan 12 21:15:25 2006 Subject: Whitelist Problem In-Reply-To: <5.1.0.14.2.20020812192004.03ea7518@imap.ecs.soton.ac.uk> Message-ID: On Mon, 12 Aug 2002, Julian Field wrote: > At 19:15 12/08/2002, you wrote: > >I hate to admit this but I can't get the whitelist to work correctly. > > > >I added the following line to /usr/local/MailScanner/etc/whitelist.conf > >(I'm going from memory and I'm not exactly sure of the filename) > > > >From: lyris.gamespy.com > > > >I assumed that would be enough to have all mail arriving from that > >location to be passed through without marking it as spam. However, any > >mail showing up is still processed and marked by spamassassin. > > > >What have I missed? > > The address that is relevant here is the envelope sender address, not the > From: header. Check your maillog to see if you are matching the right thing. > > Also if you ask it to always include the spamassassin header, does it say > anything about whitelisting? > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ Here's the actual output of the spamassassin header... Message g7CCsWZ22724 from 207.38.1.8 (lyris.gamespy.com) is spam according to SpamAssassin (score=24.2, required 7, MSGID_CHARS_SPAM, PLING, DOUBLE_CAPSWORD, CLICK_BELOW, HTTP_WITH_EMAIL_IN_URL, UNSUB_PAGE, SUPERLONG_LINE, HTML_WITH_BGCOLOR, BIG_FONT, MAILTO_LINK, TRACKER_ID, RELAYING_FRAME, JAVASCRIPT, CLICK_HERE_LINK, MIME_EXCESSIVE_QP, FROM_AND_TO_SAME, CTYPE_JUST_HTML, AWL) >From this isn't "FROM: lyris.gamespy.com" the correct entry into spam.whitelist.conf? Also, the last item is AWL. Everytime that mailscanner restarts it says to autowhitelisting is enabled?? -- Gerry "The lyfe so short, the craft so long to learne" Chaucer From mark at TIPPINGMAR.COM Tue Aug 13 02:06:01 2002 From: mark at TIPPINGMAR.COM (Mark Nienberg) Date: Thu Jan 12 21:15:25 2006 Subject: sophos install In-Reply-To: References: <5.1.0.14.2.20020808175334.09bc94c0@imap.ecs.soton.ac.uk> Message-ID: <3D57F909.27452.1DB1552@localhost> It's time for my first major (3 month) update to sophos after installing mailscanner. Do I have to stop mailscanner before doing the upgrade? I don't see any LockSophos in "Sophos.install" like there is in "autoupdate". Is that OK? Also, here is a very small suggestion, that might go way on the back burner. "Sophos.install" correctly handles either the "sav-install" directory or the downloaded "tar.Z" file, but not the "tar" file that comes on the monthly CD from sophos. Thanks, -- Mark W. Nienberg, SE Tipping Mar + associates 1906 Shattuck Ave, Berkeley, CA 94704 visit our website at http://www.tippingmar.com From nathan at tcpnetworks.net Tue Aug 13 03:31:37 2002 From: nathan at tcpnetworks.net (Nathan Johanson) Date: Thu Jan 12 21:15:25 2006 Subject: Whitelist Problem Message-ID: <200208130231.g7D2VbR05277@ns2.tcpnetworks.com> Is it possible for someone to illustrate the difference between the "envelope sender address" versus the "From" header? Maybe grab a full email header, paste it into a reply to the list, and point out which is which? This seems like a recurring question and now I'm even beginning to question my own understanding of it. it might even be a good item for the FAQ. If I was convinced I understood it, I would write it myself :) Thanks in advance! Nathan nathan@tcpnetworks.net > At 19:15 12/08/2002, you wrote: > >I hate to admit this but I can't get the whitelist to work correctly. > > > >I added the following line to /usr/local/MailScanner/etc/whitelist.conf > >(I'm going from memory and I'm not exactly sure of the filename) > > > >From: lyris.gamespy.com > > > >I assumed that would be enough to have all mail arriving from that > >location to be passed through without marking it as spam. However, any > >mail showing up is still processed and marked by spamassassin. > > > >What have I missed? > > The address that is relevant here is the envelope sender address, not the > From: header. Check your maillog to see if you are matching the right > thing. > > Also if you ask it to always include the spamassassin header, does it say > anything about whitelisting? > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ From isp-list at TULSACONNECT.COM Tue Aug 13 05:09:17 2002 From: isp-list at TULSACONNECT.COM (ISP List) Date: Thu Jan 12 21:15:25 2006 Subject: SpamAssassin performance tips Message-ID: <5.1.1.6.2.20020812230348.01c9a3b0@securemail.tulsaconnect.com> After much trial and error tonight, I have found the following entries in my spam.assassin.prefs.conf file provide the fastest scanning performance: # don't mess with mime encoded messages defang_mime 0 # don't do dns based rbl lookups skip_rbl_checks 1 # only check for a valid MX record once check_mx_attempts 1 Turning on rbl checks can be expensive, but usually don't hurt too much (I recommend running a local caching bind server on the same box that MailScanner is on). The big "slowdown" is the check_mx_attemps, by default it is set to 3 attempts with 5 seconds in between (!), which can mean extra long delays if the domain being checked has a DNS server problem or doesn't have a valid MX record. Hope the above helps someone. --Mike From helio at HELIO.COM.BR Tue Aug 13 06:02:14 2002 From: helio at HELIO.COM.BR (Helio Silva) Date: Thu Jan 12 21:15:25 2006 Subject: Logging question In-Reply-To: <5.1.0.14.2.20020812204933.02c9bd38@imap.ecs.soton.ac.uk> References: Message-ID: <5.1.1.6.2.20020813015610.00a01ab0@pop.sao.terra.com.br> I'd like to update a mysql database with some data from every in/out message unique_id,from,to,subject,size and diagnostics (spam/virus/clean). Attached files and their sizes will be usefull to. regards HELIo Silva At 16:55 12/08/02, you wrote: >At 19:58 12/08/2002, you wrote: >>I use a universal sendmail server running Mailscanner to filter mail for >>multiple businesses. Is there any way to provide statistical information on >>the processing that Mailscanner makes? >> >>I would like to be able to give each client a report on their mail activity. > >This is not currently provided by MailScanner, but by analysing your >sendmail logs you should be able to work out what you need. > >As a more general question, what statistical logging would people like From Stephane.Lentz at ANSF.ALCATEL.FR Tue Aug 13 06:42:53 2002 From: Stephane.Lentz at ANSF.ALCATEL.FR (Stephane Lentz) Date: Thu Jan 12 21:15:25 2006 Subject: Logging question In-Reply-To: References: Message-ID: <20020813054253.GA23291@iww.netfr.alcatel.fr> On Mon, Aug 12, 2002 at 04:51:32PM -0400, Matt Doherty wrote: > You might like this a tid bit better!! :) > > SMA, version 1.1 > > Heres an example from my server > http://datawatch.com/report.html > I have a script that runs daily.. > latest sma version is 1.2 The homepage is : http://www.klake.org/sma/ Regards, SL/ --- Stephane Lentz / Alcanet International - Internet Services From brett at BRABYS.CO.ZA Tue Aug 13 07:27:02 2002 From: brett at BRABYS.CO.ZA (Brett Geer) Date: Thu Jan 12 21:15:25 2006 Subject: Logging question In-Reply-To: <5.1.1.6.2.20020813015610.00a01ab0@pop.sao.terra.com.br> References: <5.1.1.6.2.20020813015610.00a01ab0@pop.sao.terra.com.br> Message-ID: <20020813082702.67bfe784.brett@brabys.co.za> One solution is to set the 'archive mail' and periodically spin thru the archive directory and shove it into a database. I've got some code that'll do that for Postgresql if you like. diagnostics I don't look for but you could get that from the header. Attachments and so forth you'd have to decode the df file and look at it. Wouldn't take too long to port to MySQL works nicely but it gets big fast. Anyone from SA here? Can't see any details in the new ECT legislation about archiving mail transmissions aside from vague remarks from SARS about treating them like documents. Anyone know anything? brett > I'd like to update a mysql database with some data from every in/out message unique_id,from,to,subject,size and diagnostics (spam/virus/clean). Attached files and their sizes will be usefull to. > > regards > HELIo Silva > > > > At 16:55 12/08/02, you wrote: > >At 19:58 12/08/2002, you wrote: > >>I use a universal sendmail server running Mailscanner to filter mail for > >>multiple businesses. Is there any way to provide statistical information on > >>the processing that Mailscanner makes? > >> > >>I would like to be able to give each client a report on their mail activity. > > > >This is not currently provided by MailScanner, but by analysing your > >sendmail logs you should be able to work out what you need. > > > >As a more general question, what statistical logging would people like > From LISTSERV at JISCMAIL.AC.UK Mon Aug 12 22:42:19 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:25 2006 Subject: MAILSCANNER: dcullen@NEO.RR.COM left the list Message-ID: <200208122142.WAA29528@magpie.ecs.soton.ac.uk> Mon, 12 Aug 2002 22:42:19 Doug Cullen has just signed off the MAILSCANNER list (MailScanner mailing list). ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From LISTSERV at JISCMAIL.AC.UK Mon Aug 12 22:44:10 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:25 2006 Subject: MAILSCANNER: martin@MJ-TECH.COM left the list Message-ID: <200208122144.WAA29666@magpie.ecs.soton.ac.uk> Mon, 12 Aug 2002 22:44:10 Martin Jermyn has just signed off the MAILSCANNER list (MailScanner mailing list). ------------------------- Original mail header -------------------------- [WWW request received from 213.122.59.226] From LISTSERV at JISCMAIL.AC.UK Tue Aug 13 01:13:42 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:25 2006 Subject: MAILSCANNER: david.pollard@MERIDIANINFO.COM left the list Message-ID: <200208130013.BAA11412@magpie.ecs.soton.ac.uk> Tue, 13 Aug 2002 01:13:42 David Pollard has just signed off the MAILSCANNER list (MailScanner mailing list). ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From mailscanner at ecs.soton.ac.uk Tue Aug 13 08:54:43 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:25 2006 Subject: sophos install In-Reply-To: <3D57F909.27452.1DB1552@localhost> References: <5.1.0.14.2.20020808175334.09bc94c0@imap.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020813085348.04bd6ec0@imap.ecs.soton.ac.uk> At 02:06 13/08/2002, you wrote: >It's time for my first major (3 month) update to sophos after installing >mailscanner. Do I have to stop mailscanner before doing the upgrade? I >don't see any LockSophos in "Sophos.install" like there is in "autoupdate". >Is that OK? Yes it should be fine. The only point at which anything might break is during "autoupdate" which is called by "Sophos.install". >Also, here is a very small suggestion, that might go way on the back >burner. "Sophos.install" correctly handles either the "sav-install" >directory >or the downloaded "tar.Z" file, but not the "tar" file that comes on the >monthly CD from sophos. Fair point :) -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From mailscanner at ecs.soton.ac.uk Tue Aug 13 08:53:34 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:25 2006 Subject: Whitelist Problem -- explanation of To: versus recipient In-Reply-To: <200208130231.g7D2VbR05277@ns2.tcpnetworks.com> Message-ID: <5.1.0.14.2.20020813083516.02e255d0@imap.ecs.soton.ac.uk> At 03:31 13/08/2002, you wrote: >Is it possible for someone to illustrate the difference between the >"envelope sender address" versus the "From" header? > >Maybe grab a full email header, paste it into a reply to the list, and >point out which is which? The point is that the "envelope sender address" doesn't normally end up in the headers at all. > This seems like a recurring question and now >I'm even beginning to question my own understanding of it. it might even >be a good item for the FAQ. If I was convinced I understood it, I would >write it myself :) This looks a bit long, but it's all very simple to understand. Really :) Imagine a physical letter in the post to you. If they have written it nicely, the piece of paper in the envelope will have your (the recipient) address written on it. But the piece of paper is folded up and put in an envelope, which is made of paper so you can't see through it. Your address is written on the outside of the envelope too. The mail "Post Office" (US Postal Service, Royal Mail, Federal Express, etc) delivers the letter to your mailbox. But the last thing it does before it drops it in your mailbox is that it kindly takes the letter out of the envelope for you and throws the envelope in the trash. What you have now is the original letter, complete with your address written on it. But the version of your address on the letter you take from your mailbox is nothing whatsoever to do with the address used to actually deliver it to you. The (thrown away) address on the outside of the envelope is what was used to deliver it to you. In theory the copy of the address on the letter doesn't even need to be your address. Absolutely anything would do, as it isn't used to delivery it to you anyway. The only address that matters is the one on the outside of the envelope (which was thrown away for you by the "Post Office"). It's exactly the same with e-mail, except that the "Post Office" is sendmail, Exim, postfix, etc. The same explanation applies to the return address written on the outside of the envelope. All the Post Office checks is that it is a valid address. If the letter couldn't be delivered to you, the Post Office tries to send it back to the return (From) address on the outside of the envelope. The Post Office won't actually open your letter as that is not allowed (not in many countries, anyway). If the return address on the envelope is someone else's address (i.e. not the address of the person who originally sent you the letter), then the Post Office will still deliver it to them, and they will be quite surprised to receive back a letter they never sent in the first place. This is what the Klez worm does. If you want to send a letter back to the person who sent it, nothing on the letter inside the envelope can be trusted (as explained above). And you can't even trust the return address written on the outside of the envelope, even if somehow you managed to get the envelope off the postwoman (also explained above). The only indication you have is what franking marks the Post Office added (as these tend to indicate the town it came from). These franking marks are the "Received:" headers. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From P.G.M.Peters at civ.utwente.nl Tue Aug 13 10:46:55 2002 From: P.G.M.Peters at civ.utwente.nl (Peter Peters) Date: Thu Jan 12 21:15:25 2006 Subject: Logging question In-Reply-To: <20020813082702.67bfe784.brett@brabys.co.za> References: <5.1.1.6.2.20020813015610.00a01ab0@pop.sao.terra.com.br> <20020813082702.67bfe784.brett@brabys.co.za> Message-ID: On Tue, 13 Aug 2002 08:27:02 +0200, you wrote: >Anyone from SA here? Can't see any details in the new ECT legislation about >archiving mail transmissions aside from vague remarks from SARS about >treating them like documents. Anyone know anything? Considering the new plans in Europe ISP's will have to archive everything (for 5 or 7 years). -- Peter Peters senior netwerkbeheerder, Centrum voor Informatievoorziening, Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: +31 53 489 2301, fax:+31 53 489 2383, http://www.utwente.nl/civ From P.G.M.Peters at civ.utwente.nl Tue Aug 13 10:57:59 2002 From: P.G.M.Peters at civ.utwente.nl (Peter Peters) Date: Thu Jan 12 21:15:25 2006 Subject: Whitelist Problem In-Reply-To: <200208130231.g7D2VbR05277@ns2.tcpnetworks.com> References: <200208130231.g7D2VbR05277@ns2.tcpnetworks.com> Message-ID: On Mon, 12 Aug 2002 18:31:37 PST, you wrote: >Return-Path: This is taken from the enveloppe sender (mail from:). >Received: from smtp.jiscmail.ac.uk (smtp.jiscmail.ac.uk [130.246.192.48]) > by netlx010.civ.utwente.nl (8.11.4/HKD) with ESMTP id g7D3s7E10837 > for ; Tue, 13 Aug 2002 05:54:07 +0200 This address was present in the enveloppe header as the recipient (rcpt to:) >From: Nathan Johanson This is the From: header in the message. >To: MAILSCANNER@JISCMAIL.AC.UK And this is the To: header in the message. >X-UTwente-MailScanner: Found to be clean >X-UTwente-MailScanner-SpamCheck: RFC-IGNORANT-WHOIS > >Is it possible for someone to illustrate the difference between the >"envelope sender address" versus the "From" header? > >Maybe grab a full email header, paste it into a reply to the list, and >point out which is which? This seems like a recurring question and now >I'm even beginning to question my own understanding of it. it might even >be a good item for the FAQ. If I was convinced I understood it, I would >write it myself :) I included the relevant headers from your mail message. :-) And the correspondenting log-lines (removed irrelevant information): |g7D3s7E10837: from=, |g7D3s7E10837: to=, delay=00:00:00, -- Peter Peters senior netwerkbeheerder, Centrum voor Informatievoorziening, Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: +31 53 489 2301, fax:+31 53 489 2383, http://www.utwente.nl/civ From mike at ZANKER.ORG Tue Aug 13 11:08:22 2002 From: mike at ZANKER.ORG (Mike Zanker) Date: Thu Jan 12 21:15:25 2006 Subject: Logging question In-Reply-To: References: Message-ID: <24668631.1029236902@jemima.zanker.org> On 13 August 2002 11:46 +0200 Peter Peters wrote: > Considering the new plans in Europe ISP's will have to archive > everything (for 5 or 7 years). "may", not "will". Nothing is definite yet. FWIW I think the final figure is likely to be a multiple of months, not years. Mike -- Mike Zanker Northampton, UK PGP Public Key: pgp@zanker.org From LISTSERV at JISCMAIL.AC.UK Tue Aug 13 11:05:39 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:25 2006 Subject: MAILSCANNER: heinz.knutzen@DZSH.DE requested to join Message-ID: <200208131005.LAA25768@magpie.ecs.soton.ac.uk> Tue, 13 Aug 2002 11:05:39 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from Heinz Knutzen . You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER heinz.knutzen@DZSH.DE Heinz Knutzen The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+heinz.knutzen%40DZSH.DE+Heinz+Knutzen&L=MAILSCANNER ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From LISTSERV at JISCMAIL.AC.UK Tue Aug 13 11:10:42 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:25 2006 Subject: MAILSCANNER: rajiv@W-O-I.COM left the list Message-ID: <200208131010.LAA26377@magpie.ecs.soton.ac.uk> Tue, 13 Aug 2002 11:10:42 Rajiv Shah has just signed off the MAILSCANNER list (MailScanner mailing list). ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From mailscanner at ecs.soton.ac.uk Tue Aug 13 11:34:41 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:25 2006 Subject: Whitelist Problem In-Reply-To: References: <200208130231.g7D2VbR05277@ns2.tcpnetworks.com> <200208130231.g7D2VbR05277@ns2.tcpnetworks.com> Message-ID: <5.1.0.14.2.20020813113255.04962fc8@imap.ecs.soton.ac.uk> At 10:57 13/08/2002, you wrote: >On Mon, 12 Aug 2002 18:31:37 PST, you wrote: > > >Return-Path: > >This is taken from the enveloppe sender (mail from:). Not always present. In sendmail you need a flag in the definition of the "local" mailer to do this. > >Received: from smtp.jiscmail.ac.uk (smtp.jiscmail.ac.uk [130.246.192.48]) > > by netlx010.civ.utwente.nl (8.11.4/HKD) with ESMTP id g7D3s7E10837 > > for ; Tue, 13 Aug 2002 05:54:07 +0200 > >This address was present in the enveloppe header as the recipient (rcpt >to:) You have to ensure you use the last one of these (i.e. the first in the headers) as it gets changed by ".forward" files and mailing list exploders. > >From: Nathan Johanson > >This is the From: header in the message. > > >To: MAILSCANNER@JISCMAIL.AC.UK > >And this is the To: header in the message. > > >X-UTwente-MailScanner: Found to be clean > >X-UTwente-MailScanner-SpamCheck: RFC-IGNORANT-WHOIS > > > >Is it possible for someone to illustrate the difference between the > >"envelope sender address" versus the "From" header? > > > >Maybe grab a full email header, paste it into a reply to the list, and > >point out which is which? This seems like a recurring question and now > >I'm even beginning to question my own understanding of it. it might even > >be a good item for the FAQ. If I was convinced I understood it, I would > >write it myself :) > >I included the relevant headers from your mail message. :-) > >And the correspondenting log-lines (removed irrelevant information): >|g7D3s7E10837: from=, >|g7D3s7E10837: to=, delay=00:00:00, -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From andersan at LTKALMAR.SE Tue Aug 13 12:22:18 2002 From: andersan at LTKALMAR.SE (Anders Andersson, IT) Date: Thu Jan 12 21:15:25 2006 Subject: SV: Whitelist Problem -- explanation of To: versus recipient Message-ID: <7B475DC5E9502B4D91EA73C283AE48D70263EAE1@lkl22.ltkalmar.se> Thanks, even an fool like me understod that. Nice to see a noon *nix explaination =) /Anders > -----Ursprungligt meddelande----- > Fr?n: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > Skickat: den 13 augusti 2002 09:54 > Till: MAILSCANNER@JISCMAIL.AC.UK > ?mne: Re: Whitelist Problem -- explanation of To: versus recipient > > > At 03:31 13/08/2002, you wrote: > >Is it possible for someone to illustrate the difference between the > >"envelope sender address" versus the "From" header? > > > >Maybe grab a full email header, paste it into a reply to the > list, and > >point out which is which? > > The point is that the "envelope sender address" doesn't > normally end up in > the headers at all. > > > This seems like a recurring question and now > >I'm even beginning to question my own understanding of it. > it might even > >be a good item for the FAQ. If I was convinced I understood > it, I would > >write it myself :) > > This looks a bit long, but it's all very simple to > understand. Really :) > > Imagine a physical letter in the post to you. If they have written it > nicely, the piece of paper in the envelope will have your > (the recipient) > address written on it. But the piece of paper is folded up > and put in an > envelope, which is made of paper so you can't see through it. > Your address > is written on the outside of the envelope too. > > The mail "Post Office" (US Postal Service, Royal Mail, > Federal Express, > etc) delivers the letter to your mailbox. But the last thing > it does before > it drops it in your mailbox is that it kindly takes the > letter out of the > envelope for you and throws the envelope in the trash. > > What you have now is the original letter, complete with your address > written on it. > > But the version of your address on the letter you take from > your mailbox is > nothing whatsoever to do with the address used to actually > deliver it to > you. The (thrown away) address on the outside of the envelope > is what was > used to deliver it to you. > > In theory the copy of the address on the letter doesn't even > need to be > your address. Absolutely anything would do, as it isn't used > to delivery it > to you anyway. The only address that matters is the one on > the outside of > the envelope (which was thrown away for you by the "Post Office"). > > It's exactly the same with e-mail, except that the "Post Office" is > sendmail, Exim, postfix, etc. > > The same explanation applies to the return address written on > the outside > of the envelope. All the Post Office checks is that it is a > valid address. > If the letter couldn't be delivered to you, the Post Office > tries to send > it back to the return (From) address on the outside of the > envelope. The > Post Office won't actually open your letter as that is not > allowed (not in > many countries, anyway). If the return address on the > envelope is someone > else's address (i.e. not the address of the person who > originally sent you > the letter), then the Post Office will still deliver it to > them, and they > will be quite surprised to receive back a letter they never > sent in the > first place. This is what the Klez worm does. > > If you want to send a letter back to the person who sent it, > nothing on the > letter inside the envelope can be trusted (as explained > above). And you > can't even trust the return address written on the outside of > the envelope, > even if somehow you managed to get the envelope off the > postwoman (also > explained above). The only indication you have is what > franking marks the > Post Office added (as these tend to indicate the town it came > from). These > franking marks are the "Received:" headers. > > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ > From sfolayan at skannet.com.ng Tue Aug 13 12:32:16 2002 From: sfolayan at skannet.com.ng (Sunday Folayan) Date: Thu Jan 12 21:15:25 2006 Subject: queues on NFS share In-Reply-To: <7B475DC5E9502B4D91EA73C283AE48D70263EAE1@lkl22.ltkalmar.se> Message-ID: Hello All, I want to have my mailscanner incoming and outgoing queues on an NFS share. Do I need to anything special to make it work? Any help would be appreciated. TIA -- ---------------------------------------------- Sunday A. Folayan General Data Engineering Services Ltd [SKANNET] 18b, Oshin Rd, Kongi Bodija Ibadan, Nigeria Email: sfolayan@skannet.com.ng Voice: +234-2-8105156 Fax: +234-2-8106268 ------- Today is the tomorrow you bothered about, yesterday. From P.G.M.Peters at civ.utwente.nl Tue Aug 13 13:16:12 2002 From: P.G.M.Peters at civ.utwente.nl (Peter Peters) Date: Thu Jan 12 21:15:25 2006 Subject: Logging question In-Reply-To: <24668631.1029236902@jemima.zanker.org> References: <24668631.1029236902@jemima.zanker.org> Message-ID: On Tue, 13 Aug 2002 11:08:22 +0100, you wrote: >> Considering the new plans in Europe ISP's will have to archive >> everything (for 5 or 7 years). > >"may", not "will". Nothing is definite yet. FWIW I think the final >figure is likely to be a multiple of months, not years. Last week I talked with representatives of the dutch ISP assosation and they are working on trying to convince the government to cancel this whole operation. The government had something in mind like the taxes where you must keep all records for 5 years. They thought it wouldn't be that difficult to keep all and every traffic (not just e-mail but everything going over the network) for that amount of years. I told to refer to the vaults they built for storing the Euro's before january 1. And where they now keep the old guilders. These vaults wouldn't be big enough to keep the DVD with the traffic of a whole month. And consider the traffic jams of all the trucks delivering the DVD's to the vault. -- Peter Peters senior netwerkbeheerder, Centrum voor Informatievoorziening, Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: +31 53 489 2301, fax:+31 53 489 2383, http://www.utwente.nl/civ From P.G.M.Peters at civ.utwente.nl Tue Aug 13 13:17:41 2002 From: P.G.M.Peters at civ.utwente.nl (Peter Peters) Date: Thu Jan 12 21:15:25 2006 Subject: Whitelist Problem In-Reply-To: <5.1.0.14.2.20020813113255.04962fc8@imap.ecs.soton.ac.uk> References: <200208130231.g7D2VbR05277@ns2.tcpnetworks.com> <200208130231.g7D2VbR05277@ns2.tcpnetworks.com> <5.1.0.14.2.20020813113255.04962fc8@imap.ecs.soton.ac.uk> Message-ID: On Tue, 13 Aug 2002 11:34:41 +0100, you wrote: >> >Return-Path: >> >>This is taken from the enveloppe sender (mail from:). > >Not always present. In sendmail you need a flag in the definition of the >"local" mailer to do this. OK, but is is always good to do that. (I think) >> >Received: from smtp.jiscmail.ac.uk (smtp.jiscmail.ac.uk [130.246.192.48]) >> > by netlx010.civ.utwente.nl (8.11.4/HKD) with ESMTP id g7D3s7E10837 >> > for ; Tue, 13 Aug 2002 05:54:07 +0200 >> >>This address was present in the enveloppe header as the recipient (rcpt >>to:) > >You have to ensure you use the last one of these (i.e. the first in the >headers) as it gets changed by ".forward" files and mailing list exploders. This wasn't the last (i.e. the first). That one was an internal delivery from the scanning host to the mailbox host. I used this one because it has the address I am subscribed with. -- Peter Peters senior netwerkbeheerder, Centrum voor Informatievoorziening, Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: +31 53 489 2301, fax:+31 53 489 2383, http://www.utwente.nl/civ From mailscanner at ecs.soton.ac.uk Tue Aug 13 13:37:04 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:25 2006 Subject: queues on NFS share In-Reply-To: References: <7B475DC5E9502B4D91EA73C283AE48D70263EAE1@lkl22.ltkalmar.se> Message-ID: <5.1.0.14.2.20020813133606.02e2e648@imap.ecs.soton.ac.uk> At 12:32 13/08/2002, you wrote: >I want to have my mailscanner incoming and outgoing queues on an NFS >share. Do I need to anything special to make it work? Any help would be >appreciated. This is generally a really bad idea. I think you'll get away with doing this with Exim. You will not get away with it if you are using sendmail. The file locking sendmail uses doesn't work over NFS. Bad things will happen to your mail. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From nathan at tcpnetworks.net Tue Aug 13 16:06:35 2002 From: nathan at tcpnetworks.net (Nathan Johanson) Date: Thu Jan 12 21:15:25 2006 Subject: Whitelist Problem Message-ID: <200208131506.g7DF6ZR08335@ns2.tcpnetworks.com> Got it. Thanks to everyone who responded. -Nathan > On Mon, 12 Aug 2002 18:31:37 PST, you wrote: > > >Return-Path: > > This is taken from the enveloppe sender (mail from:). > > >Received: from smtp.jiscmail.ac.uk (smtp.jiscmail.ac.uk [130.246.192.48]) > > by netlx010.civ.utwente.nl (8.11.4/HKD) with ESMTP id > g7D3s7E10837 > > for ; Tue, 13 Aug 2002 > 05:54:07 +0200 > > This address was present in the enveloppe header as the recipient (rcpt > to:) > > >From: Nathan Johanson > > This is the From: header in the message. > > >To: MAILSCANNER@JISCMAIL.AC.UK > > And this is the To: header in the message. > > >X-UTwente-MailScanner: Found to be clean > >X-UTwente-MailScanner-SpamCheck: RFC-IGNORANT-WHOIS > > > >Is it possible for someone to illustrate the difference between the > >"envelope sender address" versus the "From" header? > > > >Maybe grab a full email header, paste it into a reply to the list, and > >point out which is which? This seems like a recurring question and now > >I'm even beginning to question my own understanding of it. it might even > >be a good item for the FAQ. If I was convinced I understood it, I would > >write it myself :) > > I included the relevant headers from your mail message. :-) > > And the correspondenting log-lines (removed irrelevant information): > |g7D3s7E10837: from=, > |g7D3s7E10837: to=, delay=00:00:00, > > -- > Peter Peters > senior netwerkbeheerder, Centrum voor Informatievoorziening, > Universiteit Twente, Postbus 217, 7500 AE Enschede > telefoon: +31 53 489 2301, fax:+31 53 489 2383, http://www.utwente.nl/civ From ucs_rat at SHSU.EDU Tue Aug 13 16:32:37 2002 From: ucs_rat at SHSU.EDU (Robert A. Thompson) Date: Thu Jan 12 21:15:25 2006 Subject: silent delete Message-ID: <1029252757.21090.6.camel@ab1-1-26.shsu.edu> is there a way to to silently delete messages to the recipient as well as the sender if they are in the viruses.to.delete.conf file? On the viruses that are faking the addresses (ala klez) I would rather not bother my users, and just track/handle machines from the log files. --Robert From x.mailscanner.mail at MELLONI.COM Tue Aug 13 16:58:10 2002 From: x.mailscanner.mail at MELLONI.COM (Bruno Melloni) Date: Thu Jan 12 21:15:25 2006 Subject: Mailscanner list digest detected as spam Message-ID: <200208131558.g7DFwAr17777@ori.rl.ac.uk> I just wanted to mention that SpamAssassin's default settings make it detect the MailScanner list digest messages as spam. It is of course possible to whitelist jiscmail.ac.uk, but I thought I'd mention it in case something can be done to avoid the problem in the first place. The score is 5.6 (over required 5) and the signatures are: MSG_ID_ADDED_BY_MTA_2 CTYPE_JUST_HTML Bruno From mark at TIPPINGMAR.COM Tue Aug 13 17:01:34 2002 From: mark at TIPPINGMAR.COM (Mark Nienberg) Date: Thu Jan 12 21:15:25 2006 Subject: Logging question In-Reply-To: <5.1.1.6.2.20020813015610.00a01ab0@pop.sao.terra.com.br> References: <5.1.0.14.2.20020812204933.02c9bd38@imap.ecs.soton.ac.uk> Message-ID: <3D58CAEE.3156.50ECA2D@localhost> Forgive me if this has already been mentioned, but I accidentally deleted a few messages in this thread before reading them. By default, RedHat 7.2 installs the "logwatch" package, which scans many log files including maillog daily and sends an e-mail report. I think it would be pretty simple to modify the configuration for the maillog scan to pull out more statistics related to mailscanner. The whole mechanism to search for strings, count the occurences, assemble the report and e-mail it are already there. It is written in perl and available here: http://www.logwatch.org > >>I use a universal sendmail server running Mailscanner to filter mail for > >>multiple businesses. Is there any way to provide statistical information on > >>the processing that Mailscanner makes? > >> > >>I would like to be able to give each client a report on their mail activity. > > > >This is not currently provided by MailScanner, but by analysing your > >sendmail logs you should be able to work out what you need. > > > >As a more general question, what statistical logging would people like -- Mark W. Nienberg, SE Tipping Mar + associates 1906 Shattuck Ave, Berkeley, CA 94704 visit our website at http://www.tippingmar.com From x.mailscanner.mail at MELLONI.COM Tue Aug 13 17:18:18 2002 From: x.mailscanner.mail at MELLONI.COM (Bruno Melloni) Date: Thu Jan 12 21:15:25 2006 Subject: Mailscanner digest detected as spam Message-ID: <200208131618.g7DGISr28285@ori.rl.ac.uk> I noticed that SpamAssassin (with default settings) tags the MailScanner list digest as spam. Whitelisting jiscmail.ac.uk will solve the problem, but I thought I'd mention it since it might be possible to do something to the list or MailScanner defaults to prevent it. SA score is 5.6 and the signatures are: MSG_ID_ADDED_BY_MTA_2 CTYPE_JUST_HTML Bruno From steinkel at PA.NET Tue Aug 13 18:16:48 2002 From: steinkel at PA.NET (Leland J. Steinke) Date: Thu Jan 12 21:15:25 2006 Subject: trying to integrate postfix Message-ID: <3D593F00.4050903@pa.net> Hello, I'm trying to stitch pieces together to integrate MailScanner into Postfix. I pretty sure I have an adequate model. Here's the model: postfix receives a message via smtp. Rather than processing it as a normal message, postfix pipes it to a command. This command digests the message into H and D files and deposits it in a queue directory, ready for a good working-over by MailScanner. MailScanner then kicks the messages out through the postfix local-delivery channel. I believe that I am 98% of the way to a usable solution, using two programs (enspool.pl and despool.pl, which take messages from postfix and give messages back to postfix, respectively) and adding extra code to mta-specific.pl to handle the changes. I called the new MTA code "generic" since I believe that it will be generally applicable (but I could be wrong ;-). It is working now on a test server, but I have not fielded it yet. Does this seem like a reasonable way to handle the MailScanner/Postfix interface? Would anybody like to take a look at it to ensure I haven't missed anything painfully obvious? Thanks, Leland From mailscanner at ecs.soton.ac.uk Tue Aug 13 18:36:44 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:25 2006 Subject: trying to integrate postfix In-Reply-To: <3D593F00.4050903@pa.net> Message-ID: <5.1.0.14.2.20020813183343.02e4e2b0@imap.ecs.soton.ac.uk> Support for Postfix is currently on the feature wish-list. Your solution should work, it's possible Nick can come up with a better one, but I would quite happily integrate yours into the code in the mean time (Nick is very busy working on some other projects at the moment, and I'm spending all my free time OO-ising MailScanner). I look forward to your contribution with interest, once you've proved it all works nicely. How much overhead does it add per message? Starting up perl for each message is quite expensive... At 18:16 13/08/2002, you wrote: >Hello, > >I'm trying to stitch pieces together to integrate MailScanner into >Postfix. I pretty sure I have an adequate model. > >Here's the model: postfix receives a message via smtp. Rather than >processing it as a normal message, postfix pipes it to a command. This >command digests the message into H and D files and deposits it in a >queue directory, ready for a good working-over by MailScanner. >MailScanner then kicks the messages out through the postfix >local-delivery channel. > >I believe that I am 98% of the way to a usable solution, using two >programs (enspool.pl and despool.pl, which take messages from postfix >and give messages back to postfix, respectively) and adding extra code >to mta-specific.pl to handle the changes. I called the new MTA code >"generic" since I believe that it will be generally applicable (but I >could be wrong ;-). It is working now on a test server, but I have not >fielded it yet. > >Does this seem like a reasonable way to handle the MailScanner/Postfix >interface? Would anybody like to take a look at it to ensure I haven't >missed anything painfully obvious? > > >Thanks, >Leland -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From mailscanner at ecs.soton.ac.uk Tue Aug 13 18:32:00 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:25 2006 Subject: Mailscanner digest detected as spam In-Reply-To: <200208131618.g7DGISr28285@ori.rl.ac.uk> Message-ID: <5.1.0.14.2.20020813183103.04cc5008@imap.ecs.soton.ac.uk> Various options: Increase your "required_hits" value (I always use 9) Change the digest type for your subscription so it isn't HTML Whitelist jiscmail.ac.uk (as you mention) At 17:18 13/08/2002, you wrote: >I noticed that SpamAssassin (with default settings) tags the MailScanner >list digest as spam. > >Whitelisting jiscmail.ac.uk will solve the problem, but I thought I'd >mention it since it might be possible to do something to the list or >MailScanner defaults to prevent it. > >SA score is 5.6 and the signatures are: > > MSG_ID_ADDED_BY_MTA_2 > CTYPE_JUST_HTML > >Bruno -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From Stephane.Lentz at ANSF.ALCATEL.FR Tue Aug 13 20:03:02 2002 From: Stephane.Lentz at ANSF.ALCATEL.FR (Stephane Lentz) Date: Thu Jan 12 21:15:25 2006 Subject: preliminary Trend Interscan/Filescan support In-Reply-To: <5.1.0.14.2.20020812205233.02c4ecb8@imap.ecs.soton.ac.uk> References: <20020812192125.GA20232@iww.netfr.alcatel.fr> <5.1.0.14.2.20020812205233.02c4ecb8@imap.ecs.soton.ac.uk> Message-ID: <20020813190302.GA4730@iww.netfr.alcatel.fr> Hi, On Mon, Aug 12, 2002 at 08:54:28PM +0100, Julian Field wrote: > At 20:21 12/08/2002, you wrote: > >Julian, Nick and other Mailscanner users, > > > >I've started to add support for Trend Micro Interscan / > >Filescan (both come with the command scanner /etc/iscan/vscan). > >The filescanner is free for personnal use and there is some > >evaluation version for Interscan Viruswall which can be > >downloaded at http://www.antivirus.com/download (versions exist > >for HP-UX, Linux, Solaris. > > > >Here's attached a diff of sweep.pl for MailScanner-3.22-11 and > >the wrapper script. > > > >It's not working completely yet : I'm getting some errors I > >don't understand while sending some viruses : > > You need to remove all of the directory components from the filename > reported by Trend. Take a look at the McAfee parser, it removes all the > leading directory components for exactly the same reason. That will solve > most/all of your problems. > => Got it fixed. New diff attached. The messages generated to the postmaster and originator look ok. $report includes only the attachment name (without the $id/ suffix). The "***" could be removed maybe. Date: Tue, 13 Aug 2002 21:01:45 +0200 From: "MailScanner" Subject: Warning: E-mail viruses detected To: postmaster@angel.faithnomore.org The following e-mail messages were found to have viruses in them: Sender: Recipient: Subject: test bad stuff MessageID: g7DJ1MXs003992 Report: *** Found virus WORM_FRETHEM.L in file sample Date: Tue, 13 Aug 2002 21:01:44 +0200 From: "MailScanner" To: Subject: Warning: E-mail viruses detected Our virus detector has just been triggered by a message you sent:- To: Subject: test bad stuff Date: Tue Aug 13 21:01:44 2002 Any infected parts of the message have not been delivered. This message is simply to warn you that your computer system may have a virus present and should be checked. The virus detector said this about the message: Report: *** Found virus WORM_FRETHEM.L in file sample -- MailScanner Email Virus Scanner -- --- Stephane Lentz / Alcanet International - Internet Services -------------- next part -------------- --- sweep.pl.orig Mon Aug 12 19:09:33 2002 +++ sweep.pl Tue Aug 13 20:46:24 2002 @@ -173,6 +173,16 @@ SupportScanning => $S_UNSUPPORTED, SupportDisinfect => $S_UNSUPPORTED, }, + "trend" => { + Lock => 'Trend.lock', + CommonOptions => '-a', + DisinfectOptions => '-c', + ScanOptions => '', + InitParser => \&InitTrendParser, + ProcessOutput => \&ProcessTrendOutput, + SupportScanning => $S_SUPPORTED, + SupportDisinfect => $S_ALPHA, + }, "none" => { Lock => 'NoneBusy.lock', CommonOptions => '', @@ -507,6 +517,11 @@ ; } +# Initialise any state variables the Trend output parser uses +sub InitTrendParser { + ; +} + # These functions must be called with, in order: # * The line of output from the scanner # * A reference to the hash containing problem details @@ -1010,6 +1025,61 @@ return 1; } return 0; +} + +sub ProcessTrendOutput { + my($line, $infections, $types, $BaseDir) = @_; + + my($report, $infected, $dot, $id, $part, @rest); + +# Sample output: +# +# [root@angel bin]# /etc/iscan/vscan -a /root/sample +# Virus Scanner v3.1, VSAPI v6.150-1001 +# Trend Micro Inc. 1996,1997 +# Pattern version 333 +# Pattern number 46783 +# Configuration: -a -r -nl -c1 -c2 -u -s +# /root/sample +# check compressed file:No_Name +# decompress ok:No_Name +# check compressed file:decrypt-password.exe +# decompress ok:decrypt-password.exe +# *** Found virus WORM_FRETHEM.L in file /root/sample +# *** 1 decrypt-password.exe in /root/sample(type Mime Base 64) + +# ============================== +# Directory: +# Searched : 0 +# File: +# Searched : 1 +# Scan : 1 +# Infected : 1 +# Infected : 1(Include files been compressed) +# Time: +# Start : 8/12/02 19:16:15 +# Stop : 8/12/02 19:16:15 +# Used : 00:00 + + chomp $line; + + Log::WarnLog($line) if $line =~ /read pattern failed/i; + return 0 unless $line =~ /Found virus/i; + Log::InfoLog($line); + $line =~ s/$BaseDir\///; + $report = $line; + $infected = $line; + # Now we get id($2) part($3) virusname($1) + $infected =~ s/^.* Found virus (.*) in file (.*)\/(.*)/$2 $3 $1/i; + # if ($line =~ /\*\*\* Found virus (.*) in file (.*)/i) { + ($id,$part,@rest) = split(/\s+/, $infected); + # print STDERR "infected=$infected\n"; + $report =~ s/$id\///; + $infections->{"$id"}{"$part"} .= $report . "\n"; + $types->{"$id"}{"$part"} .= "v"; # so we know what to tell sender + # print STDERR "id=$id,part=$part,dot=$dot\n"; + return 1; + } From LISTSERV at JISCMAIL.AC.UK Tue Aug 13 20:18:35 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:25 2006 Subject: MAILSCANNER: jskala@JASONSKALA.COM requested to join Message-ID: <200208131918.UAA28245@magpie.ecs.soton.ac.uk> Tue, 13 Aug 2002 20:18:35 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from Jason Skala . You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER jskala@JASONSKALA.COM Jason Skala The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+jskala%40JASONSKALA.COM+Jason+Skala&L=MAILSCANNER ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From steinkel at PA.NET Tue Aug 13 21:27:24 2002 From: steinkel at PA.NET (Leland J. Steinke) Date: Thu Jan 12 21:15:25 2006 Subject: minor bug in bin/config.pl Message-ID: <3D596BAC.2020506@pa.net> I doubt that many people use the sendmail2 feature of MailScanner, but there is a bug in bin/config.pl that negates its effectiveness. On line 186, the command is: $key =~ s/[^a-z]//g; # Delete everything except letters This removes the numeral "2" that distinguishes $Config::Sendmail from $Config::Sendmail2. I've changed the line to: $key =~ s/[^a-z0-9]//g; # Delete everything except letters and numbers I thought about going to Roman numerals, but decided this would be more easily understood. Leland From mailscanner at ecs.soton.ac.uk Tue Aug 13 21:48:29 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:25 2006 Subject: minor bug in bin/config.pl In-Reply-To: <3D596BAC.2020506@pa.net> Message-ID: <5.1.0.14.2.20020813213957.02be1dd8@imap.ecs.soton.ac.uk> I could swear blind that I fixed this a long time ago, but I must have never committed the code. Your fix will work nicely. Surprising that no-one has ever reported this before. Only affects Exim users, by the way. Sendmail users have no use for this option. At 21:27 13/08/2002, you wrote: >I doubt that many people use the sendmail2 feature of MailScanner, but >there is a bug in bin/config.pl that negates its effectiveness. On line >186, the command is: > >$key =~ s/[^a-z]//g; # Delete everything except letters > >This removes the numeral "2" that distinguishes $Config::Sendmail from >$Config::Sendmail2. I've changed the line to: > >$key =~ s/[^a-z0-9]//g; # Delete everything except letters and numbers > >I thought about going to Roman numerals, but decided this would be more >easily understood. > > >Leland -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From gdr at GNO.ORG Tue Aug 13 23:08:39 2002 From: gdr at GNO.ORG (Devin Reade) Date: Thu Jan 12 21:15:25 2006 Subject: openantivirus support Message-ID: <37800000.1029276519@kzin.interdynamix.com> For people's general info, I've patched MailScanner to support the www.openantivirus.org ScannerDaemon back end. Support will not be official in MailScanner until Julian's "big rewrite", but I will be making an interim patch + instructions available. I'm a bit delayed at the moment due to having to deal with an unrelated server hardware failure, but I figured I'd mention it in case anyone else was thinking about adding openantivirus support. -- Devin Reade From mkettler at EVI-INC.COM Wed Aug 14 03:17:26 2002 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:15:25 2006 Subject: Mailscanner digest detected as spam In-Reply-To: <200208131618.g7DGISr28285@ori.rl.ac.uk> Message-ID: <5.1.0.14.0.20020813220952.0230a380@192.168.50.2> What version of SpamAssassin are you running? 2.20? if so, upgrade to the current release which is 2.31.. .the scores for both rules went down a lot. The values of SpamAssassin scores are not valid for extended periods of time, as characteristics of common spam and non-spam changes over time. SA is not intended to be run without upgrading... That said, I run 2.20, but I've hand hacked a few scores to be more in line with 2.31... Which is probably worse but it's working well enough till I get a chance to do a real upgrade of MailScanner and SA. sa 2.31: 50_scores.cf:score CTYPE_JUST_HTML 1.665 50_scores.cf:score MSG_ID_ADDED_BY_MTA_2 1.603 doesn't add to 5.0 sa 2.20: 50_scores.cf.orig:score CTYPE_JUST_HTML 3.154 50_scores.cf.orig:score MSG_ID_ADDED_BY_MTA_2 2.405 that's 5.6 At 05:18 PM 8/13/2002 +0100, Bruno Melloni wrote: >I noticed that SpamAssassin (with default settings) tags the MailScanner >list digest as spam. > >Whitelisting jiscmail.ac.uk will solve the problem, but I thought I'd >mention it since it might be possible to do something to the list or >MailScanner defaults to prevent it. > >SA score is 5.6 and the signatures are: > > MSG_ID_ADDED_BY_MTA_2 > CTYPE_JUST_HTML > >Bruno From Stephane.Lentz at ANSF.ALCATEL.FR Wed Aug 14 07:34:36 2002 From: Stephane.Lentz at ANSF.ALCATEL.FR (Stephane Lentz) Date: Thu Jan 12 21:15:25 2006 Subject: queues on NFS share In-Reply-To: <5.1.0.14.2.20020813133606.02e2e648@imap.ecs.soton.ac.uk> References: <7B475DC5E9502B4D91EA73C283AE48D70263EAE1@lkl22.ltkalmar.se> <5.1.0.14.2.20020813133606.02e2e648@imap.ecs.soton.ac.uk> Message-ID: <20020814063436.GA7303@iww.netfr.alcatel.fr> On Tue, Aug 13, 2002 at 01:37:04PM +0100, Julian Field wrote: > At 12:32 13/08/2002, you wrote: > >I want to have my mailscanner incoming and outgoing queues on an NFS > >share. Do I need to anything special to make it work? Any help would be > >appreciated. > > This is generally a really bad idea. I think you'll get away with doing > this with Exim. > > You will not get away with it if you are using sendmail. The file locking > sendmail uses doesn't work over NFS. Bad things will happen to your mail. > -- On the topic of locking, The Unix Programming FAQ says : << flock()' originates with BSD, and is now available in most (but not all) Unices. It is simple and effective on a single host, but doesn't work at all with NFS. It locks an entire file. Perhaps rather deceptively, the popular Perl programming language implements its own `flock()' where necessary, conveying the illusion of true portability. `fcntl()' is the only POSIX-compliant locking mechanism, and is therefore the only truly portable lock. It is also the most powerful, and the hardest to use. For NFS-mounted file systems, `fcntl()' requests are passed to a daemon (`rpc.lockd'), which communicates with the lockd on the server host. Unlike `flock()' it is capable of record-level locking >> On linux.kernel I noticed a post : << NOTES flock(2) does not lock files over NFS. Use fcntl(2) instead: that does work over NFS, given a sufficiently recent version of Linux and a server which supports lock? ing. flock(2) and fcntl(2) locks have different semantics with respect to forked processes and dup(2). >> NFS sharing a queue sounds like headache & problems ..... SL/ --- Stephane Lentz / Alcanet International - Internet Services From m.sapsed at BANGOR.AC.UK Wed Aug 14 08:54:23 2002 From: m.sapsed at BANGOR.AC.UK (Martin Sapsed) Date: Thu Jan 12 21:15:25 2006 Subject: silent delete References: <1029252757.21090.6.camel@ab1-1-26.shsu.edu> Message-ID: <3D5A0CAF.8020602@bangor.ac.uk> Robert A. Thompson wrote: > is there a way to to silently delete messages to the recipient as well > as the sender if they are in the viruses.to.delete.conf file? On the > viruses that are faking the addresses (ala klez) I would rather not > bother my users, and just track/handle machines from the log files. This has been mentioned or asked before and the usual answer is that it's good PR for the users to see how much you help them! If they can't see that you're doing stuff for them, they might decide they don't need you any more! ;-) Cheers, Martin -- Martin Sapsed Information Services "Who do you say I am?" University of Wales, Bangor Jesus of Nazareth From LISTSERV at JISCMAIL.AC.UK Wed Aug 14 09:10:30 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:25 2006 Subject: MAILSCANNER: glynn@MAKATI.TECHSQUARE.COM requested to join Message-ID: <200208140810.JAA25717@magpie.ecs.soton.ac.uk> Wed, 14 Aug 2002 09:10:30 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from Glynn Condez . You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER glynn@MAKATI.TECHSQUARE.COM Glynn Condez The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+glynn%40MAKATI.TECHSQUARE.COM+Glynn+Condez&L=MAILSCANNER ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From LISTSERV at JISCMAIL.AC.UK Wed Aug 14 12:30:05 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:25 2006 Subject: MAILSCANNER: lsu@DC.LUTH.SE requested to join Message-ID: <200208141130.MAA19262@magpie.ecs.soton.ac.uk> Wed, 14 Aug 2002 12:30:05 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from Lennart Sundstrom . You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER lsu@DC.LUTH.SE Lennart Sundstrom The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+lsu%40DC.LUTH.SE+Lennart+Sundstrom&L=MAILSCANNER ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From ucs_rat at SHSU.EDU Wed Aug 14 14:26:28 2002 From: ucs_rat at SHSU.EDU (Robert A. Thompson) Date: Thu Jan 12 21:15:25 2006 Subject: silent delete In-Reply-To: References: Message-ID: <1029331588.23295.2.camel@ab1-1-26.shsu.edu> I might agree with this for most things. However, with klez the users think I'm not doing things for them when they ask me to stop making them get senseless mail and I don't make it stop. If I can't do it they are quick to want to replace me/it/us/whatever with something that can. --Robert > This has been mentioned or asked before and the usual answer is that > it's good PR for the users to see how much you help them! If they > can't > see that you're doing stuff for them, they might decide they don't > need > you any more! ;-) > > Cheers, > > Martin > > -- > Martin Sapsed > Information Services "Who do you say I am?" > University of Wales, Bangor Jesus of Nazareth From sean at NISD.NET Wed Aug 14 14:33:17 2002 From: sean at NISD.NET (Sean Embry) Date: Thu Jan 12 21:15:25 2006 Subject: silent delete Message-ID: One account we have is for our public information officer. He gets tons of blocked messages, and he's not amused. When you talk traffic that's livin' large, sometimes it's better that they DON'T know you live! Sean Embry Systems/Database Administrator Northside Independent School District San Antonio TX 78238 (210) 706-8790 >>> m.sapsed@BANGOR.AC.UK 08/14/02 02:54AM >>> This has been mentioned or asked before and the usual answer is that it's good PR for the users to see how much you help them! If they can't see that you're doing stuff for them, they might decide they don't need you any more! ;-) Cheers, Martin -- Martin Sapsed Information Services "Who do you say I am?" University of Wales, Bangor Jesus of Nazareth From brose at MED.WAYNE.EDU Wed Aug 14 15:05:40 2002 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:15:25 2006 Subject: Scan time Message-ID: In the logs it states Scanned 100 messages, 3012366 bytes in 21 seconds but if I look at the time stamp for that entry and the last one, it way more that 21 secs. It's more like 5 minutes since the last 100 scan. Is this number just wrong if spam checking is enabled? From mailscanner at ecs.soton.ac.uk Wed Aug 14 15:10:38 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:25 2006 Subject: Scan time In-Reply-To: Message-ID: <5.1.0.14.2.20020814150957.02dd18f8@imap.ecs.soton.ac.uk> At 15:05 14/08/2002, you wrote: >In the logs it states Scanned 100 messages, 3012366 bytes in 21 seconds >but if I look at the time stamp for that entry and the last one, it way >more that 21 secs. It's more like 5 minutes since the last 100 scan. >Is this number just wrong if spam checking is enabled? Depends on the version you have, but the basic answer is yes, the scanning time is the time it took your virus scanner to scan the messages. The previous entry in the logs is printed just before the spam detection starts. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From mailscanner at ecs.soton.ac.uk Wed Aug 14 15:19:30 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:25 2006 Subject: silent delete In-Reply-To: <1029331588.23295.2.camel@ab1-1-26.shsu.edu> References: Message-ID: <5.1.0.14.2.20020814151055.02bceb88@imap.ecs.soton.ac.uk> At 14:26 14/08/2002, you wrote: >I might agree with this for most things. However, with klez the users >think I'm not doing things for them when they ask me to stop making them >get senseless mail and I don't make it stop. If I can't do it they are >quick to want to replace me/it/us/whatever with something that can. Fair point. Hopefully this will make it into the next major release. What's the best thing to call the configuration option? I am intending to rename the Viruses to Silently Delete option to something like "Do Not Disinfect Or Warn Sender". I can't immediately think of a better name for it. I don't want to keep the "Viruses to Silently Delete" option as that isn't really what it does. Also, does this need to be configurable per domain/address/whatever or will a single global list suffice? It's a bit expensive to calculate the list of matches if it's per-domain. > > This has been mentioned or asked before and the usual answer is that > > it's good PR for the users to see how much you help them! If they > > can't > > see that you're doing stuff for them, they might decide they don't > > need > > you any more! ;-) > > > > Cheers, > > > > Martin > > > > -- > > Martin Sapsed > > Information Services "Who do you say I am?" > > University of Wales, Bangor Jesus of Nazareth -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From ucs_rat at SHSU.EDU Wed Aug 14 15:41:16 2002 From: ucs_rat at SHSU.EDU (Robert A. Thompson) Date: Thu Jan 12 21:15:25 2006 Subject: silent delete In-Reply-To: <5.1.0.14.2.20020814151055.02bceb88@imap.ecs.soton.ac.uk> References: <5.1.0.14.2.20020814151055.02bceb88@imap.ecs.soton.ac.uk> Message-ID: <1029336076.23295.34.camel@ab1-1-26.shsu.edu> > Fair point. > Hopefully this will make it into the next major release. Thank you very very very much(If I can help please let me know). > > I am intending to rename the Viruses to Silently Delete option to something > like "Do Not Disinfect Or Warn Sender". I can't immediately think of a > better name for it. I don't want to keep the "Viruses to Silently Delete" > option as that isn't really what it does. > For me one file would do, however I'm sure other users would appreciate the ability to split it up. The only thing I have in the file is klez, and I'm thinking about two other viruses going into it. I would think logically it could be called "Do Not Disinfect or War Reciepent" to keep things consistent. > > Also, does this need to be configurable per domain/address/whatever or will > a single global list suffice? It's a bit expensive to calculate the list of > matches if it's per-domain. > > Once again, not in my case, however some users may like it. I would fear that there would begin to be a huge cross reference between all the files though. --Robert From brose at MED.WAYNE.EDU Wed Aug 14 17:40:44 2002 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:15:25 2006 Subject: Scan time Message-ID: Thought it was something like that. Would it be better to have it log the entire time it took to scan the 100 including the spam checking? Not a biggy, things have been running slow on the mqueue.in. I've narrowed it down to the razor checking in Spamassassin again. -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: Wednesday, August 14, 2002 10:11 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Scan time At 15:05 14/08/2002, you wrote: >In the logs it states Scanned 100 messages, 3012366 bytes in 21 seconds >but if I look at the time stamp for that entry and the last one, it way >more that 21 secs. It's more like 5 minutes since the last 100 scan. >Is this number just wrong if spam checking is enabled? Depends on the version you have, but the basic answer is yes, the scanning time is the time it took your virus scanner to scan the messages. The previous entry in the logs is printed just before the spam detection starts. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From mailscanner at ecs.soton.ac.uk Wed Aug 14 17:52:21 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:25 2006 Subject: Scan time In-Reply-To: Message-ID: <5.1.0.14.2.20020814175200.04089cb8@imap.ecs.soton.ac.uk> At 17:40 14/08/2002, you wrote: >Thought it was something like that. Would it be better to have it log >the entire time it took to scan the 100 including the spam checking? >Not a biggy, things have been running slow on the mqueue.in. I've >narrowed it down to the razor checking in Spamassassin again. I'm going to revamp the logging as part of the rewrite. >-----Original Message----- >From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] >Sent: Wednesday, August 14, 2002 10:11 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Scan time > > >At 15:05 14/08/2002, you wrote: > >In the logs it states Scanned 100 messages, 3012366 bytes in 21 seconds > > >but if I look at the time stamp for that entry and the last one, it way > > >more that 21 secs. It's more like 5 minutes since the last 100 scan. > >Is this number just wrong if spam checking is enabled? > >Depends on the version you have, but the basic answer is yes, the >scanning time is the time it took your virus scanner to scan the >messages. The previous entry in the logs is printed just before the spam >detection starts. >-- >Julian Field Teaching Systems Manager >jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science >Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From gerry at dorfam.ca Wed Aug 14 17:56:24 2002 From: gerry at dorfam.ca (Gerry Doris) Date: Thu Jan 12 21:15:25 2006 Subject: Whitelist Problem - Still! Message-ID: <20885.129.80.22.134.1029344184.squirrel@tiger.dorfam.ca> > At 10:57 13/08/2002, you wrote: >>On Mon, 12 Aug 2002 18:31:37 PST, you wrote: >> >> >Return-Path: >> >>This is taken from the enveloppe sender (mail from:). > > Not always present. In sendmail you need a flag in the definition of the "local" mailer to do this. > >> >Received: from smtp.jiscmail.ac.uk (smtp.jiscmail.ac.uk >> [130.246.192.48]) >> > by netlx010.civ.utwente.nl (8.11.4/HKD) with ESMTP id >> g7D3s7E10837 for ; Tue, 13 Aug >> 2002 05:54:07 +0200 >> >>This address was present in the enveloppe header as the recipient (rcpt >> to:) > > You have to ensure you use the last one of these (i.e. the first in the headers) as it gets changed by ".forward" files and mailing list exploders. > >> >From: Nathan Johanson >> >>This is the From: header in the message. >> >> >To: MAILSCANNER@JISCMAIL.AC.UK >> >>And this is the To: header in the message. >> >> >X-UTwente-MailScanner: Found to be clean >> >X-UTwente-MailScanner-SpamCheck: RFC-IGNORANT-WHOIS >> > >> >Is it possible for someone to illustrate the difference between the >> "envelope sender address" versus the "From" header? >> > >> >Maybe grab a full email header, paste it into a reply to the list, >> and point out which is which? This seems like a recurring question and now I'm even beginning to question my own understanding of it. it might even be a good item for the FAQ. If I was convinced I >> understood it, I would write it myself :) >> >>I included the relevant headers from your mail message. :-) >> >>And the correspondenting log-lines (removed irrelevant information): >> |g7D3s7E10837: from=, >>|g7D3s7E10837: to=, delay=00:00:00, > > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ I'm still having problems getting the spam.whitelist.conf file to work. I must be doing something really obviously wrong but I can't see it. Here's what I have in spam.whitelist.conf # The following examples show what can be done here: #From: jkf@ecs.soton.ac.uk #From: JulianField.net #From: *.ecs.soton.ac.uk #To: spam@* #To: abuse@your.domain.com From: lyris.gamespy.com and here's a couple of lines for my miallog... Aug 12 08:54:33 tiger sendmail[22724]: g7CCsWZ22724: from=, size=35280, class=0,nrcpts=1, msgid=, proto=SMTP, daemon=MTA, relay=lyris.gamespy.com [207.38.1.8] Aug 12 08:54:49 tiger mailscanner[22583]: Scanning 1 messages, 35746 bytes Aug 12 08:54:53 tiger mailscanner[22583]: Message g7CCsWZ22724 from 207.38.1.8 (lyris.gamespy.com) is spam according to SpamAssassin (score=24.2, required 7, MSGID_CHARS_SPAM, PLING, DOUBLE_CAPSWORD, CLICK_BELOW, HTTP_WITH_EMAIL_IN_URL, UNSUB_PAGE, SUPERLONG_LINE, HTML_WITH_BGCOLOR, BIG_FONT, MAILTO_LINK, TRACKER_ID, RELAYING_FRAME, JAVASCRIPT, CLICK_HERE_LINK, MIME_EXCESSIVE_QP, FROM_AND_TO_SAME, CTYPE_JUST_HTML, AWL) Why was this message still marked as spam? Shouldn't it have been whitelisted and passed through without checking? Gerry From mailscanner at ecs.soton.ac.uk Wed Aug 14 18:11:28 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:25 2006 Subject: Whitelist Problem - Still! In-Reply-To: <20885.129.80.22.134.1029344184.squirrel@tiger.dorfam.ca> Message-ID: <5.1.0.14.2.20020814180859.03f8ccf8@imap.ecs.soton.ac.uk> At 17:56 14/08/2002, you wrote: > > At 10:57 13/08/2002, you wrote: > >>On Mon, 12 Aug 2002 18:31:37 PST, you wrote: > >> > >> >Return-Path: > >> > >>This is taken from the enveloppe sender (mail from:). > > > > Not always present. In sendmail you need a flag in the definition of the >"local" mailer to do this. > > > >> >Received: from smtp.jiscmail.ac.uk (smtp.jiscmail.ac.uk > >> [130.246.192.48]) > >> > by netlx010.civ.utwente.nl (8.11.4/HKD) with ESMTP id > >> g7D3s7E10837 for ; Tue, 13 Aug > >> 2002 05:54:07 +0200 > >> > >>This address was present in the enveloppe header as the recipient (rcpt > >> to:) > > > > You have to ensure you use the last one of these (i.e. the first in the >headers) as it gets changed by ".forward" files and mailing list >exploders. > > > >> >From: Nathan Johanson > >> > >>This is the From: header in the message. > >> > >> >To: MAILSCANNER@JISCMAIL.AC.UK > >> > >>And this is the To: header in the message. > >> > >> >X-UTwente-MailScanner: Found to be clean > >> >X-UTwente-MailScanner-SpamCheck: RFC-IGNORANT-WHOIS > >> > > >> >Is it possible for someone to illustrate the difference between the > >> "envelope sender address" versus the "From" header? > >> > > >> >Maybe grab a full email header, paste it into a reply to the list, > >> and point out which is which? This seems like a recurring question and >now I'm even beginning to question my own understanding of it. it might >even be a good item for the FAQ. If I was convinced I > >> understood it, I would write it myself :) > >> > >>I included the relevant headers from your mail message. :-) > >> > >>And the correspondenting log-lines (removed irrelevant information): > >> |g7D3s7E10837: from=, > >>|g7D3s7E10837: to=, delay=00:00:00, > > > > -- > > Julian Field Teaching Systems Manager > > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. >023 8059 2817 University of Southampton > > Southampton SO17 1BJ > > >I'm still having problems getting the spam.whitelist.conf file to work. I >must be doing something really obviously wrong but I can't see it. > >Here's what I have in spam.whitelist.conf > ># The following examples show what can be done here: >#From: jkf@ecs.soton.ac.uk >#From: JulianField.net >#From: *.ecs.soton.ac.uk >#To: spam@* >#To: abuse@your.domain.com >From: lyris.gamespy.com > > >and here's a couple of lines for my miallog... > >Aug 12 08:54:33 tiger sendmail[22724]: g7CCsWZ22724: >from=, size=35280, >class=0,nrcpts=1, >msgid=, >proto=SMTP, daemon=MTA, relay=lyris.gamespy.com [207.38.1.8] > >Aug 12 08:54:49 tiger mailscanner[22583]: Scanning 1 messages, 35746 bytes > > >Aug 12 08:54:53 tiger mailscanner[22583]: Message g7CCsWZ22724 from >207.38.1.8 (lyris.gamespy.com) is spam according to SpamAssassin >(score=24.2, required 7, MSGID_CHARS_SPAM, PLING, DOUBLE_CAPSWORD, >CLICK_BELOW, HTTP_WITH_EMAIL_IN_URL, UNSUB_PAGE, SUPERLONG_LINE, >HTML_WITH_BGCOLOR, BIG_FONT, MAILTO_LINK, TRACKER_ID, RELAYING_FRAME, >JAVASCRIPT, CLICK_HERE_LINK, MIME_EXCESSIVE_QP, FROM_AND_TO_SAME, >CTYPE_JUST_HTML, AWL) > > >Why was this message still marked as spam? Shouldn't it have been >whitelisted and passed through without checking? You haven't got Always Include SpamAssassin Header = yes have you? Can you grab one of the messages (use "Archive Mail" preferably) and send it to me please? I'll run it through my system and see if it works or not. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From gdr at GNO.ORG Wed Aug 14 18:48:26 2002 From: gdr at GNO.ORG (Devin Reade) Date: Thu Jan 12 21:15:25 2006 Subject: Whitelist Problem - Still! In-Reply-To: <20885.129.80.22.134.1029344184.squirrel@tiger.dorfam.ca> References: <20885.129.80.22.134.1029344184.squirrel@tiger.dorfam.ca> Message-ID: <35160000.1029347305@kzin.interdynamix.com> Gerry Doris wrote: > I'm still having problems getting the spam.whitelist.conf file to work. I > must be doing something really obviously wrong but I can't see it. > > Here's what I have in spam.whitelist.conf > ># The following examples show what can be done here: ># From: jkf@ecs.soton.ac.uk ># From: JulianField.net ># From: *.ecs.soton.ac.uk ># To: spam@* ># To: abuse@your.domain.com > From: lyris.gamespy.com Is there actually supposed to be a "From:" or "To:" tag in that file? The top of my file reads: # This is a list of email addresses (with an @ sign in them) or entire email # domains (without an @ sign in them) from which you will accept mail without # ever marking it as spam. #jkf@ecs.soton.ac.uk #JulianField.net #*.ecs.soton.ac.uk Which makes me suspect you should be using a syntax like: lyris.gamespy.com example.com example.tld (ie: no "From:" tag) -- Devin Reade From mailscanner at ecs.soton.ac.uk Wed Aug 14 19:41:01 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:25 2006 Subject: Whitelist Problem - Still! In-Reply-To: <35160000.1029347305@kzin.interdynamix.com> References: <20885.129.80.22.134.1029344184.squirrel@tiger.dorfam.ca> <20885.129.80.22.134.1029344184.squirrel@tiger.dorfam.ca> Message-ID: <5.1.0.14.2.20020814194012.03fed898@imap.ecs.soton.ac.uk> At 18:48 14/08/2002, you wrote: >Gerry Doris wrote: > >>I'm still having problems getting the spam.whitelist.conf file to work. I >>must be doing something really obviously wrong but I can't see it. >> >>Here's what I have in spam.whitelist.conf >> >># The following examples show what can be done here: >># From: jkf@ecs.soton.ac.uk >># From: JulianField.net >># From: *.ecs.soton.ac.uk >># To: spam@* >># To: abuse@your.domain.com >>From: lyris.gamespy.com > >Is there actually supposed to be a "From:" or "To:" tag in that >file? The top of my file reads: > ># This is a list of email addresses (with an @ sign in them) or entire email ># domains (without an @ sign in them) from which you will accept mail without ># ever marking it as spam. >#jkf@ecs.soton.ac.uk >#JulianField.net >#*.ecs.soton.ac.uk > >Which makes me suspect you should be using a syntax like: > lyris.gamespy.com > example.com > example.tld >(ie: no "From:" tag) You are using different versions of the code. I added the "From:" and "To:" quite recently. If neither "From:" nor "To:" is specified on a line, the default is both. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From raymond at PROLOCATION.NET Wed Aug 14 19:53:16 2002 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:15:25 2006 Subject: Whitelist Problem - Still! In-Reply-To: <5.1.0.14.2.20020814194012.03fed898@imap.ecs.soton.ac.uk> Message-ID: Hi! > >># From: *.ecs.soton.ac.uk > >># To: spam@* > >># To: abuse@your.domain.com > >>From: lyris.gamespy.com > You are using different versions of the code. I added the "From:" and "To:" > quite recently. If neither "From:" nor "To:" is specified on a line, the > default is both. Isnt the format something like *@lyris.gamespy.com ? Or is simply the hostname enough for filtering ? Bye, Raymond. From gerry at DORFAM.CA Wed Aug 14 21:10:51 2002 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:15:25 2006 Subject: Whitelist Problem - Still! In-Reply-To: <5.1.0.14.2.20020814180859.03f8ccf8@imap.ecs.soton.ac.uk> Message-ID: On Wed, 14 Aug 2002, Julian Field wrote: > You haven't got > Always Include SpamAssassin Header = yes > have you? Yes, I have. Does that prevent the whitelist feature from working? I'll turn it off and see what happens. > Can you grab one of the messages (use "Archive Mail" preferably) and send > it to me please? I'll run it through my system and see if it works or not. I'll send you a copy of the message if turning off the SpamAssassin Header doesn't fix it. -- Gerry "The lyfe so short, the craft so long to learne" Chaucer From mailscanner at ecs.soton.ac.uk Wed Aug 14 21:20:21 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:25 2006 Subject: Whitelist Problem - Still! In-Reply-To: References: <5.1.0.14.2.20020814180859.03f8ccf8@imap.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020814211924.041a2b38@imap.ecs.soton.ac.uk> At 21:10 14/08/2002, you wrote: >On Wed, 14 Aug 2002, Julian Field wrote: > > > You haven't got > > Always Include SpamAssassin Header = yes > > have you? > >Yes, I have. Does that prevent the whitelist feature from working? I'll >turn it off and see what happens. So far, you haven't shown any evidence of what appears in the message header, only what appears in the log. I could well believe that the logging of white-listed messages isn't perfect. Check what shows up in the headers. > > Can you grab one of the messages (use "Archive Mail" preferably) and send > > it to me please? I'll run it through my system and see if it works or not. > >I'll send you a copy of the message if turning off the SpamAssassin Header >doesn't fix it. > >-- >Gerry > >"The lyfe so short, the craft so long to learne" Chaucer -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From mailscanner at ecs.soton.ac.uk Thu Aug 15 09:37:21 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:25 2006 Subject: ANNOUNCE: 3.22-12 released Message-ID: <5.1.0.14.2.20020815093334.04d5ac38@imap.ecs.soton.ac.uk> I have just released 3.22-12. -- Added configuration option "Still Deliver Quietly Deleted Viruses" to control whether "quietly deleted" viruses are still delivered (after cleaning, of course). Default value is "yes". Read the conf file for more info on when/where to use this switch. -- Minor improvement to the F-Prot parser to catch possible, unknown, viruses. -- Added fix to config.pl so configuration options "Sendmail2" works properly. Download, as usual, from www.mailscanner.info -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From mailscanner at ecs.soton.ac.uk Thu Aug 15 10:05:45 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:25 2006 Subject: silent delete In-Reply-To: <1029336076.23295.34.camel@ab1-1-26.shsu.edu> References: <5.1.0.14.2.20020814151055.02bceb88@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020814151055.02bceb88@imap.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020815100513.04b61b80@imap.ecs.soton.ac.uk> It was simpler than I expected :-) Enjoy! At 15:41 14/08/2002, you wrote: > > Fair point. > > Hopefully this will make it into the next major release. > >Thank you very very very much(If I can help please let me know). > > > > > I am intending to rename the Viruses to Silently Delete option to something > > like "Do Not Disinfect Or Warn Sender". I can't immediately think of a > > better name for it. I don't want to keep the "Viruses to Silently Delete" > > option as that isn't really what it does. > > > >For me one file would do, however I'm sure other users would appreciate >the ability to split it up. The only thing I have in the file is klez, >and I'm thinking about two other viruses going into it. I would think >logically it could be called "Do Not Disinfect or War Reciepent" to keep >things consistent. > > > > > Also, does this need to be configurable per domain/address/whatever or will > > a single global list suffice? It's a bit expensive to calculate the list of > > matches if it's per-domain. > > > > >Once again, not in my case, however some users may like it. I would >fear that there would begin to be a huge cross reference between all >the files though. > >--Robert -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From P.G.M.Peters at civ.utwente.nl Thu Aug 15 10:48:07 2002 From: P.G.M.Peters at civ.utwente.nl (Peter Peters) Date: Thu Jan 12 21:15:25 2006 Subject: ANNOUNCE: 3.22-12 released In-Reply-To: <5.1.0.14.2.20020815093334.04d5ac38@imap.ecs.soton.ac.uk> References: <5.1.0.14.2.20020815093334.04d5ac38@imap.ecs.soton.ac.uk> Message-ID: <50umlu4pokpj5h643fjuhatkjsqnjfeu6h@4ax.com> On Thu, 15 Aug 2002 09:37:21 +0100, you wrote: >-- Minor improvement to the F-Prot parser to catch possible, unknown, viruses. I use f-prot so I diff-ed for differences but couldn't find anything. I could find the other diff's easy (the comment at the check is wrong). -- Peter Peters senior netwerkbeheerder, Centrum voor Informatievoorziening, Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: +31 53 489 2301, fax:+31 53 489 2383, http://www.utwente.nl/civ From LISTSERV at JISCMAIL.AC.UK Thu Aug 15 10:30:11 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:25 2006 Subject: MAILSCANNER: jones@IMADA.SDU.DK requested to join Message-ID: <200208150930.KAA19308@magpie.ecs.soton.ac.uk> Thu, 15 Aug 2002 10:30:11 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from Jonas Bardino . You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER jones@IMADA.SDU.DK Jonas Bardino The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+jones%40IMADA.SDU.DK+Jonas+Bardino&L=MAILSCANNER ------------------------- Original mail header -------------------------- Return-Path: Received: from 130.246.192.52 by JISCMAIL.AC.UK (SMTPL release 1.0f) with TCP; Thu, 15 Aug 2002 10:29:43 +0100 Received: from bach.imada.sdu.dk (bach.imada.sdu.dk [130.225.128.9]) by ori.rl.ac.uk (8.11.1/8.11.1) with ESMTP id g7F9Thr08606 for ; Thu, 15 Aug 2002 10:29:43 +0100 Received: from mimi.imada.sdu.dk (mimi.imada.sdu.dk [130.225.128.196]) by bach.imada.sdu.dk (Postfix) with ESMTP id 062EC54CF9 for ; Thu, 15 Aug 2002 11:29:43 +0200 (MEST) Received: (from jones@localhost) by mimi.imada.sdu.dk (8.9.3/8.9.3) id NAA31741 for LISTSERV@JISCMAIL.AC.UK; Thu, 15 Aug 2002 13:59:42 +0200 Date: Thu, 15 Aug 2002 13:59:42 +0200 From: Jonas Bardino To: "L-Soft list server at JISCMAIL (1.8e)" Subject: Re: Command confirmation request (341FE48B) Message-ID: <20020815135942.A31738@mimi.imada.sdu.dk> References: <20020815091531.C4ED954CF9@bach.imada.sdu.dk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.2i In-Reply-To: <20020815091531.C4ED954CF9@bach.imada.sdu.dk>; from LISTSERV@JISCMAIL.AC.UK on Thu, Aug 15, 2002 at 10:15:30AM +0100 From mailscanner at ecs.soton.ac.uk Thu Aug 15 11:07:38 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:25 2006 Subject: ANNOUNCE: 3.22-12 released In-Reply-To: <50umlu4pokpj5h643fjuhatkjsqnjfeu6h@4ax.com> References: <5.1.0.14.2.20020815093334.04d5ac38@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020815093334.04d5ac38@imap.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020815110657.04ba6a78@imap.ecs.soton.ac.uk> Sorry, I copied a file the wrong way and deleted the change :-( Download 3.22-12 again and you'll have it this time. 2-line change in sweep.pl. At 10:48 15/08/2002, you wrote: >On Thu, 15 Aug 2002 09:37:21 +0100, you wrote: > > >-- Minor improvement to the F-Prot parser to catch possible, unknown, > viruses. > >I use f-prot so I diff-ed for differences but couldn't find anything. I >could find the other diff's easy (the comment at the check is wrong). -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From P.G.M.Peters at civ.utwente.nl Thu Aug 15 12:51:41 2002 From: P.G.M.Peters at civ.utwente.nl (Peter Peters) Date: Thu Jan 12 21:15:25 2006 Subject: ANNOUNCE: 3.22-12 released In-Reply-To: <5.1.0.14.2.20020815110657.04ba6a78@imap.ecs.soton.ac.uk> References: <5.1.0.14.2.20020815093334.04d5ac38@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020815093334.04d5ac38@imap.ecs.soton.ac.uk> <50umlu4pokpj5h643fjuhatkjsqnjfeu6h@4ax.com> <5.1.0.14.2.20020815110657.04ba6a78@imap.ecs.soton.ac.uk> Message-ID: On Thu, 15 Aug 2002 11:07:38 +0100, you wrote: >Download 3.22-12 again and you'll have it this time. 2-line change in sweep.pl. I see them now. I have the impression I have seen warmings about unknown virusses before. Maybe something else. -- Peter Peters senior netwerkbeheerder, Centrum voor Informatievoorziening, Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: +31 53 489 2301, fax:+31 53 489 2383, http://www.utwente.nl/civ From LISTSERV at JISCMAIL.AC.UK Thu Aug 15 13:52:08 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:25 2006 Subject: MAILSCANNER: jannik@HEIME.NET requested to join Message-ID: <200208151252.NAA12904@magpie.ecs.soton.ac.uk> Thu, 15 Aug 2002 13:52:08 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from Jannik Rasmussen . You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER jannik@HEIME.NET Jannik Rasmussen The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+jannik%40HEIME.NET+Jannik+Rasmussen&L=MAILSCANNER ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From Matthew_doherty at DATAWATCH.COM Thu Aug 15 16:34:05 2002 From: Matthew_doherty at DATAWATCH.COM (Matt Doherty) Date: Thu Jan 12 21:15:26 2006 Subject: ldconfig error after running the Sophos.install script Message-ID: [root@Thehouse sav-install]# /usr/local/MailScanner/bin/Sophos.install Installing Sophos for MailScanner Sophos Anti-Virus installation utility [Linux/Intel] Copyright (c) 1998,2001 Sophos Plc, Oxford, England Error: Could not find 'ldconfig' in path. Matt Doherty IT Dept Datawatch Corp >>In a world without walls or fences, who needs Windows and Gates?<< -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020815/6dfdfb52/attachment.html From lbergman at abi.tconline.net Thu Aug 15 16:49:02 2002 From: lbergman at abi.tconline.net (Lewis Bergman) Date: Thu Jan 12 21:15:26 2006 Subject: ldconfig error after running the Sophos.install script In-Reply-To: References: Message-ID: <200208151049.02749.lbergman@abi.tconline.net> On Thursday 15 August 2002 10:34 am, Matt Doherty wrote: > [root@Thehouse sav-install]# /usr/local/MailScanner/bin/Sophos.install > Installing Sophos for MailScanner > Sophos Anti-Virus installation utility [Linux/Intel] > Copyright (c) 1998,2001 Sophos Plc, Oxford, England > > Error: Could not find 'ldconfig' in path. Sounds like maybe an su to the root user might be a course of action. -- Lewis Bergman Texas Communications 4309 Maple St. Abilene, TX 79602-8044 915-695-6962 ext 115 From matt at kaminer.com Thu Aug 15 17:18:12 2002 From: matt at kaminer.com (Matt Kaminer) Date: Thu Jan 12 21:15:26 2006 Subject: ldconfig error after running the Sophos.install script In-Reply-To: <200208151049.02749.lbergman@abi.tconline.net> References: <200208151049.02749.lbergman@abi.tconline.net> Message-ID: <25171.65.205.80.66.1029428292.squirrel@webmail.mmc.net> not necessarily. suing to root wont always fix (depends on path setup) Need to make sure ldconfig is in your path. 1. first find where ldconfig is (e.g., "whereis ldconfig") 2. check your path (e.g., "env") 3. if its not in your path, add it (e.g., "PATH=$PATH:/location/where/ldconfig/is" and "export PATH") That should work. Lewis Bergman said: > On Thursday 15 August 2002 10:34 am, Matt Doherty wrote: >> [root@Thehouse sav-install]# /usr/local/MailScanner/bin/Sophos.install >> Installing Sophos for MailScanner >> Sophos Anti-Virus installation utility [Linux/Intel] >> Copyright (c) 1998,2001 Sophos Plc, Oxford, England >> >> Error: Could not find 'ldconfig' in path. > Sounds like maybe an su to the root user might be a course of action. > -- > Lewis Bergman > Texas Communications > 4309 Maple St. > Abilene, TX 79602-8044 > 915-695-6962 ext 115 From mailscanner at ecs.soton.ac.uk Thu Aug 15 18:47:41 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:26 2006 Subject: ldconfig error after running the Sophos.install script In-Reply-To: <200208151049.02749.lbergman@abi.tconline.net> References: Message-ID: <5.1.0.14.2.20020815184659.0733b5b0@imap.ecs.soton.ac.uk> At 16:49 15/08/2002, you wrote: >On Thursday 15 August 2002 10:34 am, Matt Doherty wrote: > > [root@Thehouse sav-install]# /usr/local/MailScanner/bin/Sophos.install > > Installing Sophos for MailScanner > > Sophos Anti-Virus installation utility [Linux/Intel] > > Copyright (c) 1998,2001 Sophos Plc, Oxford, England > > > > Error: Could not find 'ldconfig' in path. >Sounds like maybe an su to the root user might be a course of action. Absolutely agree. Never use su Always use su - If you don't know the difference, RTFMP. (MP=man page). -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From mailscanner at ecs.soton.ac.uk Thu Aug 15 18:48:27 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:26 2006 Subject: ldconfig error after running the Sophos.install script In-Reply-To: <25171.65.205.80.66.1029428292.squirrel@webmail.mmc.net> References: <200208151049.02749.lbergman@abi.tconline.net> <200208151049.02749.lbergman@abi.tconline.net> Message-ID: <5.1.0.14.2.20020815184807.0718dde0@imap.ecs.soton.ac.uk> At 17:18 15/08/2002, you wrote: >not necessarily. suing to root wont always fix (depends on path setup) > >Need to make sure ldconfig is in your path. > >1. first find where ldconfig is (e.g., "whereis ldconfig") >2. check your path (e.g., "env") >3. if its not in your path, add it (e.g., >"PATH=$PATH:/location/where/ldconfig/is" and "export PATH") >That should work. Yuck. You need to read "man su" as well... :) -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From brose at MED.WAYNE.EDU Thu Aug 15 18:52:46 2002 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:15:26 2006 Subject: Deferred messages in mqueue.in Message-ID: This is just a double check... Messages that come in but are currently deferred due to a sendmail milter are left alone by mailscanner correct? -=B From Matthew_doherty at DATAWATCH.COM Thu Aug 15 19:22:39 2002 From: Matthew_doherty at DATAWATCH.COM (Matt Doherty) Date: Thu Jan 12 21:15:26 2006 Subject: ldconfig error after running the Sophos.install script Message-ID: WOOHOO! That did it! "su -" I was in fact using just the "su" good catch! Thanks again! heeehee Matt Doherty IT Dept Datawatch Corp >>In a world without walls or fences, who needs Windows and Gates?<< -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: Thursday, August 15, 2002 2:51 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: ldconfig error after running the Sophos.install script At 16:49 15/08/2002, you wrote: >On Thursday 15 August 2002 10:34 am, Matt Doherty wrote: > > [root@Thehouse sav-install]# /usr/local/MailScanner/bin/Sophos.install > > Installing Sophos for MailScanner > > Sophos Anti-Virus installation utility [Linux/Intel] > > Copyright (c) 1998,2001 Sophos Plc, Oxford, England > > > > Error: Could not find 'ldconfig' in path. >Sounds like maybe an su to the root user might be a course of action. Absolutely agree. Never use su Always use su - If you don't know the difference, RTFMP. (MP=man page). -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020815/433e9575/attachment.html From Matthew_doherty at DATAWATCH.COM Thu Aug 15 19:28:37 2002 From: Matthew_doherty at DATAWATCH.COM (Matt Doherty) Date: Thu Jan 12 21:15:26 2006 Subject: Sendmail outgoing failed even when it starts ok? Message-ID: Darnit! Its nice that all this stuff installs great with redhat 7.3 and 7.2 but when i do this on a 6.2 (with perl 5.6.1) all kinds odd crap happens. I start mailscanner and get all ok's I stop mailscanner and still get all ok's. BUT when i use the status flag i get MailScanner ok incoming sendmail ok outgoing sendmail Failed I do a restart and I get all six OK's. (3 down) (3 up) strange, but has anyone run into this? Matt Doherty IT Dept Datawatch Corp >>In a world without walls or fences, who needs Windows and Gates?<< -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020815/0ce05766/attachment.html From lbergman at abi.tconline.net Thu Aug 15 19:27:13 2002 From: lbergman at abi.tconline.net (Lewis Bergman) Date: Thu Jan 12 21:15:26 2006 Subject: Sendmail outgoing failed even when it starts ok? In-Reply-To: References: Message-ID: <200208151327.13480.lbergman@abi.tconline.net> On Thursday 15 August 2002 01:28 pm, Matt Doherty wrote: > Darnit! Its nice that all this stuff installs great with redhat 7.3 and 7.2 > but when i do this on a 6.2 (with perl 5.6.1) all kinds odd crap happens. > I start mailscanner and get all ok's I stop mailscanner and still get all > ok's. > > BUT when i use the status flag i get > MailScanner ok > incoming sendmail ok > outgoing sendmail Failed > > I do a restart and I get all six OK's. (3 down) (3 up) > strange, but has anyone run into this? I run it on RH6.1 and Perl 5.6.1 and haven't seen this. -- Lewis Bergman Texas Communications 4309 Maple St. Abilene, TX 79602-8044 915-695-6962 ext 115 From LISTSERV at JISCMAIL.AC.UK Thu Aug 15 19:00:08 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:26 2006 Subject: MAILSCANNER: flmg5855@TJ.SC.GOV.BR requested to join Message-ID: <200208151800.TAA22746@magpie.ecs.soton.ac.uk> Thu, 15 Aug 2002 19:00:08 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from Fernando Goncalves . You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER flmg5855@TJ.SC.GOV.BR Fernando Goncalves The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+flmg5855%40TJ.SC.GOV.BR+Fernando+Goncalves&L=MAILSCANNER ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From mailscanner at ecs.soton.ac.uk Thu Aug 15 23:36:18 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:26 2006 Subject: Deferred messages in mqueue.in In-Reply-To: Message-ID: <5.1.0.14.2.20020815233444.02daf8f8@imap.ecs.soton.ac.uk> At 18:52 15/08/2002, you wrote: >This is just a double check... > >Messages that come in but are currently deferred due to a sendmail >milter are left alone by mailscanner correct? I've never used milters, but remember that MailScanner isn't involved in the delivery process at all. It has sendmail just accept mail into a queue with the "queueonly" option, which as far as I'm aware causes sendmail to do absolutely nothing with the message apart from write it into the queue. MailScanner then does its stuff. Then sendmail takes over again and launches the entire delivery process (presumably invoking milters at that point). -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From mailscanner at ecs.soton.ac.uk Thu Aug 15 23:43:28 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:26 2006 Subject: Sendmail outgoing failed even when it starts ok? In-Reply-To: Message-ID: <5.1.0.14.2.20020815233736.02bf06d8@imap.ecs.soton.ac.uk> The init.d scripts need to be different for all the different versions of RedHat :-( The best way to check it has all stopped completely is to do a ps ax | grep mail This will show up MailScanner and sendmail processes, and of course there should be none when MailScanner is completely stopped. If you see any processes (apart from the "grep mail" process) then you can just kill them. At 19:28 15/08/2002, you wrote: >Darnit! Its nice that all this stuff installs great with redhat 7.3 and >7.2 but when i do this on a 6.2 (with perl 5.6.1) all kinds odd crap happens. >I start mailscanner and get all ok's I stop mailscanner and still get all >ok's. > >BUT when i use the status flag i get >MailScanner ok >incoming sendmail ok >outgoing sendmail Failed > >I do a restart and I get all six OK's. (3 down) (3 up) >strange, but has anyone run into this? > >Matt Doherty >IT Dept >Datawatch Corp > > >>In a world without walls or fences, who needs Windows and Gates?<< -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From brose at MED.WAYNE.EDU Fri Aug 16 00:30:34 2002 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:15:26 2006 Subject: Deferred messages in mqueue.in Message-ID: I'm thinking more along the lines of incoming. For example, if you enable the sendmail DNSBL function it checks incoming mail. I added something to my .mc file and rebuilt my .cf but I didn't catch that I had a old DNSBL entry. I couldn't figure out why the incoming queue kept filling up, I thought it was razor but when I checked the q files in mqueue.in had a deferred entry at the top. Since the files were sitting in the mqueue in, waiting for sendmail to recheck them, I was curious if Mailscanner would grab them instead or if it saw the Deferred statement and left them alone. -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: Thursday, August 15, 2002 6:36 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Deferred messages in mqueue.in At 18:52 15/08/2002, you wrote: >This is just a double check... > >Messages that come in but are currently deferred due to a sendmail >milter are left alone by mailscanner correct? I've never used milters, but remember that MailScanner isn't involved in the delivery process at all. It has sendmail just accept mail into a queue with the "queueonly" option, which as far as I'm aware causes sendmail to do absolutely nothing with the message apart from write it into the queue. MailScanner then does its stuff. Then sendmail takes over again and launches the entire delivery process (presumably invoking milters at that point). -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From Matthew_doherty at DATAWATCH.COM Fri Aug 16 14:07:11 2002 From: Matthew_doherty at DATAWATCH.COM (Matt Doherty) Date: Thu Jan 12 21:15:26 2006 Subject: Sendmail outgoing failed even when it starts ok? Message-ID: Ok. will do Thanks for the feedback! Matt Doherty IT Dept Datawatch Corp >>In a world without walls or fences, who needs Windows and Gates?<< -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: Thursday, August 15, 2002 7:54 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Sendmail outgoing failed even when it starts ok? The init.d scripts need to be different for all the different versions of RedHat :-( The best way to check it has all stopped completely is to do a ps ax | grep mail This will show up MailScanner and sendmail processes, and of course there should be none when MailScanner is completely stopped. If you see any processes (apart from the "grep mail" process) then you can just kill them. At 19:28 15/08/2002, you wrote: >Darnit! Its nice that all this stuff installs great with redhat 7.3 and >7.2 but when i do this on a 6.2 (with perl 5.6.1) all kinds odd crap happens. >I start mailscanner and get all ok's I stop mailscanner and still get all >ok's. > >BUT when i use the status flag i get >MailScanner ok >incoming sendmail ok >outgoing sendmail Failed > >I do a restart and I get all six OK's. (3 down) (3 up) >strange, but has anyone run into this? > >Matt Doherty >IT Dept >Datawatch Corp > > >>In a world without walls or fences, who needs Windows and Gates?<< -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020816/e3c7e620/attachment.html From splee at PLEXIO.COM Fri Aug 16 16:28:32 2002 From: splee at PLEXIO.COM (Stephen Lee) Date: Thu Jan 12 21:15:26 2006 Subject: NO SHADE CLASS Message-ID: <1029511713.936.127.camel@ralph.plexio.private> Hi, I'm using mailscanner-3.22-12, sendmail-8.11.6-3 and Sophos on a Redhat 7.2 system. Recently my users have been getting these "NOSHADE CLASS" messages with the following content: From: "letters" To: Subject: NOSHADE CLASS Date: Thu, 15 Aug 2002 19:58:08 -0700 Message-ID: <200208160258.g7G2w8w210759@logs-mtc-tf.proxy.aol.com> MIME-Version: 1.0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-Apparently-From: Dudek49@aol.com X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 X-OlkEid: A2045720B52AB357E4B0D611BB7E00606E3175A2 where xxx is some 3Dcid:blahblah number. I tried to send this message intact to the Mailscanner list but it was rejected because it contained the 'Exploit.IFrame.FileDownload' virus so this time I removed the value of the "src=" portion. Do I need to add additional rules to filter out this virus? Thanks, Stephen From splee at PLEXIO.COM Fri Aug 16 18:14:17 2002 From: splee at PLEXIO.COM (Stephen Lee) Date: Thu Jan 12 21:15:26 2006 Subject: Sophos sweep update problem Message-ID: <1029518058.849.145.camel@ralph.plexio.private> Hi. I recently updated my Sophos from v359 to v360 using the Mailscanner Sophos.install script (on Redhat 7.2 system using 3.22-12 rpm). In the past this script has worked well, However, in updating to v360, sweep no longer worked as it came back with an "Error initialising detection engine [0x80040222]" message. I called Sophos tech support and they said they have discussed this problem with the Mailscanner folks (I presume Julian?). In the end, the solution was to run the install.sh script in the sav-install directory to fix the problem. According to the Sophos tech, Sophos.install does not transfer all the lib files from sav-install (sorry just paraphrasing so could be incorrect interpretation on my part) thus the need to run install.sh afterwards. Can the Sophos.install script be adjusted to fix this problem? Thanks, Stephen From Matthew_doherty at DATAWATCH.COM Fri Aug 16 18:24:39 2002 From: Matthew_doherty at DATAWATCH.COM (Matt Doherty) Date: Thu Jan 12 21:15:26 2006 Subject: Sophos sweep update problem Message-ID: Arn't you supposed to use the "Sophos.install" script julian has in the mailscanner package? I had a problem earlier with Sophos and it was because i didnt use HIS install script. my red hat 7.2 system , its located > /usr/local/MailScanner/bin/Sophos.install Matt Doherty IT Dept Datawatch Corp >>In a world without walls or fences, who needs Windows and Gates?<< -----Original Message----- From: Stephen Lee [mailto:splee@PLEXIO.COM] Sent: Friday, August 16, 2002 2:16 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Sophos sweep update problem Hi. I recently updated my Sophos from v359 to v360 using the Mailscanner Sophos.install script (on Redhat 7.2 system using 3.22-12 rpm). In the past this script has worked well, However, in updating to v360, sweep no longer worked as it came back with an "Error initialising detection engine [0x80040222]" message. I called Sophos tech support and they said they have discussed this problem with the Mailscanner folks (I presume Julian?). In the end, the solution was to run the install.sh script in the sav-install directory to fix the problem. According to the Sophos tech, Sophos.install does not transfer all the lib files from sav-install (sorry just paraphrasing so could be incorrect interpretation on my part) thus the need to run install.sh afterwards. Can the Sophos.install script be adjusted to fix this problem? Thanks, Stephen -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020816/cb963291/attachment.html From Matthew_doherty at DATAWATCH.COM Fri Aug 16 18:25:23 2002 From: Matthew_doherty at DATAWATCH.COM (Matt Doherty) Date: Thu Jan 12 21:15:26 2006 Subject: Sophos sweep update problem Message-ID: sorry my bad.. I read your email a bit too quickly.. please scratch that last response.. sorry Matt Doherty IT Dept Datawatch Corp >>In a world without walls or fences, who needs Windows and Gates?<< -----Original Message----- From: Stephen Lee [mailto:splee@PLEXIO.COM] Sent: Friday, August 16, 2002 2:16 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Sophos sweep update problem Matt Doherty IT Dept Datawatch Corp >>In a world without walls or fences, who needs Windows and Gates?<< -----Original Message----- From: Stephen Lee [mailto:splee@PLEXIO.COM] Sent: Friday, August 16, 2002 2:16 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Sophos sweep update problem Hi. I recently updated my Sophos from v359 to v360 using the Mailscanner Sophos.install script (on Redhat 7.2 system using 3.22-12 rpm). In the past this script has worked well, However, in updating to v360, sweep no longer worked as it came back with an "Error initialising detection engine [0x80040222]" message. I called Sophos tech support and they said they have discussed this problem with the Mailscanner folks (I presume Julian?). In the end, the solution was to run the install.sh script in the sav-install directory to fix the problem. According to the Sophos tech, Sophos.install does not transfer all the lib files from sav-install (sorry just paraphrasing so could be incorrect interpretation on my part) thus the need to run install.sh afterwards. Can the Sophos.install script be adjusted to fix this problem? Thanks, Stephen -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020816/9b89ab1e/attachment.html From mailscanner at ecs.soton.ac.uk Fri Aug 16 20:41:26 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:26 2006 Subject: Sophos sweep update problem In-Reply-To: <1029518058.849.145.camel@ralph.plexio.private> Message-ID: <5.1.0.14.2.20020816202725.02d46140@imap.ecs.soton.ac.uk> At 18:14 16/08/2002, you wrote: >I recently updated my Sophos from v359 to v360 using the Mailscanner >Sophos.install script (on Redhat 7.2 system using 3.22-12 rpm). In the >past this script has worked well, However, in updating to v360, sweep no >longer worked as it came back with an "Error initialising detection >engine [0x80040222]" message. I have just upgraded my test server to v360 using Sophos.install and it works just fine. I have also just tried it as well on a Solaris SPARC system, and that worked fine too. So I can't reproduce the problem. On an apparently broken system, what happens if you do cd /opt/sophos bin/sophoswrapper . or cd /usr/local/Sophos bin/sophoswrapper . depending of course on where you have it installed. It should list a load of IDE files and then say something about the number of file processed. > I called Sophos tech support and they said >they have discussed this problem with the Mailscanner folks (I presume >Julian?). They have done no such thing. I would be interested to see evidence of this "discussion". I haven't heard anything from Sophos at all since they launched their email gateway program. I hate it when people lie :-( > In the end, the solution was to run the install.sh script in >the sav-install directory to fix the problem. According to the Sophos >tech, Sophos.install does not transfer all the lib files from >sav-install (sorry just paraphrasing so could be incorrect >interpretation on my part) thus the need to run install.sh afterwards. Interesting, as Sophos.install runs install.sh to do most of the work! >Can the Sophos.install script be adjusted to fix this problem? Not until I can find out what is going wrong for some people. Please can someone try to catch a system doing this, and dump the whole of /usr/local/Sophos /opt/sophos /etc/sav.conf into a tar file and mail it to me so I can see what's happened. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From David.Sullivan at BARNET.AC.UK Fri Aug 16 20:51:10 2002 From: David.Sullivan at BARNET.AC.UK (David Sullivan) Date: Thu Jan 12 21:15:26 2006 Subject: Sophos sweep update problem In-Reply-To: <5.1.0.14.2.20020816202725.02d46140@imap.ecs.soton.ac.uk> References: <1029518058.849.145.camel@ralph.plexio.private> Message-ID: <3D5D65BE.6211.1A779F2@localhost> On 16 Aug 2002 at 20:41, Julian Field wrote: > At 18:14 16/08/2002, you wrote: > >I recently updated my Sophos from v359 to v360 using the Mailscanner > >Sophos.install script (on Redhat 7.2 system using 3.22-12 rpm). In the > >past this script has worked well, However, in updating to v360, sweep no > >longer worked as it came back with an "Error initialising detection > >engine [0x80040222]" message. > > I have just upgraded my test server to v360 using Sophos.install and it > works just fine. I have also just tried it as well on a Solaris SPARC > system, and that worked fine too. > > So I can't reproduce the problem. > On an apparently broken system, what happens if you do > cd /opt/sophos > bin/sophoswrapper . > or > cd /usr/local/Sophos > bin/sophoswrapper . > depending of course on where you have it installed. It should list a load > of IDE files and then say something about the number of file processed. > > > I called Sophos tech support and they said > >they have discussed this problem with the Mailscanner folks (I presume > >Julian?). > > They have done no such thing. I would be interested to see evidence of this > "discussion". > I haven't heard anything from Sophos at all since they launched their email > gateway program. > I hate it when people lie :-( > > > In the end, the solution was to run the install.sh script in > >the sav-install directory to fix the problem. According to the Sophos > >tech, Sophos.install does not transfer all the lib files from > >sav-install (sorry just paraphrasing so could be incorrect > >interpretation on my part) thus the need to run install.sh afterwards. > > Interesting, as Sophos.install runs install.sh to do most of the work! > > >Can the Sophos.install script be adjusted to fix this problem? > > Not until I can find out what is going wrong for some people. > I came across this problem and found it was down to the fact that Sophos had also been installed without using the Mailscanner sophos install script at some stage which installed libsavi in /usr/local/lib. ldconfig appends the "Mailscanner" library path after this so this library will be found first by the sweep executable which ran ok up until 3.60 which is when we hit this problem. Running install.sh would overwrite this old copy of libsavi so *would* fix the problem but is not indicative of a problem with MailScanner at all other that it installs Sophos in a different location than the default. Hope this might have clarified things a little. David. ============================================================== This communication may contain privileged or confidential information which is for the exclusive use of the intended recipient. If you are not the intended recipient, please note that you may not distribute or use this communication or the information it contains. If this e-mail has reached you in error, please delete it and any attachment. Internet communications are not secure and Barnet College does not accept legal responsibility for the content of this message. Any views or opinions expressed are those of the author and not necessarily those of Barnet College. Please note that Barnet College reserves the right to monitor the source/destinations of all incoming or outgoing e-mail communications. ============================================================== From mailscanner at ecs.soton.ac.uk Fri Aug 16 21:32:32 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:26 2006 Subject: Sophos sweep update problem In-Reply-To: <3D5D65BE.6211.1A779F2@localhost> References: <5.1.0.14.2.20020816202725.02d46140@imap.ecs.soton.ac.uk> <1029518058.849.145.camel@ralph.plexio.private> Message-ID: <5.1.0.14.2.20020816212948.041a3128@imap.ecs.soton.ac.uk> At 20:51 16/08/2002, you wrote: >On 16 Aug 2002 at 20:41, Julian Field wrote: > > At 18:14 16/08/2002, you wrote: > > >I recently updated my Sophos from v359 to v360 using the Mailscanner > > >Sophos.install script (on Redhat 7.2 system using 3.22-12 rpm). In the > > >past this script has worked well, However, in updating to v360, sweep no > > >longer worked as it came back with an "Error initialising detection > > >engine [0x80040222]" message. > >I came across this problem and found it was down to the fact that >Sophos had also been installed without using the Mailscanner sophos >install script at some stage which installed libsavi in /usr/local/lib. >ldconfig appends the "Mailscanner" library path after this so this library >will be found first by the sweep executable which ran ok up until 3.60 >which is when we hit this problem. Many thanks for that, I now understand what is going wrong on some systems. I have modified the Sophos.install script to handle this and have posted them on the web site. Look in the News section for today and you will find links to the Linux and Solaris/Other Unix versions. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From flmg5855 at TJ.SC.GOV.BR Fri Aug 16 21:53:58 2002 From: flmg5855 at TJ.SC.GOV.BR (Fernando L. M. =?iso-8859-1?Q?Gon=E7alves?=) Date: Thu Jan 12 21:15:26 2006 Subject: Problem when shut/start sendmail and mailscanner Message-ID: <3D5D6666.11077E18@tj.sc.gov.br> Hi, I have only one problem. When I shutdown sendmail and mailscanner the files remaining in the mqueue.in directory aren?t processed when I start sendmail/mailscanner again. The mailscanner start a new sequence of files in mqueue.in directory and ignore the old files. Can you help me ? Thanks, Fernando From mailscanner at ecs.soton.ac.uk Fri Aug 16 22:17:53 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:26 2006 Subject: Problem when shut/start sendmail and mailscanner In-Reply-To: <3D5D6666.11077E18@tj.sc.gov.br> Message-ID: <5.1.0.14.2.20020816220710.0406c050@imap.ecs.soton.ac.uk> Exactly what are the filenames left behind? If they start with a capital letter, they are partly-received messages that sendmail was reading when it was killed. The messages are re-sent completely when sendmail starts up again. These files can be safely deleted, as can zero-length "qf" files, and "df" files with no corresponding "qf" file. "tf" files with no corresponding "qf" file can be renamed to "qf". What all that boils down to is this: MailScanner will pick up completely delivered messages (qf and df pairs of files). Anything else will be ignored. At 21:53 16/08/2002, you wrote: >When I shutdown sendmail and mailscanner the files remaining in the >mqueue.in directory aren?t processed when I start sendmail/mailscanner >again. >The mailscanner start a new sequence of files in mqueue.in directory and >ignore the old files. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From splee at PLEXIO.COM Fri Aug 16 22:24:57 2002 From: splee at PLEXIO.COM (Stephen Lee) Date: Thu Jan 12 21:15:26 2006 Subject: Sophos sweep update problem In-Reply-To: <5.1.0.14.2.20020816202725.02d46140@imap.ecs.soton.ac.uk> References: <5.1.0.14.2.20020816202725.02d46140@imap.ecs.soton.ac.uk> Message-ID: <1029533098.911.185.camel@ralph.plexio.private> On Fri, 2002-08-16 at 12:41, Julian Field wrote: > At 18:14 16/08/2002, you wrote: > >I recently updated my Sophos from v359 to v360 using the Mailscanner > >Sophos.install script (on Redhat 7.2 system using 3.22-12 rpm). In the > >past this script has worked well, However, in updating to v360, sweep no > >longer worked as it came back with an "Error initialising detection > >engine [0x80040222]" message. > > I have just upgraded my test server to v360 using Sophos.install and it > works just fine. I have also just tried it as well on a Solaris SPARC > system, and that worked fine too. > > So I can't reproduce the problem. > On an apparently broken system, what happens if you do > cd /opt/sophos > bin/sophoswrapper . > or > cd /usr/local/Sophos > bin/sophoswrapper . > depending of course on where you have it installed. It should list a load > of IDE files and then say something about the number of file processed. > > > I called Sophos tech support and they said > >they have discussed this problem with the Mailscanner folks (I presume > >Julian?). > > They have done no such thing. I would be interested to see evidence of this > "discussion". > I haven't heard anything from Sophos at all since they launched their email > gateway program. > I hate it when people lie :-( > It does seem strange that this Sophos tech person claimed Sophos had been in contact with Mailscanner folks and had suggested that your install script didn't "install all of the files". I looked at the Sopho.install script and it essentially calls Sophos' own install.sh script. When I called Sophos, the first support person, who wasn't familiar with Linux/Unix, simply suggested I run Sophos' install script and that was suppose to fix the problem. That's when I looked at the Sophos.install script and found out that install.sh was called. I didn't bother to run it again but called tech support again. This time I was referred to another person who then gave me the blurb on Mailscanner not doing a proper upgrade of Sophos. I obliged and ran install.sh and that fixed the problem. Sorry for raising your bile but that's basically what I got from Sophos. As David Sullivan suggested I probably did install Sophos the first time using their script as I was originally trying out Amavis. As soon as I tried Mailscanner I haven't looked back since! Thanks, Stephen From flmg5855 at TJ.SC.GOV.BR Fri Aug 16 22:34:23 2002 From: flmg5855 at TJ.SC.GOV.BR (Fernando L. M. =?iso-8859-1?Q?Gon=E7alves?=) Date: Thu Jan 12 21:15:26 2006 Subject: Problem when shut/start sendmail and mailscanner References: <5.1.0.14.2.20020816220710.0406c050@imap.ecs.soton.ac.uk> Message-ID: <3D5D6FDF.2D9930C@tj.sc.gov.br> The filenames are start with "df" and "xf", e.g. dfg7DBSLt13069 and xfg7DBSLt13069. Do you think what I can to delete this files ? Fernando. Julian Field wrote: > Exactly what are the filenames left behind? > > If they start with a capital letter, they are partly-received messages that > sendmail was reading when it was killed. > > The messages are re-sent completely when sendmail starts up again. These > files can be safely deleted, as can zero-length "qf" files, and "df" files > with no corresponding "qf" file. "tf" files with no corresponding "qf" file > can be renamed to "qf". > > What all that boils down to is this: > MailScanner will pick up completely delivered messages (qf and df pairs of > files). Anything else will be ignored. > > At 21:53 16/08/2002, you wrote: > >When I shutdown sendmail and mailscanner the files remaining in the > >mqueue.in directory aren?t processed when I start sendmail/mailscanner > >again. > >The mailscanner start a new sequence of files in mqueue.in directory and > >ignore the old files. > > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ From LISTSERV at JISCMAIL.AC.UK Fri Aug 16 23:05:10 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:26 2006 Subject: MAILSCANNER: brad@LTINETWORKS.COM requested to join Message-ID: <200208162205.XAA18231@magpie.ecs.soton.ac.uk> Fri, 16 Aug 2002 23:05:10 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from Bradley White . You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER brad@LTINETWORKS.COM Bradley White The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+brad%40LTINETWORKS.COM+Bradley+White&L=MAILSCANNER ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From LISTSERV at JISCMAIL.AC.UK Sat Aug 17 06:15:55 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:26 2006 Subject: MAILSCANNER: Howey@YEBO.CO.ZA requested to join Message-ID: <200208170515.GAA12140@magpie.ecs.soton.ac.uk> Sat, 17 Aug 2002 06:15:55 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from Wayne Howey . You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER Howey@YEBO.CO.ZA Wayne Howey The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+Howey%40YEBO.CO.ZA+Wayne+Howey&L=MAILSCANNER ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From mailscanner at ecs.soton.ac.uk Sat Aug 17 10:36:28 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:26 2006 Subject: Problem when shut/start sendmail and mailscanner In-Reply-To: <3D5D6FDF.2D9930C@tj.sc.gov.br> References: <5.1.0.14.2.20020816220710.0406c050@imap.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020817103525.02dd1e78@imap.ecs.soton.ac.uk> At 22:34 16/08/2002, you wrote: >The filenames are start with "df" and "xf", e.g. dfg7DBSLt13069 and >xfg7DBSLt13069. > >Do you think what I can to delete this files ? The last thing sendmail does with a message is rename the xf to qf, so you could do that. On www.sendmail.org there is a really good script to start sendmail that cleans up the queue really well. >Fernando. > >Julian Field wrote: > > > Exactly what are the filenames left behind? > > > > If they start with a capital letter, they are partly-received messages that > > sendmail was reading when it was killed. > > > > The messages are re-sent completely when sendmail starts up again. These > > files can be safely deleted, as can zero-length "qf" files, and "df" files > > with no corresponding "qf" file. "tf" files with no corresponding "qf" file > > can be renamed to "qf". > > > > What all that boils down to is this: > > MailScanner will pick up completely delivered messages (qf and df pairs of > > files). Anything else will be ignored. > > > > At 21:53 16/08/2002, you wrote: > > >When I shutdown sendmail and mailscanner the files remaining in the > > >mqueue.in directory aren?t processed when I start sendmail/mailscanner > > >again. > > >The mailscanner start a new sequence of files in mqueue.in directory and > > >ignore the old files. > > > > -- > > Julian Field Teaching Systems Manager > > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > > Tel. 023 8059 2817 University of Southampton > > Southampton SO17 1BJ -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From LISTSERV at JISCMAIL.AC.UK Sat Aug 17 18:04:24 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:26 2006 Subject: MAILSCANNER: emily_post@HOTMAIL.COM left the list Message-ID: <200208171704.SAA15594@magpie.ecs.soton.ac.uk> Sat, 17 Aug 2002 18:04:24 Emily Yau has just signed off the MAILSCANNER list (MailScanner mailing list). ------------------------- Original mail header -------------------------- [WWW request received from 24.165.9.208] From C.P.Mills at rmcs.cranfield.ac.uk Mon Aug 19 12:08:26 2002 From: C.P.Mills at rmcs.cranfield.ac.uk (Mills Mr C P) Date: Thu Jan 12 21:15:26 2006 Subject: HELP! Message-ID: <1398D0DBAEED324EB0E7CDC181B3B391011669C1@EROS> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Help! I installed mailscanner last week and everything worked well. This morning I came in and found that mailscanner had stopped running. Attempting to start it returned the following error: Starting virus scanner... Can't set GID 10000 at /usr/mailscanner/bin/logger.pl line 64. I am using mailscanner with Exim 4.10 on RH (I think) 7.2 and PERL 5.8.0 Syslog output includes the following: Aug 19 11:53:43 ccsmta2 mailscanner[3020]: MailScanner E-Mail Virus Scanner version 3.22 starting. Aug 19 11:53:43 ccsmta2 mailscanner[3020]: Configuring mailscanner for Exim mailer... Aug 19 11:53:43 ccsmta2 mailscanner[3020]: Using locktype = posix Aug 19 11:53:43 ccsmta2 mailscanner[3020]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Aug 19 11:53:43 ccsmta2 mailscanner[3021]: ECS MailScanner setting UID to exim (10000) Aug 19 11:53:43 ccsmta2 mailscanner[3021]: ECS MailScanner setting GID to exim (10000) Aug 19 11:53:43 ccsmta2 mailscanner[3021]: Can't set GID 10000 I am pretty sure it worked fine until this weekend when I upgraded Perl. Any thoughts? Regards Chris Mills Cranfield University -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.8 iQA/AwUBPWDSkUrgSYTumc6KEQIEFwCeLLbWDK9DtIwkQTw2PJeWZ+tI9QYAoKYZ GwnmGw9As0Nf0FPMfpV6wMLQ =j4m4 -----END PGP SIGNATURE----- From flmg5855 at TJ.SC.GOV.BR Mon Aug 19 18:44:16 2002 From: flmg5855 at TJ.SC.GOV.BR (Fernando L. M. =?iso-8859-1?Q?Gon=E7alves?=) Date: Thu Jan 12 21:15:26 2006 Subject: Problem when shut/start sendmail and mailscanner References: <5.1.0.14.2.20020816220710.0406c050@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020817103525.02dd1e78@imap.ecs.soton.ac.uk> Message-ID: <3D612E70.F245E87D@tj.sc.gov.br> > >The filenames are start with "df" and "xf", e.g. dfg7DBSLt13069 and > >xfg7DBSLt13069. > > > >Do you think what I can to delete this files ? > > The last thing sendmail does with a message is rename the xf to qf, so you > could do that. On www.sendmail.org there is a really good script to start > sendmail that cleans up the queue really well. > And when there is only "df" files in the mqueue.in directory ? I don't found the script in www.sendmail.org. Fernando. > > >Fernando. > > > >Julian Field wrote: > > > > > Exactly what are the filenames left behind? > > > > > > If they start with a capital letter, they are partly-received messages that > > > sendmail was reading when it was killed. > > > > > > The messages are re-sent completely when sendmail starts up again. These > > > files can be safely deleted, as can zero-length "qf" files, and "df" files > > > with no corresponding "qf" file. "tf" files with no corresponding "qf" file > > > can be renamed to "qf". > > > > > > What all that boils down to is this: > > > MailScanner will pick up completely delivered messages (qf and df pairs of > > > files). Anything else will be ignored. > > > > > > At 21:53 16/08/2002, you wrote: > > > >When I shutdown sendmail and mailscanner the files remaining in the > > > >mqueue.in directory aren?t processed when I start sendmail/mailscanner > > > >again. > > > >The mailscanner start a new sequence of files in mqueue.in directory and > > > >ignore the old files. > > > > > > -- > > > Julian Field Teaching Systems Manager > > > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > > > Tel. 023 8059 2817 University of Southampton > > > Southampton SO17 1BJ > > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ From mailscanner at ecs.soton.ac.uk Mon Aug 19 18:49:00 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:26 2006 Subject: Problem when shut/start sendmail and mailscanner In-Reply-To: <3D612E70.F245E87D@tj.sc.gov.br> References: <5.1.0.14.2.20020816220710.0406c050@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020817103525.02dd1e78@imap.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020819184648.02248e98@imap.ecs.soton.ac.uk> At 18:44 19/08/2002, you wrote: > > >The filenames are start with "df" and "xf", e.g. dfg7DBSLt13069 and > > >xfg7DBSLt13069. > > > > > >Do you think what I can to delete this files ? > > > > The last thing sendmail does with a message is rename the xf to qf, so you > > could do that. On www.sendmail.org there is a really good script to start > > sendmail that cleans up the queue really well. > > > >And when there is only "df" files in the mqueue.in directory ? If there are only df files, you might as well delete them, as you certainly don't have enough info to be able to deliver them. >I don't found the script in www.sendmail.org. Here's the relevant bit: SENDMAIL=/opt/sendmail/current QUEUE=/var/spool/mqueue INQUEUE=/var/spool/mqueue.in CF=$SENDMAIL/etc/sendmail.cf # Install everything if necessary (needed after careless Sun patching) [ -x $SENDMAIL/bin/install.sendmail ] && $SENDMAIL/bin/install.sendmail # Make placeholders for status files [ -d $SENDMAIL/var/status ] || mkdir $SENDMAIL/var/status [ -f $SENDMAIL/var/sendmail.st ] || touch $SENDMAIL/var/sendmail.st echo "Starting sendmail:\c" echo " clean up queue\c" for queuedir in $QUEUE $INQUEUE do cd $queuedir # remove zero length qf files for qffile in qf* do if [ -r $qffile ]; then if [ ! -s $qffile ]; then rm -f $qffile fi fi done # rename tf files to be qf if the qf does not exist for tffile in tf* do qffile=`echo $tffile | sed 's/t/q/'` # JKF 15/7/98 Put $qffile in quotes in case tffile = 'tf*' if [ -r $tffile -a ! -f "$qffile" ]; then mv $tffile $qffile else if [ -f $tffile ]; then rm -f $tffile fi fi done # remove df files with no corresponding qf files for dffile in df* do qffile=`echo $dffile | sed 's/d/q/'` if [ -r $dffile -a ! -f $qffile ]; then mv $dffile `echo $dffile | sed 's/d/D/'` fi done # announce files that have been saved during disaster recovery for xffile in [A-Z]f* do if [ -f $xffile ]; then echo " \c" fi done done # Now actually start the damn thing... #$SENDMAIL/bin/sendmail -q15m #$SENDMAIL/bin/sendmail -bd -ODeliveryMode=queueonly -OQueueDirectory=/var/spool/mqueue.in -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From flmg5855 at TJ.SC.GOV.BR Mon Aug 19 22:09:13 2002 From: flmg5855 at TJ.SC.GOV.BR (Fernando L. M. =?iso-8859-1?Q?Gon=E7alves?=) Date: Thu Jan 12 21:15:26 2006 Subject: Problem when shut/start sendmail and mailscanner References: <5.1.0.14.2.20020816220710.0406c050@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020817103525.02dd1e78@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020819184648.02248e98@imap.ecs.soton.ac.uk> Message-ID: <3D615E79.8C36D65D@tj.sc.gov.br> > >And when there is only "df" files in the mqueue.in directory ? > > If there are only df files, you might as well delete them, as you certainly > don't have enough info to be able to deliver them. > This result in lost messages ... alright ? > > >I don't found the script in www.sendmail.org. > > Here's the relevant bit: > > SENDMAIL=/opt/sendmail/current > QUEUE=/var/spool/mqueue > INQUEUE=/var/spool/mqueue.in > CF=$SENDMAIL/etc/sendmail.cf > > # Install everything if necessary (needed after careless Sun patching) > [ -x $SENDMAIL/bin/install.sendmail ] && $SENDMAIL/bin/install.sendmail > > # Make placeholders for status files > [ -d $SENDMAIL/var/status ] || mkdir $SENDMAIL/var/status > [ -f $SENDMAIL/var/sendmail.st ] || touch $SENDMAIL/var/sendmail.st > > echo "Starting sendmail:\c" > > echo " clean up queue\c" > for queuedir in $QUEUE $INQUEUE > do > cd $queuedir > > # remove zero length qf files > for qffile in qf* > do > if [ -r $qffile ]; then > if [ ! -s $qffile ]; then > rm -f $qffile > fi > fi > done > # rename tf files to be qf if the qf does not exist > for tffile in tf* > do > qffile=`echo $tffile | sed 's/t/q/'` > # JKF 15/7/98 Put $qffile in quotes in case tffile = 'tf*' > if [ -r $tffile -a ! -f "$qffile" ]; then > mv $tffile $qffile > else > if [ -f $tffile ]; then > rm -f $tffile > fi > fi > done > # remove df files with no corresponding qf files > for dffile in df* > do > qffile=`echo $dffile | sed 's/d/q/'` > if [ -r $dffile -a ! -f $qffile ]; then > mv $dffile `echo $dffile | sed 's/d/D/'` > fi > done > # announce files that have been saved during disaster recovery > for xffile in [A-Z]f* > do > if [ -f $xffile ]; then > echo " \c" > fi > done > done > > # Now actually start the damn thing... > #$SENDMAIL/bin/sendmail -q15m > #$SENDMAIL/bin/sendmail -bd -ODeliveryMode=queueonly > -OQueueDirectory=/var/spool/mqueue.in > Sorry, but I don't understood this script. Where I put it ? From mailscanner at ecs.soton.ac.uk Tue Aug 20 00:42:22 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:26 2006 Subject: Problem when shut/start sendmail and mailscanner In-Reply-To: <3D615E79.8C36D65D@tj.sc.gov.br> References: <5.1.0.14.2.20020816220710.0406c050@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020817103525.02dd1e78@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020819184648.02248e98@imap.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020820003200.0357ce98@imap.ecs.soton.ac.uk> At 22:09 19/08/2002, you wrote: > > >And when there is only "df" files in the mqueue.in directory ? > > > > If there are only df files, you might as well delete them, as you certainly > > don't have enough info to be able to deliver them. > > > >This result in lost messages ... alright ? MailScanner is not capable of leaving df files behind, unless it was killed between creating the new one and deleting the old one. In that case the message will have already been delivered, so you aren't actually losing any mail, just duplicate files from a message that would otherwise be sent twice. MailScanner always creates the new copy of the message completely (in the outgoing queue), before it starts deleting the old files out of the incoming queue. If it is killed at exactly the wrong moment, there is a small chance that both the new and old file(s) will both exist at the same time. If this happens, *and* the outgoing copy has been delivered before MailScanner is restarted, the message will be delivered twice. This is "behaviour by design" and is definitely not a bug. It is carefully designed so that you cannot lose a message in the event of a freeze/power-out/reset/kill/hang/crash occuring. > > Here's the relevant bit: > > > > SENDMAIL=/opt/sendmail/current > > QUEUE=/var/spool/mqueue > > INQUEUE=/var/spool/mqueue.in > > CF=$SENDMAIL/etc/sendmail.cf > > > > # Install everything if necessary (needed after careless Sun patching) > > [ -x $SENDMAIL/bin/install.sendmail ] && $SENDMAIL/bin/install.sendmail > > > > # Make placeholders for status files > > [ -d $SENDMAIL/var/status ] || mkdir $SENDMAIL/var/status > > [ -f $SENDMAIL/var/sendmail.st ] || touch $SENDMAIL/var/sendmail.st > > > > echo "Starting sendmail:\c" > > > > echo " clean up queue\c" > > for queuedir in $QUEUE $INQUEUE > > do > > cd $queuedir > > > > # remove zero length qf files > > for qffile in qf* > > do > > if [ -r $qffile ]; then > > if [ ! -s $qffile ]; then > > rm -f $qffile > > fi > > fi > > done > > # rename tf files to be qf if the qf does not exist > > for tffile in tf* > > do > > qffile=`echo $tffile | sed 's/t/q/'` > > # JKF 15/7/98 Put $qffile in quotes in case tffile = 'tf*' > > if [ -r $tffile -a ! -f "$qffile" ]; then > > mv $tffile $qffile > > else > > if [ -f $tffile ]; then > > rm -f $tffile > > fi > > fi > > done > > # remove df files with no corresponding qf files > > for dffile in df* > > do > > qffile=`echo $dffile | sed 's/d/q/'` > > if [ -r $dffile -a ! -f $qffile ]; then > > mv $dffile `echo $dffile | sed 's/d/D/'` > > fi > > done > > # announce files that have been saved during disaster recovery > > for xffile in [A-Z]f* > > do > > if [ -f $xffile ]; then > > echo " \c" > > fi > > done > > done > > > > # Now actually start the damn thing... > > #$SENDMAIL/bin/sendmail -q15m > > #$SENDMAIL/bin/sendmail -bd -ODeliveryMode=queueonly > > -OQueueDirectory=/var/spool/mqueue.in > > > >Sorry, but I don't understood this script. Where I put it ? Alter the first 4 lines to point at your configuration files and queues, and merge this in to your MailScanner startup script. You will want to change the end of the script as well, as that happens to be the right settings for me. You don't have to go to these lengths to clean the queue, it doesn't actually matter very much. None of the Unix/Linux distributions I have used do any of this. It's just what is considered "best practice" and might be useful if you worry about old dead mqueue.in/mqueue files. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From lltan at WEARNES.COM.SG Tue Aug 20 03:22:21 2002 From: lltan at WEARNES.COM.SG (Tan Lian Leong) Date: Thu Jan 12 21:15:26 2006 Subject: Can i move Sendmail store folder to Home partition? Message-ID: <002501c247f0$6aceb510$120000a9@wtkia> The default Sendmail user mail file location is in /var/spool/mail. Can i move it to Home directory? I have Mailscanner installed. I use Redhat 7.3, Sendmail-8.11.6-15, Mailscanner-3.22-6. If yes, what else should i do after move to Home directory? Thanks in advance. Benny. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020820/3f661c3f/attachment.html From LISTSERV at JISCMAIL.AC.UK Tue Aug 20 10:40:30 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:26 2006 Subject: MAILSCANNER: smtp-mail@UFG.AC.AT requested to join Message-ID: <200208200940.KAA27737@magpie.ecs.soton.ac.uk> Tue, 20 Aug 2002 10:40:30 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from Mail-Admin University of Art and Industrial Design . The following subscription options have been requested: SUBJECTHDR. You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER smtp-mail@UFG.AC.AT Mail-Admin University of Art and Industrial Design The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+smtp-mail%40UFG.AC.AT+Mail-Admin+University+of+Art+and+Industrial+Design&L=MAILSCANNER This first link will add the subscriber to the list. You can then set the subscription options with this link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=SET+MAILSCANNER+SUBJECTHDR+FOR+smtp-mail%40UFG.AC.AT&L=MAILSCANNER ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From Matthew_doherty at DATAWATCH.COM Tue Aug 20 14:02:55 2002 From: Matthew_doherty at DATAWATCH.COM (Matt Doherty) Date: Thu Jan 12 21:15:26 2006 Subject: Can i move Sendmail store folder to Home partition? Message-ID: make a link , mkdir /home/mail cd /var/spool ln -s /home/mail mail do a ' man ln ' Matt Doherty IT Dept Datawatch Corp >>In a world without walls or fences, who needs Windows and Gates?<< -----Original Message----- From: Tan Lian Leong [mailto:lltan@WEARNES.COM.SG] Sent: Tuesday, August 20, 2002 2:45 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Can i move Sendmail store folder to Home partition? The default Sendmail user mail file location is in /var/spool/mail. Can i move it to Home directory? I have Mailscanner installed. I use Redhat 7.3, Sendmail-8.11.6-15, Mailscanner-3.22-6. If yes, what else should i do after move to Home directory? Thanks in advance. Benny. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020820/0dd4c434/attachment.html From Matthew_doherty at DATAWATCH.COM Tue Aug 20 14:04:24 2002 From: Matthew_doherty at DATAWATCH.COM (Matt Doherty) Date: Thu Jan 12 21:15:26 2006 Subject: Can i move Sendmail store folder to Home partition? Message-ID: Forgot to say, Dont forget permissions on that.. [Matt Doherty] -----Original Message----- From: Tan Lian Leong [mailto:lltan@WEARNES.COM.SG] Sent: Tuesday, August 20, 2002 2:45 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Can i move Sendmail store folder to Home partition? The default Sendmail user mail file location is in /var/spool/mail. Can i move it to Home directory? I have Mailscanner installed. I use Redhat 7.3, Sendmail-8.11.6-15, Mailscanner-3.22-6. If yes, what else should i do after move to Home directory? Thanks in advance. Benny. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020820/5a2a9fc8/attachment.html From LISTSERV at JISCMAIL.AC.UK Tue Aug 20 14:52:08 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:26 2006 Subject: MAILSCANNER: amp1@CORNELL.EDU requested to join Message-ID: <200208201352.OAA01205@magpie.ecs.soton.ac.uk> Tue, 20 Aug 2002 14:52:08 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from Ron Pool . The following subscription options have been requested: NOHTML MIME DIGEST CONCEAL. You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER amp1@CORNELL.EDU Ron Pool The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+amp1%40CORNELL.EDU+Ron+Pool&L=MAILSCANNER This first link will add the subscriber to the list. You can then set the subscription options with this link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=SET+MAILSCANNER+NOHTML+MIME+DIGEST+CONCEAL+FOR+amp1%40CORNELL.EDU&L=MAILSCANNER ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From jonathan.arcand at CEGEPTR.QC.CA Tue Aug 20 15:35:31 2002 From: jonathan.arcand at CEGEPTR.QC.CA (Jonathan Arcand) Date: Thu Jan 12 21:15:26 2006 Subject: Why the from and the sender are not the same thing? Message-ID: <11c301c24856$d91f9c30$e202040a@wxpsc2045ja> Hi, I received some messages like this: > The following e-mail messages were found to have viruses in them: > > Sender: > Recipient: > Subject: Scrolling > MessageID: g7KE78FF002666 > Report: /g7KE78FF002666/Yzdsr.scr Found the W32/Klez.h@MM virus !!! > Windows Screensavers often hide viruses in email in Yzdsr.scr > > Full headers are: > Return-Path: > Received: from Jcdyf (hurricane-ppp29.sorel.cognicase.net [64.254.11.35]) > by courrier.cegeptr.qc.ca (8.12.5/8.12.5) with SMTP id g7KE78FF002666 > for ; Tue, 20 Aug 2002 10:07:09 -0400 > Date: Tue, 20 Aug 2002 10:07:08 -0400 > Message-Id: <200208201407.g7KE78FF002666@courrier.cegeptr.qc.ca> > From: webmaster > To: infoprog@cegeptr.qc.ca > Subject: Scrolling > MIME-Version: 1.0 > Content-Type: multipart/alternative; > boundary=BBowx3aO8i4OBHwS930B5Us0800A2M03 > > -- > MailScanner > Email Virus Scanner I don't understand why the sender is webmaster@my.domain and in the header is webmaster@johnabbott.qc.ca The user's auto-response goes to webmaster@cegeptr.qc.ca I'm using mailsanner 3.20-7 with no spam detection and Mcafee Somenone knows what is my problem? Thanks! Jonathan From Matthew_doherty at DATAWATCH.COM Tue Aug 20 16:00:13 2002 From: Matthew_doherty at DATAWATCH.COM (Matt Doherty) Date: Thu Jan 12 21:15:26 2006 Subject: Why the from and the sender are not the same thing? Message-ID: The nature of the Klez virus to spoof sender in the header.. Read about the Klez virus on Symantec.com or somewhere else will explain it. Matt Doherty IT Dept Datawatch Corp >>In a world without walls or fences, who needs Windows and Gates?<< -----Original Message----- From: Jonathan Arcand [mailto:jonathan.arcand@CEGEPTR.QC.CA] Sent: Tuesday, August 20, 2002 11:37 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Why the from and the sender are not the same thing? Hi, I received some messages like this: > The following e-mail messages were found to have viruses in them: > > Sender: > Recipient: > Subject: Scrolling > MessageID: g7KE78FF002666 > Report: /g7KE78FF002666/Yzdsr.scr Found the W32/Klez.h@MM virus !!! > Windows Screensavers often hide viruses in email in Yzdsr.scr > > Full headers are: > Return-Path: > Received: from Jcdyf (hurricane-ppp29.sorel.cognicase.net [64.254.11.35]) > by courrier.cegeptr.qc.ca (8.12.5/8.12.5) with SMTP id g7KE78FF002666 > for ; Tue, 20 Aug 2002 10:07:09 -0400 > Date: Tue, 20 Aug 2002 10:07:08 -0400 > Message-Id: <200208201407.g7KE78FF002666@courrier.cegeptr.qc.ca> > From: webmaster > To: infoprog@cegeptr.qc.ca > Subject: Scrolling > MIME-Version: 1.0 > Content-Type: multipart/alternative; > boundary=BBowx3aO8i4OBHwS930B5Us0800A2M03 > > -- > MailScanner > Email Virus Scanner I don't understand why the sender is webmaster@my.domain and in the header is webmaster@johnabbott.qc.ca The user's auto-response goes to webmaster@cegeptr.qc.ca I'm using mailsanner 3.20-7 with no spam detection and Mcafee Somenone knows what is my problem? Thanks! Jonathan -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020820/a0d186d1/attachment.html From Mark.Gillis at HTCINC.NET Tue Aug 20 16:02:03 2002 From: Mark.Gillis at HTCINC.NET (Gillis, Mark) Date: Thu Jan 12 21:15:26 2006 Subject: Why the from and the sender are not the same thing? Message-ID: > -----Original Message----- > From: Jonathan Arcand [mailto:jonathan.arcand@CEGEPTR.QC.CA] > Sent: Tuesday, August 20, 2002 10:36 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Why the from and the sender are not the same thing? Simplest answer: The KLEZ virus is a dirty lying stinking scoundrel. It reads the victim's address book, snags at-random a few addresses, and uses those as the From and To. it has it's own built-in SMTP engine, which it uses to deliver its nastiness. You cannot trust the From and To in a Klez message, unfortunatly. however, if you have access to the syslogd mail logs, you should be able to grep for the message number and get a bit better picture. I wish this helped, but Klez is an just an intensely uncomfortable sensation in the nethermost regions. MailScanner and Sophos deal with it quite handily, however. Mark > > > Hi, > > I received some messages like this: > > > > The following e-mail messages were found to have viruses in them: > > > > Sender: > > Recipient: > > Subject: Scrolling > > MessageID: g7KE78FF002666 > > Report: /g7KE78FF002666/Yzdsr.scr Found the > W32/Klez.h@MM virus > !!! > > Windows Screensavers often hide viruses in email in Yzdsr.scr > > > > Full headers are: > > Return-Path: > > Received: from Jcdyf (hurricane-ppp29.sorel.cognicase.net > [64.254.11.35]) > > by courrier.cegeptr.qc.ca (8.12.5/8.12.5) with SMTP id > g7KE78FF002666 > > for ; Tue, 20 Aug 2002 10:07:09 -0400 > > Date: Tue, 20 Aug 2002 10:07:08 -0400 > > Message-Id: <200208201407.g7KE78FF002666@courrier.cegeptr.qc.ca> > > From: webmaster > > To: infoprog@cegeptr.qc.ca > > Subject: Scrolling > > MIME-Version: 1.0 > > Content-Type: multipart/alternative; > > boundary=BBowx3aO8i4OBHwS930B5Us0800A2M03 > > > > -- > > MailScanner > > Email Virus Scanner > > I don't understand why the sender is webmaster@my.domain and > in the header > is webmaster@johnabbott.qc.ca > > The user's auto-response goes to webmaster@cegeptr.qc.ca > > I'm using mailsanner 3.20-7 with no spam detection and Mcafee > > Somenone knows what is my problem? > Thanks! > > Jonathan > HTC Disclaimer: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. From pg at NEWHONEST.COM Tue Aug 20 16:13:01 2002 From: pg at NEWHONEST.COM (pg) Date: Thu Jan 12 21:15:26 2006 Subject: "Allow" Message-ID: <002e01c2485c$175a9a40$9c01a8c0@newhonest.com> If I put allow \.xls$ comments comments in filename.rules.conf, will the mailscanner and the virus scanner still check for possible virus infection, or just leave it untouched because it is ALLOWed? -Jason -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020820/dac17fdd/attachment.html From tom at tilmant.com Tue Aug 20 18:46:21 2002 From: tom at tilmant.com (Tom Tilmant) Date: Thu Jan 12 21:15:26 2006 Subject: Different delivery path of RBL checks? In-Reply-To: <11c301c24856$d91f9c30$e202040a@wxpsc2045ja> References: <11c301c24856$d91f9c30$e202040a@wxpsc2045ja> Message-ID: <5748.146.74.1.99.1029865581.squirrel@www.tilmant.com> Mailscanner team, Forgive me if this already exists, but I could not find it in the mailscanner.conf file. Is it possible to give and different delivery path for items that have been tagged as Spam by RBL checks like we can for items tagged by SA. For example, I am receiving text base mail that is tagged as Spam because it was found at spamcop.net, but because it is text, its given low or no points by SA. So I can not use the SA option to send mail over 10 points to a different delivery path (i.e. quarantine). If this isn?t possible to do, can if be an added feature? Tom From mailscanner at ecs.soton.ac.uk Tue Aug 20 19:02:18 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:26 2006 Subject: "Allow" In-Reply-To: <002e01c2485c$175a9a40$9c01a8c0@newhonest.com> Message-ID: <5.1.0.14.2.20020820190106.03968788@imap.ecs.soton.ac.uk> At 16:13 20/08/2002, you wrote: >If I put >allow \.xls$ comments comments >in filename.rules.conf, will the mailscanner and the virus scanner still >check for possible virus infection, or just leave it untouched because it >is ALLOWed? It will still check all the files for viruses, regardless of what you put in filename.rules.conf. The rules in this file affect the checking of the filename *only*, they do not affect the checking of the contents of the files. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From mailscanner at ecs.soton.ac.uk Tue Aug 20 19:00:46 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:26 2006 Subject: Why the from and the sender are not the same thing? In-Reply-To: Message-ID: <5.1.0.14.2.20020820185837.01a8d7c8@imap.ecs.soton.ac.uk> At 16:02 20/08/2002, you wrote: > > -----Original Message----- > > From: Jonathan Arcand [mailto:jonathan.arcand@CEGEPTR.QC.CA] > > Sent: Tuesday, August 20, 2002 10:36 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Why the from and the sender are not the same thing? > >Simplest answer: The KLEZ virus is a dirty lying stinking scoundrel. It >reads the victim's address book, snags at-random a few addresses, and uses >those as the From and To. it has it's own built-in SMTP engine, which it >uses to deliver its nastiness. > >You cannot trust the From and To in a Klez message, unfortunatly. however, >if you have access to the syslogd mail logs, you should be able to grep for >the message number and get a bit better picture. > >I wish this helped, but Klez is an just an intensely uncomfortable sensation >in the nethermost regions. MailScanner and Sophos deal with it quite >handily, however. Indeed. Look for the Viruses To Quietly Delete = /usr/local/MailScanner/etc/viruses.to.delete.conf line in your mailscanner.conf file and make sure it isn't commented out. You can use the option after that one to stop them being delivered to the recipients as well as to the senders. Just ensure you have the right strings in the viruses.to.delete.conf file, as these will depend on what your virus scanner calls them. > > Hi, > > > > I received some messages like this: > > > > > > > The following e-mail messages were found to have viruses in them: > > > > > > Sender: > > > Recipient: > > > Subject: Scrolling > > > MessageID: g7KE78FF002666 > > > Report: /g7KE78FF002666/Yzdsr.scr Found the > > W32/Klez.h@MM virus > > !!! > > > Windows Screensavers often hide viruses in email in Yzdsr.scr > > > > > > Full headers are: > > > Return-Path: > > > Received: from Jcdyf (hurricane-ppp29.sorel.cognicase.net > > [64.254.11.35]) > > > by courrier.cegeptr.qc.ca (8.12.5/8.12.5) with SMTP id > > g7KE78FF002666 > > > for ; Tue, 20 Aug 2002 10:07:09 -0400 > > > Date: Tue, 20 Aug 2002 10:07:08 -0400 > > > Message-Id: <200208201407.g7KE78FF002666@courrier.cegeptr.qc.ca> > > > From: webmaster > > > To: infoprog@cegeptr.qc.ca > > > Subject: Scrolling > > > MIME-Version: 1.0 > > > Content-Type: multipart/alternative; > > > boundary=BBowx3aO8i4OBHwS930B5Us0800A2M03 > > > > > > -- > > > MailScanner > > > Email Virus Scanner > > > > I don't understand why the sender is webmaster@my.domain and > > in the header > > is webmaster@johnabbott.qc.ca > > > > The user's auto-response goes to webmaster@cegeptr.qc.ca > > > > I'm using mailsanner 3.20-7 with no spam detection and Mcafee > > > > Somenone knows what is my problem? > > Thanks! > > > > Jonathan > > > > >HTC Disclaimer: The information contained in this message may be >privileged and confidential and protected from disclosure. If the reader >of this message is not the intended recipient, or an employee or agent >responsible for delivering this message to the intended recipient, you are >hereby notified that any dissemination, distribution or copying of this >communication is strictly prohibited. If you have received this >communication in error, please notify us immediately by replying to the >message and deleting it from your computer. Thank you. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From mailscanner at ecs.soton.ac.uk Tue Aug 20 19:06:08 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:26 2006 Subject: Different delivery path of RBL checks? In-Reply-To: <5748.146.74.1.99.1029865581.squirrel@www.tilmant.com> References: <11c301c24856$d91f9c30$e202040a@wxpsc2045ja> <11c301c24856$d91f9c30$e202040a@wxpsc2045ja> Message-ID: <5.1.0.14.2.20020820190300.03957c90@imap.ecs.soton.ac.uk> At 18:46 20/08/2002, you wrote: >Mailscanner team, Ho ho ho :-) >Forgive me if this already exists, but I could not find it in the >mailscanner.conf file. Is it possible to give and different delivery path >for items that have been tagged as Spam by RBL checks like we can for >items tagged by SA. For example, I am receiving text base mail that is >tagged as Spam because it was found at spamcop.net, but because it is >text, its given low or no points by SA. So I can not use the SA option to >send mail over 10 points to a different delivery path (i.e. quarantine). >If this isn't possible to do, can if be an added feature? I plan to make the spam handling much more configurable in the next major release. But there is a line beyond which the code just gets too complex and tortuous. Hopefully you'll get this... -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From mailscanner at ecs.soton.ac.uk Tue Aug 20 19:25:43 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:26 2006 Subject: Why the from and the sender are not the same thing? In-Reply-To: <11c301c24856$d91f9c30$e202040a@wxpsc2045ja> Message-ID: <5.1.0.14.2.20020820192447.02cd7eb8@imap.ecs.soton.ac.uk> In addition to my other comments, I refer you to my posting entitled "Re: Whitelist Problem -- explanation of To: versus recipient" on the mailing list on 13/August/2002. This explains the difference between the envelope and the headers. At 15:35 20/08/2002, you wrote: >Hi, > >I received some messages like this: > > > > The following e-mail messages were found to have viruses in them: > > > > Sender: > > Recipient: > > Subject: Scrolling > > MessageID: g7KE78FF002666 > > Report: /g7KE78FF002666/Yzdsr.scr Found the W32/Klez.h@MM virus >!!! > > Windows Screensavers often hide viruses in email in Yzdsr.scr > > > > Full headers are: > > Return-Path: > > Received: from Jcdyf (hurricane-ppp29.sorel.cognicase.net [64.254.11.35]) > > by courrier.cegeptr.qc.ca (8.12.5/8.12.5) with SMTP id g7KE78FF002666 > > for ; Tue, 20 Aug 2002 10:07:09 -0400 > > Date: Tue, 20 Aug 2002 10:07:08 -0400 > > Message-Id: <200208201407.g7KE78FF002666@courrier.cegeptr.qc.ca> > > From: webmaster > > To: infoprog@cegeptr.qc.ca > > Subject: Scrolling > > MIME-Version: 1.0 > > Content-Type: multipart/alternative; > > boundary=BBowx3aO8i4OBHwS930B5Us0800A2M03 > > > > -- > > MailScanner > > Email Virus Scanner > >I don't understand why the sender is webmaster@my.domain and in the header >is webmaster@johnabbott.qc.ca > >The user's auto-response goes to webmaster@cegeptr.qc.ca > >I'm using mailsanner 3.20-7 with no spam detection and Mcafee > >Somenone knows what is my problem? >Thanks! > >Jonathan -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From flmg5855 at TJ.SC.GOV.BR Tue Aug 20 22:43:03 2002 From: flmg5855 at TJ.SC.GOV.BR (Fernando L. M. =?iso-8859-1?Q?Gon=E7alves?=) Date: Thu Jan 12 21:15:26 2006 Subject: Problem when shut/start sendmail and mailscanner References: <5.1.0.14.2.20020816220710.0406c050@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020817103525.02dd1e78@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020819184648.02248e98@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020820003200.0357ce98@imap.ecs.soton.ac.uk> Message-ID: <3D62B7E7.2C7B7BE4@tj.sc.gov.br> > > > Here's the relevant bit: > > > > > > SENDMAIL=/opt/sendmail/current > > > QUEUE=/var/spool/mqueue > > > INQUEUE=/var/spool/mqueue.in > > > CF=$SENDMAIL/etc/sendmail.cf > > > > > > # Install everything if necessary (needed after careless Sun patching) > > > [ -x $SENDMAIL/bin/install.sendmail ] && $SENDMAIL/bin/install.sendmail > > > > > > # Make placeholders for status files > > > [ -d $SENDMAIL/var/status ] || mkdir $SENDMAIL/var/status > > > [ -f $SENDMAIL/var/sendmail.st ] || touch $SENDMAIL/var/sendmail.st > > > > > > echo "Starting sendmail:\c" > > > > > > echo " clean up queue\c" > > > for queuedir in $QUEUE $INQUEUE > > > do > > > cd $queuedir > > > > > > # remove zero length qf files > > > for qffile in qf* > > > do > > > if [ -r $qffile ]; then > > > if [ ! -s $qffile ]; then > > > rm -f $qffile > > > fi > > > fi > > > done > > > # rename tf files to be qf if the qf does not exist > > > for tffile in tf* > > > do > > > qffile=`echo $tffile | sed 's/t/q/'` > > > # JKF 15/7/98 Put $qffile in quotes in case tffile = 'tf*' > > > if [ -r $tffile -a ! -f "$qffile" ]; then > > > mv $tffile $qffile > > > else > > > if [ -f $tffile ]; then > > > rm -f $tffile > > > fi > > > fi > > > done > > > # remove df files with no corresponding qf files > > > for dffile in df* > > > do > > > qffile=`echo $dffile | sed 's/d/q/'` > > > if [ -r $dffile -a ! -f $qffile ]; then > > > mv $dffile `echo $dffile | sed 's/d/D/'` > > > fi > > > done > > > # announce files that have been saved during disaster recovery > > > for xffile in [A-Z]f* > > > do > > > if [ -f $xffile ]; then > > > echo " \c" > > > fi > > > done > > > done > > > > > > # Now actually start the damn thing... > > > #$SENDMAIL/bin/sendmail -q15m > > > #$SENDMAIL/bin/sendmail -bd -ODeliveryMode=queueonly > > > -OQueueDirectory=/var/spool/mqueue.in > > > > > > >Sorry, but I don't understood this script. Where I put it ? > > Alter the first 4 lines to point at your configuration files and queues, > and merge this in to your MailScanner startup script. You will want to > change the end of the script as well, as that happens to be the right > settings for me. > > You don't have to go to these lengths to clean the queue, it doesn't > actually matter very much. None of the Unix/Linux distributions I have used > do any of this. It's just what is considered "best practice" and might be > useful if you worry about old dead mqueue.in/mqueue files. The script moved all df* files to Df* files in the mqueue.in directory... why ? Fernando. From LISTSERV at JISCMAIL.AC.UK Wed Aug 21 06:23:54 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:26 2006 Subject: MAILSCANNER: mailinglists@NOELSOFTWARE.COM requested to join Message-ID: <200208210523.GAA27877@magpie.ecs.soton.ac.uk> Wed, 21 Aug 2002 06:23:54 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from H N . The following subscription options have been requested: NOMIME DIGEST SUBJECTHDR. You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER mailinglists@NOELSOFTWARE.COM H N The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+mailinglists%40NOELSOFTWARE.COM+H+N&L=MAILSCANNER This first link will add the subscriber to the list. You can then set the subscription options with this link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=SET+MAILSCANNER+NOMIME+DIGEST+SUBJECTHDR+FOR+mailinglists%40NOELSOFTWARE.COM&L=MAILSCANNER ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From P.G.M.Peters at civ.utwente.nl Wed Aug 21 09:36:33 2002 From: P.G.M.Peters at civ.utwente.nl (Peter Peters) Date: Thu Jan 12 21:15:26 2006 Subject: glad to have used MailScanner Message-ID: A new record! Yesterday some student was awarded with appr. 125.000 messages in his inbox telling him his system was infected. Because it was the screensaver virus they really came from him. His system nicely load balanced our two servers with his load of virusses. Of the 133.833 recipients our mailservers had to process 128.470 where infected. During the "attacks" mqueue.in reached a total of 3000 messages (on each server) but they were processed by MailScanner within 20 minutes. -- Peter Peters senior netwerkbeheerder, Centrum voor Informatievoorziening, Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: +31 53 489 2301, fax:+31 53 489 2383, http://www.utwente.nl/civ From mailscanner at ecs.soton.ac.uk Wed Aug 21 12:17:17 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:26 2006 Subject: Problem when shut/start sendmail and mailscanner In-Reply-To: <3D62B7E7.2C7B7BE4@tj.sc.gov.br> References: <5.1.0.14.2.20020816220710.0406c050@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020817103525.02dd1e78@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020819184648.02248e98@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020820003200.0357ce98@imap.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020821121641.03ebfb18@imap.ecs.soton.ac.uk> At 22:43 20/08/2002, you wrote: >The script moved all df* files to Df* files in the mqueue.in >directory... why ? In that case they didn't have any matching qf files, so it saved them as Df files. You can just delete those. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From LISTSERV at JISCMAIL.AC.UK Wed Aug 21 14:25:44 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:26 2006 Subject: MAILSCANNER: gerben@BREKELMANS.COM requested to join Message-ID: <200208211325.OAA18975@magpie.ecs.soton.ac.uk> Wed, 21 Aug 2002 14:25:44 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from Gerben Welter . You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER gerben@BREKELMANS.COM Gerben Welter The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+gerben%40BREKELMANS.COM+Gerben+Welter&L=MAILSCANNER ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From brandonf at BFCONSULT.CO.ZA Wed Aug 21 15:00:54 2002 From: brandonf at BFCONSULT.CO.ZA (Brandon Friedman) Date: Thu Jan 12 21:15:26 2006 Subject: double extension rule Message-ID: <3D639D16.5010308@bfconsult.co.za> I would like to setup an exception to the double extension filename rule. One user has a particular file that arrives in this format: xxx.dat.pdf But mailscanner deletes it, how can we allow just that one file through without disabling the double extension rule entirely? -- Regards Brandon Friedman Cell:083 408 7840 E-mail: brandonf@bfconsult.co.za www.bfconsult.co.za From mailscanner at ecs.soton.ac.uk Wed Aug 21 15:08:40 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:26 2006 Subject: double extension rule In-Reply-To: <3D639D16.5010308@bfconsult.co.za> Message-ID: <5.1.0.14.2.20020821150747.0230d0e8@imap.ecs.soton.ac.uk> At 15:00 21/08/2002, you wrote: >I would like to setup an exception to the double extension filename rule. > >One user has a particular file that arrives in this format: >xxx.dat.pdf > >But mailscanner deletes it, how can we allow just that one file through >without disabling the double extension rule entirely? Sure. Just add a rule like allow /\.dat\.pdf$/ - - above the double-extension trap. The rules are executed in the order they are specified in the conf file. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From David.Sullivan at BARNET.AC.UK Wed Aug 21 15:08:54 2002 From: David.Sullivan at BARNET.AC.UK (David Sullivan) Date: Thu Jan 12 21:15:27 2006 Subject: double extension rule In-Reply-To: <3D639D16.5010308@bfconsult.co.za> Message-ID: <3D63AD14.3851.BA2B312@localhost> On 21 Aug 2002 at 16:00, Brandon Friedman wrote: > I would like to setup an exception to the double extension filename rule. > > One user has a particular file that arrives in this format: > xxx.dat.pdf > > But mailscanner deletes it, how can we allow just that one file through > without disabling the double extension rule entirely? This one's been answered a couple of times. Might be time to stick in the FAQ ... Put an allow entry above the double extension rule if you're sure that you're happy allowing that filetype through regardless (in this case pdf). It'll match on the first expression found. For example: allow \.pdf - - # Deny all other double file extensions. This catches any hidden filenames. ... Regards ============================================================== This communication may contain privileged or confidential information which is for the exclusive use of the intended recipient. If you are not the intended recipient, please note that you may not distribute or use this communication or the information it contains. If this e-mail has reached you in error, please delete it and any attachment. Internet communications are not secure and Barnet College does not accept legal responsibility for the content of this message. Any views or opinions expressed are those of the author and not necessarily those of Barnet College. Please note that Barnet College reserves the right to monitor the source/destinations of all incoming or outgoing e-mail communications. ============================================================== From raymond at PROLOCATION.NET Wed Aug 21 15:14:46 2002 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:15:27 2006 Subject: double extension rule In-Reply-To: <5.1.0.14.2.20020821150747.0230d0e8@imap.ecs.soton.ac.uk> Message-ID: Hi! > >One user has a particular file that arrives in this format: > >xxx.dat.pdf > Sure. Just add a rule like > allow /\.dat\.pdf$/ - - > above the double-extension trap. The rules are executed in the order they > are specified in the conf file. Or, just let him zip it, as suggested, saves space also. Bye, Raymond. From brandonf at BFCONSULT.CO.ZA Wed Aug 21 15:17:46 2002 From: brandonf at BFCONSULT.CO.ZA (Brandon Friedman) Date: Thu Jan 12 21:15:27 2006 Subject: double extension rule References: Message-ID: <3D63A10A.20306@bfconsult.co.za> Raymond Dijkxhoorn wrote: > Hi! > > >>>One user has a particular file that arrives in this format: >>>xxx.dat.pdf >>> > >>Sure. Just add a rule like >>allow /\.dat\.pdf$/ - - >>above the double-extension trap. The rules are executed in the order they >>are specified in the conf file. >> > > Or, just let him zip it, as suggested, saves space also. Unfortunately this pdf file is generated on a mainframe that we don't control so we will have to setup a filter from our side! -- Regards Brandon Friedman Cell:083 408 7840 E-mail: brandonf@bfconsult.co.za www.bfconsult.co.za From raymond at PROLOCATION.NET Wed Aug 21 15:19:03 2002 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:15:27 2006 Subject: double extension rule In-Reply-To: <3D63A10A.20306@bfconsult.co.za> Message-ID: Hi! > >>above the double-extension trap. The rules are executed in the order they > >>are specified in the conf file. > > Or, just let him zip it, as suggested, saves space also. > Unfortunately this pdf file is generated on a mainframe that we don't > control so we will have to setup a filter from our side! Zip the mainframe also =) Bye, Raymond. From brandonf at BFCONSULT.CO.ZA Wed Aug 21 15:28:57 2002 From: brandonf at BFCONSULT.CO.ZA (Brandon Friedman) Date: Thu Jan 12 21:15:27 2006 Subject: double extension rule References: Message-ID: <3D63A3A9.5080308@bfconsult.co.za> Done!!!! :) I have add the line and works! Thanks for the help folks! Raymond Dijkxhoorn wrote: > Hi! > > >>>>above the double-extension trap. The rules are executed in the order they >>>>are specified in the conf file. >>>> > >>>Or, just let him zip it, as suggested, saves space also. >>> > >>Unfortunately this pdf file is generated on a mainframe that we don't >>control so we will have to setup a filter from our side! >> > > Zip the mainframe also =) > > Bye, > Raymond. > > -- Regards Brandon Friedman Cell:083 408 7840 E-mail: brandonf@bfconsult.co.za www.bfconsult.co.za From mrlynx at LAING.E-TARLAC.COM Wed Aug 21 15:27:43 2002 From: mrlynx at LAING.E-TARLAC.COM (Joseph C. Bautista -mrlynx-) Date: Thu Jan 12 21:15:27 2006 Subject: SpamAssasin TimeOut Message-ID: had anyone seen this problem? iam using mailscanner 3.22.11 In my mailscanner.conf SpamAssasin TimeOuts = 10 Max SpamAssasin TimeOuts = 10 -- - \|/ - (@ @) +----------oOO---------(_)------------+ | Mr. Joseph C. Bautista | | NOC, e-Tarlac.com | | email add: mrlynx@e-tarlac.com | | URL: http://www.e-tarlac.com | +------------------------oOO----------+ |__|__| | | | | ooO Ooo -- It takes more learning, before you learn how little you've learned -- -------------- next part -------------- Aug 21 16:53:57 laing mailscanner[12072]: SpamAssassin timed out and was killed, consecutive failure 1 of 10 Aug 21 16:54:03 laing mailscanner[12072]: Scanned 1 messages, 2719 bytes in 1 seconds Aug 21 16:54:03 laing sendmail[20957]: g7L8re420930: to=, delay=00:00:22, xdelay=00:00:00, mailer=local, pri=176233, dsn=2.0.0, stat=Sent From mailscanner at ecs.soton.ac.uk Wed Aug 21 15:43:33 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:27 2006 Subject: SpamAssasin TimeOut In-Reply-To: Message-ID: <5.1.0.14.2.20020821154227.0302f250@imap.ecs.soton.ac.uk> What don't you understand. The "xx" attachment just contains a sample of log entries showing that SpamAssassin timed out (after 10 seconds), and this was the 1st timeout of a maximum of 10 consecutive timeouts. At 15:27 21/08/2002, you wrote: >had anyone seen this problem? >iam using mailscanner 3.22.11 > >In my mailscanner.conf >SpamAssasin TimeOuts = 10 >Max SpamAssasin TimeOuts = 10 >-- >- \|/ - > (@ @) >+----------oOO---------(_)------------+ > | Mr. Joseph C. Bautista | > | NOC, e-Tarlac.com | > | email add: mrlynx@e-tarlac.com | > | URL: http://www.e-tarlac.com | >+------------------------oOO----------+ > |__|__| > | | | | > ooO Ooo > >-- It takes more learning, before you learn > how little you've learned -- -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From LISTSERV at JISCMAIL.AC.UK Wed Aug 21 16:01:37 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:27 2006 Subject: MAILSCANNER: Kai.Johannsen@TU-BERLIN.DE left the list Message-ID: <200208211501.QAA01633@magpie.ecs.soton.ac.uk> Wed, 21 Aug 2002 16:01:37 Kai Johannsen has just signed off the MAILSCANNER list (MailScanner mailing list). ------------------------- Original mail header -------------------------- [WWW request received from 130.149.86.18] From flmg5855 at TJ.SC.GOV.BR Wed Aug 21 18:37:47 2002 From: flmg5855 at TJ.SC.GOV.BR (Fernando L. M. =?iso-8859-1?Q?Gon=E7alves?=) Date: Thu Jan 12 21:15:27 2006 Subject: Problem when shut/start sendmail and mailscanner References: <5.1.0.14.2.20020816220710.0406c050@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020817103525.02dd1e78@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020819184648.02248e98@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020820003200.0357ce98@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020821121641.03ebfb18@imap.ecs.soton.ac.uk> Message-ID: <3D63CFEA.53AF68C8@tj.sc.gov.br> Thanks for the help Julian. Fernando. Julian Field wrote: > At 22:43 20/08/2002, you wrote: > >The script moved all df* files to Df* files in the mqueue.in > >directory... why ? > > In that case they didn't have any matching qf files, so it saved them as Df > files. You can just delete those. > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ From LISTSERV at JISCMAIL.AC.UK Wed Aug 21 20:44:09 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:27 2006 Subject: MAILSCANNER: brian@TPC.AC.UK requested to join Message-ID: <200208211944.UAA06440@magpie.ecs.soton.ac.uk> Wed, 21 Aug 2002 20:44:09 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from Brian Chivers . You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER brian@TPC.AC.UK Brian Chivers The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+brian%40TPC.AC.UK+Brian+Chivers&L=MAILSCANNER ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From LISTSERV at JISCMAIL.AC.UK Wed Aug 21 20:54:11 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:27 2006 Subject: MAILSCANNER: brian@TPC.AC.UK left the list Message-ID: <200208211954.UAA07285@magpie.ecs.soton.ac.uk> Wed, 21 Aug 2002 20:54:11 Brian Chivers has just signed off the MAILSCANNER list (MailScanner mailing list). ------------------------- Original mail header -------------------------- [WWW request received from 212.219.116.210] From LISTSERV at JISCMAIL.AC.UK Wed Aug 21 20:54:57 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:27 2006 Subject: MAILSCANNER: ipswitch@APK.NET requested to join Message-ID: <200208211954.UAA07380@magpie.ecs.soton.ac.uk> Wed, 21 Aug 2002 20:54:57 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from Stuart Krivis . You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER ipswitch@APK.NET Stuart Krivis The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+ipswitch%40APK.NET+Stuart+Krivis&L=MAILSCANNER ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From LISTSERV at JISCMAIL.AC.UK Wed Aug 21 20:57:21 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:27 2006 Subject: MAILSCANNER: brian@PORTSMOUTH-COLLEGE.AC.UK requested to join Message-ID: <200208211957.UAA07612@magpie.ecs.soton.ac.uk> Wed, 21 Aug 2002 20:57:21 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from Brian Chivers . You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER brian@PORTSMOUTH-COLLEGE.AC.UK Brian Chivers The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+brian%40PORTSMOUTH-COLLEGE.AC.UK+Brian+Chivers&L=MAILSCANNER ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From brian at PORTSMOUTH-COLLEGE.AC.UK Wed Aug 21 21:08:02 2002 From: brian at PORTSMOUTH-COLLEGE.AC.UK (Brian Chivers) Date: Thu Jan 12 21:15:27 2006 Subject: A couple or three simple question (Aren't they always) Message-ID: <00a901c2494e$742c9230$f0c8a8c0@brianhome> Could you tell me if their is an easy way to tell which version of Mailscanner we are running ? This may sound like strange question but I didn't install the software and the person who did has moved on and I can't contact him. If we are running an older version is it just a matter of stopping mailscanner replacing a main mailscanner scipt in the bin directory and restarting it ? And lastly, mailscanner seems to be running as I sent myself the eicar test virus and got the alerts but none of our messages get the usual signiture of "This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean." Did the person who installed this turn it off or what should I check or do I have another problem to solve with your help possibly Thanks Brian Chivers (ICT Support - Portsmouth College) -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020821/3a7b3be1/attachment.html From mkettler at EVI-INC.COM Wed Aug 21 21:37:54 2002 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:15:27 2006 Subject: A couple or three simple question (Aren't they always) In-Reply-To: <00a901c2494e$742c9230$f0c8a8c0@brianhome> Message-ID: <5.1.0.14.0.20020821163422.02231ec0@192.168.50.2> 1) find the version by greping the mailscanner 'binary' (it's a perl script so not really a binary file) for MailScannerVersion ie: $Config::MailScannerVersion = '3.20'; 2) you probably need to update the rest of the scripts, and the configs in the etc directory when upgrading. Julian can hopefuly confirm/deny this :) 3) I've never known MailScanner to do that by default, but I use a slightly old version (as you can see in part 1).. it just adds a header. X-MailScanner: Found to be clean At 09:08 PM 8/21/2002 +0100, Brian Chivers wrote: >Could you tell me if their is an easy way to tell which version of >Mailscanner we are running ? This may sound like strange question but I >didn't install the software and the person who did has moved on and I >can't contact him. > >If we are running an older version is it just a matter of stopping >mailscanner replacing a main mailscanner scipt in the bin directory and >restarting it ? > >And lastly, mailscanner seems to be running as I sent myself the eicar >test virus and got the alerts but none of our messages get the usual >signiture of > >"This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean." >Did the person who installed this turn it off or what should I check or do >I have another problem to solve with your help possibly > >Thanks >Brian Chivers >(ICT Support - Portsmouth College) From mailscanner at ecs.soton.ac.uk Wed Aug 21 21:38:11 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:27 2006 Subject: A couple or three simple question (Aren't they always) In-Reply-To: <00a901c2494e$742c9230$f0c8a8c0@brianhome> Message-ID: <5.1.0.14.2.20020821213459.023597c8@imap.ecs.soton.ac.uk> At 21:08 21/08/2002, you wrote: >Could you tell me if their is an easy way to tell which version of >Mailscanner we are running ? This may sound like strange question but I >didn't install the software and the person who did has moved on and I >can't contact him. It logs its version number in your maillog on startup. If you installed from the rpm distribution you can just do "rpm -q mailscanner". >If we are running an older version is it just a matter of stopping >mailscanner replacing a main mailscanner scipt in the bin directory and >restarting it ? No. You will need to install the new version of all of the bin directory, and then compare your mailscanner.conf file with the new one to ensure you set appropriate values for all the new configuration options. >And lastly, mailscanner seems to be running as I sent myself the eicar >test virus and got the alerts but none of our messages get the usual >signiture of > >"This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean." >Did the person who installed this turn it off or what should I check or do >I have another problem to solve with your help possibly Look for "Sign Clean Messages" in your mailscanner.conf file. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From brian at PORTSMOUTH-COLLEGE.AC.UK Wed Aug 21 21:48:55 2002 From: brian at PORTSMOUTH-COLLEGE.AC.UK (Brian Chivers) Date: Thu Jan 12 21:15:27 2006 Subject: A couple or three simple question (Aren't they always) References: <5.1.0.14.2.20020821213459.023597c8@imap.ecs.soton.ac.uk> Message-ID: <00ce01c24954$2a766d40$f0c8a8c0@brianhome> Thanks for the quick answers at this time of night , I thought I was the only person fiddling at this time of night *grin* Turns out that we are running 3.13-2 so I guess we should update to the latest version. Is their anything that I should be careful with between the mailscanner.conf file used in our version and the newer one ? or could I just use our existing file ? As for the missing message, I fixed this one by restarting mailscanner and they have reappeared (must be the magic pixies again) Thanks for all the work on an excellent package Brian ----- Original Message ----- From: "Julian Field" To: Sent: Wednesday, August 21, 2002 9:38 PM Subject: Re: A couple or three simple question (Aren't they always) > At 21:08 21/08/2002, you wrote: > >Could you tell me if their is an easy way to tell which version of > >Mailscanner we are running ? This may sound like strange question but I > >didn't install the software and the person who did has moved on and I > >can't contact him. > > It logs its version number in your maillog on startup. If you installed > from the rpm distribution you can just do "rpm -q mailscanner". > > >If we are running an older version is it just a matter of stopping > >mailscanner replacing a main mailscanner scipt in the bin directory and > >restarting it ? > > No. You will need to install the new version of all of the bin directory, > and then compare your mailscanner.conf file with the new one to ensure you > set appropriate values for all the new configuration options. > > >And lastly, mailscanner seems to be running as I sent myself the eicar > >test virus and got the alerts but none of our messages get the usual > >signiture of > > > >"This message has been scanned for viruses and > >dangerous content by MailScanner, and is > >believed to be clean." > >Did the person who installed this turn it off or what should I check or do > >I have another problem to solve with your help possibly > > Look for "Sign Clean Messages" in your mailscanner.conf file. > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailscanner at ecs.soton.ac.uk Wed Aug 21 21:59:22 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:27 2006 Subject: A couple or three simple question (Aren't they always) In-Reply-To: <00ce01c24954$2a766d40$f0c8a8c0@brianhome> References: <5.1.0.14.2.20020821213459.023597c8@imap.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020821215718.038e0b10@imap.ecs.soton.ac.uk> At 21:48 21/08/2002, you wrote: >Thanks for the quick answers at this time of night , I thought I was the >only person fiddling at this time of night *grin* I aim to please :-) >Is their anything that I should be careful with between the mailscanner.conf >file used in our version and the newer one ? or could I just use our >existing file ? Diff the old and the new mailscanner.conf files and propagate your local changes into the new version of the file. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From lltan at WEARNES.COM.SG Thu Aug 22 05:19:09 2002 From: lltan at WEARNES.COM.SG (Tan Lian Leong) Date: Thu Jan 12 21:15:27 2006 Subject: Can i move Sendmail store folder to Home partition? References: Message-ID: <004801c24993$1137b980$120000a9@wtkia> Thanks for reply. I plan to use imap for my mail server. So I would like to enable quota on user mailbox. Do you think i should link the /var/spool/mail to home and enable quota in /home file system or just enable quota in /var file system is the better method? Do you have any other good suggestion? ----- Original Message ----- From: Matt Doherty To: MAILSCANNER@JISCMAIL.AC.UK Sent: Tuesday, August 20, 2002 9:02 PM Subject: Re: Can i move Sendmail store folder to Home partition? make a link , mkdir /home/mail cd /var/spool ln -s /home/mail mail do a ' man ln ' Matt Doherty IT Dept Datawatch Corp >>In a world without walls or fences, who needs Windows and Gates?<< -----Original Message----- From: Tan Lian Leong [mailto:lltan@WEARNES.COM.SG] Sent: Tuesday, August 20, 2002 2:45 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Can i move Sendmail store folder to Home partition? The default Sendmail user mail file location is in /var/spool/mail. Can i move it to Home directory? I have Mailscanner installed. I use Redhat 7.3, Sendmail-8.11.6-15, Mailscanner-3.22-6. If yes, what else should i do after move to Home directory? Thanks in advance. Benny. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020822/b721e086/attachment.html From mkettler at EVI-INC.COM Thu Aug 22 05:30:53 2002 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:15:27 2006 Subject: Can i move Sendmail store folder to Home partition? In-Reply-To: <004801c24993$1137b980$120000a9@wtkia> References: Message-ID: <5.1.0.14.0.20020822002127.00aaab00@192.168.50.2> making /var/spool/mail a link is a doable option, but probably sub-optimal. Offhand it makes me a bit nervous as far as inheriting mount permissions of the /home partition, and being re-linkable, but I'm a bit of a paranoid type and haven't had the chance to think about it deeply. If possible I'd make /var/spool/ its own filesystem (and partition) and quota that. If your fstab supports it, it would also be a good chance to mount it noexec, nosuid,nodev. (minor security bonus since nothings likely to exec there anyway, but it's not like anything ever needs to be executable or a special device there so why allow it?) At 12:19 PM 8/22/2002 +0800, Tan Lian Leong wrote: > >Thanks for reply. I plan to use imap for my mail server. So I would like >to enable quota on user mailbox. Do you think i should link the >/var/spool/mail to home and enable quota in /home file system or just >enable quota in /var file system is the better method? Do you have any >other good suggestion? >----- Original Message ----- >From: Matt Doherty >To: MAILSCANNER@JISCMAIL.AC.UK >Sent: Tuesday, August 20, 2002 9:02 PM >Subject: Re: Can i move Sendmail store folder to Home partition? > >make a link , >mkdir /home/mail >cd /var/spool >ln -s /home/mail mail > > >do a ' man ln ' From LISTSERV at JISCMAIL.AC.UK Wed Aug 21 22:14:09 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:27 2006 Subject: MAILSCANNER: cameron@CAMERON.CO.NZ requested to join Message-ID: <200208212114.WAA14808@magpie.ecs.soton.ac.uk> Wed, 21 Aug 2002 22:14:09 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from Martin Cameron . You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER cameron@CAMERON.CO.NZ Martin Cameron The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+cameron%40CAMERON.CO.NZ+Martin+Cameron&L=MAILSCANNER ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From LISTSERV at JISCMAIL.AC.UK Thu Aug 22 03:26:28 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:27 2006 Subject: MAILSCANNER: eljl@I-SNAPINTERNET.COM requested to join Message-ID: <200208220226.DAA08622@magpie.ecs.soton.ac.uk> Thu, 22 Aug 2002 03:26:28 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from Eddie Javier . The following subscription options have been requested: HTML DIGEST. You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER eljl@I-SNAPINTERNET.COM Eddie Javier The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+eljl%40I-SNAPINTERNET.COM+Eddie+Javier&L=MAILSCANNER This first link will add the subscriber to the list. You can then set the subscription options with this link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=SET+MAILSCANNER+HTML+DIGEST+FOR+eljl%40I-SNAPINTERNET.COM&L=MAILSCANNER ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From lltan at WEARNES.COM.SG Thu Aug 22 11:38:45 2002 From: lltan at WEARNES.COM.SG (Tan Lian Leong) Date: Thu Jan 12 21:15:27 2006 Subject: Can i move Sendmail store folder to Home partition? References: <5.1.0.14.0.20020822002127.00aaab00@192.168.50.2> Message-ID: <007f01c249c8$2fbf2ca0$120000a9@wtkia> How can i create new /var/spool/ filesystem (or partition) on the existing Server? Thanks. ----- Original Message ----- From: "Matt Kettler" To: Sent: Thursday, August 22, 2002 12:30 PM Subject: Re: Can i move Sendmail store folder to Home partition? > making /var/spool/mail a link is a doable option, but probably sub-optimal. > Offhand it makes me a bit nervous as far as inheriting mount permissions of > the /home partition, and being re-linkable, but I'm a bit of a paranoid > type and haven't had the chance to think about it deeply. > > If possible I'd make /var/spool/ its own filesystem (and partition) and > quota that. If your fstab supports it, it would also be a good chance to > mount it noexec, nosuid,nodev. (minor security bonus since nothings likely > to exec there anyway, but it's not like anything ever needs to be > executable or a special device there so why allow it?) > > > At 12:19 PM 8/22/2002 +0800, Tan Lian Leong wrote: > > > >Thanks for reply. I plan to use imap for my mail server. So I would like > >to enable quota on user mailbox. Do you think i should link the > >/var/spool/mail to home and enable quota in /home file system or just > >enable quota in /var file system is the better method? Do you have any > >other good suggestion? > >----- Original Message ----- > >From: Matt Doherty > >To: MAILSCANNER@JISCMAIL.AC.UK > >Sent: Tuesday, August 20, 2002 9:02 PM > >Subject: Re: Can i move Sendmail store folder to Home partition? > > > >make a link , > >mkdir /home/mail > >cd /var/spool > >ln -s /home/mail mail > > > > > >do a ' man ln ' > From smohan at VSNL.COM Thu Aug 22 13:38:19 2002 From: smohan at VSNL.COM (S Mohan) Date: Thu Jan 12 21:15:27 2006 Subject: Can i move Sendmail store folder to Home partition? In-Reply-To: <007f01c249c8$2fbf2ca0$120000a9@wtkia> Message-ID: Are you looking at adding a drive. How else would you add a partition. Add a drive, partition the drive using fdisk, make a ext3 file system on the device. Create a directory called /var/spool1. Copy contents of /var/spool to /var/spool1. Rename /var/spool as /var/spool.old. Recreate /var/spool directory. Mount the new device say hdc1 as /var/spool using mount -t ext3 /dev/hdc1 /var/spool. Make this entry also in fstab so that it gets mounted at every boot. I guess you should be home now. During this whole trial, your machine must be off the production network. I'd recommend you be cautious and make sure back ups are available. Good Luck. Mohan -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Tan Lian Leong Sent: 22 August 2002 16:09 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Can i move Sendmail store folder to Home partition? How can i create new /var/spool/ filesystem (or partition) on the existing Server? Thanks. ----- Original Message ----- From: "Matt Kettler" To: Sent: Thursday, August 22, 2002 12:30 PM Subject: Re: Can i move Sendmail store folder to Home partition? > making /var/spool/mail a link is a doable option, but probably sub-optimal. > Offhand it makes me a bit nervous as far as inheriting mount permissions of > the /home partition, and being re-linkable, but I'm a bit of a paranoid > type and haven't had the chance to think about it deeply. > > If possible I'd make /var/spool/ its own filesystem (and partition) and > quota that. If your fstab supports it, it would also be a good chance to > mount it noexec, nosuid,nodev. (minor security bonus since nothings likely > to exec there anyway, but it's not like anything ever needs to be > executable or a special device there so why allow it?) > > > At 12:19 PM 8/22/2002 +0800, Tan Lian Leong wrote: > > > >Thanks for reply. I plan to use imap for my mail server. So I would like > >to enable quota on user mailbox. Do you think i should link the > >/var/spool/mail to home and enable quota in /home file system or just > >enable quota in /var file system is the better method? Do you have any > >other good suggestion? > >----- Original Message ----- > >From: Matt Doherty > >To: MAILSCANNER@JISCMAIL.AC.UK > >Sent: Tuesday, August 20, 2002 9:02 PM > >Subject: Re: Can i move Sendmail store folder to Home partition? > > > >make a link , > >mkdir /home/mail > >cd /var/spool > >ln -s /home/mail mail > > > > > >do a ' man ln ' > From domeng at STII.DOST.GOV.PH Thu Aug 22 15:18:02 2002 From: domeng at STII.DOST.GOV.PH (Domingo Genaro P. Tamayo) Date: Thu Jan 12 21:15:27 2006 Subject: Sophos sweep update problem Message-ID: <1561.202.163.226.56.1030025882.squirrel@itdgate.stii.dost.gov.ph> Good Day! I not sure if this is the right place for this question, but I already searched the mailing list archive but didnt found the answer. Tried using mrtg to monitor mail/spam/virus activity on our email server (Mandrake 8.2/Sendmail-8.12.1-4). Here's my setup: mrtg binaries - /usr/local/mrtg-2/bin/ mrtg conf - /etc/mrtg/cfg/mrtg.cfg sendmail.logs.pl - /usr/local/mrtg-2/bin/ **sendmail.logs.pl: $LogDir = "/var/log/mail"; **mrtg.cfg: Target[mail]: '/usr/local/mrtg-2/bin/sendmail.logs.pl mail' Target[spam]: '/usr/local/mrtg-2/bin/sendmail.logs.pl spam' Target[viruses]: '/usr/local/mrtg-2/bin/sendmail.logs.pl viruses' When I run *sendmail.logs.pl mail* by hand: 1942 0 Not Applicable Mail Server When I run *sendmail.logs.pl viruses* by hand: 19 0 Not Applicable Mail Server When I run *sendmail.logs.pl spam* by hand: 199 0 Not Applicable Mail Server Then I'll do a /usr/local/mrtg-2/bin/mrtg /etc/mrtg/cfg/mrtg.cfg Hmmm, Im just doubtful, am I doing the right thing? Thanks! From mailscanner at ecs.soton.ac.uk Thu Aug 22 15:13:48 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:27 2006 Subject: Sophos sweep update problem In-Reply-To: <1561.202.163.226.56.1030025882.squirrel@itdgate.stii.dost. gov.ph> Message-ID: <5.1.0.14.2.20020822151319.059f51e0@imap.ecs.soton.ac.uk> What has this got to do with "Sophos sweep update problem"? If you change the subject, please change the Subject: too. At 15:18 22/08/2002, you wrote: >Good Day! > >I not sure if this is the right place for this question, but I already >searched the mailing list archive but didnt found the answer. >Tried using mrtg to monitor mail/spam/virus activity on our email server >(Mandrake 8.2/Sendmail-8.12.1-4). Here's my setup: >mrtg binaries - /usr/local/mrtg-2/bin/ >mrtg conf - /etc/mrtg/cfg/mrtg.cfg >sendmail.logs.pl - /usr/local/mrtg-2/bin/ > >**sendmail.logs.pl: > >$LogDir = "/var/log/mail"; > >**mrtg.cfg: > >Target[mail]: '/usr/local/mrtg-2/bin/sendmail.logs.pl mail' >Target[spam]: '/usr/local/mrtg-2/bin/sendmail.logs.pl spam' >Target[viruses]: '/usr/local/mrtg-2/bin/sendmail.logs.pl viruses' > >When I run *sendmail.logs.pl mail* by hand: > >1942 >0 >Not Applicable >Mail Server > >When I run *sendmail.logs.pl viruses* by hand: > >19 >0 >Not Applicable >Mail Server > >When I run *sendmail.logs.pl spam* by hand: > >199 >0 >Not Applicable >Mail Server > >Then I'll do a /usr/local/mrtg-2/bin/mrtg /etc/mrtg/cfg/mrtg.cfg > >Hmmm, Im just doubtful, am I doing the right thing? > >Thanks! -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From Matthew_doherty at DATAWATCH.COM Thu Aug 22 15:57:29 2002 From: Matthew_doherty at DATAWATCH.COM (Matt Doherty) Date: Thu Jan 12 21:15:27 2006 Subject: Problem when shut/start sendmail and mailscanner Message-ID: Julian, In this digest you mentioned: The last thing sendmail does with a message is rename the xf to qf, so you could do that. On www.sendmail.org there is a really good script to start sendmail that cleans up the queue really well. I am having a hell of a time finding it. Would you be so kind as to reply to me with a link to the page or download? Thanks ! ! Matt Doherty IT Dept Datawatch Corp >>In a world without walls or fences, who needs Windows and Gates?<< The last thing sendmail does with a message is rename the xf to qf, so you could do that. On www.sendmail.org there is a really good script to start sendmail that cleans up the queue really well. >Fernando. > >Julian Field wrote: > > > Exactly what are the filenames left behind? > > > > If they start with a capital letter, they are partly-received messages that > > sendmail was reading when it was killed. > > > > The messages are re-sent completely when sendmail starts up again. These > > files can be safely deleted, as can zero-length "qf" files, and "df" files > > with no corresponding "qf" file. "tf" files with no corresponding "qf" file > > can be renamed to "qf". > > > > What all that boils down to is this: > > MailScanner will pick up completely delivered messages (qf and df pairs of > > files). Anything else will be ignored. > > > > At 21:53 16/08/2002, you wrote: > > >When I shutdown sendmail and mailscanner the files remaining in the > > >mqueue.in directory aren?t processed when I start sendmail/mailscanner > > >again. > > >The mailscanner start a new sequence of files in mqueue.in directory and > > >ignore the old files. > > > > -- > > Julian Field Teaching Systems Manager > > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > > Tel. 023 8059 2817 University of Southampton > > Southampton SO17 1BJ -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020822/3205bee0/attachment.html From mailscanner at ecs.soton.ac.uk Thu Aug 22 16:31:15 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:27 2006 Subject: Problem when shut/start sendmail and mailscanner In-Reply-To: Message-ID: <5.1.0.14.2.20020822163040.05a9e420@imap.ecs.soton.ac.uk> At 15:57 22/08/2002, you wrote: >In this digest you mentioned: >The last thing sendmail does with a message is rename the xf to qf, so you >could do that. On www.sendmail.org there is a really good script to start >sendmail that cleans up the queue really well. >I am having a hell of a time finding it. Would you be so kind as to reply >to me with a link to the page or download? See my post from Monday with this subject line. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From Matthew_doherty at DATAWATCH.COM Thu Aug 22 16:40:03 2002 From: Matthew_doherty at DATAWATCH.COM (Matt Doherty) Date: Thu Jan 12 21:15:27 2006 Subject: Problem when shut/start sendmail and mailscanner Message-ID: Got it! Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020822/2b0d9d95/attachment.html From eljl at I-SNAPINTERNET.COM Fri Aug 23 03:08:06 2002 From: eljl at I-SNAPINTERNET.COM (Eddie Javier) Date: Thu Jan 12 21:15:27 2006 Subject: Scan Only, Not Clean Message-ID: <200208230208.g7N285r27523@ori.rl.ac.uk> Hello, Is there a way to configure mailscanner in order for it to Scan only and not Clean? This would greatly improve the time it takes to process a message. Best regards, -eljl From domeng at STII.DOST.GOV.PH Fri Aug 23 06:00:54 2002 From: domeng at STII.DOST.GOV.PH (Domingo Genaro P. Tamayo) Date: Thu Jan 12 21:15:27 2006 Subject: MRTG Configuration In-Reply-To: <5.1.0.14.2.20020822151319.059f51e0@imap.ecs.soton.ac.uk> References: <1561.202.163.226.56.1030025882.squirrel@itdgate.stii.dost. gov.ph> <5.1.0.14.2.20020822151319.059f51e0@imap.ecs.soton.ac.uk> Message-ID: <1120.202.163.226.56.1030078854.squirrel@itdgate.stii.dost.gov.ph> My apologies. Just opened a mail from inbox then hit reply. Didn't changed the topic. Im really sorry. > What has this got to do with "Sophos sweep update problem"? > If you change the subject, please change the Subject: too. > > At 15:18 22/08/2002, you wrote: >>Good Day! >> >>I not sure if this is the right place for this question, but I already >>searched the mailing list archive but didnt found the answer. >>Tried using mrtg to monitor mail/spam/virus activity on our email >>server (Mandrake 8.2/Sendmail-8.12.1-4). Here's my setup: >>mrtg binaries - /usr/local/mrtg-2/bin/ >>mrtg conf - /etc/mrtg/cfg/mrtg.cfg >>sendmail.logs.pl - /usr/local/mrtg-2/bin/ >> >>**sendmail.logs.pl: >> >>$LogDir = "/var/log/mail"; >> >>**mrtg.cfg: >> >>Target[mail]: '/usr/local/mrtg-2/bin/sendmail.logs.pl mail' >>Target[spam]: '/usr/local/mrtg-2/bin/sendmail.logs.pl spam' >>Target[viruses]: '/usr/local/mrtg-2/bin/sendmail.logs.pl viruses' >> >>When I run *sendmail.logs.pl mail* by hand: >> >>1942 >>0 >>Not Applicable >>Mail Server >> >>When I run *sendmail.logs.pl viruses* by hand: >> >>19 >>0 >>Not Applicable >>Mail Server >> >>When I run *sendmail.logs.pl spam* by hand: >> >>199 >>0 >>Not Applicable >>Mail Server >> >>Then I'll do a /usr/local/mrtg-2/bin/mrtg /etc/mrtg/cfg/mrtg.cfg >> >>Hmmm, Im just doubtful, am I doing the right thing? >> >>Thanks! > > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ From LISTSERV at JISCMAIL.AC.UK Thu Aug 22 23:20:18 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:27 2006 Subject: MAILSCANNER: ejacobs@THOMASTECHSOLUTIONS.COM requested to join Message-ID: <200208222220.XAA11490@magpie.ecs.soton.ac.uk> Thu, 22 Aug 2002 23:20:18 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from Eric Jacobs . You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER ejacobs@THOMASTECHSOLUTIONS.COM Eric Jacobs The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+ejacobs%40THOMASTECHSOLUTIONS.COM+Eric+Jacobs&L=MAILSCANNER ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From jones at IMADA.SDU.DK Fri Aug 23 12:08:21 2002 From: jones at IMADA.SDU.DK (Jonas Bardino) Date: Thu Jan 12 21:15:27 2006 Subject: Scan Only, Not Clean In-Reply-To: <200208230208.g7N285r27523@ori.rl.ac.uk>; from eljl@I-SNAPINTERNET.COM on Fri, Aug 23, 2002 at 03:08:06AM +0100 References: <200208230208.g7N285r27523@ori.rl.ac.uk> Message-ID: <20020823130821.A14680@mimi.imada.sdu.dk> * Eddie Javier [Aug 23. 2002 04:18]: > Hello, > > Is there a way to configure mailscanner in order for it to Scan only and not > Clean? This would greatly improve the time it takes to process a message. > > Best regards, > -eljl Hi Eddie I don't know if there's an easy way to do that, but I suppose you could turn it off in sweep.pl (on a standard Debian system it can be found in /usr/share/mailscanner/). Locate the section containing options for your particular virusscanner in the part beginning with "my %Scanners = ( sophos => {" and change the line: SupportDisinfect => [something] to SupportDisinfect => $S_NONE I haven't tested it, but from the rest of the code it appears that a message will then be logged instead of cleaning anything. (I'm sure Julian will correct me if I'm wrong :-) Best regards -Jonas From LISTSERV at JISCMAIL.AC.UK Fri Aug 23 09:44:05 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:27 2006 Subject: MAILSCANNER: jonas@ODENSE.KOLLEGIENET.DK requested to join Message-ID: <200208230844.JAA23704@magpie.ecs.soton.ac.uk> Fri, 23 Aug 2002 09:44:05 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from Jonas Bardino . You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER jonas@ODENSE.KOLLEGIENET.DK Jonas Bardino The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+jonas%40ODENSE.KOLLEGIENET.DK+Jonas+Bardino&L=MAILSCANNER ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From mailscanner at ecs.soton.ac.uk Fri Aug 23 10:19:40 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:27 2006 Subject: Scan Only, Not Clean In-Reply-To: <200208230208.g7N285r27523@ori.rl.ac.uk> Message-ID: <5.1.0.14.2.20020823101919.06a89800@imap.ecs.soton.ac.uk> At 03:08 23/08/2002, you wrote: >Hello, > >Is there a way to configure mailscanner in order for it to Scan only and not >Clean? This would greatly improve the time it takes to process a message. Look for this in your mailscanner.conf file and set it to "no". # Should I attempt to disinfect infected attachments and then deliver # the clean ones Deliver Disinfected Files = yes -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From mailscanner at ecs.soton.ac.uk Fri Aug 23 10:22:15 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:27 2006 Subject: Scan Only, Not Clean In-Reply-To: <20020823130821.A14680@mimi.imada.sdu.dk> References: <200208230208.g7N285r27523@ori.rl.ac.uk> <200208230208.g7N285r27523@ori.rl.ac.uk> Message-ID: <5.1.0.14.2.20020823102133.06a89948@imap.ecs.soton.ac.uk> Eek! Please don't tweak the code unless you **really** have to. This is a really bad idea... At 12:08 23/08/2002, you wrote: >* Eddie Javier [Aug 23. 2002 04:18]: > > Hello, > > > > Is there a way to configure mailscanner in order for it to Scan only > and not > > Clean? This would greatly improve the time it takes to process a message. > > > > Best regards, > > -eljl > >Hi Eddie >I don't know if there's an easy way to do that, but I suppose you could >turn it off in sweep.pl (on a standard Debian system it can be found in >/usr/share/mailscanner/). > >Locate the section containing options for your particular virusscanner in >the part beginning with >"my %Scanners = ( > sophos => {" > >and change the line: > > SupportDisinfect => [something] > >to > > SupportDisinfect => $S_NONE > >I haven't tested it, but from the rest of the code it appears that a >message will then be logged instead of cleaning anything. > >(I'm sure Julian will correct me if I'm wrong :-) > >Best regards >-Jonas -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From LISTSERV at JISCMAIL.AC.UK Fri Aug 23 10:25:35 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:27 2006 Subject: MAILSCANNER: jones@IMADA.SDU.DK left the list Message-ID: <200208230925.KAA28072@magpie.ecs.soton.ac.uk> Fri, 23 Aug 2002 10:25:35 Jonas Bardino has just signed off the MAILSCANNER list (MailScanner mailing list). ------------------------- Original mail header -------------------------- Return-Path: Received: from 130.246.192.52 by JISCMAIL.AC.UK (SMTPL release 1.0f) with TCP; Fri, 23 Aug 2002 10:25:35 +0100 Received: from bach.imada.sdu.dk (bach.imada.sdu.dk [130.225.128.9]) by ori.rl.ac.uk (8.11.1/8.11.1) with ESMTP id g7N9PXr10563 for ; Fri, 23 Aug 2002 10:25:33 +0100 Received: from dalila.imada.sdu.dk (dalila.imada.sdu.dk [130.225.128.137]) by bach.imada.sdu.dk (Postfix) with ESMTP id 9A69554CE5 for ; Fri, 23 Aug 2002 11:25:32 +0200 (MEST) Received: (from jones@localhost) by dalila.imada.sdu.dk (8.9.3/8.9.3) id LAA01838 for LISTSERV@JISCMAIL.AC.UK; Fri, 23 Aug 2002 11:25:32 +0200 Date: Fri, 23 Aug 2002 11:25:31 +0200 From: Jonas Bardino To: LISTSERV@JISCMAIL.AC.UK Message-ID: <20020823112531.A1835@dalila.imada.sdu.dk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.2i From LISTSERV at JISCMAIL.AC.UK Fri Aug 23 11:48:56 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:27 2006 Subject: MAILSCANNER: tom@XSSASS.BE requested to join Message-ID: <200208231048.LAA07541@magpie.ecs.soton.ac.uk> Fri, 23 Aug 2002 11:48:56 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from Tom Poppe . You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER tom@XSSASS.BE Tom Poppe The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+tom%40XSSASS.BE+Tom+Poppe&L=MAILSCANNER ------------------------- Original mail header -------------------------- Return-Path: Received: from 130.246.192.52 by JISCMAIL.AC.UK (SMTPL release 1.0f) with TCP; Fri, 23 Aug 2002 11:48:56 +0100 Received: from flexo.xssass.be (root@hosted.by.hostingworx.net [80.84.232.115] (may be forged)) by ori.rl.ac.uk (8.11.1/8.11.1) with ESMTP id g7NAmrr26780 for ; Fri, 23 Aug 2002 11:48:53 +0100 Received: from flexo.xssass.be (tom@localhost [127.0.0.1]) by flexo.xssass.be (8.12.3/) with ESMTP id g7NAmnF0020062 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=FAIL) for ; Fri, 23 Aug 2002 12:48:49 +0200 Received: (from tom@localhost) by flexo.xssass.be (8.12.3/8.12.3/Debian -4) id g7NAmnao020060 for LISTSERV@JISCMAIL.AC.UK; Fri, 23 Aug 2002 12:48:49 +0200 X-Authentication-Warning: flexo.xssass.be: tom set sender to tom@xssass.be using -f Date: Fri, 23 Aug 2002 12:48:49 +0200 From: Tom Poppe To: "L-Soft list server at JISCMAIL (1.8e)" Subject: Re: Command confirmation request (665062C0) Message-ID: <20020823104849.GA20049@flexo.xssass.be> References: <200208231046.g7NAkTEx020037@flexo.xssass.be> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200208231046.g7NAkTEx020037@flexo.xssass.be> User-Agent: Mutt/1.3.28i X-MailScanner: Found to be clean From doko at CS.TU-BERLIN.DE Fri Aug 23 13:51:15 2002 From: doko at CS.TU-BERLIN.DE (Matthias Klose) Date: Thu Jan 12 21:15:27 2006 Subject: changes to config.pl Message-ID: <15718.12227.494912.188034@gargle.gargle.HOWL> Please consider adding the following patch. It doesn't change anything, but makes changing the default locations for those who don't follow your directory layout, much easier. Thanks, Matthias -------------- next part -------------- A non-text attachment was scrubbed... Name: conf-patch Type: application/octet-stream Size: 3632 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020823/59e734dc/conf-patch.obj From mailscanner at ecs.soton.ac.uk Fri Aug 23 14:00:40 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:27 2006 Subject: changes to config.pl In-Reply-To: <15718.12227.494912.188034@gargle.gargle.HOWL> Message-ID: <5.1.0.14.2.20020823135946.06af9c98@imap.ecs.soton.ac.uk> That looks fair enough. However, the whole configuration code is getting re-written from the ground up, but I'll take a look at including a default like this in the next version. Hopefully the new version will be auto-configuring anyway, so you won't have to worry about this sort of detail. At 13:51 23/08/2002, you wrote: >Please consider adding the following patch. It doesn't change >anything, but makes changing the default locations for those who don't >follow your directory layout, much easier. > >Thanks, Matthias > -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From steinkel at PA.NET Fri Aug 23 15:54:23 2002 From: steinkel at PA.NET (Leland J. Steinke) Date: Thu Jan 12 21:15:27 2006 Subject: The "New Version" (was Re: changes to config.pl) References: <5.1.0.14.2.20020823135946.06af9c98@imap.ecs.soton.ac.uk> Message-ID: <3D664C9F.5060805@pa.net> Is there a feature list for the OO-ified version of MailScanner? Will it be easy to set up multiple instances of the new version of MailScanner on a machine to take advantage of multi-processors? Or will the new version do that on its own? Can I have my cake, and eat it too? ;-) thanks, Leland Julian Field wrote: > That looks fair enough. However, the whole configuration code is getting > re-written from the ground up, but I'll take a look at including a default > like this in the next version. Hopefully the new version will be > auto-configuring anyway, so you won't have to worry about this sort of > detail. > > At 13:51 23/08/2002, you wrote: > >> Please consider adding the following patch. It doesn't change >> anything, but makes changing the default locations for those who don't >> follow your directory layout, much easier. >> >> Thanks, Matthias >> > > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ > > . > From SJCJonker at SJC.NL Fri Aug 23 16:22:41 2002 From: SJCJonker at SJC.NL (Stijn Jonker) Date: Thu Jan 12 21:15:27 2006 Subject: Virus whitelist option? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello all, I'm using mailscanner with great ease and really love it. (99% of the users also ;-)) but, some users are subscribed to mailinglist like bugtraq etc. The securityfocus.com domain is in the spam whitelist, but every now and then mailscanner rejects some emails because an scanner reports it contains and exploit/virus/trojan etc. I was wondering if there is a general intrest to create an whitelist option that will bypass both spam AND virus checking for some source and/or destination addresses. - From my perspective (small userbase) i would seem most ideal to exclude based on both sender and receiver address i.e: From: *@securityfocus.com && To: sjcjonker@sjc.nl What's the general opinion in this regards? - -- Met Vriendelijke groet/Yours Sincerely Stijn Jonker - -- Outlook Express is actually an incredibly effective virus distribution system which only pretends to be an email program. [by Eric Lee] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9ZlNDH0P/oLuWBrcRAh3lAJ9V1/mscoDe2k8uHi4ePt/UUhNIugCbB4cy IK2ZFnqtIXXPTThGpZZp2C0= =wki1 -----END PGP SIGNATURE----- From mailscanner at ecs.soton.ac.uk Fri Aug 23 16:20:25 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:27 2006 Subject: The "New Version" (was Re: changes to config.pl) In-Reply-To: <3D664C9F.5060805@pa.net> References: <5.1.0.14.2.20020823135946.06af9c98@imap.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020823161935.07087008@imap.ecs.soton.ac.uk> At 15:54 23/08/2002, you wrote: >Is there a feature list for the OO-ified version of MailScanner? Not yet, no. >Will it be easy to set up multiple instances of the new version of >MailScanner on a machine to take advantage of multi-processors? Or will >the new version do that on its own? That's one of the things that is definitely on the list. The new version should do all the hard work for you in this regard. >Can I have my cake, and eat it too? ;-) Munch, munch... >Julian Field wrote: >>That looks fair enough. However, the whole configuration code is getting >>re-written from the ground up, but I'll take a look at including a default >>like this in the next version. Hopefully the new version will be >>auto-configuring anyway, so you won't have to worry about this sort of >>detail. >> >>At 13:51 23/08/2002, you wrote: >> >>>Please consider adding the following patch. It doesn't change >>>anything, but makes changing the default locations for those who don't >>>follow your directory layout, much easier. >>> >>>Thanks, Matthias >> >>-- >>Julian Field Teaching Systems Manager >>jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science >>Tel. 023 8059 2817 University of Southampton >> Southampton SO17 1BJ >> >>. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From mailscanner at ecs.soton.ac.uk Fri Aug 23 16:23:12 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:27 2006 Subject: Virus whitelist option? In-Reply-To: Message-ID: <5.1.0.14.2.20020823162239.07015650@imap.ecs.soton.ac.uk> Another aim for the next version is user and/or domain level control of the "Virus Scanning" switch, so you will be able to do this. At 16:22 23/08/2002, you wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Hello all, > >I'm using mailscanner with great ease and really love it. (99% of the >users also ;-)) but, some users are subscribed to mailinglist like bugtraq >etc. > >The securityfocus.com domain is in the spam whitelist, but every now and >then mailscanner rejects some emails because an scanner reports it >contains and exploit/virus/trojan etc. > >I was wondering if there is a general intrest to create an whitelist >option that will bypass both spam AND virus checking for some source >and/or destination addresses. > >- From my perspective (small userbase) i would seem most ideal to exclude >based on both sender and receiver address i.e: > >From: *@securityfocus.com && To: sjcjonker@sjc.nl > >What's the general opinion in this regards? > >- -- >Met Vriendelijke groet/Yours Sincerely >Stijn Jonker > >- -- >Outlook Express is actually an incredibly effective virus distribution >system which only pretends to be an email program. >[by Eric Lee] >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.0.6 (GNU/Linux) >Comment: For info see http://www.gnupg.org > >iD8DBQE9ZlNDH0P/oLuWBrcRAh3lAJ9V1/mscoDe2k8uHi4ePt/UUhNIugCbB4cy >IK2ZFnqtIXXPTThGpZZp2C0= >=wki1 >-----END PGP SIGNATURE----- -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From LISTSERV at JISCMAIL.AC.UK Fri Aug 23 17:38:23 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:27 2006 Subject: MAILSCANNER: email@ACE.NET.AU requested to join Message-ID: <200208231638.RAA16015@magpie.ecs.soton.ac.uk> Fri, 23 Aug 2002 17:38:23 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from Peter Nitschke . You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER email@ACE.NET.AU Peter Nitschke The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+email%40ACE.NET.AU+Peter+Nitschke&L=MAILSCANNER ------------------------- Original mail header -------------------------- Return-Path: Received: from 130.246.192.52 by JISCMAIL.AC.UK (SMTPL release 1.0f) with TCP; Fri, 23 Aug 2002 17:38:22 +0100 Received: from dsl1.ace.net.au (eth887.sa.adsl.internode.on.net [150.101.228.118]) by ori.rl.ac.uk (8.11.1/8.11.1) with ESMTP id g7NGcIr17789 for ; Fri, 23 Aug 2002 17:38:19 +0100 Received: from vopmail.ace.net.au (vopmail.ace.net.au [203.56.207.222]) by dsl1.ace.net.au (8.11.6/8.11.6) with ESMTP id g7NGcGo21667 for ; Sat, 24 Aug 2002 02:08:16 +0930 Received: from peter-x (unverified [203.56.204.190]) by vopmail.ace.net.au (Vircom SMTPRS 4.6.189) with ESMTP id for ; Sat, 24 Aug 2002 02:08:07 +0930 Message-ID: <200208240206500307.0626C304@smtp1.ace.net.au> In-Reply-To: <200208231633.g7NGX7u09902@dns4.ace.net.au> References: <200208231633.g7NGX7u09902@dns4.ace.net.au> X-Mailer: Calypso Version 3.30.00.00 (4) Date: Sat, 24 Aug 2002 02:06:50 +0930 Reply-To: email@ace.net.au From: email@ace.net.au To: LISTSERV@jiscmail.ac.uk Subject: Re: Command confirmation request (8E0262C6) Content-Type: text/plain; charset="us-ascii" From email at ace.net.au Fri Aug 23 19:13:16 2002 From: email at ace.net.au (Peter Nitschke) Date: Thu Jan 12 21:15:27 2006 Subject: File layout References: <200208221842240961.06E6F48C@smtp1.ace.net.au> <200208221844540116.06E93B2E@smtp1.ace.net.au> <200208240307250625.065E3B7A@smtp1.ace.net.au> <200208240321430639.066B5317@smtp1.ace.net.au> Message-ID: <200208240343160127.067F0BE0@smtp1.ace.net.au> Hi, I have been playing with MailScanner and Spam Assassin on a relay server before my main mail server. First, is there a reason that the RPM doesn't use eg /etc/mailscanner for all the conf files instead of the current /usr/local/MailScanner/etc ? I can move the files and get it to work ok, but curious why it is different to what I am used to. Does the spam.whitelist.conf effectively replace the SA whitelist? Thanks, Peter From mailscanner at ecs.soton.ac.uk Fri Aug 23 19:29:24 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:27 2006 Subject: File layout In-Reply-To: <200208240343160127.067F0BE0@smtp1.ace.net.au> References: <200208221842240961.06E6F48C@smtp1.ace.net.au> <200208221844540116.06E93B2E@smtp1.ace.net.au> <200208240307250625.065E3B7A@smtp1.ace.net.au> <200208240321430639.066B5317@smtp1.ace.net.au> Message-ID: <5.1.0.14.2.20020823192735.022a3078@imap.ecs.soton.ac.uk> At 19:13 23/08/2002, you wrote: >I have been playing with MailScanner and Spam Assassin on a relay server >before my main mail server. > >First, is there a reason that the RPM doesn't use eg /etc/mailscanner for >all the conf files instead of the current /usr/local/MailScanner/etc ? Not particularly. >I can move the files and get it to work ok, but curious why it is different >to what I am used to. Just 'cause that's the way I built it :-) >Does the spam.whitelist.conf effectively replace the SA whitelist? SA can auto-whitelist addresses, and so it doesn't quite behave the same as the MS whitelist. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From email at ace.net.au Fri Aug 23 19:43:35 2002 From: email at ace.net.au (Peter Nitschke) Date: Thu Jan 12 21:15:27 2006 Subject: File layout In-Reply-To: <5.1.0.14.2.20020823192735.022a3078@imap.ecs.soton.ac.uk> References: <200208221842240961.06E6F48C@smtp1.ace.net.au> <200208221844540116.06E93B2E@smtp1.ace.net.au> <200208240307250625.065E3B7A@smtp1.ace.net.au> <200208240321430639.066B5317@smtp1.ace.net.au> <5.1.0.14.2.20020823192735.022a3078@imap.ecs.soton.ac.uk> Message-ID: <200208240413350483.069ACEBC@smtp1.ace.net.au> >>First, is there a reason that the RPM doesn't use eg /etc/mailscanner for >>all the conf files instead of the current /usr/local/MailScanner/etc ? > >Not particularly. > >>I can move the files and get it to work ok, but curious why it is >different to what I am used to. > >Just 'cause that's the way I built it :-) Hehehe, who can argue with that? Any chance of a change? >>Does the spam.whitelist.conf effectively replace the SA whitelist? > >SA can auto-whitelist addresses, and so it doesn't quite behave the same as >the MS whitelist. Fair point. I haven't paid a lot of attention to the SA stuff, probably time I did. Suggestions, give MS the ability to clean up the quarantine dirs after x days. Have 3 thresholds to mark as spam, store or delete, can't think of any other options that would be useful. While tuning the system, I don't want to delete stuff in case it is valid mail, but having to wade through hundreds of obvious spams each day just to fine the couple of valid ones is a pain. Apart from that, this is a really excellent tool. Peter From mailscanner at ecs.soton.ac.uk Fri Aug 23 20:12:49 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:27 2006 Subject: File layout In-Reply-To: <200208240413350483.069ACEBC@smtp1.ace.net.au> References: <5.1.0.14.2.20020823192735.022a3078@imap.ecs.soton.ac.uk> <200208221842240961.06E6F48C@smtp1.ace.net.au> <200208221844540116.06E93B2E@smtp1.ace.net.au> <200208240307250625.065E3B7A@smtp1.ace.net.au> <200208240321430639.066B5317@smtp1.ace.net.au> <5.1.0.14.2.20020823192735.022a3078@imap.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020823200630.031d1cf0@imap.ecs.soton.ac.uk> At 19:43 23/08/2002, you wrote: > >>First, is there a reason that the RPM doesn't use eg /etc/mailscanner for > >>all the conf files instead of the current /usr/local/MailScanner/etc ? > > > >Not particularly. > > > >>I can move the files and get it to work ok, but curious why it is > >different to what I am used to. > > > >Just 'cause that's the way I built it :-) > >Hehehe, who can argue with that? Any chance of a change? I'll think about the layout before the new version appears. I've got a contact at RedHat who will hopefully give me some advice on that. >Suggestions, give MS the ability to clean up the quarantine dirs after x >days. What's wrong with find /var/spool/MailScanner/quarantine -type f -mtime +7 -exec /bin/rm -f {} \; I would (vainly) hope that most mail sysadmins can do that... :-) >Have 3 thresholds to mark as spam, store or delete, can't think of any >other options that would be useful. I was thinking of having n thresholds, but I can't figure out quite how. Having 'high' and 'very high' thresholds will be a lot better than nothing and should be do-able. >Apart from that, this is a really excellent tool. Thankyou. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From email at ace.net.au Fri Aug 23 20:34:49 2002 From: email at ace.net.au (Peter Nitschke) Date: Thu Jan 12 21:15:27 2006 Subject: File layout In-Reply-To: <5.1.0.14.2.20020823200630.031d1cf0@imap.ecs.soton.ac.uk> References: <5.1.0.14.2.20020823192735.022a3078@imap.ecs.soton.ac.uk> <200208221842240961.06E6F48C@smtp1.ace.net.au> <200208221844540116.06E93B2E@smtp1.ace.net.au> <200208240307250625.065E3B7A@smtp1.ace.net.au> <200208240321430639.066B5317@smtp1.ace.net.au> <5.1.0.14.2.20020823192735.022a3078@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020823200630.031d1cf0@imap.ecs.soton.ac.uk> Message-ID: <200208240504490023.06C9B4C0@smtp1.ace.net.au> *********** REPLY SEPARATOR *********** On 23/08/2002 at 8:12 PM Julian Field wrote: >At 19:43 23/08/2002, you wrote: >> >>First, is there a reason that the RPM doesn't use eg /etc/mailscanner >for >> >>all the conf files instead of the current /usr/local/MailScanner/etc ? >> > >> >Not particularly. >> > >> >>I can move the files and get it to work ok, but curious why it is >> >different to what I am used to. >> > >> >Just 'cause that's the way I built it :-) >> >>Hehehe, who can argue with that? Any chance of a change? > >I'll think about the layout before the new version appears. I've got a >contact at RedHat who will hopefully give me some advice on that. I just copied /usr/local/MailScanner/etc to /etc/MailScanner, did a search/replace in mailscanner.conf to reflect the changes, then edited check_mailscanner.linux to use the new mailscanner.conf I also changed the Pid file to /var/run/virus.pid >What's wrong with >find /var/spool/MailScanner/quarantine -type f -mtime +7 -exec /bin/rm -f >{} \; > >I would (vainly) hope that most mail sysadmins can do that... :-) I saw something similar and got it happening, except it leaves the empty daily dirs in place. Apart from that, I don't have any other need to work something out like that myself :-\ >>Have 3 thresholds to mark as spam, store or delete, can't think of any >>other options that would be useful. > >I was thinking of having n thresholds, but I can't figure out quite how. >Having 'high' and 'very high' thresholds will be a lot better than nothing >and should be do-able. Much appreciated :-) Peter From email at ace.net.au Fri Aug 23 20:39:59 2002 From: email at ace.net.au (Peter Nitschke) Date: Thu Jan 12 21:15:27 2006 Subject: Suggestion In-Reply-To: <5.1.0.14.2.20020823200630.031d1cf0@imap.ecs.soton.ac.uk> References: <5.1.0.14.2.20020823192735.022a3078@imap.ecs.soton.ac.uk> <200208221842240961.06E6F48C@smtp1.ace.net.au> <200208221844540116.06E93B2E@smtp1.ace.net.au> <200208240307250625.065E3B7A@smtp1.ace.net.au> <200208240321430639.066B5317@smtp1.ace.net.au> <5.1.0.14.2.20020823192735.022a3078@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020823200630.031d1cf0@imap.ecs.soton.ac.uk> Message-ID: <200208240509590179.06CE704C@smtp1.ace.net.au> Suggestion: Have a seperate fake address that the warning emails are sent "from" so that I don't get back all the bounces from fake addresses and it doesn't matter if it gets added to the receivers address book etc Peter From mailscanner at vvd.com Fri Aug 23 19:44:38 2002 From: mailscanner at vvd.com (JWSmythe) Date: Thu Jan 12 21:15:27 2006 Subject: Sys::Syslog Bug Report In-Reply-To: <5.1.0.14.2.20020823102133.06a89948@imap.ecs.soton.ac.uk> Message-ID: Julian, Last night at about 5am, our mail server stopped delivering mail. Everything was being stored in my mqueue.in , but not being processed further. Every time mailscanner started, this error would pop up in my logs, and on console. Aug 23 13:45:05 mail mailscanner[8807]: Commercial virus checker failed with real error: Modification of a read-only value attempted at /usr/lib/perl5/5.8.0/i686-linux/Sys/Syslog.pm line 296, line 2. We had about 2900 messages in mqueue.in/ , and reading through the list real quick, I noted someone had opted to delete their mqueue.in to fix the problem. That would probably have not been an acceptable choice. I modified logger.pl to print a line for every Sys::Syslog line, so I could se what it was trying to do on the console.. Here's what I ended up seeing: Printing Debug to Sys::Syslog, SpamAssassin returned 0 Printing Debug to Sys::Syslog, Going to scan 100 messages Printing Debug to Sys::Syslog, Commencing scanning by mcafee... Printing Info to Sys::Syslog /g7N98C2j022911/%nTips.pif Found the W32/Klez.h@MM virus !!! Printing Debug to Sys::Syslog, Completed scanning by mcafee Printing to Sys::Syslog Commercial virus checker failed with real error: Modification of a read-only value attempted at /usr/lib/perl5/5.8.0/i686-linux/Sys/Syslog.pm line 296, line 2. Closing Sys::Syslog (2) It seems when sub InfoLog tries to print the "%n", that bombs it out. I didn't want to go molesting your code any more than I needed to, so I just went into that message's file(dfg7N98C2j022911), and changed this block: --- begin Content-Type: application/octet-stream; name=%nTips.pif Content-Transfer-Encoding: base64 Content-ID: --- end To this: --- begin Content-Type: application/octet-stream; name=Tips.pif Content-Transfer-Encoding: base64 Content-ID: --- end When I restarted mailscanner this time, it went through fine. Unfortunately, we were up to 3400 messages in the queue at that point. Now we're down to 2900, so it's getting through, but my users are upset they didn't get their mail all day.. They'll live. :) If you need, I can give you the message files to work with, but it's just something in how Sys::Syslog is handling the '%' character. BTW, I'm running Perl 5.8.0 and MailScanner 3.22-12 From mailscanner at VVD.COM Fri Aug 23 19:44:38 2002 From: mailscanner at VVD.COM (JWSmythe) Date: Thu Jan 12 21:15:27 2006 Subject: Sys::Syslog Bug Report In-Reply-To: <5.1.0.14.2.20020823102133.06a89948@imap.ecs.soton.ac.uk> Message-ID: Julian, Last night at about 5am, our mail server stopped delivering mail. Everything was being stored in my mqueue.in , but not being processed further. Every time mailscanner started, this error would pop up in my logs, and on console. Aug 23 13:45:05 mail mailscanner[8807]: Commercial virus checker failed with real error: Modification of a read-only value attempted at /usr/lib/perl5/5.8.0/i686-linux/Sys/Syslog.pm line 296, line 2. We had about 2900 messages in mqueue.in/ , and reading through the list real quick, I noted someone had opted to delete their mqueue.in to fix the problem. That would probably have not been an acceptable choice. I modified logger.pl to print a line for every Sys::Syslog line, so I could se what it was trying to do on the console.. Here's what I ended up seeing: Printing Debug to Sys::Syslog, SpamAssassin returned 0 Printing Debug to Sys::Syslog, Going to scan 100 messages Printing Debug to Sys::Syslog, Commencing scanning by mcafee... Printing Info to Sys::Syslog /g7N98C2j022911/%nTips.pif Found the W32/Klez.h@MM virus !!! Printing Debug to Sys::Syslog, Completed scanning by mcafee Printing to Sys::Syslog Commercial virus checker failed with real error: Modification of a read-only value attempted at /usr/lib/perl5/5.8.0/i686-linux/Sys/Syslog.pm line 296, line 2. Closing Sys::Syslog (2) It seems when sub InfoLog tries to print the "%n", that bombs it out. I didn't want to go molesting your code any more than I needed to, so I just went into that message's file(dfg7N98C2j022911), and changed this block: --- begin Content-Type: application/octet-stream; name=%nTips.pif Content-Transfer-Encoding: base64 Content-ID: --- end To this: --- begin Content-Type: application/octet-stream; name=Tips.pif Content-Transfer-Encoding: base64 Content-ID: --- end When I restarted mailscanner this time, it went through fine. Unfortunately, we were up to 3400 messages in the queue at that point. Now we're down to 2900, so it's getting through, but my users are upset they didn't get their mail all day.. They'll live. :) If you need, I can give you the message files to work with, but it's just something in how Sys::Syslog is handling the '%' character. BTW, I'm running Perl 5.8.0 and MailScanner 3.22-12 From LISTSERV at JISCMAIL.AC.UK Fri Aug 23 22:17:39 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:27 2006 Subject: MAILSCANNER: erich@OLYPEN.COM requested to join Message-ID: <200208232117.WAA10642@magpie.ecs.soton.ac.uk> Fri, 23 Aug 2002 22:17:39 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from Eric H . You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER erich@OLYPEN.COM Eric H The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+erich%40OLYPEN.COM+Eric+H&L=MAILSCANNER ------------------------- Original mail header -------------------------- Return-Path: Received: from 130.246.192.52 by JISCMAIL.AC.UK (SMTPL release 1.0f) with TCP; Fri, 23 Aug 2002 22:17:38 +0100 Received: from relay1.olypen.com (relay1.olypen.com [208.200.248.8]) by ori.rl.ac.uk (8.11.1/8.11.1) with ESMTP id g7NLHar04448 for ; Fri, 23 Aug 2002 22:17:36 +0100 Received: from worthless.poeinc.com (worthless.poeinc.com [208.200.251.120]) by relay1.olypen.com (8.11.6/8.11.6) with ESMTP id g7NLLN418217 for ; Fri, 23 Aug 2002 14:21:23 -0700 Received: from localhost (eric@localhost) by worthless.poeinc.com (8.12.4/8.12.4) with ESMTP id g7NLHKPf011403 for ; Fri, 23 Aug 2002 14:17:20 -0700 Date: Fri, 23 Aug 2002 14:17:20 -0700 (PDT) From: erich@olypen.com X-X-Sender: eric@worthless.poeinc.com To: "L-Soft list server at JISCMAIL (1.8e)" Subject: Re: Command confirmation request (9F7A53C9) In-Reply-To: <200208232116.g7NLGQb31359@pop3.olypen.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII From mailscanner at ecs.soton.ac.uk Fri Aug 23 21:04:51 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:27 2006 Subject: Suggestion In-Reply-To: <200208240509590179.06CE704C@smtp1.ace.net.au> References: <5.1.0.14.2.20020823200630.031d1cf0@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020823192735.022a3078@imap.ecs.soton.ac.uk> <200208221842240961.06E6F48C@smtp1.ace.net.au> <200208221844540116.06E93B2E@smtp1.ace.net.au> <200208240307250625.065E3B7A@smtp1.ace.net.au> <200208240321430639.066B5317@smtp1.ace.net.au> <5.1.0.14.2.20020823192735.022a3078@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020823200630.031d1cf0@imap.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020823210011.0226df70@imap.ecs.soton.ac.uk> At 20:39 23/08/2002, you wrote: >Suggestion: Have a seperate fake address that the warning emails are sent >"from" so that I don't get back all the bounces from fake addresses and it >doesn't matter if it gets added to the receivers address book etc Unfortunately this breaks mail on some ISP's as they refuse messages with no envelope sender address, so you can't have an empty sender address. But allowing you to set one to some other address on your site would be useful, agreed. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From mailscanner at ecs.soton.ac.uk Fri Aug 23 20:58:29 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:27 2006 Subject: File layout In-Reply-To: <200208240504490023.06C9B4C0@smtp1.ace.net.au> References: <5.1.0.14.2.20020823200630.031d1cf0@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020823192735.022a3078@imap.ecs.soton.ac.uk> <200208221842240961.06E6F48C@smtp1.ace.net.au> <200208221844540116.06E93B2E@smtp1.ace.net.au> <200208240307250625.065E3B7A@smtp1.ace.net.au> <200208240321430639.066B5317@smtp1.ace.net.au> <5.1.0.14.2.20020823192735.022a3078@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020823200630.031d1cf0@imap.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020823205651.0239b4f0@imap.ecs.soton.ac.uk> At 20:34 23/08/2002, you wrote: > >What's wrong with > >find /var/spool/MailScanner/quarantine -type f -mtime +7 -exec /bin/rm -f > >{} \; > > > >I would (vainly) hope that most mail sysadmins can do that... :-) > >I saw something similar and got it happening, except it leaves the empty >daily dirs in place. Apart from that, I don't have any other need to work >something out like that myself :-\ cd /var/spool/MailScanner/quarantine rmdir * will do that, as rmdir will only delete empty dirs. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From mailscanner at ecs.soton.ac.uk Fri Aug 23 22:41:14 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:27 2006 Subject: Sys::Syslog Bug Report In-Reply-To: References: <5.1.0.14.2.20020823102133.06a89948@imap.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020823223018.02298e98@imap.ecs.soton.ac.uk> Well spotted. I had misread the spec of the parameters to Sys::Syslog. Attached are 2 files: 1. all_bin.patch.gz contains a single file of all the patches combined. With something along the lines of cd /usr/local/MailScanner/bin gunzip all_bin.patch.gz patch -p0 < all_bin.patch you should be able to make it work (try with "-p" if "-p0" doesn't work). 2. separate_patches.tar.gz is a gzipped tar file of all the patches, with 1 patch per file. You will need to apply these patches one at a time, which is obviously more work than method 1, but will work if your "patch" command cannot work with multiple patches in one file. I haven't had a chance to test these patches very thoroughly, so any reports of success/failure would be useful. I'll probably release a new version containing these patches at the start of next week once I've done some more testing. But if you can try it out in the mean time, I would be very grateful. At 19:44 23/08/2002, JWSmythe wrote: > Last night at about 5am, our mail server stopped delivering mail. >Everything was being stored in my mqueue.in , but not being processed further. > Every time mailscanner started, this error would pop up in my > logs, and >on console. > >Aug 23 13:45:05 mail mailscanner[8807]: Commercial virus checker failed >with real error: Modification of a read-only value attempted at >/usr/lib/perl5/5.8.0/i686-linux/Sys/Syslog.pm line 296, line 2. > > We had about 2900 messages in mqueue.in/ , and reading through > the list >real quick, I noted someone had opted to delete their mqueue.in to fix the >problem. That would probably have not been an acceptable choice. > I modified logger.pl to print a line for every Sys::Syslog line, so I >could se what it was trying to do on the console.. Here's what I ended up >seeing: > >Printing Debug to Sys::Syslog, SpamAssassin returned 0 >Printing Debug to Sys::Syslog, Going to scan 100 messages >Printing Debug to Sys::Syslog, Commencing scanning by mcafee... >Printing Info to Sys::Syslog /g7N98C2j022911/%nTips.pif Found the >W32/Klez.h@MM virus !!! >Printing Debug to Sys::Syslog, Completed scanning by mcafee >Printing to Sys::Syslog Commercial virus checker failed with real error: >Modification of a read-only value attempted at >/usr/lib/perl5/5.8.0/i686-linux/Sys/Syslog.pm line 296, line 2. >Closing Sys::Syslog (2) > > It seems when sub InfoLog tries to print the "%n", that bombs it > out. I >didn't want to go molesting your code any more than I needed to, so I just >went >into that message's file(dfg7N98C2j022911), and changed this block: > >--- begin >Content-Type: application/octet-stream; > name=%nTips.pif >Content-Transfer-Encoding: base64 >Content-ID: >--- end > >To this: > >--- begin >Content-Type: application/octet-stream; > name=Tips.pif >Content-Transfer-Encoding: base64 >Content-ID: >--- end > > > When I restarted mailscanner this time, it went through fine. >Unfortunately, we were up to 3400 messages in the queue at that point. Now >we're down to 2900, so it's getting through, but my users are upset they >didn't >get their mail all day.. They'll live. :) > > If you need, I can give you the message files to work with, but it's >just something in how Sys::Syslog is handling the '%' character. > > > BTW, I'm running Perl 5.8.0 and MailScanner 3.22-12 -------------- next part -------------- A non-text attachment was scrubbed... Name: separate_patches.tar.gz Type: application/octet-stream Size: 3486 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020823/c0cda52c/separate_patches.tar.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: all_bin.patch.gz Type: application/octet-stream Size: 3198 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020823/c0cda52c/all_bin.patch.obj -------------- next part -------------- -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From mark at TIPPINGMAR.COM Fri Aug 23 22:54:07 2002 From: mark at TIPPINGMAR.COM (Mark Nienberg) Date: Thu Jan 12 21:15:27 2006 Subject: File layout In-Reply-To: <200208240413350483.069ACEBC@smtp1.ace.net.au> References: <5.1.0.14.2.20020823192735.022a3078@imap.ecs.soton.ac.uk> Message-ID: <3D664C8F.7931.53A3FC4@localhost> On 24 Aug 2002 at 4:13, Peter Nitschke wrote: > Suggestions, give MS the ability to clean up the quarantine dirs after x > days. There is a shell script on the Mailscanner website that you can download. It removes files and directories after "x" days, where you can set "x". I had to change the spelling of the quarantine directory from "mailscanner" to "MailScanner", but other than that it works "out-of-the-box". Find it at: http://www.sng.ecs.soton.ac.uk/mailscanner/files/contrib/clean_quarantine -- Mark W. Nienberg, SE Tipping Mar + associates 1906 Shattuck Ave, Berkeley, CA 94704 visit our website at http://www.tippingmar.com From mailscanner at vvd.com Fri Aug 23 23:31:05 2002 From: mailscanner at vvd.com (JWSmythe) Date: Thu Jan 12 21:15:28 2006 Subject: Sys::Syslog Bug Report In-Reply-To: <5.1.0.14.2.20020823223018.02298e98@imap.ecs.soton.ac.uk> Message-ID: Works perfectly. The patch works as given with Linux and 3.22-12 root@mail (/opt/mailscanner/bin) patch -p0 < all_bin.patch patching file disinfect.pl patching file explode.pl patching file mta-specific.pl patching file sendmail.pl patching file sweep.pl patching file workarea.pl I put the message back in that bombed it out this morning, and it was processed with no problems. Here's the log entries. Aug 23 18:26:39 mail mailscanner[14761]: Scanning 1 messages, 137725 bytes Aug 23 18:26:40 mail mailscanner[14761]: /g7N98C2j022911/%nTips.pif Found the W32/Klez.h@MM virus !!! Aug 23 18:26:41 mail mailscanner[14761]: >>> Virus 'W32/Klez-H' found in file ./g7N98C2j022911/%nTips.pif Aug 23 18:26:41 mail mailscanner[14761]: Possible MS-Dos program shortcut attack (%nTips.pif) Aug 23 18:26:41 mail mailscanner[14761]: Found 2 viruses in messages g7N98C2j022911 Aug 23 18:26:41 mail mailscanner[14761]: Scanned 1 messages, 137725 bytes in 2 seconds Aug 23 18:26:41 mail mailscanner[14761]: Saved infections to /mail/mailscanner/quarantine/20020823/g7N98C2j022911 Aug 23 18:26:41 mail mailscanner[14761]: Saved entire message to /mail/mailscanner/quarantine/20020823/g7N98C2j022911 Aug 23 18:26:41 mail mailscanner[14761]: Deleted infected messages g7N98C2j022911 Aug 23 18:26:42 mail mailscanner[14761]: Notified postmaster@vvd.com about 1 infections In case no one else has mentioned it, I think it's very cool that you put out new releases so frequently. Lots of developers aren't as attentative to their projects. On Fri, 23 Aug 2002, Julian Field wrote: > Date: Fri, 23 Aug 2002 22:41:14 +0100 > From: Julian Field > To: root@voynetworks.com, > MailScanner mailing list > Subject: Re: Sys::Syslog Bug Report > > Well spotted. I had misread the spec of the parameters to Sys::Syslog. > > Attached are 2 files: > 1. all_bin.patch.gz contains a single file of all the patches combined. > With something along the lines of > cd /usr/local/MailScanner/bin > gunzip all_bin.patch.gz > patch -p0 < all_bin.patch > you should be able to make it work (try with "-p" if "-p0" doesn't work). > > 2. separate_patches.tar.gz is a gzipped tar file of all the patches, with 1 > patch per file. You will need to apply these patches one at a time, which > is obviously more work than method 1, but will work if your "patch" command > cannot work with multiple patches in one file. > > I haven't had a chance to test these patches very thoroughly, so any > reports of success/failure would be useful. > > I'll probably release a new version containing these patches at the start > of next week once I've done some more testing. But if you can try it out in > the mean time, I would be very grateful. > > At 19:44 23/08/2002, JWSmythe wrote: > > Last night at about 5am, our mail server stopped delivering mail. > >Everything was being stored in my mqueue.in , but not being processed further. > > Every time mailscanner started, this error would pop up in my > > logs, and > >on console. > > > >Aug 23 13:45:05 mail mailscanner[8807]: Commercial virus checker failed > >with real error: Modification of a read-only value attempted at > >/usr/lib/perl5/5.8.0/i686-linux/Sys/Syslog.pm line 296, line 2. > > > > We had about 2900 messages in mqueue.in/ , and reading through > > the list > >real quick, I noted someone had opted to delete their mqueue.in to fix the > >problem. That would probably have not been an acceptable choice. > > I modified logger.pl to print a line for every Sys::Syslog line, so I > >could se what it was trying to do on the console.. Here's what I ended up > >seeing: > > > >Printing Debug to Sys::Syslog, SpamAssassin returned 0 > >Printing Debug to Sys::Syslog, Going to scan 100 messages > >Printing Debug to Sys::Syslog, Commencing scanning by mcafee... > >Printing Info to Sys::Syslog /g7N98C2j022911/%nTips.pif Found the > >W32/Klez.h@MM virus !!! > >Printing Debug to Sys::Syslog, Completed scanning by mcafee > >Printing to Sys::Syslog Commercial virus checker failed with real error: > >Modification of a read-only value attempted at > >/usr/lib/perl5/5.8.0/i686-linux/Sys/Syslog.pm line 296, line 2. > >Closing Sys::Syslog (2) > > > > It seems when sub InfoLog tries to print the "%n", that bombs it > > out. I > >didn't want to go molesting your code any more than I needed to, so I just > >went > >into that message's file(dfg7N98C2j022911), and changed this block: > > > >--- begin > >Content-Type: application/octet-stream; > > name=%nTips.pif > >Content-Transfer-Encoding: base64 > >Content-ID: > >--- end > > > >To this: > > > >--- begin > >Content-Type: application/octet-stream; > > name=Tips.pif > >Content-Transfer-Encoding: base64 > >Content-ID: > >--- end > > > > > > When I restarted mailscanner this time, it went through fine. > >Unfortunately, we were up to 3400 messages in the queue at that point. Now > >we're down to 2900, so it's getting through, but my users are upset they > >didn't > >get their mail all day.. They'll live. :) > > > > If you need, I can give you the message files to work with, but it's > >just something in how Sys::Syslog is handling the '%' character. > > > > > > BTW, I'm running Perl 5.8.0 and MailScanner 3.22-12 > --------------------------------------------------- JW Smythe - root@voynetworks.com Office of Systems Administration Sirus Cybernetics Corporation --------------------------------------------------- - "Don't try to out weird me, three eyes, I get - weirder things than you for free with my - breakfast cereal." - - Zaphod --------------------------------------------------- From doko at CS.TU-BERLIN.DE Sat Aug 24 12:02:21 2002 From: doko at CS.TU-BERLIN.DE (Matthias Klose) Date: Thu Jan 12 21:15:28 2006 Subject: sed! In-Reply-To: <20020824044352.GC26900@hoiho.nz.lemon-computing.com> References: <20020725153437.B3219@michaelchaney.com> <5.1.0.14.2.20020725223259.02ef5a58@imap.ecs.soton.ac.uk> <20020824044352.GC26900@hoiho.nz.lemon-computing.com> Message-ID: <15719.26557.575535.566584@gargle.gargle.HOWL> Nick Phillips writes: > On Thu, Jul 25, 2002 at 10:33:52PM +0100, Julian Field wrote: > > At 21:34 25/07/2002, you wrote: > > >sed lives in /usr/bin on FreeBSD. While it doesn't seem like a good > > >candidate for a configuration option, it's a pain to remember to edit > > >mta-specific.pl for each upgrade. Any ideas? (besides the status quo :) and awk lives in /usr/bin on Debian ... > > > > This is another one for the auto-configuration which we are working on. > > Don't hold your breath though, it's going to be a while... > > Maybe I should just add the autoconfiguration stuff into the stable version? > > It's not really going to affect anything else, so... yes please! Matthias From gdr at GNO.ORG Sat Aug 24 15:54:55 2002 From: gdr at GNO.ORG (Devin Reade) Date: Thu Jan 12 21:15:28 2006 Subject: File layout In-Reply-To: <200208240504490023.06C9B4C0@smtp1.ace.net.au> References: <5.1.0.14.2.20020823192735.022a3078@imap.ecs.soton.ac.uk> <200208221842240961.06E6F48C@smtp1.ace.net.au> <200208221844540116.06E93B2E@smtp1.ace.net.au> <200208240307250625.065E3B7A@smtp1.ace.net.au> <200208240321430639.066B5317@smtp1.ace.net.au> <5.1.0.14.2.20020823192735.022a3078@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020823200630.031d1cf0@imap.ecs.soton.ac.uk> <200208240504490023.06C9B4C0@smtp1.ace.net.au> Message-ID: <1930000.1030200895@[192.168.50.4]> Peter Nitschke wrote: >> What's wrong with >> find /var/spool/MailScanner/quarantine -type f -mtime +7 -exec /bin/rm -f >> {} \; > I saw something similar and got it happening, except it leaves the empty > daily dirs in place. Apart from that, I don't have any other need to work > something out like that myself :-\ rm -rf `find /var/spool/MailScanner/quarantine -depth -type d -mindepth 1 -maxdepth 1 -mtime +14 -print` -- Devin Reade From LISTSERV at JISCMAIL.AC.UK Sat Aug 24 12:14:44 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:28 2006 Subject: MAILSCANNER: mailscanner@THEARGONCOMPANY.COM requested to join Message-ID: <200208241114.MAA24731@magpie.ecs.soton.ac.uk> Sat, 24 Aug 2002 12:14:44 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from Rishi Gangoly . You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER mailscanner@THEARGONCOMPANY.COM Rishi Gangoly The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+mailscanner%40THEARGONCOMPANY.COM+Rishi+Gangoly&L=MAILSCANNER ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From mailscanner at ecs.soton.ac.uk Sat Aug 24 20:40:56 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:28 2006 Subject: Sys::Syslog Bug Report In-Reply-To: References: <5.1.0.14.2.20020823223018.02298e98@imap.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020824203726.017e9850@imap.ecs.soton.ac.uk> At 23:31 23/08/2002, you wrote: > Works perfectly. The patch works as given with Linux and 3.22-12 Wonderful. > In case no one else has mentioned it, I think it's very cool that you >put out new releases so frequently. Lots of developers aren't as >attentative to >their projects. Thanks for that. I don't want anyone moving to the competition because of lousy support :-) Hopefully, if my graphic artist friend has time to do all the design work for me, there will be a new look to the web site soon, and even a minimal profit (for me) shop where you can buy MailScanner mugs, t-shirts, stuff like that. That way you can all become walking talking MailScanner adverts for me ;-> >On Fri, 23 Aug 2002, Julian Field wrote: > > > Date: Fri, 23 Aug 2002 22:41:14 +0100 > > From: Julian Field > > To: root@voynetworks.com, > > MailScanner mailing list > > Subject: Re: Sys::Syslog Bug Report > > > > Well spotted. I had misread the spec of the parameters to Sys::Syslog. > > > > Attached are 2 files: > > 1. all_bin.patch.gz contains a single file of all the patches combined. > > With something along the lines of > > cd /usr/local/MailScanner/bin > > gunzip all_bin.patch.gz > > patch -p0 < all_bin.patch > > you should be able to make it work (try with "-p" if "-p0" doesn't > work). > > > > 2. separate_patches.tar.gz is a gzipped tar file of all the patches, with 1 > > patch per file. You will need to apply these patches one at a time, which > > is obviously more work than method 1, but will work if your "patch" command > > cannot work with multiple patches in one file. > > > > I haven't had a chance to test these patches very thoroughly, so any > > reports of success/failure would be useful. > > > > I'll probably release a new version containing these patches at the start > > of next week once I've done some more testing. But if you can try it out in > > the mean time, I would be very grateful. > > > > At 19:44 23/08/2002, JWSmythe wrote: > > > Last night at about 5am, our mail server stopped delivering mail. > > >Everything was being stored in my mqueue.in , but not being processed > further. > > > Every time mailscanner started, this error would pop up in my > > > logs, and > > >on console. > > > > > >Aug 23 13:45:05 mail mailscanner[8807]: Commercial virus checker failed > > >with real error: Modification of a read-only value attempted at > > >/usr/lib/perl5/5.8.0/i686-linux/Sys/Syslog.pm line 296, line 2. > > > > > > We had about 2900 messages in mqueue.in/ , and reading through > > > the list > > >real quick, I noted someone had opted to delete their mqueue.in to fix the > > >problem. That would probably have not been an acceptable choice. > > > I modified logger.pl to print a line for every Sys::Syslog > line, so I > > >could se what it was trying to do on the console.. Here's what I ended up > > >seeing: > > > > > >Printing Debug to Sys::Syslog, SpamAssassin returned 0 > > >Printing Debug to Sys::Syslog, Going to scan 100 messages > > >Printing Debug to Sys::Syslog, Commencing scanning by mcafee... > > >Printing Info to Sys::Syslog /g7N98C2j022911/%nTips.pif Found the > > >W32/Klez.h@MM virus !!! > > >Printing Debug to Sys::Syslog, Completed scanning by mcafee > > >Printing to Sys::Syslog Commercial virus checker failed with real error: > > >Modification of a read-only value attempted at > > >/usr/lib/perl5/5.8.0/i686-linux/Sys/Syslog.pm line 296, line 2. > > >Closing Sys::Syslog (2) > > > > > > It seems when sub InfoLog tries to print the "%n", that bombs it > > > out. I > > >didn't want to go molesting your code any more than I needed to, so I just > > >went > > >into that message's file(dfg7N98C2j022911), and changed this block: > > > > > >--- begin > > >Content-Type: application/octet-stream; > > > name=%nTips.pif > > >Content-Transfer-Encoding: base64 > > >Content-ID: > > >--- end > > > > > >To this: > > > > > >--- begin > > >Content-Type: application/octet-stream; > > > name=Tips.pif > > >Content-Transfer-Encoding: base64 > > >Content-ID: > > >--- end > > > > > > > > > When I restarted mailscanner this time, it went through fine. > > >Unfortunately, we were up to 3400 messages in the queue at that > point. Now > > >we're down to 2900, so it's getting through, but my users are upset they > > >didn't > > >get their mail all day.. They'll live. :) > > > > > > If you need, I can give you the message files to work with, > but it's > > >just something in how Sys::Syslog is handling the '%' character. > > > > > > > > > BTW, I'm running Perl 5.8.0 and MailScanner 3.22-12 > > > >--------------------------------------------------- >JW Smythe - root@voynetworks.com >Office of Systems Administration >Sirus Cybernetics Corporation >--------------------------------------------------- >- "Don't try to out weird me, three eyes, I get >- weirder things than you for free with my >- breakfast cereal." >- - Zaphod >--------------------------------------------------- -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From mkettler at EVI-INC.COM Sat Aug 24 21:27:45 2002 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:15:28 2006 Subject: Sys::Syslog Bug Report In-Reply-To: <5.1.0.14.2.20020824203726.017e9850@imap.ecs.soton.ac.uk> References: <5.1.0.14.2.20020823223018.02298e98@imap.ecs.soton.ac.uk> Message-ID: <5.1.0.14.0.20020824162139.015522b8@192.168.50.2> Actually, to some degree many of us already are walking adverts. Anyone using a tool they like is bound to refer others to it, and anyone who "knows their stuff" reasonably well is bound to have others asking them how to do things. Of course, the t-shirts will be walking adverts to people I don't even talk to as I walk down the street, but that's not nearly as effective an ad as a direct personal recommendation from someone. Keep us posted on the status of the store.. I'd love to buy a mug/tshirt :) At 08:40 PM 8/24/2002 +0100, you wrote: >Hopefully, if my graphic artist friend has time to do all the design work >for me, there will be a new look to the web site soon, and even a minimal >profit (for me) shop where you can buy MailScanner mugs, t-shirts, stuff >like that. That way you can all become walking talking MailScanner adverts >for me ;-> From mailscanner at ecs.soton.ac.uk Sat Aug 24 22:51:40 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:28 2006 Subject: MailScanner stuff In-Reply-To: References: <5.1.0.14.2.20020824203726.017e9850@imap.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20020824224826.03a8e5c0@imap.ecs.soton.ac.uk> Anyone got any recommendations apart from www.cafepress.com? Their big advantage is that they don't want any money from me. But I don't think they do stickers... (After my recent comments, I thought I better practise what I preach & change the Subject :-) At 22:41 24/08/2002, you wrote: > T-shirts and stickers! Whoohoo. :) > > In my office, we're a bunch of techno-geeks, so we wear OS clothing >around a lot (Linux/BSD/yada, yada, yada). I'll put stickers on all kinds of >fun stuff, like the top of my laptop has a slackware bumper sticker, and a >little one from thinkgeek ("Go away or I will replace you with a very small >shell script."). > > If you print 'em, I'll buy at least a few :) > >On Sat, 24 Aug 2002, Julian Field wrote: > > > Date: Sat, 24 Aug 2002 20:40:56 +0100 > > From: Julian Field > > To: root@voynetworks.com > > Cc: mailscanner@jiscmail.ac.uk > > Subject: Re: Sys::Syslog Bug Report > > > > At 23:31 23/08/2002, you wrote: > > > Works perfectly. The patch works as given with Linux and 3.22-12 > > > > Wonderful. > > > > > In case no one else has mentioned it, I think it's very cool > that you > > >put out new releases so frequently. Lots of developers aren't as > > >attentative to > > >their projects. > > > > Thanks for that. I don't want anyone moving to the competition because of > > lousy support > > :-) > > > > Hopefully, if my graphic artist friend has time to do all the design work > > for me, there will be a new look to the web site soon, and even a minimal > > profit (for me) shop where you can buy MailScanner mugs, t-shirts, stuff > > like that. That way you can all become walking talking MailScanner adverts > > for me ;-> -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From steve at BASSI.COM Sat Aug 24 23:17:20 2002 From: steve at BASSI.COM (Steve Bassi) Date: Thu Jan 12 21:15:28 2006 Subject: MailScanner stuff References: <5.1.0.14.2.20020824203726.017e9850@imap.ecs.soton.ac.uk> <5.1.0.14.2.20020824224826.03a8e5c0@imap.ecs.soton.ac.uk> Message-ID: <001e01c24bbc$040ab2a0$02fea8c0@lilbess> I have a company that makes T shirts and Mugs .. etc and can do on an individual basis ... at a competative wholesale price . If i can help let me know Rgds Steve Bassi ----- Original Message ----- From: "Julian Field" To: Sent: Saturday, August 24, 2002 10:51 PM Subject: Re: MailScanner stuff > Anyone got any recommendations apart from www.cafepress.com? Their big > advantage is that they don't want any money from me. But I don't think they > do stickers... > > (After my recent comments, I thought I better practise what I preach & > change the Subject :-) > > At 22:41 24/08/2002, you wrote: > > > T-shirts and stickers! Whoohoo. :) > > > > In my office, we're a bunch of techno-geeks, so we wear OS clothing > >around a lot (Linux/BSD/yada, yada, yada). I'll put stickers on all kinds of > >fun stuff, like the top of my laptop has a slackware bumper sticker, and a > >little one from thinkgeek ("Go away or I will replace you with a very small > >shell script."). > > > > If you print 'em, I'll buy at least a few :) > > > >On Sat, 24 Aug 2002, Julian Field wrote: > > > > > Date: Sat, 24 Aug 2002 20:40:56 +0100 > > > From: Julian Field > > > To: root@voynetworks.com > > > Cc: mailscanner@jiscmail.ac.uk > > > Subject: Re: Sys::Syslog Bug Report > > > > > > At 23:31 23/08/2002, you wrote: > > > > Works perfectly. The patch works as given with Linux and 3.22-12 > > > > > > Wonderful. > > > > > > > In case no one else has mentioned it, I think it's very cool > > that you > > > >put out new releases so frequently. Lots of developers aren't as > > > >attentative to > > > >their projects. > > > > > > Thanks for that. I don't want anyone moving to the competition because of > > > lousy support > > > :-) > > > > > > Hopefully, if my graphic artist friend has time to do all the design work > > > for me, there will be a new look to the web site soon, and even a minimal > > > profit (for me) shop where you can buy MailScanner mugs, t-shirts, stuff > > > like that. That way you can all become walking talking MailScanner adverts > > > for me ;-> > > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ > > From mailscanner at VVD.COM Sun Aug 25 01:18:00 2002 From: mailscanner at VVD.COM (JWSmythe) Date: Thu Jan 12 21:15:28 2006 Subject: Sys::Syslog Bug Report In-Reply-To: <5.1.0.14.0.20020824162139.015522b8@192.168.50.2> Message-ID: ... and speaking of advertising, I've recieved a few people asking what we think of mailscanner, just for being listed on the "users" page.. Of course, it gets high recommendations. My users definately don't want to be bombarded by the spams and viruses like they used to be.. On Sat, 24 Aug 2002, Matt Kettler wrote: > Date: Sat, 24 Aug 2002 16:27:45 -0400 > From: Matt Kettler > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Sys::Syslog Bug Report > > Actually, to some degree many of us already are walking adverts. Anyone > using a tool they like is bound to refer others to it, and anyone who > "knows their stuff" reasonably well is bound to have others asking them how > to do things. > > Of course, the t-shirts will be walking adverts to people I don't even talk > to as I walk down the street, but that's not nearly as effective an ad as a > direct personal recommendation from someone. > > Keep us posted on the status of the store.. I'd love to buy a mug/tshirt :) > > At 08:40 PM 8/24/2002 +0100, you wrote: > >Hopefully, if my graphic artist friend has time to do all the design work > >for me, there will be a new look to the web site soon, and even a minimal > >profit (for me) shop where you can buy MailScanner mugs, t-shirts, stuff > >like that. That way you can all become walking talking MailScanner adverts > >for me ;-> > --------------------------------------------------- JW Smythe - root@voynetworks.com Office of Systems Administration Sirus Cybernetics Corporation --------------------------------------------------- - "Don't try to out weird me, three eyes, I get - weirder things than you for free with my - breakfast cereal." - - Zaphod --------------------------------------------------- From LISTSERV at JISCMAIL.AC.UK Sun Aug 25 15:01:19 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:28 2006 Subject: MAILSCANNER: rich@MAIL.WVNET.EDU requested to join Message-ID: <200208251401.PAA06657@magpie.ecs.soton.ac.uk> Sun, 25 Aug 2002 15:01:19 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from Richard Lynch . You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER rich@MAIL.WVNET.EDU Richard Lynch The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+rich%40MAIL.WVNET.EDU+Richard+Lynch&L=MAILSCANNER ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From eljl at I-SNAPINTERNET.COM Mon Aug 26 06:40:19 2002 From: eljl at I-SNAPINTERNET.COM (Eddie Javier) Date: Thu Jan 12 21:15:28 2006 Subject: Scan Only, Not Clean Message-ID: <200208260540.g7Q5eJr22761@ori.rl.ac.uk> Cool! This is better since I'm going to quarantine and eventually delete the infected message anyway, so why waste some precious CPU? :D Thanks! From LISTSERV at JISCMAIL.AC.UK Mon Aug 26 21:33:07 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:28 2006 Subject: MAILSCANNER: wkuiters@FREE.FR requested to join Message-ID: <200208262033.VAA23206@magpie.ecs.soton.ac.uk> Mon, 26 Aug 2002 21:33:07 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from Willem Kuiters . You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER wkuiters@FREE.FR Willem Kuiters The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+wkuiters%40FREE.FR+Willem+Kuiters&L=MAILSCANNER ------------------------- Original mail header -------------------------- Return-Path: Received: from 130.246.192.52 by JISCMAIL.AC.UK (SMTPL release 1.0f) with TCP; Mon, 26 Aug 2002 21:33:07 +0100 Received: from kraid.nerim.net (kraid.nerim.net [62.4.16.95]) by ori.rl.ac.uk (8.11.1/8.11.1) with ESMTP id g7QKX5r31949 for ; Mon, 26 Aug 2002 21:33:05 +0100 Received: from bragann (wkuiters.net1.nerim.net [62.212.97.132]) by kraid.nerim.net (Postfix) with ESMTP id 4684A40FEA for ; Mon, 26 Aug 2002 22:24:53 +0200 (CEST) Received: from willem by bragann with local (Exim 3.33 #1 (Debian)) id 17jQXF-0000LW-00 for ; Mon, 26 Aug 2002 22:32:29 +0200 Date: Mon, 26 Aug 2002 22:32:29 +0200 From: wkuiters@free.fr To: "L-Soft list server at JISCMAIL (1.8e)" Subject: Re: Command confirmation request (1049A456) Message-ID: <20020826203229.GA1319@bragann> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.25i Sender: Willem Kuiters X-MailScanner: Found to be clean From Q.G.Campbell at NEWCASTLE.AC.UK Tue Aug 27 08:52:22 2002 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:15:28 2006 Subject: File layout Message-ID: > -----Original Message----- > From: Julian Field [mailto:mailscanner@ecs.soton.ac.uk] > Sent: 23 August 2002 19:29 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: File layout > > > At 19:13 23/08/2002, you wrote: > >I have been playing with MailScanner and Spam Assassin on a relay > >server before my main mail server. > > > >First, is there a reason that the RPM doesn't use eg > /etc/mailscanner > >for all the conf files instead of the current > >/usr/local/MailScanner/etc ? > > Not particularly. > > >I can move the files and get it to work ok, but curious why it is > >different to what I am used to. > > Just 'cause that's the way I built it :-) > Julian Your convention of locating stuff under /usr/local and /local is good, standard, Unix practice! I hope you do not change it. This keeps applications isolated from the operating system. In a carefully set up and partitioned Unix system it is possible to install a new operating system without having to re-install and re-confgure a whole corpus of applications. The /usr/local stuff is normally automounted from /local (or similar). If you have your applications spread around the system (/etc, /usr, /usr/bin, etc) then they have to be re-installed when the OS is upgraded. This may not seem a big deal on a "simple" mail hub where the main applications are Sendmail + MS + SA + some anti-virus product. It is very, very important on a large Unix time-sharing system (as we run here) where we have many scores of large and complex packages installed. For this reason I prefer installing from the MS tar ball rather than the RPM version. Quentin --- PHONE: +44 191 222 8209 Computing Service, University of Newcastle FAX: +44 191 222 8765 Newcastle upon Tyne, United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." From email at ace.net.au Tue Aug 27 10:48:07 2002 From: email at ace.net.au (Peter Nitschke) Date: Thu Jan 12 21:15:28 2006 Subject: File layout In-Reply-To: References: Message-ID: <200208271918070610.194A033D@smtp1.ace.net.au> Hi, That is all fine, my query was regarding the : RedHat Linux RPM package version 3.22-12 I don't see a problem with the other options being done to suit the relevant OS: Solaris/Other Linux/other Unix version 3.22-12 Debian package Solaris/Other Unix useful files & scripts But then you use the tar ball anyway... Peter *********** REPLY SEPARATOR *********** On 27/08/2002 at 8:52 AM Quentin Campbell wrote: >> -----Original Message----- >> From: Julian Field [mailto:mailscanner@ecs.soton.ac.uk] >> Sent: 23 August 2002 19:29 >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: File layout >> >> >> At 19:13 23/08/2002, you wrote: >> >I have been playing with MailScanner and Spam Assassin on a relay >> >server before my main mail server. >> > >> >First, is there a reason that the RPM doesn't use eg >> /etc/mailscanner >> >for all the conf files instead of the current >> >/usr/local/MailScanner/etc ? >> >> Not particularly. >> >> >I can move the files and get it to work ok, but curious why it is >> >different to what I am used to. >> >> Just 'cause that's the way I built it :-) >> > >Julian > >Your convention of locating stuff under /usr/local and /local is good, >standard, Unix practice! I hope you do not change it. > >This keeps applications isolated from the operating system. In a >carefully set up and partitioned Unix system it is possible to install a >new operating system without having to re-install and re-confgure a >whole corpus of applications. The /usr/local stuff is normally >automounted from /local (or similar). > >If you have your applications spread around the system (/etc, /usr, >/usr/bin, etc) then they have to be re-installed when the OS is >upgraded. > >This may not seem a big deal on a "simple" mail hub where the main >applications are Sendmail + MS + SA + some anti-virus product. It is >very, very important on a large Unix time-sharing system (as we run >here) where we have many scores of large and complex packages installed. > > >For this reason I prefer installing from the MS tar ball rather than the >RPM version. > >Quentin >--- >PHONE: +44 191 222 8209 Computing Service, University of Newcastle >FAX: +44 191 222 8765 Newcastle upon Tyne, United Kingdom, NE1 7RU. >------------------------------------------------------------------------ >"Any opinion expressed above is mine. The University can get its own." From mk at quadstone.com Tue Aug 27 11:08:22 2002 From: mk at quadstone.com (Michael Keightley) Date: Thu Jan 12 21:15:28 2006 Subject: Feature suggestion Message-ID: <200208271008.g7RA8MbG018428@gromit.quadstone.co.uk> The feature "High Scoring Spam Action" allows you to deliver, store or delete messages with a SpamAssasin Score above a certain figure. Would it be possible for either: * Add different subject text for these messages, e.g. {SPAM} instead of {SPAM?}. * An extra header be added, e.g. X-MailScanner-HiScore". This would allow users to decide if they want to delete spam that has a high score. Michael -- Michael Keightley Tel: +44 131 240 3137 Systems Manager, Quadstone Limited, Fax: +44 131 220 4492 16 Chester Street, Edinburgh EH3 7RA, Scotland http://www.quadstone.com From brose at MED.WAYNE.EDU Tue Aug 27 15:06:26 2002 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:15:28 2006 Subject: Feature suggestion Message-ID: Tagging the subject with SPAM would suggest that you are absolutely positive that it's SPAM and not a false positive. The score is already in the header so why not use it? -----Original Message----- From: Michael Keightley [mailto:mk@quadstone.com] Sent: Tuesday, August 27, 2002 6:08 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Feature suggestion The feature "High Scoring Spam Action" allows you to deliver, store or delete messages with a SpamAssasin Score above a certain figure. Would it be possible for either: * Add different subject text for these messages, e.g. {SPAM} instead of {SPAM?}. * An extra header be added, e.g. X-MailScanner-HiScore". This would allow users to decide if they want to delete spam that has a high score. Michael -- Michael Keightley Tel: +44 131 240 3137 Systems Manager, Quadstone Limited, Fax: +44 131 220 4492 16 Chester Street, Edinburgh EH3 7RA, Scotland http://www.quadstone.com From rabellino at DI.UNITO.IT Tue Aug 27 15:37:20 2002 From: rabellino at DI.UNITO.IT (Rabellino Sergio) Date: Thu Jan 12 21:15:28 2006 Subject: Feature suggestion References: Message-ID: <3D6B8EA0.837DF835@di.unito.it> "Rose, Bobby" wrote: > > Tagging the subject with SPAM would suggest that you are absolutely > positive that it's SPAM and not a false positive. The score is already > in the header so why not use it? > But many MUA can't use this info in the mail delivery rules, so (i.e.) in netscape messenger you can't create a mail filter to deliver only these email to trash (or to another folder). I believe that a different level of tagging could be a good idea.The user can choose it's own spam policy in a simpler way. Bye. -- Dott. Sergio Rabellino Technical Staff Department of Computer Science University of Torino (Italy) Member of the Internet Society http://www.di.unito.it/~rabser Tel. +39-0116706701 Fax. +39-011751603 From brose at MED.WAYNE.EDU Tue Aug 27 15:59:19 2002 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:15:28 2006 Subject: Feature suggestion Message-ID: But if they can't read the header for the already existing score, how will adding another header help? -----Original Message----- From: Rabellino Sergio [mailto:rabellino@DI.UNITO.IT] Sent: Tuesday, August 27, 2002 10:37 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Feature suggestion "Rose, Bobby" wrote: > > Tagging the subject with SPAM would suggest that you are absolutely > positive that it's SPAM and not a false positive. The score is > already in the header so why not use it? > But many MUA can't use this info in the mail delivery rules, so (i.e.) in netscape messenger you can't create a mail filter to deliver only these email to trash (or to another folder). I believe that a different level of tagging could be a good idea.The user can choose it's own spam policy in a simpler way. Bye. -- Dott. Sergio Rabellino Technical Staff Department of Computer Science University of Torino (Italy) Member of the Internet Society http://www.di.unito.it/~rabser Tel. +39-0116706701 Fax. +39-011751603 From alan at ESSEX.AC.UK Tue Aug 27 16:02:33 2002 From: alan at ESSEX.AC.UK (Stanier, Alan M) Date: Thu Jan 12 21:15:28 2006 Subject: Feature suggestion Message-ID: <7AC902A40BEDD411A3A800D0B7847B660ADC93A4@sernt14.essex.ac.uk> The problem is not that they can't read it, but that they can't parse it to extract the hit count. -------- Alan Stanier Essex University Information Systems Services Systems Group > -----Original Message----- > From: Rose, Bobby [mailto:brose@MED.WAYNE.EDU] > Sent: 27 August 2002 15:59 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Feature suggestion > > > But if they can't read the header for the already existing score, how > will adding another header help? > > -----Original Message----- > From: Rabellino Sergio [mailto:rabellino@DI.UNITO.IT] > Sent: Tuesday, August 27, 2002 10:37 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Feature suggestion > > > "Rose, Bobby" wrote: > > > > Tagging the subject with SPAM would suggest that you are absolutely > > positive that it's SPAM and not a false positive. The score is > > already in the header so why not use it? > > > But many MUA can't use this info in the mail delivery rules, so (i.e.) > in netscape messenger you can't create a mail filter to deliver only > these email to trash (or to another folder). > > I believe that a different level of tagging could be a good idea.The > user can choose it's own spam policy in a simpler way. > > Bye. > -- > Dott. Sergio Rabellino > > Technical Staff > Department of Computer Science > University of Torino (Italy) > Member of the Internet Society > > http://www.di.unito.it/~rabser > Tel. +39-0116706701 > Fax. +39-011751603 > From P.G.M.Peters at civ.utwente.nl Tue Aug 27 16:17:29 2002 From: P.G.M.Peters at civ.utwente.nl (Peter Peters) Date: Thu Jan 12 21:15:28 2006 Subject: Feature suggestion In-Reply-To: <7AC902A40BEDD411A3A800D0B7847B660ADC93A4@sernt14.essex.ac.uk> References: <7AC902A40BEDD411A3A800D0B7847B660ADC93A4@sernt14.essex.ac.uk> Message-ID: On Tue, 27 Aug 2002 16:02:33 +0100, you wrote: >The problem is not that they can't read it, but that they can't parse it >to extract the hit count. Somebody here suggested having a "score-header" like: X-Spam-Score: 01 02 03 04 05 06 when the score was between 6 and 7 and X-Spam-Score: 01 02 03 04 05 06 07 08 09 10 11 12 13 14 when the score was between 14 and 15 etc. And ofcourse all other posibilities. He could then check for an X-Spam-Score header that included his minimum score. -- Peter Peters senior netwerkbeheerder, Centrum voor Informatievoorziening, Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: +31 53 489 2301, fax:+31 53 489 2383, http://www.utwente.nl/civ From LISTSERV at JISCMAIL.AC.UK Tue Aug 27 15:35:37 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:28 2006 Subject: MAILSCANNER: pclarke@RMPLC.NET left the list Message-ID: <200208271435.PAA24799@magpie.ecs.soton.ac.uk> Tue, 27 Aug 2002 15:35:36 Phil Clarke has just signed off the MAILSCANNER list (MailScanner mailing list). ------------------------- Original mail header -------------------------- Return-Path: Received: from 130.246.192.52 by JISCMAIL.AC.UK (SMTPL release 1.0f) with TCP; Tue, 27 Aug 2002 15:35:36 +0100 Received: from mx0.ifl.net (mx0.nmh.ifl.net [194.238.48.13]) by ori.rl.ac.uk (8.11.1/8.11.1) with ESMTP id g7REZar21554 for ; Tue, 27 Aug 2002 15:35:36 +0100 Received: from tigerxp (support-22.stn.135.ifl.net [194.238.49.54]) by mx0.ifl.net (8.11.1/8.11.1) with SMTP id g7REZa126318 for ; Tue, 27 Aug 2002 15:35:36 +0100 Message-ID: <005201c24dd7$01a2d070$271c10ac@internal.rmplc.net> Reply-To: "Phil" From: "Phil" To: "L-Soft list server at JISCMAIL \(1.8e\)" References: <200207260736.g6Q7a2G5014036@ms1.ifl.net> <003c01c24dd5$68465dd0$271c10ac@internal.rmplc.net> Subject: SIGNOFF MAILSCANNER Date: Tue, 27 Aug 2002 15:35:35 +0100 Organization: RM IFL MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 From Janssen at RZ.UNI-FRANKFURT.DE Tue Aug 27 17:41:54 2002 From: Janssen at RZ.UNI-FRANKFURT.DE (Michael Janssen) Date: Thu Jan 12 21:15:28 2006 Subject: Feature suggestion In-Reply-To: Message-ID: > Somebody here suggested having a "score-header" like: > > X-Spam-Score: 01 02 03 04 05 06 > when the score was between 6 and 7 and > X-Spam-Score: 01 02 03 04 05 06 07 08 09 10 11 12 13 14 > when the score was between 14 and 15 > etc. > > And ofcourse all other posibilities. He could then check for an > X-Spam-Score header that included his minimum score. isn't there a header showing one "*" for one score-point yet in SpamAssassin? Maybe Outlook, Netscape and so on -rules are clever enough, to match the length of such *-bar? Who knows? cheers Michael PS: we are planning to do it with a webside-configurable procmail-filter, but then, pop-user can't have a to-look-after-low-spam-folder :-( > > -- > Peter Peters > senior netwerkbeheerder, Centrum voor Informatievoorziening, > Universiteit Twente, Postbus 217, 7500 AE Enschede > telefoon: +31 53 489 2301, fax:+31 53 489 2383, http://www.utwente.nl/civ > From mailscanner at ecs.soton.ac.uk Tue Aug 27 19:16:21 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:28 2006 Subject: Feature suggestion In-Reply-To: References: Message-ID: <5.1.0.14.2.20020827191254.03695008@imap.ecs.soton.ac.uk> At 17:41 27/08/2002, you wrote: >isn't there a header showing one "*" for one score-point yet in >SpamAssassin? Maybe Outlook, Netscape and so on -rules are clever enough, >to match the length of such *-bar? Who knows? How about a header called something like X-MailScanner-SpamStars: with 1 * per SpamAssassin point? Can this be used in a filter in Outlook, Netscape, etc? This effectively needs "header contains" or "header starts with" capabilities. Eudora has working "contains" filtering, how about the others? -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From brandonf at BFCONSULT.CO.ZA Tue Aug 27 20:30:33 2002 From: brandonf at BFCONSULT.CO.ZA (Brandon Friedman) Date: Thu Jan 12 21:15:28 2006 Subject: SA problem since MS upgrade Message-ID: <3D6BD359.4030106@bfconsult.co.za> Hi folks I upgrade my mailscanner to mailscanner-3.22-12 from mailscanner-3.22-10. The problem is that some e-mail message....(HTML) are being tagged as spam in the subject line but I looked at the message source and it indicates that it isn't spam: X-MailScanner: Found to be clean X-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (score=4.7, required 8, SUBJ_HAS_Q_MARK, DEAR_SOMEBODY, CLICK_BELOW, DOUBLE_CAPSWORD, EMAIL_MARKETING, SUPERLONG_LINE, HTML_WITH_BGCOLOR, MAILTO_LINK, FREQ_SPAM_PHRASE, AWL) Any ideas? As a matter of fact I see that this is actually whitelisted! -- Regards Brandon Friedman Cell:083 408 7840 E-mail: brandonf@bfconsult.co.za www.bfconsult.co.za From LISTSERV at JISCMAIL.AC.UK Tue Aug 27 20:37:40 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:28 2006 Subject: MAILSCANNER: paul@CWIE.NET left the list Message-ID: <200208271937.UAA27426@magpie.ecs.soton.ac.uk> Tue, 27 Aug 2002 20:37:40 Paul Fries has just signed off the MAILSCANNER list (MailScanner mailing list). ------------------------- Original mail header -------------------------- Return-Path: Received: from 130.246.192.52 by JISCMAIL.AC.UK (SMTPL release 1.0f) with TCP; Tue, 27 Aug 2002 20:37:40 +0100 Received: from mailer.cwie.net (mailer.cwie.net [63.214.164.14]) by ori.rl.ac.uk (8.11.1/8.11.1) with ESMTP id g7RJbcr23763 for ; Tue, 27 Aug 2002 20:37:38 +0100 Received: from paul01 (L3-phx-100-hq-e.cwie.net [64.38.194.13]) by mailer.cwie.net (8.12.5/8.12.5) with ESMTP id g7RJiAm4004421 for ; Tue, 27 Aug 2002 12:44:10 -0700 From: "Paul Fries" To: Subject: Date: Tue, 27 Aug 2002 12:37:27 -0700 Message-ID: <016501c24e01$3022b530$d900000a@paul01> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal From mailscanner at ecs.soton.ac.uk Tue Aug 27 22:02:30 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:28 2006 Subject: SA problem since MS upgrade In-Reply-To: <3D6BD359.4030106@bfconsult.co.za> Message-ID: <5.1.0.14.2.20020827215113.0371a3a0@imap.ecs.soton.ac.uk> First off, has anyone else seen this problem? I haven't heard any reports of this from anyone else, so it may be a Perl oddity in your setup. What version of Perl are you using? And on what operating system? Are you getting the spam report in the log for these messages as well as the subject-line tag? (you might need to turn on spam logging first) Please try changing lines 442-443 of sendmail.pl from $IsSpam->{$mID} = 1 if $ThisIsSpam; $IsSpam->{$mID} = 'high' if $ThisIsHigh; to $IsSpam->{"$mID"} = 1 if $ThisIsSpam; $IsSpam->{"$mID"} = 'high' if $ThisIsHigh; If you aren't getting the log entries as well, then for some reason $ThisIsHigh is being set without $ThisIsSpam being set (which shouldn't be possible). Let's see what happens now (and see what other responses we get from anyone else), then I'll dig further. I've just done a diff between 3.22-10 and 3.22-12. All the spam detection code is in sendmail.pl and here's the diff between the 2 versions of it: >4c4 >< # $Id: sendmail.pl,v 1.99.2.22 2002/07/17 15:27:02 jkf Exp $ >--- > > # $Id: sendmail.pl,v 1.99.2.28 2002/07/30 15:51:46 jkf Exp $ In other words, none of that code has changed, so the change in behaviour has got to be something a lot more subtle... Keep me posted. Jules At 20:30 27/08/2002, you wrote: >Hi folks > >I upgrade my mailscanner to mailscanner-3.22-12 from mailscanner-3.22-10. > >The problem is that some e-mail message....(HTML) are being tagged as >spam in the subject line but I looked at the message source and it >indicates that it isn't spam: > >X-MailScanner: Found to be clean >X-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (score=4.7, > required 8, SUBJ_HAS_Q_MARK, DEAR_SOMEBODY, CLICK_BELOW, > DOUBLE_CAPSWORD, EMAIL_MARKETING, SUPERLONG_LINE, HTML_WITH_BGCOLOR, > MAILTO_LINK, FREQ_SPAM_PHRASE, AWL) > > >Any ideas? >As a matter of fact I see that this is actually whitelisted! >-- > >Regards >Brandon Friedman >Cell:083 408 7840 >E-mail: brandonf@bfconsult.co.za >www.bfconsult.co.za -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From mrl at GENSTEAM.COM Wed Aug 28 02:42:46 2002 From: mrl at GENSTEAM.COM (Mary Ross Lynch) Date: Thu Jan 12 21:15:28 2006 Subject: FW: Rejected posting to MAILSCANNER@JISCMAIL.AC.UK Message-ID: <007d01c24e34$35eebee0$370410ac@ns.uu.net> Hello, I tried to post the attached question and got the following message. Can you tell me how to validly post? TIA, Mary R. Lynch Systems Administrator General Steamship Corp. Tel. 415 389 5240 Fax 415 389 9020 -----Original Message----- From: L-Soft list server at JISCMAIL (1.8e) [mailto:LISTSERV@JISCMAIL.AC.UK] Sent: Friday, August 23, 2002 11:30 AM To: Mary Ross Lynch Subject: Rejected posting to MAILSCANNER@JISCMAIL.AC.UK You are not authorized to send mail to the MAILSCANNER list from your mrl@GENSTEAM.COM account. You might be authorized to send to the list from another of your accounts, or perhaps when using another mail program which generates slightly different addresses, but LISTSERV has no way to associate this other account or address with yours. If you need assistance or if you have any question regarding the policy of the MAILSCANNER list, please contact the list owners: MAILSCANNER-request@JISCMAIL.AC.UK. -------------- next part -------------- An embedded message was scrubbed... From: "Mary Ross Lynch" Subject: Spam action Date: Fri, 23 Aug 2002 11:33:49 -0700 Size: 1175 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020827/f80e773f/attachment.mht From LISTSERV at JISCMAIL.AC.UK Wed Aug 28 08:12:14 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:28 2006 Subject: MAILSCANNER: fadhly@KACST.EDU.SA requested to join Message-ID: <200208280712.IAA14113@magpie.ecs.soton.ac.uk> Wed, 28 Aug 2002 08:12:14 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from Abdullah alfadhly . You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER fadhly@KACST.EDU.SA Abdullah alfadhly The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+fadhly%40KACST.EDU.SA+Abdullah+alfadhly&L=MAILSCANNER ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From rabellino at DI.UNITO.IT Wed Aug 28 08:47:43 2002 From: rabellino at DI.UNITO.IT (Rabellino Sergio) Date: Thu Jan 12 21:15:28 2006 Subject: Feature suggestion References: <5.1.0.14.2.20020827191254.03695008@imap.ecs.soton.ac.uk> Message-ID: <3D6C801F.58FD6A95@di.unito.it> Julian Field wrote: > > At 17:41 27/08/2002, you wrote: > >isn't there a header showing one "*" for one score-point yet in > >SpamAssassin? Maybe Outlook, Netscape and so on -rules are clever enough, > >to match the length of such *-bar? Who knows? > > How about a header called something like > X-MailScanner-SpamStars: > with 1 * per SpamAssassin point? > Can this be used in a filter in Outlook, Netscape, etc? > > This effectively needs "header contains" or "header starts with" > capabilities. Eudora has working "contains" filtering, how about the others? With netscape you can't count (as my knowledge) inside an header, but can check an header contains or start, so what about a simply different tag definition in mailscanner.conf for an high score ? It's more cleaner in the raw message, rather than a row of "*" (in my opinion obviously...). So the mailscanner administrator can choose it's own form of telling to the users that the email is really a spam. bye. -- Dott. Sergio Rabellino Technical Staff Department of Computer Science University of Torino (Italy) Member of the Internet Society http://www.di.unito.it/~rabser Tel. +39-0116706701 Fax. +39-011751603 From P.G.M.Peters at civ.utwente.nl Wed Aug 28 10:12:52 2002 From: P.G.M.Peters at civ.utwente.nl (Peter Peters) Date: Thu Jan 12 21:15:28 2006 Subject: File layout In-Reply-To: <20020828072946.GC2247@hoiho.nz.lemon-computing.com> References: <200208271918070610.194A033D@smtp1.ace.net.au> <20020828072946.GC2247@hoiho.nz.lemon-computing.com> Message-ID: On Wed, 28 Aug 2002 19:29:46 +1200, you wrote: >* For a package distributed by a third party in a prepackaged form that > will install automatically, it should go in /opt >* For a package installed manually by the sysadmin, it should default > to going in /usr/local (but the sysadmin is obviously free to put it > wherever the hell they like) I install MailScanner by hand in /opt. It is a standard in our ICT department. It takes some tweeking of some files in the tar-ball but I have a nice procedure written out (including diff-ing and copying to the redundant server) and it works. -- Peter Peters senior netwerkbeheerder, Centrum voor Informatievoorziening, Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: +31 53 489 2301, fax:+31 53 489 2383, http://www.utwente.nl/civ From P.G.M.Peters at civ.utwente.nl Wed Aug 28 10:16:43 2002 From: P.G.M.Peters at civ.utwente.nl (Peter Peters) Date: Thu Jan 12 21:15:28 2006 Subject: Feature suggestion In-Reply-To: <3D6C801F.58FD6A95@di.unito.it> References: <5.1.0.14.2.20020827191254.03695008@imap.ecs.soton.ac.uk> <3D6C801F.58FD6A95@di.unito.it> Message-ID: On Wed, 28 Aug 2002 09:47:43 +0200, you wrote: >> How about a header called something like >> X-MailScanner-SpamStars: >> with 1 * per SpamAssassin point? >> Can this be used in a filter in Outlook, Netscape, etc? >> >> This effectively needs "header contains" or "header starts with" >> capabilities. Eudora has working "contains" filtering, how about the others? Outlook (not express) can filter on "internet headers" as Microsoft calls them. Outlook Express can filter on the "standaard headers" (To:, Subject:, From:). >With netscape you can't count (as my knowledge) inside an header, but >can check an header contains or start, so what about a simply You can check for header contains "***************" if you want to do something when the Score is over 15. And check for header contains "*****" to do something different when the score is over 5. (keep the order in mind) >different tag definition in mailscanner.conf for an high score ? It's >more cleaner in the raw message, rather than a row of "*" (in my >opinion obviously...). >So the mailscanner administrator can choose it's own form of telling to >the users that the email is really a spam. With stars you can have the user decide on its own which score his filters should act on. -- Peter Peters senior netwerkbeheerder, Centrum voor Informatievoorziening, Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: +31 53 489 2301, fax:+31 53 489 2383, http://www.utwente.nl/civ From mailscanner at BARENDSE.TO Wed Aug 28 10:25:09 2002 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:15:28 2006 Subject: df2mbox In-Reply-To: <3D6C801F.58FD6A95@di.unito.it> Message-ID: Hi! Want to try the df2mbox script to convert archived messages. I am running the script on a box running RedHat 7.3 with the latest errata installed. I want to convert all archived messages to mbox format (not spam or quarantined stuff. This is what i've done: [root@linuxgw MailArchive]# cd /root/mail/ [root@linuxgw mail]# /usr/local/bin/df2mbox /var/spool/MailArchive/* bash: /usr/local/bin/df2mbox: /bin/sh: bad interpreter: Argument list too long I've also tried this (as described in the script): [root@linuxgw mail]# cd /var/spool/MailArchive/ [root@linuxgw MailArchive]# /usr/local/bin/df2mbox * bash: /usr/local/bin/df2mbox: /bin/sh: bad interpreter: Argument list too long The qf and df files are directly located in /var/spool/MailArchive without any further subdirs. Running the script on * in /var/spool does seem to work but produces lots of unwanted files (maybe we can kill creation of the mbox file if no qf's/df's are found?). Does anybody know what needs to be altered to make the script work in the current dir or in the dir as specified on the command line? The script seems to always need the files to be located in a subdir. It would be easiest if the script could be run from the directory where your mail files are located and then on a specified directory. Thanks! Remco Barendse From Denis.Beauchemin at USHERBROOKE.CA Wed Aug 28 13:34:25 2002 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:15:28 2006 Subject: df2mbox In-Reply-To: References: Message-ID: <1030538065.546.59.camel@dbeauchemin.si.usherb.ca> Remco, Whenever there are too many files for one command you can use the following trick: cd /root/mail/ find . -type f -print0 | xargs -0 /usr/local/bin/df2mbox The find command prints the names of all files in the current directory, followed by a null character (makes it easier to work with file names including spaces or special characters). The xargs command takes care to split the file names list in chunks that will not produce the "Argument list too long" error while calling your command. > [root@linuxgw MailArchive]# cd /root/mail/ > [root@linuxgw mail]# /usr/local/bin/df2mbox /var/spool/MailArchive/* > bash: /usr/local/bin/df2mbox: /bin/sh: bad interpreter: Argument list too long Denis -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x2252 F: 819.821.8045 From P.G.M.Peters at civ.utwente.nl Wed Aug 28 14:51:40 2002 From: P.G.M.Peters at civ.utwente.nl (Peter Peters) Date: Thu Jan 12 21:15:28 2006 Subject: df2mbox In-Reply-To: References: <3D6C801F.58FD6A95@di.unito.it> Message-ID: <8lipmukcs0k06ai1c2f53tnr9l5gsqpkli@4ax.com> On Wed, 28 Aug 2002 11:25:09 +0200, you wrote: >Want to try the df2mbox script to convert archived messages. >I am running the script on a box running RedHat 7.3 with the latest errata >installed. Am I doing something wrong? My system saves quarantined messages as complete messages in /var/spool/MailScanner/quarantine//. IN that directory I can find the infected attachment and the complete (uncleaned) message. |mail@netlx009:/var/spool/MailScanner/quarantine/20020828/g7SCo5322963 > ls -l |total 68 |-rw------- 1 mail mail 26693 Aug 28 14:50 fucker.scr |-rw------- 1 mail mail 38514 Aug 28 14:50 message And I already have done some "mutt -f message" and bounce the message to the intended recipient when MailScanner stored the message because of the "double extension check". -- Peter Peters senior netwerkbeheerder, Centrum voor Informatievoorziening, Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: +31 53 489 2301, fax:+31 53 489 2383, http://www.utwente.nl/civ From carl.boberg at NRM.SE Wed Aug 28 15:56:02 2002 From: carl.boberg at NRM.SE (Carl Boberg) Date: Thu Jan 12 21:15:28 2006 Subject: Console logged error? Message-ID: Hi, This is logged to my console every now and then: ignoring text in character set `WINDOWS-1252' at /usr/lib/perl5/site_perl/5.6.1/MIME/Parser/Filer.pm line 646 Everything seems to be in working order. Got latest MS and SA on a RH7.2 I am just curious if this is something to be conserned about? Regards from Sweden --------------------------------- Carl Boberg System & N?tverksadministrat?r Enheten f?r informationsteknologi Naturhistoriska Riksmuseet carl.boberg@nrm.se Tel: 08-519 551 16 Mob: 0701-82 40 55 --------------------------------- From mailscanner at ecs.soton.ac.uk Wed Aug 28 16:05:32 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:28 2006 Subject: Console logged error? In-Reply-To: Message-ID: <5.1.0.14.2.20020828160458.05638020@imap.ecs.soton.ac.uk> It's to do with the MIME-tools module not being able to handle all the international character sets. I wouldn't sorry about it too much. At 15:56 28/08/2002, you wrote: >Hi, >This is logged to my console every now and then: > >ignoring text in character set `WINDOWS-1252' > at /usr/lib/perl5/site_perl/5.6.1/MIME/Parser/Filer.pm line 646 > > >Everything seems to be in working order. >Got latest MS and SA on a RH7.2 > >I am just curious if this is something to be conserned about? > >Regards from Sweden >--------------------------------- >Carl Boberg >System & N?tverksadministrat?r >Enheten f?r informationsteknologi >Naturhistoriska Riksmuseet >carl.boberg@nrm.se >Tel: 08-519 551 16 >Mob: 0701-82 40 55 >--------------------------------- -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From mike at CAMAROSS.NET Wed Aug 28 21:46:07 2002 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:15:28 2006 Subject: Virtual postmaster@ ? In-Reply-To: Message-ID: Would it be possible to have a different postmaster@ notified when a virus is detected in an email destined for a particular domain? For example: Email comes in to user@dom1.ain with a virus admin@dom1.ain gets notified Email comes in to user@dom2.ain with a virus admin@dom2.ain gets notified The reason I ask is that I host email for a lot of domains and I'd like the admins of those domains to know that the MailScanner that I run is working for them. Is this beyond normal reason? Mike From mailscanner at ecs.soton.ac.uk Wed Aug 28 22:27:33 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:28 2006 Subject: Virtual postmaster@ ? In-Reply-To: References: Message-ID: <5.1.0.14.2.20020828222716.039949e0@imap.ecs.soton.ac.uk> Again, this is a feature that is on the list for the next major version. At 21:46 28/08/2002, you wrote: >Would it be possible to have a different postmaster@ notified when a virus >is detected in an email destined for a particular domain? > >For example: > > Email comes in to user@dom1.ain with a virus > admin@dom1.ain gets notified > > Email comes in to user@dom2.ain with a virus > admin@dom2.ain gets notified > >The reason I ask is that I host email for a lot of domains and I'd like >the admins of those domains to know that the MailScanner >that I run is working for them. Is this beyond normal reason? > >Mike -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From brian at PORTSMOUTH-COLLEGE.AC.UK Wed Aug 28 22:29:10 2002 From: brian at PORTSMOUTH-COLLEGE.AC.UK (Brian Chivers) Date: Thu Jan 12 21:15:28 2006 Subject: Help configuring MRTG Message-ID: <200208282129.g7SLTBr17693@ori.rl.ac.uk> I've tried to configure MRTG to monitor traffic but I'm running into some problems. First , am I correct in think that the script sendmail.logs.pl needs the log file (maillog) copied from /var/log to another location. Secondly when I run sendmail.logs.pl mail I get the following result 1367 0 Not Applicable TPC Mail Servers but when I run MRTG I dont get anything just this under the weekly graph Max messages: 0.0 Messages (0.0%) Average messages: 0.0 Messages (0.0%) Current messages: 0.0 Messages (0.0%) What am I doing wrong, what should I check Thanks in advance Brian From mike at CAMAROSS.NET Wed Aug 28 22:36:09 2002 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:15:28 2006 Subject: Virtual postmaster@ ? In-Reply-To: <5.1.0.14.2.20020828222716.039949e0@imap.ecs.soton.ac.uk> Message-ID: oops...sorry :) -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Julian Field Sent: Wednesday, August 28, 2002 4:28 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Virtual postmaster@ ? Again, this is a feature that is on the list for the next major version. At 21:46 28/08/2002, you wrote: >Would it be possible to have a different postmaster@ notified when a virus >is detected in an email destined for a particular domain? > >For example: > > Email comes in to user@dom1.ain with a virus > admin@dom1.ain gets notified > > Email comes in to user@dom2.ain with a virus > admin@dom2.ain gets notified > >The reason I ask is that I host email for a lot of domains and I'd like >the admins of those domains to know that the MailScanner >that I run is working for them. Is this beyond normal reason? > >Mike -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From mike at CAMAROSS.NET Wed Aug 28 22:39:42 2002 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:15:28 2006 Subject: Help configuring MRTG In-Reply-To: <200208282129.g7SLTBr17693@ori.rl.ac.uk> Message-ID: I don't copy my maillog I just point to /var/log I also commented the suppression of the daily graph(s) #Suppress[mail]: d -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Brian Chivers Sent: Wednesday, August 28, 2002 4:29 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Help configuring MRTG I've tried to configure MRTG to monitor traffic but I'm running into some problems. First , am I correct in think that the script sendmail.logs.pl needs the log file (maillog) copied from /var/log to another location. Secondly when I run sendmail.logs.pl mail I get the following result 1367 0 Not Applicable TPC Mail Servers but when I run MRTG I dont get anything just this under the weekly graph Max messages: 0.0 Messages (0.0%) Average messages: 0.0 Messages (0.0%) Current messages: 0.0 Messages (0.0%) What am I doing wrong, what should I check Thanks in advance Brian From brian at PORTSMOUTH-COLLEGE.AC.UK Wed Aug 28 22:36:00 2002 From: brian at PORTSMOUTH-COLLEGE.AC.UK (Brian Chivers) Date: Thu Jan 12 21:15:28 2006 Subject: Help configuring MRTG References: Message-ID: <007701c24eda$e7220a40$69c8a8c0@tpc.ac.uk> OK will I can now see the mail but spam and virus's are still at zero. Keep the idea's coming Brian ----- Original Message ----- From: "Mike Kercher" To: Sent: Wednesday, August 28, 2002 10:39 PM Subject: Re: Help configuring MRTG > I don't copy my maillog I just point to /var/log > > I also commented the suppression of the daily graph(s) > > #Suppress[mail]: d > > > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Brian Chivers > Sent: Wednesday, August 28, 2002 4:29 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Help configuring MRTG > > > I've tried to configure MRTG to monitor traffic but I'm running into some > problems. > > First , am I correct in think that the script sendmail.logs.pl needs the > log file (maillog) copied from /var/log to another location. > > Secondly when I run sendmail.logs.pl mail I get the following result > > 1367 > 0 > Not Applicable > TPC Mail Servers > > but when I run MRTG I dont get anything just this under the weekly graph > Max messages: 0.0 Messages (0.0%) Average messages: 0.0 Messages > (0.0%) Current messages: 0.0 Messages (0.0%) > > What am I doing wrong, what should I check > > Thanks in advance > Brian > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From thom at DARKSABER.COM Wed Aug 28 22:47:13 2002 From: thom at DARKSABER.COM (Thom Paine) Date: Thu Jan 12 21:15:28 2006 Subject: Help configuring MRTG In-Reply-To: <007701c24eda$e7220a40$69c8a8c0@tpc.ac.uk> References: <007701c24eda$e7220a40$69c8a8c0@tpc.ac.uk> Message-ID: <1030571234.1251.41.camel@service.darksaber.com> On Wed, 2002-08-28 at 17:36, Brian Chivers wrote: > OK will I can now see the mail but spam and virus's are still at zero. > > Keep the idea's coming > Can I get in on this MRTG configuration? I'd like to see what kind of numbers my server is doing. I have MRTG working on my internet interface so I can see bandwidth, how do I get it to also show email, viruses, and spam? Thanks. -- -=/>Thom Red Hat Linux release 7.3 (Valhalla) running Linux Kernel 2.4.18-10 Uptime: 5:46pm up 1 day, 28 min, 1 user, load average: 0.43, 0.22, 0.13 Registered Linux User #214499 http://counter.li.org From mike at CAMAROSS.NET Wed Aug 28 22:59:16 2002 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:15:28 2006 Subject: Help configuring MRTG In-Reply-To: <1030571234.1251.41.camel@service.darksaber.com> Message-ID: The instructions are on the mailscanner website. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Thom Paine Sent: Wednesday, August 28, 2002 4:47 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Help configuring MRTG On Wed, 2002-08-28 at 17:36, Brian Chivers wrote: > OK will I can now see the mail but spam and virus's are still at zero. > > Keep the idea's coming > Can I get in on this MRTG configuration? I'd like to see what kind of numbers my server is doing. I have MRTG working on my internet interface so I can see bandwidth, how do I get it to also show email, viruses, and spam? Thanks. -- -=/>Thom Red Hat Linux release 7.3 (Valhalla) running Linux Kernel 2.4.18-10 Uptime: 5:46pm up 1 day, 28 min, 1 user, load average: 0.43, 0.22, 0.13 Registered Linux User #214499 http://counter.li.org From mailscanner at jiscmail.ac.uk Thu Aug 29 06:05:57 2002 From: mailscanner at jiscmail.ac.uk (mailscanner) Date: Thu Jan 12 21:15:28 2006 Subject: {VIRUS?} Honey Message-ID: <0H1L000FSA5X7C@l-daemon> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020828/d2620485/attachment.html -------------- next part -------------- This is a message from the ECS E-Mail Virus Protection Service -------------------------------------------------------------- The original e-mail attachment "MainExt.scr" may be infected by a virus and has been replaced by this warning message. If you wish to receive a copy of the *infected* attachment, please e-mail helpdesk@ecs.soton.ac.uk and include the whole of this message in your request. Alternatively, you can call them on 023 8059 4494, with the contents of this message to hand when you call. At Thu Aug 29 06:06:36 2002 the virus scanner said: >>> Virus 'W32/Klez-H' found in file ./GAA16917/MainExt.scr Windows Screensavers often hide viruses in email in MainExt.scr Note to Help Desk: Look on magpie in /opt/mailscanner/var/quarantine (message GAA16917). -- postmaster@ecs.soton.ac.uk -------------- next part -------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: i[5].jpg Type: application/octet-stream Size: 5880 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020828/d2620485/i5.obj From brandonf at BFCONSULT.CO.ZA Thu Aug 29 08:03:33 2002 From: brandonf at BFCONSULT.CO.ZA (Brandon Friedman) Date: Thu Jan 12 21:15:28 2006 Subject: SA problem since MS upgrade References: <5.1.0.14.2.20020827215113.0371a3a0@imap.ecs.soton.ac.uk> Message-ID: <3D6DC745.2090103@bfconsult.co.za> Hi Julian I haven't done very much messing around on the box as it is our main production server. I have been testing on a test server but I can't seem to replicate the problem BTW it a RH7.3 box with sendmail I also edited the whitelist and added the From and To statements. What I can gather is that this was more an issue with whitelist members be tagged as spammers? The rest seem to be genuine spam alerts. Julian Field wrote: > First off, has anyone else seen this problem? > I haven't heard any reports of this from anyone else, so it may be a Perl > oddity in your setup. > > What version of Perl are you using? And on what operating system? > > Are you getting the spam report in the log for these messages as well as > the subject-line tag? (you might need to turn on spam logging first) > > Please try changing lines 442-443 of sendmail.pl from > $IsSpam->{$mID} = 1 if $ThisIsSpam; > $IsSpam->{$mID} = 'high' if $ThisIsHigh; > to > $IsSpam->{"$mID"} = 1 if $ThisIsSpam; > $IsSpam->{"$mID"} = 'high' if $ThisIsHigh; > > If you aren't getting the log entries as well, then for some reason > $ThisIsHigh is being set without $ThisIsSpam being set (which shouldn't be > possible). > > Let's see what happens now (and see what other responses we get from anyone > else), then I'll dig further. > > I've just done a diff between 3.22-10 and 3.22-12. All the spam detection > code is in sendmail.pl and here's the diff between the 2 versions of it: > >> 4c4 >> < # $Id: sendmail.pl,v 1.99.2.22 2002/07/17 15:27:02 jkf Exp $ >> --- >> > # $Id: sendmail.pl,v 1.99.2.28 2002/07/30 15:51:46 jkf Exp $ > > In other words, none of that code has changed, so the change in behaviour > has got to be something a lot more subtle... > > Keep me posted. > Jules > At 20:30 27/08/2002, you wrote: > >> Hi folks >> >> I upgrade my mailscanner to mailscanner-3.22-12 from mailscanner-3.22-10. >> >> The problem is that some e-mail message....(HTML) are being tagged as >> spam in the subject line but I looked at the message source and it >> indicates that it isn't spam: >> >> X-MailScanner: Found to be clean >> X-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (score=4.7, >> required 8, SUBJ_HAS_Q_MARK, DEAR_SOMEBODY, CLICK_BELOW, >> DOUBLE_CAPSWORD, EMAIL_MARKETING, SUPERLONG_LINE, >> HTML_WITH_BGCOLOR, >> MAILTO_LINK, FREQ_SPAM_PHRASE, AWL) >> >> >> Any ideas? >> As a matter of fact I see that this is actually whitelisted! >> -- >> >> Regards >> Brandon Friedman >> Cell:083 408 7840 >> E-mail: brandonf@bfconsult.co.za >> www.bfconsult.co.za > > > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ > -- Regards Brandon Friedman Cell:083 408 7840 E-mail: brandonf@bfconsult.co.za www.bfconsult.co.za From carl.boberg at NRM.SE Thu Aug 29 08:16:37 2002 From: carl.boberg at NRM.SE (Carl Boberg) Date: Thu Jan 12 21:15:28 2006 Subject: Defunct? Message-ID: Hi all, I see a [mailscanner ] process that moves around to different PIDs. Mailscanner is still running the normal processes like: 21759 ? S 0:00 sendmail: accepting connections 21764 ? S 0:00 /usr/sbin/sendmail -q1m 21773 ? S 0:00 /usr/bin/perl /usr/local/MailScanner/bin/mailscanner /usr/local/MailScanner/etc/mailscanner.conf and below this: 21868 ? Z 0:00 [mailscanner ] Anybody seen this? It seems like Mailscanner is working ok but I am a little worried about the defunct process... Does it mean that it breaks when scanning a message/bunch of messages? If so, why? I have recently uppgraded to the latest version (rpm on redhat 7.2) but I dont see any major changes that could cause this behaviour... Stay alert! :-) --------------------------------- Carl Boberg System & N?tverksadministrat?r Enheten f?r informationsteknologi Naturhistoriska Riksmuseet carl.boberg@nrm.se Tel: 08-519 551 16 Mob: 0701-82 40 55 --------------------------------- From LISTSERV at JISCMAIL.AC.UK Thu Aug 29 03:48:59 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:28 2006 Subject: MAILSCANNER: jim@ENTROPHY-FREE.NET requested to join Message-ID: <200208290249.DAA08868@magpie.ecs.soton.ac.uk> Thu, 29 Aug 2002 03:48:59 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from Jim Levie . You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER jim@ENTROPHY-FREE.NET Jim Levie The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+jim%40ENTROPHY-FREE.NET+Jim+Levie&L=MAILSCANNER ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From mailscanner at ecs.soton.ac.uk Thu Aug 29 08:53:52 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:28 2006 Subject: Defunct? In-Reply-To: Message-ID: <5.1.0.14.2.20020829085309.04d22e40@imap.ecs.soton.ac.uk> This is a behaviour seen on a few operating system versions. It is entirely harmless and nothing to worry about. It doesn't affect your OS or MailScanner at all. At 08:16 29/08/2002, you wrote: >Hi all, >I see a [mailscanner ] process that moves around to different PIDs. >Mailscanner is still running the normal processes like: > >21759 ? S 0:00 sendmail: accepting connections >21764 ? S 0:00 /usr/sbin/sendmail -q1m >21773 ? S 0:00 /usr/bin/perl /usr/local/MailScanner/bin/mailscanner >/usr/local/MailScanner/etc/mailscanner.conf > >and below this: > >21868 ? Z 0:00 [mailscanner ] > >Anybody seen this? It seems like Mailscanner is working ok but I am a little >worried about the defunct process... >Does it mean that it breaks when scanning a message/bunch of messages? If >so, why? I have recently uppgraded to the latest version (rpm on redhat 7.2) >but I dont see any major changes that could cause this behaviour... > >Stay alert! :-) >--------------------------------- >Carl Boberg >System & N?tverksadministrat?r >Enheten f?r informationsteknologi >Naturhistoriska Riksmuseet >carl.boberg@nrm.se >Tel: 08-519 551 16 >Mob: 0701-82 40 55 >--------------------------------- -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From philk at TCP.NET.UK Thu Aug 29 09:27:43 2002 From: philk at TCP.NET.UK (Phil Kendall) Date: Thu Jan 12 21:15:28 2006 Subject: Mailscanner consuming resources Message-ID: <2EA7D94851025446810834BA2DED5E6D014100@adonis.tcp.net.uk> Usualy about twice a day I am getting a problem with mailscanner where it will fail to sweep a message correctly and the message will never leave the mailscanner/incoming directory. The load averages the machine will reach up to and over 1.0. During this time the top two processes are mailscanner and sweep. To bring the load averages down I have to go into the /var/spool/mqueue.in directory and delete both the qf and df files for the message that is 'stuck'. I am running mailscanner-3.15-3 with Sophos on Solaris 8 on an intel platform. Has anyone else come across this, or know what might be causing it? Phil Kendall Technical Systems Administrator Total Connectivity Providers From raymond at PROLOCATION.NET Thu Aug 29 09:29:02 2002 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:15:28 2006 Subject: Mailscanner consuming resources In-Reply-To: <2EA7D94851025446810834BA2DED5E6D014100@adonis.tcp.net.uk> Message-ID: Hi! > To bring the load averages down I have to go into the > /var/spool/mqueue.in directory and delete both the qf and df files for > the message that is 'stuck'. > > I am running mailscanner-3.15-3 with Sophos on Solaris 8 on an intel > platform. Can you at least upgrade to a more recent version when mailing things like this ? There is a lot changed anyway during the last versions. Current: 3.22-12 15th August 2002 Bye, Raymond. From mailscanner at ecs.soton.ac.uk Thu Aug 29 09:40:51 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:28 2006 Subject: Mailscanner consuming resources In-Reply-To: <2EA7D94851025446810834BA2DED5E6D014100@adonis.tcp.net.uk> Message-ID: <5.1.0.14.2.20020829093907.04b91d60@imap.ecs.soton.ac.uk> Check your /var/spool/MailScanner/incoming directory tree for any core files. Does it say anything in the logs? Have you studied the contents of the message to see why it might cause a problem? Modern versions of MailScanner have timeouts on everything invoked externally to protect against DoS attacks. At 09:27 29/08/2002, you wrote: >Usualy about twice a day I am getting a problem with mailscanner where >it will fail to sweep a message correctly and the message will never >leave the mailscanner/incoming directory. The load averages the machine >will reach up to and over 1.0. During this time the top two processes >are mailscanner and sweep. > >To bring the load averages down I have to go into the >/var/spool/mqueue.in directory and delete both the qf and df files for >the message that is 'stuck'. > >I am running mailscanner-3.15-3 with Sophos on Solaris 8 on an intel >platform. > >Has anyone else come across this, or know what might be causing it? > > >Phil Kendall >Technical Systems Administrator >Total Connectivity Providers -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From philk at TCP.NET.UK Thu Aug 29 09:51:18 2002 From: philk at TCP.NET.UK (Phil Kendall) Date: Thu Jan 12 21:15:28 2006 Subject: Mailscanner consuming resources Message-ID: <2EA7D94851025446810834BA2DED5E6D014101@adonis.tcp.net.uk> The log files say that mailscanner failed to link message bodies between queues. > -----Original Message----- > From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > Sent: 29 August 2002 09:41 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Mailscanner consuming resources > > > Check your /var/spool/MailScanner/incoming directory tree for > any core files. > Does it say anything in the logs? > Have you studied the contents of the message to see why it > might cause a > problem? > Modern versions of MailScanner have timeouts on everything invoked > externally to protect against DoS attacks. > > At 09:27 29/08/2002, you wrote: > >Usualy about twice a day I am getting a problem with > mailscanner where > >it will fail to sweep a message correctly and the message will never > >leave the mailscanner/incoming directory. The load averages > the machine > >will reach up to and over 1.0. During this time the top two processes > >are mailscanner and sweep. > > > >To bring the load averages down I have to go into the > >/var/spool/mqueue.in directory and delete both the qf and df > files for > >the message that is 'stuck'. > > > >I am running mailscanner-3.15-3 with Sophos on Solaris 8 on an intel > >platform. > > > >Has anyone else come across this, or know what might be causing it? > > > > > >Phil Kendall > >Technical Systems Administrator > >Total Connectivity Providers > > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ > From mailscanner at ecs.soton.ac.uk Thu Aug 29 10:02:49 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:28 2006 Subject: Mailscanner consuming resources In-Reply-To: <2EA7D94851025446810834BA2DED5E6D014101@adonis.tcp.net.uk> Message-ID: <5.1.0.14.2.20020829100050.05070ec0@imap.ecs.soton.ac.uk> At 09:51 29/08/2002, you wrote: >The log files say that mailscanner failed to link message bodies between >queues. Check you haven't got multiple MailScanner processes running. And you are using a vaguely recent version of sendmail aren't you? There aren't many reasons why the linking can fail :-( > > -----Original Message----- > > From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > > Sent: 29 August 2002 09:41 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Mailscanner consuming resources > > > > > > Check your /var/spool/MailScanner/incoming directory tree for > > any core files. > > Does it say anything in the logs? > > Have you studied the contents of the message to see why it > > might cause a > > problem? > > Modern versions of MailScanner have timeouts on everything invoked > > externally to protect against DoS attacks. > > > > At 09:27 29/08/2002, you wrote: > > >Usualy about twice a day I am getting a problem with > > mailscanner where > > >it will fail to sweep a message correctly and the message will never > > >leave the mailscanner/incoming directory. The load averages > > the machine > > >will reach up to and over 1.0. During this time the top two processes > > >are mailscanner and sweep. > > > > > >To bring the load averages down I have to go into the > > >/var/spool/mqueue.in directory and delete both the qf and df > > files for > > >the message that is 'stuck'. > > > > > >I am running mailscanner-3.15-3 with Sophos on Solaris 8 on an intel > > >platform. > > > > > >Has anyone else come across this, or know what might be causing it? > > > > > > > > >Phil Kendall > > >Technical Systems Administrator > > >Total Connectivity Providers > > > > -- > > Julian Field Teaching Systems Manager > > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > > Tel. 023 8059 2817 University of Southampton > > Southampton SO17 1BJ > > -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From philk at TCP.NET.UK Thu Aug 29 10:59:51 2002 From: philk at TCP.NET.UK (Phil Kendall) Date: Thu Jan 12 21:15:28 2006 Subject: Mailscanner consuming resources Message-ID: <2EA7D94851025446810834BA2DED5E6D800E0A@adonis.tcp.net.uk> Only one mailscanner process is running. I have updated to the lastest version of mailscanner and I will see how that goes. > -----Original Message----- > From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > Sent: 29 August 2002 10:03 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Mailscanner consuming resources > > > At 09:51 29/08/2002, you wrote: > >The log files say that mailscanner failed to link message > bodies between > >queues. > > Check you haven't got multiple MailScanner processes running. > And you are using a vaguely recent version of sendmail aren't you? > There aren't many reasons why the linking can fail :-( > > > > -----Original Message----- > > > From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > > > Sent: 29 August 2002 09:41 > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Subject: Re: Mailscanner consuming resources > > > > > > > > > Check your /var/spool/MailScanner/incoming directory tree for > > > any core files. > > > Does it say anything in the logs? > > > Have you studied the contents of the message to see why it > > > might cause a > > > problem? > > > Modern versions of MailScanner have timeouts on everything invoked > > > externally to protect against DoS attacks. > > > > > > At 09:27 29/08/2002, you wrote: > > > >Usualy about twice a day I am getting a problem with > > > mailscanner where > > > >it will fail to sweep a message correctly and the > message will never > > > >leave the mailscanner/incoming directory. The load averages > > > the machine > > > >will reach up to and over 1.0. During this time the top > two processes > > > >are mailscanner and sweep. > > > > > > > >To bring the load averages down I have to go into the > > > >/var/spool/mqueue.in directory and delete both the qf and df > > > files for > > > >the message that is 'stuck'. > > > > > > > >I am running mailscanner-3.15-3 with Sophos on Solaris 8 > on an intel > > > >platform. > > > > > > > >Has anyone else come across this, or know what might be > causing it? > > > > > > > > > > > >Phil Kendall > > > >Technical Systems Administrator > > > >Total Connectivity Providers > > > > > > -- > > > Julian Field Teaching Systems Manager > > > jkf@ecs.soton.ac.uk Dept. of Electronics & > Computer Science > > > Tel. 023 8059 2817 University of Southampton > > > Southampton SO17 1BJ > > > > > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ > From dll at SCITOOLS.COM Thu Aug 29 13:03:03 2002 From: dll at SCITOOLS.COM (Dan Leavitt) Date: Thu Jan 12 21:15:28 2006 Subject: Bind to different outgoing address References: <2EA7D94851025446810834BA2DED5E6D800E0A@adonis.tcp.net.uk> Message-ID: <003b01c24f54$0e207310$170aa8c0@DELL> Hi, How can I cause the outgoing sendmail to bind to a different address? Does mailscanner control this? Thanks, Dan From Matthew_doherty at DATAWATCH.COM Thu Aug 29 13:59:46 2002 From: Matthew_doherty at DATAWATCH.COM (Matt Doherty) Date: Thu Jan 12 21:15:28 2006 Subject: SA problem since MS upgrade Message-ID: I have a RedHat 7.3 with no upgrades to sendmail, and Mailscanner is great with spamassassin. Matt Doherty IT Dept Datawatch Corp >>In a world without walls or fences, who needs Windows and Gates?<< -----Original Message----- From: Brandon Friedman [mailto:brandonf@BFCONSULT.CO.ZA] Sent: Thursday, August 29, 2002 4:05 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: SA problem since MS upgrade Hi Julian I haven't done very much messing around on the box as it is our main production server. I have been testing on a test server but I can't seem to replicate the problem BTW it a RH7.3 box with sendmail I also edited the whitelist and added the From and To statements. What I can gather is that this was more an issue with whitelist members be tagged as spammers? The rest seem to be genuine spam alerts. Julian Field wrote: > First off, has anyone else seen this problem? > I haven't heard any reports of this from anyone else, so it may be a Perl > oddity in your setup. > > What version of Perl are you using? And on what operating system? > > Are you getting the spam report in the log for these messages as well as > the subject-line tag? (you might need to turn on spam logging first) > > Please try changing lines 442-443 of sendmail.pl from > $IsSpam->{$mID} = 1 if $ThisIsSpam; > $IsSpam->{$mID} = 'high' if $ThisIsHigh; > to > $IsSpam->{"$mID"} = 1 if $ThisIsSpam; > $IsSpam->{"$mID"} = 'high' if $ThisIsHigh; > > If you aren't getting the log entries as well, then for some reason > $ThisIsHigh is being set without $ThisIsSpam being set (which shouldn't be > possible). > > Let's see what happens now (and see what other responses we get from anyone > else), then I'll dig further. > > I've just done a diff between 3.22-10 and 3.22-12. All the spam detection > code is in sendmail.pl and here's the diff between the 2 versions of it: > >> 4c4 >> < # $Id: sendmail.pl,v 1.99.2.22 2002/07/17 15:27:02 jkf Exp $ >> --- >> > # $Id: sendmail.pl,v 1.99.2.28 2002/07/30 15:51:46 jkf Exp $ > > In other words, none of that code has changed, so the change in behaviour > has got to be something a lot more subtle... > > Keep me posted. > Jules > At 20:30 27/08/2002, you wrote: > >> Hi folks >> >> I upgrade my mailscanner to mailscanner-3.22-12 from mailscanner-3.22-10. >> >> The problem is that some e-mail message....(HTML) are being tagged as >> spam in the subject line but I looked at the message source and it >> indicates that it isn't spam: >> >> X-MailScanner: Found to be clean >> X-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (score=4.7, >> required 8, SUBJ_HAS_Q_MARK, DEAR_SOMEBODY, CLICK_BELOW, >> DOUBLE_CAPSWORD, EMAIL_MARKETING, SUPERLONG_LINE, >> HTML_WITH_BGCOLOR, >> MAILTO_LINK, FREQ_SPAM_PHRASE, AWL) >> >> >> Any ideas? >> As a matter of fact I see that this is actually whitelisted! >> -- >> >> Regards >> Brandon Friedman >> Cell:083 408 7840 >> E-mail: brandonf@bfconsult.co.za >> www.bfconsult.co.za > > > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ > -- Regards Brandon Friedman Cell:083 408 7840 E-mail: brandonf@bfconsult.co.za www.bfconsult.co.za -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020829/22c47288/attachment.html From Matthew_doherty at DATAWATCH.COM Thu Aug 29 13:57:33 2002 From: Matthew_doherty at DATAWATCH.COM (Matt Doherty) Date: Thu Jan 12 21:15:29 2006 Subject: Help configuring MRTG Message-ID: Are you guys talking about a Sendmail Log Analysis Report? there is a way better utility for that that you might want to modify to add a field for mailscanner and spam assassin results. Its called SMA, version 1.1 it outputs to text or html format. I recommend it 100% example : http://www.klake.org/sma/example.html download it here : http://www.klake.org/sma/ I hope this helps! I made a cron script to run it daily as well as outputting 4 other html pages for my older logs such as: maillog.1 maillog.2 etc.. log rotations.. Real nice when you want a statistical report at your finger tips.. Only thing is, Im not a programmer. So I cant modify the code to collect data for mailscanner and spamassassin. :( If you guys could, and like this program, could you modify it for mailscanner and upload it to the list?? Matt Doherty IT Dept Datawatch Corp >>In a world without walls or fences, who needs Windows and Gates?<< -----Original Message----- From: Mike Kercher [mailto:mike@CAMAROSS.NET] Sent: Wednesday, August 28, 2002 6:54 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Help configuring MRTG The instructions are on the mailscanner website. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Thom Paine Sent: Wednesday, August 28, 2002 4:47 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Help configuring MRTG On Wed, 2002-08-28 at 17:36, Brian Chivers wrote: > OK will I can now see the mail but spam and virus's are still at zero. > > Keep the idea's coming > Can I get in on this MRTG configuration? I'd like to see what kind of numbers my server is doing. I have MRTG working on my internet interface so I can see bandwidth, how do I get it to also show email, viruses, and spam? Thanks. -- -=/>Thom Red Hat Linux release 7.3 (Valhalla) running Linux Kernel 2.4.18-10 Uptime: 5:46pm up 1 day, 28 min, 1 user, load average: 0.43, 0.22, 0.13 Registered Linux User #214499 http://counter.li.org -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020829/dc5bca72/attachment.html From mailscanner at ecs.soton.ac.uk Thu Aug 29 14:08:25 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:29 2006 Subject: Bind to different outgoing address In-Reply-To: <003b01c24f54$0e207310$170aa8c0@DELL> References: <2EA7D94851025446810834BA2DED5E6D800E0A@adonis.tcp.net.uk> Message-ID: <5.1.0.14.2.20020829140802.04cb5408@imap.ecs.soton.ac.uk> At 13:03 29/08/2002, you wrote: >How can I cause the outgoing sendmail to bind to a different address? Does >mailscanner control this? The outgoing sendmail is started up by the init.d script, so you can change the command-line options to anything you like. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From Matthew_doherty at DATAWATCH.COM Thu Aug 29 14:30:29 2002 From: Matthew_doherty at DATAWATCH.COM (Matt Doherty) Date: Thu Jan 12 21:15:29 2006 Subject: Help configuring MRTG Message-ID: I just sent the author of SMA an email explaining Spamassassin and MailScanner with links to their pages. I suggested to him, to add/or modify his code to include statistical reporting of MS and SA , in the maillog, to output their statistics in html too.. It could be a commented out choice in hid conf file for people to enable or disable.. Hopefully he will agree! Matt Doherty IT Dept Datawatch Corp >>In a world without walls or fences, who needs Windows and Gates?<< -----Original Message----- From: Matt Doherty [mailto:Matthew_doherty@DATAWATCH.COM] Sent: Thursday, August 29, 2002 10:05 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Help configuring MRTG Are you guys talking about a Sendmail Log Analysis Report? there is a way better utility for that that you might want to modify to add a field for mailscanner and spam assassin results. Its called SMA, version 1.1 it outputs to text or html format. I recommend it 100% example : http://www.klake.org/sma/example.html download it here : http://www.klake.org/sma/ I hope this helps! I made a cron script to run it daily as well as outputting 4 other html pages for my older logs such as: maillog.1 maillog.2 etc.. log rotations.. Real nice when you want a statistical report at your finger tips.. Only thing is, Im not a programmer. So I cant modify the code to collect data for mailscanner and spamassassin. :( If you guys could, and like this program, could you modify it for mailscanner and upload it to the list?? Matt Doherty IT Dept Datawatch Corp >>In a world without walls or fences, who needs Windows and Gates?<< -----Original Message----- From: Mike Kercher [mailto:mike@CAMAROSS.NET] Sent: Wednesday, August 28, 2002 6:54 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Help configuring MRTG The instructions are on the mailscanner website. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Thom Paine Sent: Wednesday, August 28, 2002 4:47 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Help configuring MRTG On Wed, 2002-08-28 at 17:36, Brian Chivers wrote: > OK will I can now see the mail but spam and virus's are still at zero. > > Keep the idea's coming > Can I get in on this MRTG configuration? I'd like to see what kind of numbers my server is doing. I have MRTG working on my internet interface so I can see bandwidth, how do I get it to also show email, viruses, and spam? Thanks. -- -=/>Thom Red Hat Linux release 7.3 (Valhalla) running Linux Kernel 2.4.18-10 Uptime: 5:46pm up 1 day, 28 min, 1 user, load average: 0.43, 0.22, 0.13 Registered Linux User #214499 http://counter.li.org -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020829/4d3b3c78/attachment.html From t.d.lee at DURHAM.AC.UK Thu Aug 29 14:57:07 2002 From: t.d.lee at DURHAM.AC.UK (David Lee) Date: Thu Jan 12 21:15:29 2006 Subject: Help configuring MRTG In-Reply-To: <200208282129.g7SLTBr17693@ori.rl.ac.uk> Message-ID: On Wed, 28 Aug 2002, Brian Chivers wrote: > I've tried to configure MRTG to monitor traffic but I'm running into some > problems. > > First , am I correct in think that the script sendmail.logs.pl needs the > log file (maillog) copied from /var/log to another location. > > Secondly when I run sendmail.logs.pl mail I get the following result > > 1367 > 0 > Not Applicable > TPC Mail Servers > > but when I run MRTG I dont get anything just this under the weekly graph > Max messages: 0.0 Messages (0.0%) Average messages: 0.0 Messages > (0.0%) Current messages: 0.0 Messages (0.0%) > > What am I doing wrong, what should I check As a more general point: The data-handling and data-display aspects of MRTG have been separated out into a general purpose "rrdtool". And within that, the data-handling and data-display are themselves cleanly separated. See: http://www.rrdtool.org/ which also gives several examples of the sorts of data folk are collecting and logging with rrdtool: http://www.rrdtool.org/rrdworld/ I, too, had trouble trying to hook "sendmail.logs.pl" onto MRTG. And coercing sendmail.logs.pl also "felt" intuitively flawed. The "rrdtool" interface feels better and cleaner. Could I suggest that the MailScanner project (Julian Field and/or Nick Phillips) consider replacing (perhaps in a phased manner) references to MRTG by references to rrdtool? Using "rrdtool" still requires a reasonable amount of "getting to grips" work if starting from scratch. But, as part of the above, general guidelines for our MailScanner activities could be prepared for folk to use. Hope that helps. -- : David Lee I.T. Service : : Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham : : Phone: +44 191 374 2882 U.K. : From mailscanner at ecs.soton.ac.uk Thu Aug 29 15:05:03 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:29 2006 Subject: Help configuring MRTG In-Reply-To: References: <200208282129.g7SLTBr17693@ori.rl.ac.uk> Message-ID: <5.1.0.14.2.20020829150423.04cfea28@imap.ecs.soton.ac.uk> We seem to be re-running a previous conversation... Someone fancy writing an FAQ article for me on this subject please? -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From Matthew_doherty at DATAWATCH.COM Thu Aug 29 15:50:07 2002 From: Matthew_doherty at DATAWATCH.COM (Matt Doherty) Date: Thu Jan 12 21:15:29 2006 Subject: Help configuring MRTG Message-ID: TOOL Matt Doherty IT Dept Datawatch Corp >>In a world without walls or fences, who needs Windows and Gates?<< -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: Thursday, August 29, 2002 11:08 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Help configuring MRTG We seem to be re-running a previous conversation... Someone fancy writing an FAQ article for me on this subject please? -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020829/79b1eaca/attachment.html From LISTSERV at JISCMAIL.AC.UK Thu Aug 29 19:33:58 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:29 2006 Subject: MAILSCANNER: josh@CENTEONET.COM requested to join Message-ID: <200208291833.TAA08642@magpie.ecs.soton.ac.uk> Thu, 29 Aug 2002 19:33:58 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from Duckster McQuack . You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER josh@CENTEONET.COM Duckster McQuack The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+josh%40CENTEONET.COM+Duckster+McQuack&L=MAILSCANNER ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From LISTSERV at JISCMAIL.AC.UK Fri Aug 30 04:35:19 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:29 2006 Subject: MAILSCANNER: danieltan@SHOPNSAVE.COM.SG requested to join Message-ID: <200208300335.EAA21242@magpie.ecs.soton.ac.uk> Fri, 30 Aug 2002 04:35:19 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from Daniel Tan . You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER danieltan@SHOPNSAVE.COM.SG Daniel Tan The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+danieltan%40SHOPNSAVE.COM.SG+Daniel+Tan&L=MAILSCANNER ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From mailscanner at BARENDSE.TO Fri Aug 30 10:48:49 2002 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:15:29 2006 Subject: Blocking Delivery Status Notifications? In-Reply-To: Message-ID: Hi! I am using a linux box which is connected to the internet as a relay to/from an Exchange 2000 server. I would like to completely disable (block) all outgoing DSN (Read Receipt and DSN messages (your message has been successfully delivered to blah blah). Is there a way to reset the flags on the incoming e-mail to prevent Exchange from sending these messages? I tried to disable this 'feature' in Exchange 2000 first but it doesn't seem possible. Also I would like to disable to non-delivery messages. We have lots of ND messages as a result of spam to invalid e-mail adresses. Thanks for any input given! Best regards, Remco From LISTSERV at JISCMAIL.AC.UK Fri Aug 30 10:48:44 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:29 2006 Subject: MAILSCANNER: s.zeisler@MINDLAB.DE requested to join Message-ID: <200208300948.KAA19790@magpie.ecs.soton.ac.uk> Fri, 30 Aug 2002 10:48:44 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from Stephan Zeisler . You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER s.zeisler@MINDLAB.DE Stephan Zeisler The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+s.zeisler%40MINDLAB.DE+Stephan+Zeisler&L=MAILSCANNER ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From LISTSERV at JISCMAIL.AC.UK Fri Aug 30 11:27:36 2002 From: LISTSERV at JISCMAIL.AC.UK (L-Soft list server at JISCMAIL (1.8e)) Date: Thu Jan 12 21:15:29 2006 Subject: MAILSCANNER: g.welter@ROCLEIDEN.NL requested to join Message-ID: <200208301027.LAA24817@magpie.ecs.soton.ac.uk> Fri, 30 Aug 2002 11:27:36 A request for subscription to the MAILSCANNER list (MailScanner mailing list) has been received from Gerben Welter . You can, at your discretion, send the following command to LISTSERV@JISCMAIL.AC.UK to add this person to the list: ADD MAILSCANNER g.welter@ROCLEIDEN.NL Gerben Welter The simplest way to do this is to click on the following link: http://jiscmail.ac.uk/cgi-bin/wa.exe?LCMD=ADD+MAILSCANNER+g.welter%40ROCLEIDEN.NL+Gerben+Welter&L=MAILSCANNER ------------------------- Original mail header -------------------------- [Request submitted through anonymous TCP/IP interface from 127.0.0.1] From mailscanner at ecs.soton.ac.uk Fri Aug 30 12:08:01 2002 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:15:29 2006 Subject: Blocking Delivery Status Notifications? In-Reply-To: References: Message-ID: <5.1.0.14.2.20020830120506.05739cc0@imap.ecs.soton.ac.uk> From the Bat Book (O'Reilly sendmail book), if you rebuild sendmail with ENVDEF= -DDSN=0 in your Makefile, it should disable all DSN support. You will probably find your Makefile in one of the obj.* directories in the sendmail build tree. Build it once using the defaults (as that will also create the sendmail Makefile specific to your system), then tweak the Makefile and rebuild just the sendmail binary. At 10:48 30/08/2002, you wrote: >Hi! > >I am using a linux box which is connected to the internet as a relay >to/from an Exchange 2000 server. > >I would like to completely disable (block) all outgoing DSN (Read Receipt >and DSN messages (your message has been successfully delivered to blah >blah). > >Is there a way to reset the flags on the incoming e-mail to prevent >Exchange from sending these messages? > >I tried to disable this 'feature' in Exchange 2000 first but it doesn't >seem possible. > >Also I would like to disable to non-delivery messages. We have lots of ND >messages as a result of spam to invalid e-mail adresses. > >Thanks for any input given! > >Best regards, >Remco -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ From P.G.M.Peters at civ.utwente.nl Fri Aug 30 12:12:37 2002 From: P.G.M.Peters at civ.utwente.nl (Peter Peters) Date: Thu Jan 12 21:15:29 2006 Subject: Blocking Delivery Status Notifications? In-Reply-To: References: Message-ID: On Fri, 30 Aug 2002 11:48:49 +0200, you wrote: >I am using a linux box which is connected to the internet as a relay >to/from an Exchange 2000 server. > >I would like to completely disable (block) all outgoing DSN (Read Receipt >and DSN messages (your message has been successfully delivered to blah >blah). This is actually a sendmail question. I would advise to check the newsgroup comp.mail.sendmail. >Is there a way to reset the flags on the incoming e-mail to prevent >Exchange from sending these messages? True DSN is handled in the envelop session (part of RCPT TO:). If you configure sendmail not to support DSN it shouldn't get past the sendmail server. -- Peter Peters senior netwerkbeheerder, Centrum voor Informatievoorziening, Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: +31 53 489 2301, fax:+31 53 489 2383, http://www.utwente.nl/civ From henrik at LEWANDER.COM Fri Aug 30 13:22:41 2002 From: henrik at LEWANDER.COM (Henrik Lewander) Date: Thu Jan 12 21:15:29 2006 Subject: Can't set GID 8 Message-ID: <1f4801c2501f$f2a2a9b0$05c6a8c0@gbg.bluelabs.se> Hello mailscanner friends, I found a problem today after an upgrade to 3.22.12 (debian): Starting virus scanner... Can't set GID 8 at /usr/share/mailscanner/logger.pl line 64. Group 8 is mail and it worked fine in the last delivery. As a temporary fix I changed the group to root in mailscanner.conf. Ideas? Regards, Henrik