From patricksteiner at BLUEWIN.CH Tue Apr 1 02:23:53 2003
From: patricksteiner at BLUEWIN.CH (Patrick Steiner)
Date: Thu Jan 12 21:17:40 2006
Subject: command line spamassassin make not the same test as mailscanner
In-Reply-To: <5.2.0.9.2.20030331193454.02647698@imap.ecs.soton.ac.uk>
References: <5.2.0.9.2.20030331193454.02647698@imap.ecs.soton.ac.uk>
Message-ID: <3E88EA29.5060209@bluewin.ch>
yes i have see this line but i haven't set skip_rbl_checks
--------snip-----------
# By default, SpamAssassin will run RBL checks. If your ISP already
# does this, set this to 1.
#
# skip_rbl_checks 1
###########################################################################
-------snip------------
Julian Field wrote:
> The differences are that MailScanner for some reason didn't do the RBL
> checks.
>
> RCVD_IN_OSIRUSOFT_COM (0.6 points) RBL: Received via a relay in
> relays.osirusoft.com
> [RBL check: found
> 228.40.150.66.relays.osirusoft.com., type: 127.0.0.6]
> X_OSIRU_SPAMWARE_SITE (1.1 points) RBL: DNSBL: sender is a Spamware
> site or vendor
> RCVD_IN_SBL (0.6 points) RBL: Received via SBLed relay, see
> http://www.spamhaus.org/sbl/
> [RBL check: found 228.40.150.66.sbl.spamhaus.org.]
>
> Please check you spam.assassin.prefs.conf file and be sure you haven't
> got
> "skip_rbl_checks" set.
>
> At 18:07 31/03/2003, you wrote:
>
>> command line spamassassin make not the same test as mailscanner
>> but this test is for me very important because it defined are this mail
>> spam or not
>> and this mail is a spam mail
>>
>> EXAMPLE:
>> -------------
>>
>> The follow report is from a spammail and mailscanner doesent catch
>> this mail
>> as spam
>>
>>
>> Spamassassin -D
>> -----------------
>>
>> Content analysis details: (6.40 points, 5 required)
>> SEARCH_ENGINE_PROMO (1.7 points) BODY: Discusses search engine listings
>> HTML_WEB_BUGS (0.1 points) BODY: Image tag with an ID code to
>> identify you
>> HTML_30_40 (0.8 points) BODY: Message is 30% to 40% HTML
>> HTML_MESSAGE (0.1 points) BODY: HTML included in message
>> HTML_LINK_CLICK_HERE (0.1 points) BODY: HTML link text says "click
>> here"
>> HTML_TABLE_THICK_BORDER (1.1 points) BODY: HTML table has thick border
>> HTML_FONT_COLOR_GRAY (0.1 points) BODY: HTML font color is gray
>> RCVD_IN_OSIRUSOFT_COM (0.6 points) RBL: Received via a relay in
>> relays.osirusoft.com
>> [RBL check: found
>> 228.40.150.66.relays.osirusoft.com., type: 127.0.0.6]
>> X_OSIRU_SPAMWARE_SITE (1.1 points) RBL: DNSBL: sender is a Spamware
>> site or vendor
>> RCVD_IN_SBL (0.6 points) RBL: Received via SBLed relay, see
>> http://www.spamhaus.org/sbl/
>> [RBL check: found 228.40.150.66.sbl.spamhaus.org.]
>> CLICK_BELOW (0.1 points) Asks you to click below
>>
>>
>>
>>
>>
>> Mailscanner:
>> -------------
>>
>> X-MailScanner-SpamCheck: not spam, SpamAssassin (score=4.1, required
>> 4.4,
>>
>> CLICK_BELOW, HTML_30_40, HTML_FONT_COLOR_GRAY,
>> HTML_LINK_CLICK_HERE,
>> HTML_MESSAGE, HTML_TABLE_THICK_BORDER, HTML_WEB_BUGS,
>> SEARCH_ENGINE_PROMO)
>
>
> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
>
>
From patricksteiner at BLUEWIN.CH Tue Apr 1 02:34:46 2003
From: patricksteiner at BLUEWIN.CH (Patrick Steiner)
Date: Thu Jan 12 21:17:40 2006
Subject: Dcc check doesn't work
In-Reply-To: <5.2.0.9.2.20030331215247.0269d340@imap.ecs.soton.ac.uk>
References: <5.2.0.9.2.20030331215247.0269d340@imap.ecs.soton.ac.uk>
Message-ID: <3E88ECB6.3040307@bluewin.ch>
o.k thanks to jason and julian
the static link has solved the problem (ln -s /usr/local/bin/dccproc
/usr/bin)
P?de
Julian Field wrote:
> At 21:45 31/03/2003, you wrote:
>
>> I was just having this problem too. I think I fixed it by making a
>> symbolic link to dccproc in /usr/bin
>>
>> ln -s /usr/local/bin/dccproc /usr/bin
>>
>> I guess /usr/local/bin is not in the MailScanner's path.
>
>
> Indeed. MailScanner's path is /sbin:/bin:/usr/sbin:/usr/bin so that
> only system binaries will be found. This is quite intentional :)
> It's at line 73 of /usr/sbin/MailScanner if you really want to change it.
>
>>
>> You can also make sure you have
>>
>> use_dcc 1
>>
>> in spam.assassin.prefs.conf
>>
>> Jason
>>
>> -----Original Message-----
>> From: Patrick Steiner [mailto:patricksteiner@BLUEWIN.CH]
>> Sent: Monday, March 31, 2003 1:01 PM
>> To: MAILSCANNER@JISCMAIL.AC.UK
>> Subject: Re: [MAILSCANNER] Dcc check doesn't work
>>
>> yes but it dosen't working and i don't now why.......
>> i hope any people has any ideas to fix my problem
>>
>> Spicer, Kevin wrote:
>>
>>>>
>>>>this line is the only one that i can find
>>>>
>>>>
>>>># MailScanner: Comment out the next line to enable DCC checking if
>>>>you
>>>>
>>>>#
>>>>have dcc installed (optional part of SpamAssassin)
>>>>
>>>>score DCC_CHECK 5
>>>>
>>>>
>>>>
>>>
>>>Thats the one! Normally it is...
>>>
>>>score DCC_CHECK 0
>>>
>>>(giving a test a zero score disables it) so you would either comment
>>>it out (to use the default spamassassin score) or give it a none zero
>>>value, which is what you have done. It should be working.
>>>
>>>
>>>
>>>
>>>BMRB International
>>>
>>>http://www.bmrb.co.uk
>>>
>>>+44 (0)20 8566 5000
>>>
>>>_________________________________________________________________
>>>
>>>This message (and any attachment) is intended only for the
>>>
>>>recipient and may contain confidential and/or privileged
>>>
>>>material. If you have received this in error, please contact
>>>the
>>>
>>>sender and delete this message immediately. Disclosure,
>>>copying
>>>
>>>or other action taken in respect of this email or in
>>>
>>>reliance on it is prohibited. BMRB International Limited
>>>
>>>accepts no liability in relation to any personal emails, or
>>>
>>>content of any email which does not directly relate to our
>>>
>>>business.
>>>
>>>
>>>
>>>
>>>
>
> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
>
> MailScanner thanks transtec Computers for their support
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030401/dded9a2f/attachment.html
From raymond at PROLOCATION.NET Tue Apr 1 07:36:33 2003
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:17:40 2006
Subject: CERT Advisory CA-2003-12 Buffer Overflow in Sendmail
In-Reply-To:
Message-ID:
Hi!
> Their servers are difficult to get onto right now. But I found the
> updates on one mirror:
>
> ftp://ftp.dc.aleron.net/pub/linux/redhat/ftp.redhat.com/linux/updates/
I run a official RedHAt mirror.
ftp://ftp.quicknet.nl/pub/Linux/ftp.redhat.com/updates
> I haven't had any luck running up2date either - just get errors
> referring to "high load".
Thats since RedHat 9 is out and ONLY available right now via RHN, so
their link is loaded...
Bye,
Raymond.
From raymond at PROLOCATION.NET Tue Apr 1 07:45:19 2003
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:17:40 2006
Subject: MailScanner Status Check
In-Reply-To: <20030331213548.GC2792@mew.kcbbs.gen.nz>
Message-ID:
Hi!
> I've just upgraded sendmail on a Redhat 8.0 to v 8.12.8-5.80
8.12-5.80 ?? What do you mean ?
> MailScanner: [ OK ]
> incoming sendmail: [FAILED]
> outgoing sendmail: [ OK ]
>
> But....everything *seems* to be working OK?
killall -9 sendmail and restart mailscanner again.
Bye,
Raymond.
From Kevin.Spicer at BMRB.CO.UK Tue Apr 1 07:51:38 2003
From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin)
Date: Thu Jan 12 21:17:40 2006
Subject: MailScanner Status Check
Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0EBF4E6@pascal.priv.bmrb.co.uk>
> The status reports...
> Checking MailScanner daemons:
> MailScanner: [ OK ]
> incoming sendmail: [FAILED]
> outgoing sendmail: [ OK ]
>
> But....everything *seems* to be working OK?
>
Most probably it is!
The recent kernel updates changed the output of ps, which caused the status check in the init script to break. See the "MailScanner 4.12-2 / 4.13-3 incoming failed" thread last week (I think there may have been a fix there too).
BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material. If you have received this in error, please contact the
sender and delete this message immediately. Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited. BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.
From leduc at CTS.COM Tue Apr 1 08:09:58 2003
From: leduc at CTS.COM (Gene & Mary LeDuc)
Date: Thu Jan 12 21:17:40 2006
Subject: MailScanner Status Check
Message-ID: <2.2.16.20030401070958.10374792@crash.cts.com>
I'm seeing the same thing on RH 8.0 with sendmail 8.12.8-5.80. It appears
to be running, processing incoming and outgoing mail, but the command
service MailScanner status
gives
>[root@organizer root]# service MailScanner status
>Checking MailScanner daemons:
> MailScanner: [ OK ]
> incoming sendmail: [FAILED]
> outgoing sendmail: [ OK ]
8.12.8-5.80 appears to be what RH decided to name 8.12.9
Killing the sendmail processes doesn't make any difference. Interestingly,
the stop and start commands behave as expected:
>[root@organizer root]# service MailScanner stop
>Shutting down MailScanner daemons:
> MailScanner: [ OK ]
> incoming sendmail: [ OK ]
> outgoing sendmail: [ OK ]
>[root@organizer root]# killall -9 sendmail
>sendmail: no process killed
>[root@organizer root]# service MailScanner start
>Starting MailScanner daemons:
> incoming sendmail: [ OK ]
> outgoing sendmail: [ OK ]
> MailScanner: [ OK ]
The status check at the beginning was run right after the above start and
stop commands.
From raymond at PROLOCATION.NET Tue Apr 1 08:10:41 2003
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:17:40 2006
Subject: MailScanner Status Check
In-Reply-To: <2.2.16.20030401070958.10374792@crash.cts.com>
Message-ID:
Hi!
> >Starting MailScanner daemons:
> > incoming sendmail: [ OK ]
> > outgoing sendmail: [ OK ]
> > MailScanner: [ OK ]
>
> The status check at the beginning was run right after the above start and
> stop commands.
My guess is that the instal script started sendmail right after. So if
you restart mailscanner it would error once but thats it...
Bye,
Raymond.
From jase at SENSIS.COM Tue Apr 1 16:27:34 2003
From: jase at SENSIS.COM (Desai, Jason)
Date: Thu Jan 12 21:17:40 2006
Subject: Logging stops after reload of syslog-ng
Message-ID:
I've been noticing in my mail.log file that there are gaps in the logs.
Specifically, when syslog-ng is reloaded (every day around 6:30 am)
MailScanner logs stop until MailScanner does its automatic restart.
I am using Debian (Woody) and it looks like this is happening during the log
rotation process. Syslog-ng is configured to run "/etc/init.d/syslog-ng
reload" after it rotates log files. This appears to do a "kill -1" on the
syslog-ng process. Other processes don't seem to have problems logging
after this - just MailScanner. Manually restarting MailScanner also fixes
the problem.
I am running:
MailScanner 4.12-2
syslog-ng 1.5.15-1.1
perl 5.6.1-8.2
Is anyone else seeing this behavior? Is this a problem specific to
syslog-ng?
I wonder if this could be fixed by re-opening the syslog? Would it be
possible to check for an error when logging, or checking if the log is no
longer opened, and if so, re-open it? Doing a quick look at perldoc
Sys::Syslog does not indicate there are any return values for the syslog
function. :-( Any ideas?
Thanks.
Jason
From brian at UNEARTHED.ORG Tue Apr 1 18:47:13 2003
From: brian at UNEARTHED.ORG (Brian May)
Date: Thu Jan 12 21:17:40 2006
Subject: F-Secure Anti-Virus for Linux Release 4.50 build 2111 now available...
Message-ID: <000901c2f878$0cd45080$8801020a@brianmay>
Highlites:
FSAV can now scan files with path names longer than 255 characters.
New maximum length is 4076 characters.
The archive scanning supports more archive types including LHA, RAR,
GZIP, TAR, CAB and BZ2 archives.
The Kaspersky Labs. AVP scan engine is included in addition
to Frisk Software International F-PROT scan engine and files are
scanned with two scan engines by default.
The program has two binaries, namely fsav and fsavd. The fsavd works
as a scanning daemon and fsav as a client to send scan requests to
the daemon. The fsavd has one master process to control the client
connections and scan engines and one process for each scan engine.
The new architecture reduces the fsav startup time and increases the
performance in subsequent scan requests.
==========================================================================
RELEASE NOTES FOR
F-Secure Anti-Virus for Linux
Release 4.50 build 2111
==========================================================================
This Release Notes document is for F-Secure Anti-Virus for Linux. This
Document contains late-breaking information about the product. Please
refer to the manual for more information. The manual is available in
man(1) page format on the installation media.
* Technical Support
World-wide web: http://www.F-Secure.com/support/
Your local contact: @F-Secure.com
F-Secure contact: Anti-Virus-Support@F-Secure.com
* Sales
World-wide web: http://www.F-Secure.com/solutions/
Your local contact: @F-Secure.com
F-Secure contact: Anti-Virus-Sales@F-Secure.com
* F-Secure USA F-Secure Europe
F-Secure Inc. F-Secure Corporation
675 N. First Street, Tammasaarenkatu 7
5th floor
San Jose, CA 95112, USA FIN-00180 Helsinki, Finland
tel (408) 938 6700 tel +358 9 2520 0700
fax (408) 938 6701 fax +358 9 2520 5001
http://www.F-Secure.com/ http://www.Europe.F-Secure.com/
Please do not call F-Secure directly if you have a local F-Secure
Business Partner in your area. For an up-to-date listing of F-Secure
Business Partners world-wide, see http://www.F-Secure.com/partners/.
==========================================================================
Overview
==========================================================================
F-Secure Anti-Virus for Linux provides virus scanning capabilities
for Linux computers. The product supports a command line interface
that is suitable for both manual use and integration in systems
that need to perform virus scanning tasks. The command line interface
supports full functionality for virus detection, disinfection and
reporting.
F-Secure Anti-Virus' detection rate is ensured by multiple scanning
engines. Tools are provided for automated virus definition database
updating directly from F-Secure.
The product is especially optimized for use together with systems
that need to perform virus scanning on for example mail traffic.
Scanning engine daemon technology ensures optimal performance even
in situations where the command line scanner is invoked separately
for each scanned file.
Further information can be found in the F-Secure Anti-Virus for Linux
manual pages: fsav(1), fsavd(8), fsav.conf(5), fsavschedule(8)
and dbupdate(8).
==========================================================================
What Does It Include?
==========================================================================
This release includes the following components:
- F-Secure Anti-Virus for Linux v. 4.50
==========================================================================
What's New in F-Secure Anti-Virus for Linux v. 4.50
==========================================================================
The following features, enhancements and bug fixes have been
implemented in this release:
o Multiple virus scanning engines.
o Improved http-based virus definition update tool.
o Daemon-mode that improves the performance when integrating with for
example mail scanning solutions.
==========================================================================
Changes Compared to Previous Version
==========================================================================
The installation directory hierarchy has changed and the package
contains new files and directories. The program binaries are
installed under bin/ -directory, databases under databases/
-directory, scan engines and File Management Library under lib/
-directory, manual pages under man/ -directory and example fsavd
startup-script and configuration file under etc/ -directory. In
addition the program uses run/ -directory for run-time files and
update/ -directory for database updates. The directories are
relative to installation directory.
The Kaspersky Labs. AVP scan engine is included in addition
to Frisk Software International F-PROT scan engine and files are
scanned with two scan engines by default.
The program has two binaries, namely fsav and fsavd. The fsavd works
as a scanning daemon and fsav as a client to send scan requests to
the daemon. The fsavd has one master process to control the client
connections and scan engines and one process for each scan engine.
The new architecture reduces the fsav startup time and increases the
performance in subsequent scan requests.
The F-Secure File Management Library is included as a shared library
for better maintenance. The fsavd uses the library and is
dynamically linked with the libfm.so.
FSAV can now scan files with path names longer than 255 characters.
New maximum length is 4076 characters.
The program output has changed. The file infection and suspected
infection message formats are different and are shown for each scan
engine separately. The scan engines scan archive contents
independently and the output may vary even if the same archive is
scanned multiple times. The --list options does not list the clean
files inside archives because of the asynchronous nature of the scan
engines. Also, the nested archive names are not shown in infection
and suspected infection messages.
The configuration file format has changed. The older release cannot
parse the new configuration file properly and will give parse
errors, see the fsav.conf(5) manual page for details.
The database update script name has changed from fsavupdate to
dbupdate. The update script can do incremental database updates with
external database download tool and validates the databases with the
external validation tool. The database download tool is named
getdbhtp and the validation tool dbtool.
The database update must be done with dbupdate tool to validate the
databases and to make sure the update process does not interfere any
ongoing file scans.
The archive scanning supports more archive types including LHA, RAR,
GZIP, TAR, CAB and BZ2 archives.
The action confirmation logic has changed. The 'All' answer applies
to the confirmed action only.
The --nocheck -option is dropped from options.
New options introduced in this release: --configfile, --dbupdate,
--socketname, --input, --exclude, --exclude-from, --maxnested,
--scantimeout, --avp, --fprot, --shutdown, --standalone and
--usedaemon, see the fsav(1) and fsavd(8) manual pages for details.
The user can specify the directories to scan for fsavschedule,
see the fsavschedule(8) manual page for details.
==========================================================================
System Requirements
==========================================================================
F-Secure Anti-Virus for Linux v. 4.50 should be installed on a computer
that meets the following minimum system requirements:
Processor: x86
Memory: 32 MB RAM or more
Disk space to install: 30 MB
(20 MB for AV databases and database backups)
Supported Linux distributions:
Red Hat Linux 6.2 (glibc 2.1.3-22 or later),
Red Hat Linux 7.3,
Red Hat Linux 8.0,
Debian GNU/Linux 3.0,
SuSE Linux 8.1
F-Secure Anti-Virus for Linux can be installed on any Linux x86
with correct glibc version.
==========================================================================
Installation Instructions
==========================================================================
Please consult F-Secure Anti-Virus for Linux Guide for full step-to-step
instructions.
KEY CODES FOR INSTALLATION
The key code for installation can be found either:
o On a sticker on the CD-ROM envelope.
o On the back of the installation instructions booklet that comes
with your CD-ROM.
o In a mail that confirms your purchase.
Quick installation instructions:
- Make the installation package executable:
# chmod a+x fsav-srv-4.50.XXXX
- Execute the package:
# ./fsav-srv-4.50.XXXX
- The installer will ask for the license key. Enter the key code
to continue or press CTRL-C to cancel the installation.
- The installer will ask some questions. Press ENTER to accept
the default value for each question.
After the installation type "fsav --version" to verify that the
installation was successful. The output should show product,
scan engine and database versions.
==========================================================================
Upgrading from Previous Version
==========================================================================
F-Secure Anti-Virus for Linux cannot be upgraded. You will need to
manually remove the previous version and configuration data before
installing this version.
You can uninstall previous version by removing installation directory
/usr/local/fsav, configuration file /etc/fsav.conf or .fsav.conf in
user's home directory, symbolic link to binary /usr/local/bin/fsav
and symbolic link to manual page /usr/local/man/man1/fsav.1.
==========================================================================
Known Problems
==========================================================================
o SCR#26251: FSAV reports "clean" before "[disinfected]" when --list
is used with --disinf. The output contains one extra "clean"
line. This is the re-scan result after disinfection. The problem only
exists when using --list together with disinfection turned on. The
"clean" is only printed after disinfection, so it is factually correct
information.
o SCR#26223: fsavschedule schedules virus scans at midnight. If you
schedule automatic virus scan with fsavschedule, the hour of scan
will always be "0" no matter what is entered as as the hour of scan.
o SCR#26042: FSAV does not scan multiple files in parallel. This may be
a problem when large files block scanning of smaller files. Workaround
is to use --standalone to launch a new separate daemon for every scan.
o SCR#26023: If fsav client is killed, immediately started another scan
may fail in certain circumstances. Adding a small delay before next
scan request prevents the problem.
o SCR#25995: dbupdate's signal handler prints an error on Red Hat 6.x
(bash 1.14). The message can be ignored.
o SCR#24479: File names inside archives should be printed when scanning.
Currently name of the clean files inside archives are not printed
when --list option is used.
==========================================================================
Technical Support
==========================================================================
Upon purchase and registration of F-Secure Anti-Virus software you are
entitled to maintenance and support services for one (1) year (unless
stated otherwise in your agreement). For the following years, the
services can be purchased separately. F-Secure Technical Support is
available by e-mail and from our Web site. You can access our Web site
from your Web browser.
For Technical Support for F-Secure Anti-Virus, go to:
http://www.F-secure.com/support/
==========================================================================
F-Secure Web Club
==========================================================================
F-Secure Web Club is open to all F-Secure customers. Web Club pages
contain a great deal of useful information on latest software versions,
user documentation, release notes, etc.
To connect to the Web Club directly from within your Web browser,
go to: http://www.F-Secure.com/webclub/
==========================================================================
Copyrights
==========================================================================
F-Secure Anti-Virus for Linux
Copyright (c) 1993-2003 F-Secure Corporation. All Rights Reserved.
Portions Copyright (c) 1989-2003 Frisk Software International.
Portions Copyright (c) 1991-2003 Kaspersky Lab.
F-Secure and the triangle symbol are registered trademarks of F-Secure
Corporation and F-Secure product names and symbols/logos are either
trademarks or registered trademarks of F-Secure Corporation.
==========================================================================
F-Secure License Terms
==========================================================================
THE ACCOMPANYING SOFTWARE IS LICENSED TO YOU ONLY UPON THE CONDITION
THAT YOU ACCEPT ALL OF THESE LICENSE TERMS. BY INSTALLING OR USING THE
ACCOMPANYING SOFTWARE YOU AGREE THAT YOU HAVE READ THESE TERMS AND
AGREE TO BE BOUND BY THEM. IF YOU DO NOT AGREE TO ALL OF THE TERMS, DO
NOT INSTALL, USE OR COPY THE SOFTWARE.
LICENSE
These F-Secure License Terms cover any and all F-Secure programs
including related documentation (together the "Software") licensed by
the user ("You" or "Licensee"). The Software is licensed, not sold,
to You for use only under the following terms. F-Secure reserves any
and all rights not expressly granted to You. F-Secure retains
ownership of all copies of the Software and released updates and
upgrades to the Software. F-Secure provides You the Software either in
electronic format or on storage media (typically CD-ROM).
You may:
A) Install and use the Software only on as many units (typically
handheld devices, personal computers, servers or other hardware) as
stated in the F-Secure License Certificate. In case the Software or
its services are shared through a network or the Software is used to
protect traffic from viruses or other malicious code at email servers,
firewalls or gateways, You must have a license for the total number of
users whom the Software provides services to. In that case You may
install the Software on as many units as needed.
B) Install and use F-Secure BackWeb(tm) in conjunction with licensed
Software. F-Secure BackWeb may be used only for receiving updates and
information on the Software. F-Secure BackWeb shall not be used for
any other purpose or service.
C) Use F-Secure Policy Manager(tm) in conjunction with licensed
Software and install F-Secure Policy Manager on as many units as
needed.
D) Create copies of the Software for installation and backup purposes.
E) Extend the number of licenses by purchasing additional licenses.
You may not:
A) Install and use the Software against these License Terms, the
F-Secure License Certificate or the related documentation.
B) Distribute copies of the Software to a third party, electronically
transfer the Software to a computer belonging to a third party, or
permit a third party to copy the Software.
C) Modify, adapt, translate, rent, lease, resell, distribute or
create derivative works based upon the Software or any part thereof.
D) Decompile, reverse engineer, disassemble, or otherwise reduce the
Software to any human-perceivable form as the Software contains or may
contain trade secrets of F-Secure.
E) Use the documentation for any purpose other than to support Your
use of the Software. Please contact F-Secure directly if You are
interested in any other rights to the Software other than those
granted in this Agreement.
MAINTENANCE AND SUPPORT SERVICES
Upon purchase of F-Secure Anti-Virus(tm) Software or product bundles
including F-Secure Anti-Virus Software You are provided with
maintenance and support services, which include updates, upgrades, and
technical support, for one (1) year. For other Software, the services
can be purchased separately.
The maintenance and support services will be provided to You by
F-Secure or Your license provider. F-Secure reserves the right to
provide Software updates for latest versions of the Software only if
not otherwise agreed separately. Software upgrades and updates are
made available to You as new Software versions are released. The
services are delivered to persons registered as the support and
maintenance contact. On request, the services can be provided to
additional locations for an additional fee. For evaluation copies of
the Software, F-Secure shall have no obligation to provide the
services.
In case the Software is integrated with 3rd party products, F-Secure
provides support and maintenance for the licensed F-Secure Software
only unless otherwise separately agreed.
TITLE
Title, ownership rights, and intellectual property rights in the
Software shall remain those of F-Secure, and/or its suppliers.
The Software is protected by copyright laws and international
copyright and other intellectual property treaties.
LIMITED WARRANTY AND DISCLAIMERS
Limited Warranty on Media. F-Secure warrants the media on which the
Software is recorded to be free from defect in material and
workmanship under normal use for 30 days from the date of delivery.
Any implied warranties on the media, including implied warranties of
merchantability and fitness for a particular purpose, are limited in
duration to 30 days from the date of delivery. F-Secure will, at its
option, replace the media or refund the purchase price of the media.
F-Secure shall have no responsibility to replace or refund the
purchase price of media, which is damaged by accident, abuse, or
misapplication.
Disclaimer of Warranty on Software. THE SOFTWARE IS PROVIDED "AS IS",
WITHOUT WARRANTY OF ANY KIND. F-SECURE EXPRESSLY DISCLAIMS ALL IMPLIED
WARRANTIES, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF TITLE,
NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
F-Secure does not guarantee the Software or related documentation in
terms of their correctness, accuracy, reliability, or otherwise.
You assume the entire risk as to the results and performance of the
Software and related documentation.
Complete Statement of Warranty. The limited warranties provided in the
preceding paragraphs are the only warranties of any kind that are made
by F-Secure on the Software. No oral or written information or advice
given by F-Secure, its dealers, distributors, agents, or employees
shall create a warranty or in any way increase the scope of the
foregoing limited warranty, and You may not rely on any such
information or advice. Some states do not allow the exclusion of
implied warranties, so the above exclusion may not apply to You, and
You may have other rights which may vary from state to state.
Limitation of Liability. IN NO EVENT SHALL F-SECURE OR ITS SUPPLIERS
BE LIABLE TO YOU FOR ANY SPECIAL, CONSEQUENTIAL, INCIDENTAL, OR
INDIRECT DAMAGES, INCLUDING, BUT NOT LIMITED TO, LOSS OF REVENUE OR
PROFIT, LOST OR DAMAGED DATA OR OTHER COMMERCIAL OR ECONOMIC LOSS,
ARISING OUT OF THE USE OF, OR INABILITY TO USE, THE SOFTWARE OR
RELATED DOCUMENTATION, EVEN IF F-SECURE HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES. Some states do not allow the limitation
or exclusion of liability for incidental or consequential damages so
the above limitation or exclusion may not apply to You.
F-SECURE SHALL IN NO EVENT BE LIABLE FOR ANY DAMAGES ARISING FROM
PERFORMANCE OR NON-PERFORMANCE OF THE SOFTWARE. OUR MAXIMUM LIABILITY
TO YOU FOR ACTUAL DAMAGES FOR ANY CAUSE WHATSOEVER SHALL IN NO EVENT
EXCEED THE AMOUNT PAID BY YOU FOR THE SOFTWARE. Nothing contained in
these License Terms shall prejudice the statutory rights of any party
dealing as a consumer. F-Secure is acting on behalf of its employees
and licensors or subsidiaries for the purpose of disclaiming,
excluding, and/or restricting obligations, warranties, and liability
as provided in this clause, but in no other respects and for no other
purpose.
EXPORT RESTRICTIONS (EXCLUSIVELY FOR CRYPTOGRAPHIC SOFTWARE)
1. If the Software is shipped or otherwise distributed to You from
the United States of America: The Licensee acknowledges that the
Software and the maintenance and support services including without
limitation technical services and technical data (e.g., manuals,
blueprints, plans, diagrams, models, formulae, tables, engineering
designs and specifications and instructions written or recorded and
any other such technical services and technical data ("the Services")
are of U.S. origin for purposes of U.S. export control laws,
regulations, administrative acts or Executive Orders, and any
amendments thereof, including without limitation the Export
Administration Act of 1979, as amended (the "Act"), and the
regulations promulgated thereunder (the "U.S. Export Control Laws").
The Licensee agrees to comply with all applicable U.S. Export Control
Laws and any applicable international laws and regulations that apply
to the Software and to the Services, including without limitation the
Act as well as end-user, end-use and destination restrictions issued
by the U.S. and other governments.
2. If the Software is shipped or otherwise distributed to You from
a country other than the United States of America: The Licensee agrees
to comply with the local regulations regarding exporting and/or using
cryptographic software.
In all cases, F-Secure will not be liable for the illegal export
and/or use of its cryptographic software by the Licensee.
U.S. GOVERNMENT RIGHTS
If the Software is licensed for or on behalf of the United States of
America, its agencies and/or instrumentalities ("U.S. Government")
pursuant to solicitations issued on or after December 1, 1995, the
Software is provided with the commercial rights and restrictions
described elsewhere herein. If the Software is licensed for or on
behalf of the U.S. Government pursuant to solicitations issued prior
to December 1, 1995, the Software is provided with RESTRICTED RIGHTS
as provided for in FAR, 48 CFR 52.227-14 (JUNE 1987) or DFAR,
48 CFR 252.227-7013 (OCT 1988), as applicable.
HIGH RISK ACTIVITIES
The Software is not fault-tolerant and is not designed, manufactured
or intended for use or resale as on-line control equipment in
hazardous environments requiring fail-safe performance, such as in the
operation of nuclear facilities, aircraft navigation or communication
systems, air traffic control, direct life support machines, or weapons
systems, in which the failure of the Software could lead directly to
death, personal injury, or severe physical or environmental damage
("High Risk Activities"). F-Secure and its suppliers specifically
disclaim any express or implied warranty of fitness for High Risk
Activities.
GENERAL
These License Terms are effective from April 1st 2002 until further
notice. The license will terminate immediately without notice if You
are in breach of any of its terms and conditions. For evaluation
copies of the Software, the license will terminate automatically:
1) if You fail to comply with the limitations described herein;
2) 30 days from the first installation of the Software; or
3) at the expiration of the allocated evaluation time.
Upon termination of this License, You agree to destroy the Software
and all copies thereof. If You purchase the Software before the
expiration of the evaluation time and register the Software, You have
a valid license and You do not need to destroy the Software. You shall
not be entitled to a refund from F-Secure or any of its resellers as
a result of termination. The terms and conditions concerning
confidentiality and restrictions on use shall continue in force even
after any termination.
F-Secure may revise these terms at any time and the revised terms
shall automatically apply to the corresponding versions of the
Software distributed with the revised terms. If any part of these
License Terms is found void and unenforceable, it will not affect the
validity of rest of the License Terms, which shall remain valid and
enforceable according to its terms. These License Terms may be
modified in writing only by F-Secure. In case of controversy or
inconsistency between translations of these License Terms to other
languages, the English version issued by F-Secure shall prevail.
These terms can be complemented with other documentation issued by
F-Secure or agreed both by F-Secure and You or F-Secure and Your
license provider.
These terms shall be governed under the Laws of Finland without regard
to conflict of laws rules and principles and without regard to the
United Nations Convention of Contracts for the International Sales of
Goods. The courts of Finland shall have the exclusive jurisdiction and
venue to adjudicate any dispute arising out of these License Terms.
Notwithstanding the foregoing, in the case of purchases made within or
on behalf of licensees residing within or operating under the laws of
the United States the governing law of these terms shall be the laws
of the State of California without regard to conflict of laws rules
and principles and without regard to the United Nations Convention of
Contracts for the International Sales of Goods. The exclusive
jurisdiction and venue to adjudicate any dispute arising out of these
License Terms shall be of the federal and state courts of California.
All correspondence regarding these License Terms should be addressed
to F-Secure:
F-Secure Corporation
Tammasaarenkatu 7
FIN-00180 Helsinki, Finland
E-mail: Helsinki@F-Secure.com
Telephone: +358 9 2520 0700
Fax: +358 9 2520 5001
==========================================================================
End of RELEASE NOTES
==========================================================================
From brian at UNEARTHED.ORG Tue Apr 1 19:13:26 2003
From: brian at UNEARTHED.ORG (Brian May)
Date: Thu Jan 12 21:17:40 2006
Subject: New F-Secure Anti-Virus for Linux version 4.50 build 2111 output...
References:
Message-ID: <002101c2f87b$6091f800$8801020a@brianmay>
Below the --------- line is the new F-Secure output with 2 engines scanning
a file...
----[]cut[]----
F-Secure Anti-Virus for Linux version 4.50 build 2111
Copyright (c) 1999-2003 F-Secure Corporation. All Rights Reserved.
[eicar_com.zip] eicar.com: Infected: EICAR_Test_File [F-Prot]
[eicar_com.zip] eicar.com: Infected: EICAR-Test-File [AVP]
1 file scanned
1 file infected
----[]cut[]----
From mailscanner at HRSERVERS.COM Tue Apr 1 20:37:39 2003
From: mailscanner at HRSERVERS.COM (SUBSCRIBE MAILSCANNER Anonymous)
Date: Thu Jan 12 21:17:40 2006
Subject: F-Prot 3.13 support
Message-ID:
When trying to patch on MailScanner 4.13-3 I get the following error. Any
ideas on what is going on there?
patch < /root/SweepViruses.pm.patch
patching file SweepViruses.pm
Reversed (or previously applied) patch detected! Assume -R? [n] n Apply
anyway? [n] n Skipping patch. 1 out of 1 hunk ignored -- saving rejects to
file SweepViruses.pm.rej
From brian at UNEARTHED.ORG Tue Apr 1 20:38:23 2003
From: brian at UNEARTHED.ORG (Brian May)
Date: Thu Jan 12 21:17:40 2006
Subject: F-Secure 4.50 not supported...
Message-ID: <006f01c2f886$495839a0$8801020a@brianmay>
If you are using F-Secure with MailScanner, version 4.5 will not work as the
output has changed, and the location to fsav has changed as well..
Also, the command line for the scan is similar, MailScanner doesn't seem to
pass the full path, just '.' and fsav seems to scan the computer, and not
the working directory... I tried updating the source, but I can't seem to
figure it out... I belive I got the SweepsVirus.pm file done... to match
the output, but I can;t seem to figure out how to pass the working
directory...
Brian
From hden at KCBBS.GEN.NZ Tue Apr 1 21:22:04 2003
From: hden at KCBBS.GEN.NZ (Hendrik den Hartog)
Date: Thu Jan 12 21:17:40 2006
Subject: No subject
In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0EBF4E6@pascal.priv.bmrb.co.uk>
References: <5C0296D26910694BB9A9BBFC577E7AB0EBF4E6@pascal.priv.bmrb.co.uk>
Message-ID: <20030401202204.GA3472@mew.kcbbs.gen.nz>
On Tue, Apr 01, 2003 at 07:51:38AM +0100, Spicer, Kevin wrote:
> > [SNIP]
> > incoming sendmail: [FAILED]
> > outgoing sendmail: [ OK ]
> >
> > But....everything *seems* to be working OK?
> >
> Most probably it is!
>
> The recent kernel updates changed the output of ps, which caused the status check in the init script to break. See the "MailScanner 4.12-2 / 4.13-3 incoming failed" thread last week (I think there may have been a fix there too).
Ahh, thanks, worked thru that thread. Curiosity, did those new scripts fix that problem?
seemed (?) that it may not have for all (?)[IIUC]
Obviously not critical as, as several have confirmed, all is working correctly..
Thanks
Hendrik
From ap at HPI.COM Tue Apr 1 21:23:05 2003
From: ap at HPI.COM (Adam Polkosnik)
Date: Thu Jan 12 21:17:40 2006
Subject: MailScanner Status Check
In-Reply-To: <20030331213548.GC2792@mew.kcbbs.gen.nz>
References:
<5.2.0.9.2.20030331215247.0269d340@imap.ecs.soton.ac.uk>
<20030331213548.GC2792@mew.kcbbs.gen.nz>
Message-ID: <3E89F529.70804@hpi.com>
Update kills only one sendmail process... you should do
/etc/init.d/MailScanner restart after upgrading sendmail.
Hendrik den Hartog wrote:
>Hello
>
> I've just upgraded sendmail on a Redhat 8.0 to v 8.12.8-5.80
>
> Am using Mailscanner 4.14.5
>
> The status reports...
> Checking MailScanner daemons:
> MailScanner: [ OK ]
> incoming sendmail: [FAILED]
> outgoing sendmail: [ OK ]
>
> But....everything *seems* to be working OK?
>
>Anything to worry about? Change? Check?
>
>Help/advice appreciated,,,
>
>Cheers!
>Hendrik
>
>
>
From combs at MAGNET.FSU.EDU Tue Apr 1 23:04:15 2003
From: combs at MAGNET.FSU.EDU (Tom Combs)
Date: Thu Jan 12 21:17:40 2006
Subject: startup with sendmail 8.12 .*
Message-ID:
Hello,
I'd need to move from sendmail 8.11.6 to sendmail 8.12.9. I'm not
clear how I need to start sendmail/mailscanner under the new smmsp set up.
Would someone be so kind as to send me their init.d/sendmail script
so I can see what needs to be done. TIA! --Tom Combs
From neilb at DUNBARTON.COM Wed Apr 2 00:42:15 2003
From: neilb at DUNBARTON.COM (Neil Brockman)
Date: Thu Jan 12 21:17:40 2006
Subject: Header missing on Warning Messages to Recipient
Message-ID: <3E8A23D7.70504@dunbarton.com>
We have installed Mailscanner 4.13-3 on an OpenBSD 3.2 machine running
Sendmail. We followed the instructions in INSTALL.OpenBSD.
Mailscanner seems to run fine (/var/log/maillog reports nothing unusual,
the individual sending the email receives notification, attachments
appear to be properly stripped out and stored) but the recipient's
mailbox is overwritten with something like this (No header):
Any ideas why?
F------=_NextPart_000_320f_6e7_7856
Content-Type: text/plain; format=flowed
Warning: This message has had one or more attachments removed
Warning: (bitpro.exe).
Warning: Please read the "VirusWarning.txt" attachment(s) for more
information.
______________________________________
This email has been scanned for harmful attachments for domain @dunbarton.com
by Inflex.
From mike at CAMAROSS.NET Wed Apr 2 00:59:58 2003
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:17:40 2006
Subject: startup with sendmail 8.12 .*
In-Reply-To:
Message-ID: <004001c2f8aa$ce615810$af01a8c0@home.middlefinger.net>
Why do you *need* to move to 8.12? Just curious...
-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Tom Combs
Sent: Tuesday, April 01, 2003 4:04 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: startup with sendmail 8.12 .*
Hello,
I'd need to move from sendmail 8.11.6 to sendmail 8.12.9. I'm not
clear how I need to start sendmail/mailscanner under the new smmsp set up.
Would someone be so kind as to send me their init.d/sendmail script
so I can see what needs to be done. TIA! --Tom Combs
From danieltan at shopnsave.com.sg Wed Apr 2 03:34:24 2003
From: danieltan at shopnsave.com.sg (Daniel Tan)
Date: Thu Jan 12 21:17:40 2006
Subject: mailscanner can't send mail?
Message-ID: <005c01c2f8c0$60b0bd40$3900a8c0@Daniel>
did a top and found out my mailscanner has been trying to scan or send the
mail for so many hours....what is wrong with it? i still have 56 requests
stucj in mqueue.in. it seems like mailscanner is giving me a lot of problems
10:33am up 5 days, 22:36, 2 users, load average: 1.98, 1.99, 1.93
82 processes: 78 sleeping, 4 running, 0 zombie, 0 stopped
CPU states: 98.8% user, 1.1% system, 0.0% nice, 0.0% idle
Mem: 127760K av, 123352K used, 4408K free, 52580K shrd, 2704K
buff
Swap: 265032K av, 129084K used, 135948K free 38944K
cached
PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME COMMAND
27832 root 12 0 17932 12 8 R 97.0 0.0 922:40 MailScanner
22416 root 1 0 1044 1044 816 R 0.5 0.8 0:00 top
15989 root 0 0 18768 11M 4412 S 0.3 9.0 0:19 MailScanner
16636 root 0 0 18632 10M 5660 S 0.3 8.1 0:16 MailScanner
16955 root 0 0 18120 9528 4740 S 0.3 7.4 0:13 MailScanner
17145 root 0 0 18808 10M 4248 S 0.3 8.7 0:14 MailScanner
1 root 0 0 116 76 56 S 0.0 0.0 1:12 init
2 root 0 0 0 0 0 SW 0.0 0.0 0:00 kflushd
3 root 0 0 0 0 0 SW 0.0 0.0 0:01 kupdate
4 root 0 0 0 0 0 SW 0.0 0.0 0:00 kpiod
5 root 0 0 0 0 0 SW 0.0 0.0 0:18 kswapd
6 root -20 -20 0 0 0 SW< 0.0 0.0 0:00 mdrecoveryd
65 root 0 0 0 0 0 SW 0.0 0.0 0:00 khubd
373 root 0 0 268 232 184 S 0.0 0.1 1:41 syslogd
383 root 0 0 396 0 0 SW 0.0 0.0 0:00 klogd
398 rpc 0 0 152 112 92 S 0.0 0.0 0:04 portmap
413 root 0 0 64 0 0 SW 0.0 0.0 0:00 apmd
Regards,
Daniel Tan
67469188 Ext.665
DID: 68430665
MIS Department
Shop N Save Pte Ltd
: danieltan@shopnsave.com.sg
[This e-mail is confidential and may also be privileged. If you are not the
intended recipient, please delete it and notify us immediately; you should
not copy or use it for any purpose, nor disclose its contents to any other
person. Thank you.]
From dene at DATATECHIE.COM Wed Apr 2 04:57:59 2003
From: dene at DATATECHIE.COM (Dene Ulmschneider)
Date: Thu Jan 12 21:17:40 2006
Subject: rogue messages in mail queue
Message-ID: <5.1.0.14.2.20030401225752.00bb9ec8@192.168.1.112>
Hi All-
I recently started using MailScanner/SA/Razor2 and I must say that it
ROCKS! It has reduced my spam by approximately 90 percent. I have noticed
that since I implemented these tools I have been getting some mails stuck
in my mail queue. The message info are similar to the snipit below...
~~snip~~
qfh3130Vj06415 Mon, 31 Mar 2003 22:00:31 -0500 "MailScanner"
diet@xlphost.com 846 b Deferred: Connection
timed out with mx3.xlprohosting.com.
~~end snip~~
I get about 5 or 6 a day that I delete manually. Can anyone explain why
these are getting stuck in the queue and possibly offer a fix for this issue?
Thank You
Dene Ulmschneider
Data Techie Inc.
-------------------------------------------------------------------------
office: 718.738.8859
cell: 646.996.2976
email: dene@datatechie.com
pager mail: denenow@datatechie.com
website: www.datatechie.com
-------------------------------------------------------------------------
"Life is too short...-...you should have dessert first"
--
This message has been scanned for viruses and dangerous
content by Data Techie, and is believed to be clean.
Data Techie... always there to protect you!
http://www.datatechie.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030401/7b42bb33/attachment.html
From raymond at PROLOCATION.NET Wed Apr 2 06:53:03 2003
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:17:40 2006
Subject: rogue messages in mail queue
In-Reply-To: <5.1.0.14.2.20030401225752.00bb9ec8@192.168.1.112>
Message-ID:
Hi!
> I recently started using MailScanner/SA/Razor2 and I must say that it
> ROCKS! It has reduced my spam by approximately 90 percent. I have noticed
> that since I implemented these tools I have been getting some mails stuck
> in my mail queue. The message info are similar to the snipit below...
>
> ~~snip~~
>
> qfh3130Vj06415 Mon, 31 Mar 2003 22:00:31 -0500 "MailScanner"
> diet@xlphost.com 846 b Deferred: Connection
> timed out with mx3.xlprohosting.com.
>
> ~~end snip~~
>
> I get about 5 or 6 a day that I delete manually. Can anyone explain why
> these are getting stuck in the queue and possibly offer a fix for this issue?
Its retun responses, you dont need to delete those, your MTA will take
care of this. Its normal.
Bye,
Raymond.
From mike at CAMAROSS.NET Wed Apr 2 07:14:03 2003
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:17:40 2006
Subject: I noticed this tonight...
In-Reply-To:
Message-ID: <006301c2f8df$108a74e0$af01a8c0@home.middlefinger.net>
In the output of cron.daily, I saw this:
Failed to create default user preference file //.spamassassin/user_prefs
Is there a path somewhere not specified correctly?
Mike
From mike at CAMAROSS.NET Wed Apr 2 05:26:15 2003
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:17:40 2006
Subject: rogue messages in mail queue
In-Reply-To: <5.1.0.14.2.20030401225752.00bb9ec8@192.168.1.112>
Message-ID: <005f01c2f8d0$00bd7ee0$af01a8c0@home.middlefinger.net>
I get these from time to time and never worry about them. Depending on your
spam actions (perhaps you are bouncing spam?)...it would make sense that an
email to diet@xlphost.com might have delivery problems. Were they trying to
sell you the most unbelievable diet in recent human history from a bogus
email address? :) At any rate, the messages could stay in your queue and be
deleted in 5 days (by default). I lowered mine to 2 days.
Mike
-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Dene Ulmschneider
Sent: Tuesday, April 01, 2003 9:58 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: rogue messages in mail queue
Hi All-
I recently started using MailScanner/SA/Razor2 and I must say that it ROCKS!
It has reduced my spam by approximately 90 percent. I have noticed that
since I implemented these tools I have been getting some mails stuck in my
mail queue. The message info are similar to the snipit below...
~~snip~~
qfh3130Vj06415 Mon, 31 Mar 2003 22:00:31 -0500 "MailScanner"
diet@xlphost.com 846 b Deferred: Connection
timed out with mx3.xlprohosting.com.
~~end snip~~
I get about 5 or 6 a day that I delete manually. Can anyone explain why
these are getting stuck in the queue and possibly offer a fix for this
issue?
Thank You
Dene Ulmschneider
Data Techie Inc.
-------------------------------------------------------------------------
office: 718.738.8859
cell: 646.996.2976
email: dene@datatechie.com
pager mail: denenow@datatechie.com
website: www.datatechie.com
-------------------------------------------------------------------------
"Life is too short...-...you should have dessert first"
--
This message has been scanned for viruses and
dangerous content by Data Techie, and is
believed to be clean.
Data Techie...always there to protect you!
From S.R.Patterson at soton.ac.uk Wed Apr 2 08:37:49 2003
From: S.R.Patterson at soton.ac.uk (Steven Patterson)
Date: Thu Jan 12 21:17:40 2006
Subject: startup with sendmail 8.12 .*
In-Reply-To: <004001c2f8aa$ce615810$af01a8c0@home.middlefinger.net>
References: <004001c2f8aa$ce615810$af01a8c0@home.middlefinger.net>
Message-ID:
On Apr 1, 2003 at 5:59pm Mike Kercher wrote:
MK> Why do you *need* to move to 8.12? Just curious...
Perhaps it's something to do with the root exploit for all versions of
sendmail prior to 8.12.8? (which is not to say 8.12.8 doesn't have one -
none found in 8.12.9 yet!)
Steve
--
Steven Patterson, MSci OCP. Tel: +44 (0)2380 595810
Primary Information Services Support and Development
Information Systems Services, University of Southampton, UK.
Public PGP Key: http://www.bottleneck.org/pubkey.php
From mailscanner at ecs.soton.ac.uk Wed Apr 2 08:51:35 2003
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:17:40 2006
Subject: F-Secure 4.50 not supported...
In-Reply-To: <006f01c2f886$495839a0$8801020a@brianmay>
Message-ID: <5.2.0.9.2.20030402084309.0226ba78@imap.ecs.soton.ac.uk>
At 20:38 01/04/2003, you wrote:
>If you are using F-Secure with MailScanner, version 4.5 will not work as the
>output has changed, and the location to fsav has changed as well..
>
>Also, the command line for the scan is similar, MailScanner doesn't seem to
>pass the full path, just '.' and fsav seems to scan the computer, and not
>the working directory... I tried updating the source, but I can't seem to
>figure it out... I belive I got the SweepsVirus.pm file done... to match
>the output, but I can;t seem to figure out how to pass the working
>directory...
Can you either email me a copy of the new version of F-Secure, or give me a
URL where I can download it. Shouldn't take too long to adapt the output
parser to the new version.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
From mailscanner at ecs.soton.ac.uk Wed Apr 2 08:48:35 2003
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:17:40 2006
Subject: rogue messages in mail queue
In-Reply-To: <5.1.0.14.2.20030401225752.00bb9ec8@192.168.1.112>
Message-ID: <5.2.0.9.2.20030402084654.023a0c08@imap.ecs.soton.ac.uk>
MailScanner is not involved in delivering mail or providing SMTP service.
Sendmail is already very good at that.
Your sendmail is trying to deliver messages to mx3.xlprohosting.com and the
SMTP connection is timing out for some reason.
The messages will stay in the queue until they can be delivered (or a week
has passed) and sendmail/Exim will continue trying to deliver them during
that period.
At 04:57 02/04/2003, you wrote:
>Hi All-
>I recently started using MailScanner/SA/Razor2 and I must say that it
>ROCKS! It has reduced my spam by approximately 90 percent. I have noticed
>that since I implemented these tools I have been getting some mails stuck
>in my mail queue. The message info are similar to the snipit below...
>
>~~snip~~
>
>qfh3130Vj06415 Mon, 31 Mar 2003 22:00:31 -0500 "MailScanner"
> diet@xlphost.com 846 b Deferred: Connection
>timed out with mx3.xlprohosting.com.
>
>~~end snip~~
>
>I get about 5 or 6 a day that I delete manually. Can anyone explain why
>these are getting stuck in the queue and possibly offer a fix for this issue?
>
>Thank You
>
>Dene Ulmschneider
>Data Techie Inc.
>-------------------------------------------------------------------------
>office: 718.738.8859
>cell: 646.996.2976
>email: dene@datatechie.com
>pager mail: denenow@datatechie.com
>website: www.datatechie.com
>-------------------------------------------------------------------------
>"Life is too short...-...you should have dessert first"
>--
>This message has been scanned for viruses and
>dangerous content by Data Techie, and is
>believed to be clean.
>Data Techie...always there to protect you!
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030402/a1a559a2/attachment.html
From mailscanner at ecs.soton.ac.uk Wed Apr 2 08:50:24 2003
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:17:40 2006
Subject: I noticed this tonight...
In-Reply-To: <006301c2f8df$108a74e0$af01a8c0@home.middlefinger.net>
References:
Message-ID: <5.2.0.9.2.20030402084908.023ead88@imap.ecs.soton.ac.uk>
At 07:14 02/04/2003, you wrote:
>In the output of cron.daily, I saw this:
>
>Failed to create default user preference file //.spamassassin/user_prefs
>
>Is there a path somewhere not specified correctly?
I would guess you are using Exim perhaps. It is trying to create a
.spamassassin directory under "/" but does not have permission to do so.
In your /etc/passwd file, have you specified the home directory of user
"mail" to be "/"?
If so, you need to make sure that user "mail" has a real home dir that it
can write to.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
From mailscanner at ecs.soton.ac.uk Wed Apr 2 08:46:22 2003
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:17:40 2006
Subject: mailscanner can't send mail?
In-Reply-To: <005c01c2f8c0$60b0bd40$3900a8c0@Daniel>
Message-ID: <5.2.0.9.2.20030402084548.0226e8b8@imap.ecs.soton.ac.uk>
Please tell us what you are running
OS + version
MailScanner version
SpamAssassin version
virus scanner + version
At 03:34 02/04/2003, you wrote:
>did a top and found out my mailscanner has been trying to scan or send the
>mail for so many hours....what is wrong with it? i still have 56 requests
>stucj in mqueue.in. it seems like mailscanner is giving me a lot of problems
>
>10:33am up 5 days, 22:36, 2 users, load average: 1.98, 1.99, 1.93
>82 processes: 78 sleeping, 4 running, 0 zombie, 0 stopped
>CPU states: 98.8% user, 1.1% system, 0.0% nice, 0.0% idle
>Mem: 127760K av, 123352K used, 4408K free, 52580K shrd, 2704K
>buff
>Swap: 265032K av, 129084K used, 135948K free 38944K
>cached
>
> PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME COMMAND
>27832 root 12 0 17932 12 8 R 97.0 0.0 922:40 MailScanner
>22416 root 1 0 1044 1044 816 R 0.5 0.8 0:00 top
>15989 root 0 0 18768 11M 4412 S 0.3 9.0 0:19 MailScanner
>16636 root 0 0 18632 10M 5660 S 0.3 8.1 0:16 MailScanner
>16955 root 0 0 18120 9528 4740 S 0.3 7.4 0:13 MailScanner
>17145 root 0 0 18808 10M 4248 S 0.3 8.7 0:14 MailScanner
> 1 root 0 0 116 76 56 S 0.0 0.0 1:12 init
> 2 root 0 0 0 0 0 SW 0.0 0.0 0:00 kflushd
> 3 root 0 0 0 0 0 SW 0.0 0.0 0:01 kupdate
> 4 root 0 0 0 0 0 SW 0.0 0.0 0:00 kpiod
> 5 root 0 0 0 0 0 SW 0.0 0.0 0:18 kswapd
> 6 root -20 -20 0 0 0 SW< 0.0 0.0 0:00 mdrecoveryd
> 65 root 0 0 0 0 0 SW 0.0 0.0 0:00 khubd
> 373 root 0 0 268 232 184 S 0.0 0.1 1:41 syslogd
> 383 root 0 0 396 0 0 SW 0.0 0.0 0:00 klogd
> 398 rpc 0 0 152 112 92 S 0.0 0.0 0:04 portmap
> 413 root 0 0 64 0 0 SW 0.0 0.0 0:00 apmd
>
>Regards,
>Daniel Tan
>67469188 Ext.665
>DID: 68430665
>MIS Department
>Shop N Save Pte Ltd
>: danieltan@shopnsave.com.sg
>
>[This e-mail is confidential and may also be privileged. If you are not the
>intended recipient, please delete it and notify us immediately; you should
>not copy or use it for any purpose, nor disclose its contents to any other
>person. Thank you.]
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
From raymond at PROLOCATION.NET Wed Apr 2 10:33:05 2003
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:17:40 2006
Subject: startup with sendmail 8.12 .*
In-Reply-To:
Message-ID:
Hi!
> MK> Why do you *need* to move to 8.12? Just curious...
>
> Perhaps it's something to do with the root exploit for all versions of
> sendmail prior to 8.12.8? (which is not to say 8.12.8 doesn't have one -
> none found in 8.12.9 yet!)
Most vendors came with fixes, also backported...
Bye,
Raymond.
From mailscanner at ecs.soton.ac.uk Wed Apr 2 13:36:07 2003
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:17:40 2006
Subject: F-Secure 4.50 not supported...
In-Reply-To: <5.2.0.9.2.20030402084309.0226ba78@imap.ecs.soton.ac.uk>
References: <006f01c2f886$495839a0$8801020a@brianmay>
Message-ID: <5.2.0.9.2.20030402133441.025b9f50@imap.ecs.soton.ac.uk>
At 08:51 02/04/2003, you wrote:
>Can you either email me a copy of the new version of F-Secure, or give me a
>URL where I can download it. Shouldn't take too long to adapt the output
>parser to the new version.
I now have the binary, but no licence key :-(
If anyone is willing to share this with me (off the list) then I can
personally guarantee that the key will never "leak" and it will be only
used for development purposes.
I have asked F-Secure for a licence key for this purpose, but no response yet.
I sure hope they haven't forgotten that "." is the current directory...
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
From mike at CAMAROSS.NET Wed Apr 2 14:02:44 2003
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:17:40 2006
Subject: I noticed this tonight...
In-Reply-To: <5.2.0.9.2.20030402084908.023ead88@imap.ecs.soton.ac.uk>
Message-ID: <006a01c2f918$27bb41b0$af01a8c0@home.middlefinger.net>
I'm using sendmail and always have
The user mail does have the correct ~ specified:
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
Any other ideas?
Mike
-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Julian Field
Sent: Wednesday, April 02, 2003 1:50 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: I noticed this tonight...
At 07:14 02/04/2003, you wrote:
>In the output of cron.daily, I saw this:
>
>Failed to create default user preference file
>//.spamassassin/user_prefs
>
>Is there a path somewhere not specified correctly?
I would guess you are using Exim perhaps. It is trying to create a
.spamassassin directory under "/" but does not have permission to do so.
In your /etc/passwd file, have you specified the home directory of user
"mail" to be "/"? If so, you need to make sure that user "mail" has a real
home dir that it can write to.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz MailScanner thanks
transtec Computers for their support
From dot at DOTAT.AT Wed Apr 2 14:34:34 2003
From: dot at DOTAT.AT (Tony Finch)
Date: Thu Jan 12 21:17:40 2006
Subject: I noticed this tonight...
In-Reply-To:
References: <5.2.0.9.2.20030402084908.023ead88@imap.ecs.soton.ac.uk>
Message-ID:
Mike Kercher wrote:
>
>Any other ideas?
This patch prevents SpamAssassin from copying the user preferences file
template into ~/.spamassassin
--- lib/MailScanner/SA.pm 27 Mar 2003 16:55:18 -0000 1.1.1.4
+++ lib/MailScanner/SA.pm 27 Mar 2003 17:28:47 -0000 1.8
@@ -73,7 +74,7 @@
unless (MailScanner::Config::IsSimpleValue('usespamassassin') &&
!MailScanner::Config::Value('usespamassassin')) {
require Mail::SpamAssassin;
- $settings{dont_copy_prefs} = 0;
+ $settings{dont_copy_prefs} = 1;
$prefs = MailScanner::Config::Value('spamassassinprefsfile');
$settings{userprefs_filename} = $prefs if defined $prefs;
$val = MailScanner::Config::Value('debugspamassassin');
Tony.
--
f.a.n.finch http://dotat.at/
WHITBY TO THE WASH: NORTHWEST 7, DECREASING 4 OR 5. SHOWERS, GRADUALLY DYING
OUT. GOOD, BUT MODERATE IN SHOWERS. ROUGH.
From danieltan at shopnsave.com.sg Thu Apr 3 03:28:24 2003
From: danieltan at shopnsave.com.sg (Daniel Tan)
Date: Thu Jan 12 21:17:40 2006
Subject: mailscanner can't send mail?
References: <5.2.0.9.2.20030402084548.0226e8b8@imap.ecs.soton.ac.uk>
Message-ID: <00ab01c2f988$b4f7c380$3900a8c0@Daniel>
found this on mailscanner website.....
i think i need to upgrade to overcome the problem right?
Problems with SpamAssassin 2.50
There are problems with MailScanner and SpamAssassin 2.50. The solution is
to use the CVS code for SpamAssassin 2.60. If SpamAssassin 2.51 has been
released by the time you read this, then use 2.51 instead.
The problems cannot cause any of your mail to be lost, but it may lock up
your MailScanner, stopping processing of any mail.
----- Original Message -----
From: "Julian Field"
To:
Sent: Wednesday, April 02, 2003 3:46 PM
Subject: Re: mailscanner can't send mail?
Please tell us what you are running
OS + version
MailScanner version
SpamAssassin version
virus scanner + version
At 03:34 02/04/2003, you wrote:
>did a top and found out my mailscanner has been trying to scan or send the
>mail for so many hours....what is wrong with it? i still have 56 requests
>stucj in mqueue.in. it seems like mailscanner is giving me a lot of
problems
>
>10:33am up 5 days, 22:36, 2 users, load average: 1.98, 1.99, 1.93
>82 processes: 78 sleeping, 4 running, 0 zombie, 0 stopped
>CPU states: 98.8% user, 1.1% system, 0.0% nice, 0.0% idle
>Mem: 127760K av, 123352K used, 4408K free, 52580K shrd, 2704K
>buff
>Swap: 265032K av, 129084K used, 135948K free 38944K
>cached
>
> PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME COMMAND
>27832 root 12 0 17932 12 8 R 97.0 0.0 922:40 MailScanner
>22416 root 1 0 1044 1044 816 R 0.5 0.8 0:00 top
>15989 root 0 0 18768 11M 4412 S 0.3 9.0 0:19 MailScanner
>16636 root 0 0 18632 10M 5660 S 0.3 8.1 0:16 MailScanner
>16955 root 0 0 18120 9528 4740 S 0.3 7.4 0:13 MailScanner
>17145 root 0 0 18808 10M 4248 S 0.3 8.7 0:14 MailScanner
> 1 root 0 0 116 76 56 S 0.0 0.0 1:12 init
> 2 root 0 0 0 0 0 SW 0.0 0.0 0:00 kflushd
> 3 root 0 0 0 0 0 SW 0.0 0.0 0:01 kupdate
> 4 root 0 0 0 0 0 SW 0.0 0.0 0:00 kpiod
> 5 root 0 0 0 0 0 SW 0.0 0.0 0:18 kswapd
> 6 root -20 -20 0 0 0 SW< 0.0 0.0 0:00 mdrecoveryd
> 65 root 0 0 0 0 0 SW 0.0 0.0 0:00 khubd
> 373 root 0 0 268 232 184 S 0.0 0.1 1:41 syslogd
> 383 root 0 0 396 0 0 SW 0.0 0.0 0:00 klogd
> 398 rpc 0 0 152 112 92 S 0.0 0.0 0:04 portmap
> 413 root 0 0 64 0 0 SW 0.0 0.0 0:00 apmd
>
>Regards,
>Daniel Tan
>67469188 Ext.665
>DID: 68430665
>MIS Department
>Shop N Save Pte Ltd
>: danieltan@shopnsave.com.sg
>
>[This e-mail is confidential and may also be privileged. If you are not the
>intended recipient, please delete it and notify us immediately; you should
>not copy or use it for any purpose, nor disclose its contents to any other
>person. Thank you.]
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
From danieltan at shopnsave.com.sg Thu Apr 3 02:23:40 2003
From: danieltan at shopnsave.com.sg (Daniel Tan)
Date: Thu Jan 12 21:17:40 2006
Subject: mailscanner can't send mail?
References: <5.2.0.9.2.20030402084548.0226e8b8@imap.ecs.soton.ac.uk>
Message-ID: <006a01c2f97f$a93b6500$3900a8c0@Daniel>
forgot to attach the mqueue.in
/var/spool/mqueue.in (1 request)
----Q-ID---- --Size-- -----Q-Time----- ------------Sender/Recipient---------
---
h32DJVH25446* 172 Wed Apr 2 21:19
----------------------->suspect this address is causing
the thing, as this is not a public domain and used for internal only
----- Original Message -----
From: "Julian Field"
To:
Sent: Wednesday, April 02, 2003 3:46 PM
Subject: Re: mailscanner can't send mail?
Please tell us what you are running
OS + version
MailScanner version
SpamAssassin version
virus scanner + version
At 03:34 02/04/2003, you wrote:
>did a top and found out my mailscanner has been trying to scan or send the
>mail for so many hours....what is wrong with it? i still have 56 requests
>stucj in mqueue.in. it seems like mailscanner is giving me a lot of
problems
>
>10:33am up 5 days, 22:36, 2 users, load average: 1.98, 1.99, 1.93
>82 processes: 78 sleeping, 4 running, 0 zombie, 0 stopped
>CPU states: 98.8% user, 1.1% system, 0.0% nice, 0.0% idle
>Mem: 127760K av, 123352K used, 4408K free, 52580K shrd, 2704K
>buff
>Swap: 265032K av, 129084K used, 135948K free 38944K
>cached
>
> PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME COMMAND
>27832 root 12 0 17932 12 8 R 97.0 0.0 922:40 MailScanner
>22416 root 1 0 1044 1044 816 R 0.5 0.8 0:00 top
>15989 root 0 0 18768 11M 4412 S 0.3 9.0 0:19 MailScanner
>16636 root 0 0 18632 10M 5660 S 0.3 8.1 0:16 MailScanner
>16955 root 0 0 18120 9528 4740 S 0.3 7.4 0:13 MailScanner
>17145 root 0 0 18808 10M 4248 S 0.3 8.7 0:14 MailScanner
> 1 root 0 0 116 76 56 S 0.0 0.0 1:12 init
> 2 root 0 0 0 0 0 SW 0.0 0.0 0:00 kflushd
> 3 root 0 0 0 0 0 SW 0.0 0.0 0:01 kupdate
> 4 root 0 0 0 0 0 SW 0.0 0.0 0:00 kpiod
> 5 root 0 0 0 0 0 SW 0.0 0.0 0:18 kswapd
> 6 root -20 -20 0 0 0 SW< 0.0 0.0 0:00 mdrecoveryd
> 65 root 0 0 0 0 0 SW 0.0 0.0 0:00 khubd
> 373 root 0 0 268 232 184 S 0.0 0.1 1:41 syslogd
> 383 root 0 0 396 0 0 SW 0.0 0.0 0:00 klogd
> 398 rpc 0 0 152 112 92 S 0.0 0.0 0:04 portmap
> 413 root 0 0 64 0 0 SW 0.0 0.0 0:00 apmd
>
>Regards,
>Daniel Tan
>67469188 Ext.665
>DID: 68430665
>MIS Department
>Shop N Save Pte Ltd
>: danieltan@shopnsave.com.sg
>
>[This e-mail is confidential and may also be privileged. If you are not the
>intended recipient, please delete it and notify us immediately; you should
>not copy or use it for any purpose, nor disclose its contents to any other
>person. Thank you.]
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
From joan.bryan at KCL.AC.UK Thu Apr 3 09:58:48 2003
From: joan.bryan at KCL.AC.UK (Joan Bryan)
Date: Thu Jan 12 21:17:40 2006
Subject: Mailscanner and Multiple output queues
In-Reply-To: <003301c2f961$c58050e0$af01a8c0@home.middlefinger.net>
References: <003301c2f961$c58050e0$af01a8c0@home.middlefinger.net>
<5.2.0.9.2.20030321121546.0467e008@imap.ecs.soton.ac.uk>
Message-ID:
On Wed, 2 Apr 2003 15:49:41 -0600 Mike Kercher
wrote:
> Following up on this...do you still have to tell sendmail about the
> additional queues?
>
Yes. The following information is courtesy of David
http://www.sendmail.org/~gshapiro/8.10.Training/mqueue.html (which is
very basic)
http://www.sendmail.org/~ca/email/doc8.12/cf/m4/queue_groups.html (is
your better bet along with the stated documentation bits).
>
>
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
> Of Julian Field
> Sent: Friday, March 21, 2003 6:18 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Mailscanner and Multiple output queues
>
>
> At 11:51 21/03/2003, you wrote:
> >We are considering implementing mutliple output queues to try to
> >improve performance on our mailserver and I wonder if anyone could give
> >me an idea of a ruleset for this. Ideally we would like mailscanner to
> >write to one of a set of output queues, distributing mail roughly
> >evenly across these directories.
>
> Outgoing Queue Dir = /etc/MailScanner/rules/outgoing.queue.rules
>
> and then in that file:
> From: /^[a-g]/ /var/spool/mqueue1
> From: /^[h-m]/ /var/spool/mqueue2
> From: /^[n-s]/ /var/spool/mqueue3
> From: /^[t-z]/ /var/spool/mqueue4
> FromOrTo: default /var/spool/mqueue5
>
> This just splits into 5 queues based on the first letter of the sender's
> address. Hopefully that gives you enough of an idea of what you can do...
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
----------------------
Joan Bryan
joan.bryan@kcl.ac.uk
From mike at CAMAROSS.NET Wed Apr 2 22:49:41 2003
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:17:40 2006
Subject: Mailscanner and Multiple output queues
In-Reply-To: <5.2.0.9.2.20030321121546.0467e008@imap.ecs.soton.ac.uk>
Message-ID: <003301c2f961$c58050e0$af01a8c0@home.middlefinger.net>
Following up on this...do you still have to tell sendmail about the
additional queues?
Mike
-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Julian Field
Sent: Friday, March 21, 2003 6:18 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Mailscanner and Multiple output queues
At 11:51 21/03/2003, you wrote:
>We are considering implementing mutliple output queues to try to
>improve performance on our mailserver and I wonder if anyone could give
>me an idea of a ruleset for this. Ideally we would like mailscanner to
>write to one of a set of output queues, distributing mail roughly
>evenly across these directories.
Outgoing Queue Dir = /etc/MailScanner/rules/outgoing.queue.rules
and then in that file:
From: /^[a-g]/ /var/spool/mqueue1
From: /^[h-m]/ /var/spool/mqueue2
From: /^[n-s]/ /var/spool/mqueue3
From: /^[t-z]/ /var/spool/mqueue4
FromOrTo: default /var/spool/mqueue5
This just splits into 5 queues based on the first letter of the sender's
address. Hopefully that gives you enough of an idea of what you can do...
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
From baldguy33165 at yahoo.com Wed Apr 2 22:30:35 2003
From: baldguy33165 at yahoo.com (Juan Quesada)
Date: Thu Jan 12 21:17:40 2006
Subject: SPAM? option just for one user
Message-ID: <20030402213035.36534.qmail@web20806.mail.yahoo.com>
I want to allow just one user to get the spam?
modified subject. How can i accomplish this.
__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - File online, calculators, forms, and more
http://tax.yahoo.com
From mbowman at UDCOM.COM Wed Apr 2 22:29:00 2003
From: mbowman at UDCOM.COM (Matthew Bowman)
Date: Thu Jan 12 21:17:40 2006
Subject: SPAM? option just for one user
Message-ID:
Hello,
If you only wanted one user from a domain to get spam tagged e-mail and
all others deleted for example
you must modify MailScanner.conf
Spam Actions = /etc/MailScanner/spam.actions.conf
Create a file called spam.actions.conf and inside have these 2 lines
To: user@domain.com deliver
To: default delete
Save the file and restart MailScanner
Also take a few minutes to read the README files under rules/ they helped
me a great deal.
Regards,
--
Matthew K Bowman Systems Administrator, Universal Digital Communications.
174 Park Avenue West, Mansfield. Ohio 44902
Tel : 419-524-4330 Fax : 419-524-0049
Email : mbowman@udcom.com Web: http://www.udcom.com/
Juan Quesada
Sent by: MailScanner mailing list
04/02/2003 04:30 PM
Please respond to MailScanner mailing list
To: MAILSCANNER@JISCMAIL.AC.UK
cc:
Subject: SPAM? option just for one user
I want to allow just one user to get the spam?
modified subject. How can i accomplish this.
__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - File online, calculators, forms, and more
http://tax.yahoo.com
From Kevin.Spicer at BMRB.CO.UK Thu Apr 3 10:32:09 2003
From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin)
Date: Thu Jan 12 21:17:40 2006
Subject: whitelists
Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0EBF4F0@pascal.priv.bmrb.co.uk>
> Hi all,
>
> I have a really strange problem with the whitelists, normally from a
> certain travel company they send email all in caps, I have in the
> whitelist this labeled as:
>
> From: *@COMPANY.COM yes
> From: *@company.com yes
>
> also the whole address... user etc... sometimes it works sometimes it
> doesn't... after checking quarantine I see that the messages
> aren't even
> marked (whitelisted) when I do a test by telneting to port 25
> and writing
> a mail by hand I do see in the header of this mail that it is
> whitelisted.
Maybe there is a difference between the envelope address of the sender and the address in the headers, IIRC MailScanner looks at the envelope sender. Have you checked to see if your mail logs are showing any other addresses?
BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material. If you have received this in error, please contact the
sender and delete this message immediately. Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited. BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.
From andersjk at SOL-INVICTUS.ORG Thu Apr 3 10:34:22 2003
From: andersjk at SOL-INVICTUS.ORG (Kevin Anderson)
Date: Thu Jan 12 21:17:40 2006
Subject: whitelists
Message-ID:
Hi all,
I have a really strange problem with the whitelists, normally from a
certain travel company they send email all in caps, I have in the
whitelist this labeled as:
From: *@COMPANY.COM yes
From: *@company.com yes
also the whole address... user etc... sometimes it works sometimes it
doesn't... after checking quarantine I see that the messages aren't even
marked (whitelisted) when I do a test by telneting to port 25 and writing
a mail by hand I do see in the header of this mail that it is whitelisted.
Anyone else have problems with this??? Is there maybe on a busy server, we
block daily around 1700 spam mails, that there is a chance it doesn't
check the whitelist?
thanks in advance,
kevin anderson
--
@
_____________________________________________
chaos, panic and disorder... my job is done...
From andersjk at SOL-INVICTUS.ORG Thu Apr 3 10:53:10 2003
From: andersjk at SOL-INVICTUS.ORG (Kevin Anderson)
Date: Thu Jan 12 21:17:40 2006
Subject: whitelists
In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0EBF4F0@pascal.priv.bmrb.co.uk>
Message-ID:
Ok, I thought it just looked at the From: I added the other as well...
thanks for the tip!
kevin
On Thu, 3 Apr 2003, Spicer, Kevin wrote:
> > Hi all,
> >
> > I have a really strange problem with the whitelists, normally from a
> > certain travel company they send email all in caps, I have in the
> > whitelist this labeled as:
> >
> > From: *@COMPANY.COM yes
> > From: *@company.com yes
> >
> > also the whole address... user etc... sometimes it works sometimes it
> > doesn't... after checking quarantine I see that the messages
> > aren't even
> > marked (whitelisted) when I do a test by telneting to port 25
> > and writing
> > a mail by hand I do see in the header of this mail that it is
> > whitelisted.
>
> Maybe there is a difference between the envelope address of the sender and the address in the headers, IIRC MailScanner looks at the envelope sender. Have you checked to see if your mail logs are showing any other addresses?
>
>
>
> BMRB International
> http://www.bmrb.co.uk
> +44 (0)20 8566 5000
> _________________________________________________________________
> This message (and any attachment) is intended only for the
> recipient and may contain confidential and/or privileged
> material. If you have received this in error, please contact the
> sender and delete this message immediately. Disclosure, copying
> or other action taken in respect of this email or in
> reliance on it is prohibited. BMRB International Limited
> accepts no liability in relation to any personal emails, or
> content of any email which does not directly relate to our
> business.
>
--
@
_____________________________________________
chaos, panic and disorder... my job is done...
From brett.thomson at PRINTSOFT.COM Thu Apr 3 11:06:28 2003
From: brett.thomson at PRINTSOFT.COM (Brett Thomson)
Date: Thu Jan 12 21:17:40 2006
Subject: SpamAssassin timed out and was killed,
Message-ID: <1049364388.3e8c07a464fd6@mail.printsoft.com>
Hi All,
I have search and searched and have not been able able to find any information
on this error message or anything on how to fix it.
.....SpamAssassin timed out and was killed,.....
I am running MailScanner version 4.13-3 and SpamAssassin version 2.52
Could anyone tell me how to do the following
1. Turn up the logging to achive better logging of SpamAssassin errors in syslog
2. What this error might be and point me in the direction of where to start
looking.
Many Thanks
Brett.
From combs at magnet.fsu.edu Thu Apr 3 15:21:27 2003
From: combs at magnet.fsu.edu (Tom Combs)
Date: Thu Jan 12 21:17:40 2006
Subject: startup with sendmail 8.12 .*
Message-ID: <200304031421.h33ELRda012959@osprey.magnet.fsu.edu>
Yes, I should have used *want* instead of *need*. I have patched my
8.11.6 releases but I like to stay some what current with the sendmail
releases after I'm sure they are stable. 8.12.* is a different beast
and I'd like to make the change. --Tom
>
>Why do you *need* to move to 8.12? Just curious...
>
>
>-----Original Message-----
>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
>Of Tom Combs
>Sent: Tuesday, April 01, 2003 4:04 PM
>To: MAILSCANNER@JISCMAIL.AC.UK
>Subject: startup with sendmail 8.12 .*
>
>
>Hello,
>
> I'd need to move from sendmail 8.11.6 to sendmail 8.12.9. I'm not
> clear how I need to start sendmail/mailscanner under the new smmsp set up.
> Would someone be so kind as to send me their init.d/sendmail script
> so I can see what needs to be done. TIA! --Tom Combs
--
Tom Combs E-mail: combs@magnet.fsu.edu
National High Magnetic Field Laboratory Phone: (850) 644-1657
1800 E. Paul Dirac Drive Tallahassee, FL 32310
From sylvain.phaneuf at IMSU.OXFORD.AC.UK Thu Apr 3 15:44:52 2003
From: sylvain.phaneuf at IMSU.OXFORD.AC.UK (Sylvain Phaneuf)
Date: Thu Jan 12 21:17:40 2006
Subject: clever s p a m
Message-ID:
Hi everyone,
We have come across some spam html messages that contain some meaningless tags that break up keywords like v i a g r a.
As mailscanner/spamassassin must look at the mime message, and not the decoded html part, these messages do not trigger big scores and are not blocked.
Is there a way these could be blocked? see example below my signature
Sylvain
===========================================================
Sylvain Phaneuf --- Computing Manager | phone : +44 (0)1865 221323
Information Management Services Unit - Medical Sciences Division
Oxford University | email : sylvain.phaneuf@imsu.ox.ac.uk
Room 3A25B John Radcliffe Hospital | fax : +44 (0) 1865 221322
Oxford OX3 9DU England
===========================================================
Generic Viagra is now available to consumers
As low as $2.70 per dose (50 mg)
No Doctor's Consutation required
"Silagra is as good as Viagra - just cheaper!"
Costs over 65% less than Brand Name
(Generic Sildenafil Citrate (Silagra)
and Viagra. both consist of 100 mg of
sildenafil citrate)
Private delivery to your home within 14 working days
of payment verification - FREE SHIPPING
100% Money Back Guarantee - The First
Pharmaceutical to ever be guaranteed.
From brian at UNEARTHED.ORG Thu Apr 3 15:46:11 2003
From: brian at UNEARTHED.ORG (Brian May)
Date: Thu Jan 12 21:17:40 2006
Subject: F-Secure 4.50 not supported...
In-Reply-To: <5.2.0.9.2.20030402133441.025b9f50@imap.ecs.soton.ac.uk>
Message-ID: <03271286-65E3-11D7-88DD-000A9579E1DA@unearthed.org>
Any word yet from F-Secure?
Also, any emails to you are stopping at the server... maybe that is
the reason?
----- The following addresses had transient non-fatal errors -----
jkf@roadrunner
(expanded from: jkf)
----- Transcript of session follows -----
jkf@roadrunner... Deferred: Connection refused by
roadrunner.ecs.soton.ac.uk.
Warning: message still undelivered after 3 hours
Will keep trying until message is 1 week old
Reporting-MTA: dns; magpie.ecs.soton.ac.uk
Arrival-Date: Wed, 2 Apr 2003 22:48:30 +0100 (BST)
Final-Recipient: RFC822; jkf@magpie.ecs.soton.ac.uk
X-Actual-Recipient: RFC822; jkf@ecs.soton.ac.uk
Action: delayed
Status: 4.4.1
Remote-MTA: DNS; roadrunner.ecs.soton.ac.uk
Last-Attempt-Date: Thu, 3 Apr 2003 01:56:58 +0100 (BST)
Will-Retry-Until: Wed, 9 Apr 2003 22:48:30 +0100 (BST)
From henker at SHCOM.US Thu Apr 3 16:33:27 2003
From: henker at SHCOM.US (Steffan Henke)
Date: Thu Jan 12 21:17:41 2006
Subject: clever s p a m
In-Reply-To:
References:
Message-ID:
On Thu, 3 Apr 2003, Sylvain Phaneuf wrote:
> We have come across some spam html messages that contain some
> meaningless tags that break up keywords like v i a g r a. As
> Is there a way these could be blocked? see example below my signature
For my own personal email, I use the python spambayes module like this:
spam marked by SpamAssassin and/or junkfilter gets into a junkmail
folder and every few hours, a cronjob processes this folder and "trains" the
spambayes database so it "learns" what is spam and what isn't.
Additionally, a procmail recipe checks for these spam headers the next
time mail comes in. It works quite well, even for those "clever words".
You may want to have a look at http://www.entrian.com/spambayes/
I haven't used the SpamAssassin bayes feature yet to achieve something
like this globally.
Regards,
Steffan
From jase at SENSIS.COM Thu Apr 3 16:39:54 2003
From: jase at SENSIS.COM (Desai, Jason)
Date: Thu Jan 12 21:17:41 2006
Subject: SpamAssassin timed out and was killed,
Message-ID:
I have had lots of SpamAssassin timeouts since upgrading to version 2.52. I
had to disable bayes for things to work again. In spam.assassin.prefs.conf,
I put
use_bayes 0
auto_learn 0
You can try it too and see if that helps. For me, I have to wait until I
get my new mail server in which can handle the increased load of bayes
filtering.
Jason
> -----Original Message-----
> From: Brett Thomson [mailto:brett.thomson@PRINTSOFT.COM]
> Sent: Thursday, April 03, 2003 5:06 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: [MAILSCANNER] SpamAssassin timed out and was killed,
>
>
> Hi All,
>
> I have search and searched and have not been able able to
> find any information
> on this error message or anything on how to fix it.
>
> .....SpamAssassin timed out and was killed,.....
>
> I am running MailScanner version 4.13-3 and SpamAssassin version 2.52
>
> Could anyone tell me how to do the following
> 1. Turn up the logging to achive better logging of
> SpamAssassin errors in syslog
> 2. What this error might be and point me in the direction of
> where to start
> looking.
>
> Many Thanks
> Brett.
>
From mbowman at UDCOM.COM Thu Apr 3 16:35:50 2003
From: mbowman at UDCOM.COM (Matthew Bowman)
Date: Thu Jan 12 21:17:41 2006
Subject: what exactly does the blacklist do?
Message-ID:
Jody,
Yes - It tags all entries in there with {SPAM?} and AFAIK doesn't bounce
messages.
Regards,
--
Matthew K Bowman Systems Administrator, Universal Digital Communications.
174 Park Avenue West, Mansfield. Ohio 44902
Tel : 419-524-4330 Fax : 419-524-0049
Email : mbowman@udcom.com Web: http://www.udcom.com/
Jody Cleveland
Sent by: MailScanner mailing list
04/03/2003 10:04 AM
Please respond to MailScanner mailing list
To: MAILSCANNER@JISCMAIL.AC.UK
cc:
Subject: what exactly does the blacklist do?
Hello all,
I'm just curious, what exactly does the blacklist do?
Does it mark email from addresses in there with {SPAM?} no matter what?
Or, does it bounce the message?
--
Jody Cleveland
(cleveland@winnefox.org)
Winnefox Library System
Computer Support Specialist
From nathan at TCPNETWORKS.NET Thu Apr 3 19:43:40 2003
From: nathan at TCPNETWORKS.NET (Nathan Johanson)
Date: Thu Jan 12 21:17:41 2006
Subject: Forward Spam Action Clarification
Message-ID:
Hello,
I am getting ready to implement a spam actions ruleset:
I have the following in /etc/MailScanner/rules/spam.actions.rules
To: *@domain.com forward spam@domain.com
I understand this and have tested it with success. Messages marked as
spam are forwarded to the appropriate email address (and that' it). The
message doesn't appear to be archived, sent to the original recipient,
or anything more.
However, I noticed that a few people have implemented the same rule but
appended the delete action after the forwarding email address, like so:
To: *@domain.com forward spam@domain.com delete
Based on my testing, there doesn't seem to be a difference between these
two rules. In other words, once it's forwarded, it's implicity deleted
from the queue and appending delete as a second action doesn't seem to
matter. Is this correct?
Nathan
From Cleveland at MAIL.WINNEFOX.ORG Thu Apr 3 16:04:35 2003
From: Cleveland at MAIL.WINNEFOX.ORG (Jody Cleveland)
Date: Thu Jan 12 21:17:41 2006
Subject: what exactly does the blacklist do?
Message-ID: <84CFA712F666B44A94CE6BE116BAF4B0B4E5DC@MAIL>
Hello all,
I'm just curious, what exactly does the blacklist do?
Does it mark email from addresses in there with {SPAM?} no matter what?
Or, does it bounce the message?
--
Jody Cleveland
(cleveland@winnefox.org)
Winnefox Library System
Computer Support Specialist
From baldguy33165 at YAHOO.COM Thu Apr 3 19:44:58 2003
From: baldguy33165 at YAHOO.COM (Juan Quesada)
Date: Thu Jan 12 21:17:41 2006
Subject: Forward Spam Action Clarification
In-Reply-To:
Message-ID: <20030403184458.76663.qmail@web20803.mail.yahoo.com>
I have noticed the same thing
--- Nathan Johanson wrote:
> Hello,
>
> I am getting ready to implement a spam actions
> ruleset:
>
> I have the following in
> /etc/MailScanner/rules/spam.actions.rules
>
> To: *@domain.com forward spam@domain.com
>
> I understand this and have tested it with success.
> Messages marked as
> spam are forwarded to the appropriate email address
> (and that' it). The
> message doesn't appear to be archived, sent to the
> original recipient,
> or anything more.
>
> However, I noticed that a few people have
> implemented the same rule but
> appended the delete action after the forwarding
> email address, like so:
>
> To: *@domain.com forward spam@domain.com
> delete
>
> Based on my testing, there doesn't seem to be a
> difference between these
> two rules. In other words, once it's forwarded, it's
> implicity deleted
> from the queue and appending delete as a second
> action doesn't seem to
> matter. Is this correct?
>
> Nathan
__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - File online, calculators, forms, and more
http://tax.yahoo.com
From mailscanner at ecs.soton.ac.uk Thu Apr 3 19:49:36 2003
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:17:41 2006
Subject: what exactly does the blacklist do?
In-Reply-To: <84CFA712F666B44A94CE6BE116BAF4B0B4E5DC@MAIL>
Message-ID: <5.2.0.9.2.20030403194850.02622758@imap.ecs.soton.ac.uk>
At 16:04 03/04/2003, you wrote:
>Hello all,
>
>I'm just curious, what exactly does the blacklist do?
>
>Does it mark email from addresses in there with {SPAM?} no matter what?
>
>Or, does it bounce the message?
It just forces mail from/to those addresses to be treated as spam according
to your "Spam Actions" setting.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
From dlovelace at HOTELS.COM Thu Apr 3 20:00:53 2003
From: dlovelace at HOTELS.COM (Dale Lovelace)
Date: Thu Jan 12 21:17:41 2006
Subject: "Delete As Spam" button for Exchange
Message-ID: <20030403130053.6e364e6a.dlovelace@hotels.com>
Hi,
I am trying to implement a "Delete As Spam" button in VBScript for Outlook/Exchange that would allow a user to delete a mail they considered spam from their Inbox, then forward it to a special email address that I will use to then feed to SpamAssassin's new bayesian learning. Before I got started I thought I would ask if anyone had done anything like that before, or if anyone knows of a script archive somewhere that might have something along these lines. I haven't done any VBScripting ever, so any tips at all would be great! I'll be sure to release whatever I do come up with to the world!
Thanks,
Dale
--
Dale Lovelace
System Administrator
hotels.com
(214) 361-7311 Ext. 1074
From jase at SENSIS.COM Thu Apr 3 20:19:24 2003
From: jase at SENSIS.COM (Desai, Jason)
Date: Thu Jan 12 21:17:41 2006
Subject: "Delete As Spam" button for Exchange
Message-ID:
Hi Dale.
Unfortunately we use Outlook / Exchange here too. :-) I have written a
script that will connect to an IMAP mailbox and pull all of the messages out
and feed them to sa-learn. In Exchange, we created two folders (Spam and
Not Spam) in the Public Folders area. The script I wrote is in perl and
uses Mail::Cclient to access the IMAP folders. When everything is complete,
we will just have the users drag and drop their spam (and ham if needed)
into these folders, and our script run from cron will feed them to sa-learn.
I chose this method because Outlook can only forward email (not bounce).
And forwarding email would change the it a little bit, which may impact the
bayes filters.
Currently I have had to turn off bayes checking as it puts too much of a
load on my server, so I haven't fully tested it out. But I should be
getting new hardware next week. When I am done with the script, I will post
it to the list. You can email me off list if you'd like a preliminary
version.
Jason
> -----Original Message-----
> From: Dale Lovelace [mailto:dlovelace@HOTELS.COM]
> Sent: Thursday, April 03, 2003 2:01 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: [MAILSCANNER] "Delete As Spam" button for Exchange
>
>
> Hi,
>
> I am trying to implement a "Delete As Spam" button in
> VBScript for Outlook/Exchange that would allow a user to
> delete a mail they considered spam from their Inbox, then
> forward it to a special email address that I will use to then
> feed to SpamAssassin's new bayesian learning. Before I got
> started I thought I would ask if anyone had done anything
> like that before, or if anyone knows of a script archive
> somewhere that might have something along these lines. I
> haven't done any VBScripting ever, so any tips at all would
> be great! I'll be sure to release whatever I do come up with
> to the world!
>
> Thanks,
> Dale
>
> --
> Dale Lovelace
> System Administrator
> hotels.com
> (214) 361-7311 Ext. 1074
>
From nicholas_esborn at AFFYMETRIX.COM Thu Apr 3 20:28:15 2003
From: nicholas_esborn at AFFYMETRIX.COM (Nicholas Esborn)
Date: Thu Jan 12 21:17:41 2006
Subject: Exchange/Outlook client configuration
Message-ID: <20030403192815.GB608@affymetrix.com>
Hello,
I'm working on a MailScanner deployment for my (primarily Outlook) user
base. The biggest problem I have yet encountered is how to configure
Outlook. I've found a successful Rules Wizard configuration, but that
method is difficult to implement for ~800 users.
How have other MailScanner sites with Outlook clients handled this problem?
-nick
--
Nicholas Esborn
Affymetrix, Inc.
510/428.8505
Every message PGP signed
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030403/726aa75a/attachment.bin
From mkettler at EVI-INC.COM Thu Apr 3 20:28:41 2003
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:17:41 2006
Subject: clever s p a m
In-Reply-To:
Message-ID: <5.2.0.9.0.20030403135958.0179d108@xanadu.evi-inc.com>
You didn't state what version of SA you are using, however current versions
of SA should at least catch most cases of this stuff
as OBFUSCATING_COMMENT. It does appear however that multi-part messages
(ie: ones that aren't HTML only) are exempt from the OBFUSCATING_COMMENT
rule for the time being due to FPs in text-plain mime parts.
All rules (except rawbody ones) should be matched after HTML tags and mime
decoding is done, however last I checked there was still some clean-up of
the HTML parsing going on. Some malformed/invalid HTML tags weren't being
stripped because they confused the parser. I'm not sure if all/most of
these are fixed in 2.52 or not, but I know there was a heavy push to get
some HTML parsing issues fixed before 2.50 was out.
Also you should note that in 2.5x the viagra rules have changed, and this
message here shouldn't fire on them (they now look for phrase combinations
such as herbal or natural varieties, all caps, or viagra in the subject.)
There's a lot of talk over on SA-Talk regarding some of the not-so-new
tricks of using HTML comments, and punctuation marks to obfuscate phrases,
and there should be a fair amount of development writing newer, better
rules for these soon (2.5x was really pushing to get bayes out, so wasn't
very rule-development heavy).
At 03:44 PM 4/3/2003 +0100, Sylvain Phaneuf wrote:
>Hi everyone,
>
>We have come across some spam html messages that contain some meaningless
>tags that break up keywords like v i a g r a.
>
>As mailscanner/spamassassin must look at the mime message, and not the
>decoded html part, these messages do not trigger big scores and are not
>blocked.
>
>Is there a way these could be blocked? see example below my signature
>
>Sylvain
>===========================================================
>Sylvain Phaneuf --- Computing Manager | phone : +44 (0)1865 221323
>Information Management Services Unit - Medical Sciences Division
>Oxford University | email :
>sylvain.phaneuf@imsu.ox.ac.uk
>Room 3A25B John Radcliffe Hospital | fax : +44 (0) 1865 221322
>Oxford OX3 9DU England
>===========================================================
>
>
>Generic Viagra is now available to consumers
>As low as $2.70 per dose (50 mg)
>No Doctor's Consutation required
>"Silagra is as good as Viagra - just cheaper!"
>Costs over 65% less than Brand Name
>(Generic Sildenafil Citrate (Silagra)
>and Viagra. both consist of 100 mg of
>sildenafil citrate)
>Private delivery to your home within 14 working days
>of payment verification - FREE SHIPPING
>100% Money Back Guarantee - The First
>Pharmaceutical to ever be guaranteed.
>
From kevins at BMRB.CO.UK Thu Apr 3 20:35:43 2003
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:17:41 2006
Subject: "Delete As Spam" button for Exchange
In-Reply-To: <20030403130053.6e364e6a.dlovelace@hotels.com>
References: <20030403130053.6e364e6a.dlovelace@hotels.com>
Message-ID: <1049398544.5103.16.camel@bach.kevinspicer.co.uk>
On Thu, 2003-04-03 at 20:00, Dale Lovelace wrote:
> Hi,
>
> I am trying to implement a "Delete As Spam" button in VBScript for
> Outlook/Exchange that would allow a user to delete a mail they
> considered spam from their Inbox, then forward it to a special email
> address that I will use to then feed to SpamAssassin's new bayesian
> learning. Before I got started I thought I would ask if anyone had
> done anything like that before, or if anyone knows of a script archive
> somewhere that might have something along these lines. I haven't done
> any VBScripting ever, so any tips at all would be great! I'll be sure
> to release whatever I do come up with to the world!
>
I haven't tried anything quite like this, but I do have a plan for
dealing with this once I upgrade SA. I wanted to avoid using 'forward'
because this slightly changes the content and replaces the headers.
Here's my idea...
1) Create an exchange account for the MailScanner
2) Create two public folders, one called Spam, one called NotSpam.
These folders are owned by the MailScanner user created above, writable
by everyone, but not readable by anyone other than the MailScanner user
(to protect users privacy).
3) Use fetchmail on the MailScanner machine to collect and delete
messages from the two public folders (using IMAP) and push them to
corresponding mail accounts on the MailScanner machine.
4) Use Julian's script to process the messages through salearn.
I've tested the public folders bit and it works [its slightly
disconcerting that you can't see the messages you've copied in there,
but it works and the messages are unaltered]. I've not tested the
fetchmail bit, but I'm confident it will work (I already access exchange
through IMAP from evolution so I know that's okay).
BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material. If you have received this in error, please contact the
sender and delete this message immediately. Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited. BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.
From jase at SENSIS.COM Thu Apr 3 20:39:41 2003
From: jase at SENSIS.COM (Desai, Jason)
Date: Thu Jan 12 21:17:41 2006
Subject: ANNOUNCE: MailScanner Monitor (msmon) 0.05
Message-ID:
Hello.
I have attached a simple program that I created that will monitor the output
of MailScanner logs. It is a real time monitor, and will give the status of
each MailScanner process. It is written in perl and uses the Gtk perl
module. I originally wrote it to get a better idea of what MailScanner was
doing, since watching the log file got too complicated with multiple
processes.
Changes since version 0.03:
* Everything done in perl now - no external commands are run
* Added ability to catch when MailScanner restarts for MailScanner >= 4.13
(I have not been able to test this yet, as I am still running MailScanner
4.12-2)
* Added ability to have multiple rows - just specify the max number of
columns, and msmon will add rows as needed
* Added Total "Other Checks" for each process
* Added Longest Wait Time for messages in the queue
* Some better error messages
msmon works for my MailScanner setup (Exim, Debian (Woody), MailScanner
4.12). You should be able to get it to work with your setup with some minor
changes to variables at the top of the script (please check them before
running the script). I hope someone else may find this useful.
Contributions and comments are welcome.
Jason
-------------- next part --------------
A non-text attachment was scrubbed...
Name: msmon.pl
Type: application/octet-stream
Size: 10706 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030403/d043a261/msmon.obj
From craig at STRONG-BOX.NET Thu Apr 3 20:46:37 2003
From: craig at STRONG-BOX.NET (Craig Pratt)
Date: Thu Jan 12 21:17:41 2006
Subject: Exchange/Outlook client configuration
In-Reply-To: <20030403192815.GB608@affymetrix.com>
Message-ID:
On Thursday, April 3, 2003, at 11:28 AM, Nicholas Esborn wrote:
> Hello,
>
> I'm working on a MailScanner deployment for my (primarily Outlook) user
> base. The biggest problem I have yet encountered is how to configure
> Outlook. I've found a successful Rules Wizard configuration, but that
> method is difficult to implement for ~800 users.
>
> How have other MailScanner sites with Outlook clients handled this
> problem?
>
> -nick
Are you talking about filtering your spam into a separate mailbox
folder? Any other outlook-related configuration doesn't have much to do
with MailScanner.
We use procmail to put messages identified as spam (currently using the
subject line) into each user's "Bulk" folder, which is viewable via
IMAP. This also allows the user to find any misclassified e-mails and -
when we enable it - users can place false negatives in there for Bayes
filter training. You can also run a daily job to purge old messages out
of this folder. All this happens server-side - no outlook rules and
such.
Craig
---
Craig Pratt
Strongbox Network Services Inc.
mailto:craig@strong-box.net
--
This message checked for dangerous content by MailScanner on StrongBox.
From zach at PROZACH.COM Thu Apr 3 21:13:30 2003
From: zach at PROZACH.COM (Zach Gelnett)
Date: Thu Jan 12 21:17:41 2006
Subject: Mailscanner f-prot error
Message-ID:
Hey all,
I'm getting this error with MailScanner 4.13 and f-prot 3.13 (current
versions of both).
I just installed both on a fresh install of RedHat 9. Any ideas?
Apr 3 13:32:48 linuxbox MailScanner[24022]: New Batch: Scanning 1 messages,
3596 bytes
Apr 3 13:32:48 linuxbox MailScanner[24022]: Virus and Content Scanning:
Starting
Apr 3 13:32:48 linuxbox MailScanner[24022]: Search: .
Apr 3 13:32:49 linuxbox MailScanner[24022]: Either you've found a bug in
MailScanner's F-Prot output parser, or F-Prot's output format has changed!
F-Prot said this "Search: .". Please mail the author of MailScanner
Apr 3 13:32:49 linuxbox MailScanner[24022]: Action: Report only
Apr 3 13:32:49 linuxbox MailScanner[24022]: Either you've found a bug in
MailScanner's F-Prot output parser, or F-Prot's output format has changed!
F-Prot said this "Action: Report only". Please mail the author of
MailScanner
Apr 3 13:32:49 linuxbox MailScanner[24022]: Files: "Dumb" scan of all files
Apr 3 13:32:49 linuxbox MailScanner[24022]: Either you've found a bug in
MailScanner's F-Prot output parser, or F-Prot's output format has changed!
F-Prot said this "Files: "Dumb" scan of all files". Please mail the author
of MailScanner
Apr 3 13:32:49 linuxbox MailScanner[24022]: Switches: -ARCHIVE -OLD
Apr 3 13:32:49 linuxbox MailScanner[24022]: Either you've found a bug in
MailScanner's F-Prot output parser, or F-Prot's output format has changed!
F-Prot said this "Switches: -ARCHIVE -OLD". Please mail the author of
MailScanner
Apr 3 13:32:49 linuxbox MailScanner[24022]: Uninfected: Delivered 1
messages
Thanks,
Zach
From raymond at PROLOCATION.NET Thu Apr 3 21:25:47 2003
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:17:41 2006
Subject: Mailscanner f-prot error
In-Reply-To:
Message-ID:
hi!
> Apr 3 13:32:48 linuxbox MailScanner[24022]: Search: .
> Apr 3 13:32:49 linuxbox MailScanner[24022]: Either you've found a bug in
> MailScanner's F-Prot output parser, or F-Prot's output format has changed!
Most likely you have to upgrade to the latest beta available on the
Mailscanner site, there was a fix for the changed F-prot output.
bye,
Raymond.
From l_candelario at CRC.UPR.CLU.EDU Thu Apr 3 21:57:30 2003
From: l_candelario at CRC.UPR.CLU.EDU (Larry Candelario)
Date: Thu Jan 12 21:17:41 2006
Subject: Problems with F-prot working with zipped files
Message-ID:
Hello,
I'm running Linux Red Hat 8.0, installed OpenWebmail 1.90, and recently
installed MailScanner 4.13-3 with f-prot 3.12d.
I modified mailscanner.conf to use f-prot instead of Sophos:
Virus Scanner = f-prot
Sweep = /usr/local/f-prot/f-protwrapper
Modified viruses.to.delete.conf to use f-prot's definitions instead of Sophos
In f-protwrapper my ScanOptions line is:
ScanOptions="$ScanOptions -archive -old -dumb -auto"
But when I'm testing with the EICAR files, only the eicar.com file is
detected, not the eicar_com.zip or eicarcom2.zip files. I also checked with
the cscript.exe which was detected, but if I zipped it then it wasn't detected.
But if I check the file from a terminal commmand window:
f-prot eicarcom2.zip
Then f-prot does detect the zipped eicar.com file, so I know that f-prot is
working okay in that regard.
I've checked the install/configure instructions and just can't see what I'm
missing or have done wrong.
I imagine this has probably been asked over and over before, but I've gone
thu the archives searching for EICAR and haven't found any clues yet, so I'd
really appreciate any clues or hints or help.
Thanks,
Larry
From mailscanner at ecs.soton.ac.uk Thu Apr 3 23:01:58 2003
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:17:41 2006
Subject: F-Secure 4.50 support
Message-ID: <5.2.0.9.2.20030403225034.03e1d688@imap.ecs.soton.ac.uk>
There are 2 parts to this.
1) Copy f-secure-wrapper to the directory containing all the other -wrapper
scripts. This will probably be either /usr/lib/MailScanner or
/opt/MailScanner/lib.
2) Apply the patch to the SweepViruses.pm file. Depending on the location
of the file:
cd /usr/lib/MailScanner/MailScanner
or
cd /opt/MailScanner/lib/MailScanner
then
patch < SweepViruses.pm.FSecure.patch
Then restart MailScanner and you should now be fine with F-Secure 4.50. As
usual, if you have installed F-Secure in somewhere other than the default
location, you will need to put the path to your installation into
f-secure-wrapper.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: SweepViruses.pm.FSecure.patch
Type: application/octet-stream
Size: 5125 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030403/5076dfd7/SweepViruses.pm.FSecure.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: f-secure-wrapper
Type: application/octet-stream
Size: 2472 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030403/5076dfd7/f-secure-wrapper.obj
-------------- next part --------------
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
From mailscanner at ecs.soton.ac.uk Thu Apr 3 23:16:28 2003
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:17:41 2006
Subject: I noticed this tonight...
In-Reply-To:
References:
<5.2.0.9.2.20030402084908.023ead88@imap.ecs.soton.ac.uk>
Message-ID: <5.2.0.9.2.20030403231616.03e335b0@imap.ecs.soton.ac.uk>
This patch will be in the next release.
At 14:34 02/04/2003, you wrote:
>Mike Kercher wrote:
> >
> >Any other ideas?
>
>This patch prevents SpamAssassin from copying the user preferences file
>template into ~/.spamassassin
>
>--- lib/MailScanner/SA.pm 27 Mar 2003 16:55:18 -0000 1.1.1.4
>+++ lib/MailScanner/SA.pm 27 Mar 2003 17:28:47 -0000 1.8
>@@ -73,7 +74,7 @@
> unless (MailScanner::Config::IsSimpleValue('usespamassassin') &&
> !MailScanner::Config::Value('usespamassassin')) {
> require Mail::SpamAssassin;
>- $settings{dont_copy_prefs} = 0;
>+ $settings{dont_copy_prefs} = 1;
> $prefs = MailScanner::Config::Value('spamassassinprefsfile');
> $settings{userprefs_filename} = $prefs if defined $prefs;
> $val = MailScanner::Config::Value('debugspamassassin');
>
>Tony.
>--
>f.a.n.finch http://dotat.at/
>WHITBY TO THE WASH: NORTHWEST 7, DECREASING 4 OR 5. SHOWERS, GRADUALLY DYING
>OUT. GOOD, BUT MODERATE IN SHOWERS. ROUGH.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
From mailscanner at ecs.soton.ac.uk Thu Apr 3 23:21:08 2003
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:17:41 2006
Subject: Problems with F-prot working with zipped files
In-Reply-To:
Message-ID: <5.2.0.9.2.20030403231922.03df5008@imap.ecs.soton.ac.uk>
At 21:57 03/04/2003, you wrote:
>Hello,
>
>I'm running Linux Red Hat 8.0, installed OpenWebmail 1.90, and recently
>installed MailScanner 4.13-3 with f-prot 3.12d.
>
>I modified mailscanner.conf to use f-prot instead of Sophos:
>Virus Scanner = f-prot
>Sweep = /usr/local/f-prot/f-protwrapper
That's not a MailScanner 4.13-3 option, that's one from version 3. Please
check the version you are running and the location of the configuration
file you are editing. Something is wrong here.
>Modified viruses.to.delete.conf to use f-prot's definitions instead of Sophos
Again, that's a version 3 file.
I have just tested the F-Prot 3.13 scanning functionality in the latest
beta release and it is working fine. Happily detected viruses in zip files.
>In f-protwrapper my ScanOptions line is:
>
>ScanOptions="$ScanOptions -archive -old -dumb -auto"
>
>But when I'm testing with the EICAR files, only the eicar.com file is
>detected, not the eicar_com.zip or eicarcom2.zip files. I also checked with
>the cscript.exe which was detected, but if I zipped it then it wasn't
>detected.
>
>But if I check the file from a terminal commmand window:
>f-prot eicarcom2.zip
>
>Then f-prot does detect the zipped eicar.com file, so I know that f-prot is
>working okay in that regard.
>
>I've checked the install/configure instructions and just can't see what I'm
>missing or have done wrong.
>
>I imagine this has probably been asked over and over before, but I've gone
>thu the archives searching for EICAR and haven't found any clues yet, so I'd
>really appreciate any clues or hints or help.
>
>Thanks,
>Larry
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
From nicholas_esborn at AFFYMETRIX.COM Thu Apr 3 23:50:53 2003
From: nicholas_esborn at AFFYMETRIX.COM (Nicholas Esborn)
Date: Thu Jan 12 21:17:41 2006
Subject: Exchange/Outlook client configuration
In-Reply-To:
References: <20030403192815.GB608@affymetrix.com>
Message-ID: <20030403225053.GD608@affymetrix.com>
Craig,
On Thu, Apr 03, 2003 at 11:46:37AM -0800, Craig Pratt wrote:
> Are you talking about filtering your spam into a separate mailbox
> folder? Any other outlook-related configuration doesn't have much to do
> with MailScanner.
Yes, I'm basically trying to partition Spam into a seperate mailbox or
folder so that users don't see Spam in their normal mailbox, but can
retrieve misclassified valid mail.
> We use procmail to put messages identified as spam (currently using the
> subject line) into each user's "Bulk" folder, which is viewable via
> IMAP. This also allows the user to find any misclassified e-mails and -
> when we enable it - users can place false negatives in there for Bayes
> filter training. You can also run a daily job to purge old messages out
> of this folder. All this happens server-side - no outlook rules and
> such.
Is this on a Unix mail server? In my case, the mailboxes reside on an
Exchange server, which limits my options. Exchange can supposedly be
automated with vbscript, but the Exchange admins at my site won't touch
it with a ten foot pole. The way I see it, I can either:
1) send Spam to a different mailserver, possibly with a webmail front-end
or
2) send Spam to the Exchange server, and configure Outlook clients to
automatically dump tagged Spam into a Junk folder
The key issue is tech support load. Any required user training or client
configuration will have to be supported for ~800 users, and I do not want
our tech support department to hate me. :) So it's very important for me
to have the simplest user experience possible.
It would be wonderful if I'm missing some simple, elegant solution here. :)
-nick
--
Nicholas Esborn
Affymetrix, Inc.
510/428.8505
Every message PGP signed
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030403/1f3e6611/attachment.bin
From tchamtieh at YAHOO.COM Thu Apr 3 23:55:17 2003
From: tchamtieh at YAHOO.COM (Thomas Chamtieh)
Date: Thu Jan 12 21:17:41 2006
Subject: Quarantine Index File
Message-ID: <20030403225517.96199.qmail@web13205.mail.yahoo.com>
Hi all,
This could be a new feature for the next MailScanner release. I was wondering if it was possible to automatically create/update an index file that would contain a list of all messages that have been quarantined. This would make it much easier and faster to parse (imagine having to to read 6000 files to parse through!) I think an index file file would make it much much faster.
Any ideas how to implement this?
Thanks,
-Thomas
---------------------------------
Do you Yahoo!?
Yahoo! Tax Center - File online, calculators, forms, and more
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030403/caf8e5da/attachment.html
From kevins at BMRB.CO.UK Fri Apr 4 00:23:14 2003
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:17:41 2006
Subject: Exchange/Outlook client configuration
In-Reply-To: <20030403225053.GD608@affymetrix.com>
References: <20030403192815.GB608@affymetrix.com>
<20030403225053.GD608@affymetrix.com>
Message-ID: <1049412194.5103.31.camel@bach.kevinspicer.co.uk>
>
> It would be wonderful if I'm missing some simple, elegant solution here. :)
>
For what its worth I take the view that as any solution is going to
involve some degree of user training (for example, how to access the
webmail, explaining how & why their spam ended up in a different folder
etc.) you may as well just tag the spam, deliver it and lets users set
up their own rules to filter it. I've found that the majority of the
spam goes to a minority of users, and flase positives are more likely to
generate support calls. I set up a page on our intranet explaining what
spam is ('borrowed' from the SA web site!), why their mail has been
tagged as spam and how to set up an outlook rule to filter it. I gently
publicised it and gave the helpdesk the link as a stock first line
response to any calls. We have had very few calls and only about three
(all false positives) have been escalated to me in the last six months.
I think I would have had a lot more complaints had I filtered mail off
elsewhere, as users would constantly have been forgetting how to access
it, forgetting it exists & missing important emails which are false
positives. (for comparison our Outlook user base is just a little
smaller than yours).
BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material. If you have received this in error, please contact the
sender and delete this message immediately. Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited. BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.
From brian at unearthed.com Fri Apr 4 00:30:22 2003
From: brian at unearthed.com (Brian May)
Date: Thu Jan 12 21:17:41 2006
Subject: F-Secure 4.50 support
References: <5.2.0.9.2.20030403225034.03e1d688@imap.ecs.soton.ac.uk>
Message-ID: <001d01c2fa39$01e1a480$8801020a@brianmay>
Julian, you are the man... the patch took a little munging, since you are
working off an updated source than myself, (unless I missed an
announcement.. running mailscanner-4.13-3).. other than that... perfection!
got a wishlist or something I can get you something from?
Brian
----- Original Message -----
From: "Julian Field"
To:
Sent: Thursday, April 03, 2003 2:01 PM
Subject: F-Secure 4.50 support
There are 2 parts to this.
1) Copy f-secure-wrapper to the directory containing all the other -wrapper
scripts. This will probably be either /usr/lib/MailScanner or
/opt/MailScanner/lib.
2) Apply the patch to the SweepViruses.pm file. Depending on the location
of the file:
cd /usr/lib/MailScanner/MailScanner
or
cd /opt/MailScanner/lib/MailScanner
then
patch < SweepViruses.pm.FSecure.patch
Then restart MailScanner and you should now be fine with F-Secure 4.50. As
usual, if you have installed F-Secure in somewhere other than the default
location, you will need to put the path to your installation into
f-secure-wrapper.
----------------------------------------------------------------------------
----
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
From patricksteiner at BLUEWIN.CH Fri Apr 4 02:53:32 2003
From: patricksteiner at BLUEWIN.CH (Patrick Steiner)
Date: Thu Jan 12 21:17:41 2006
Subject: The highest Spam score !!!
Message-ID: <3E8CE59C.4090406@bluewin.ch>
--------snip----------
X-MailScanner-VirusCheck: Found to be clean
X-MailScanner-SpamCheck: spam, SpamAssassin (score=494.7, required 4.4, AWL,
FOR_JUST_SOME_AMT, GTUBE, PATCH_UNIFIED_DIFF)
X-MailScanner-SpamScore: ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss
--------snip----------
It looks very funny but why is the score so very high???
From mkettler at EVI-INC.COM Fri Apr 4 03:37:49 2003
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:17:41 2006
Subject: The highest Spam score !!!
In-Reply-To: <3E8CE59C.4090406@bluewin.ch>
Message-ID: <5.2.0.9.0.20030403213458.017e5350@xanadu.evi-inc.com>
because it matched the GTUBE test which has a +1000 score.
GTUBE is a really bizarre fairly long case-sensitive string that is used as
a Generic Test for Unsolicited Bulk Email. It's used by SpamAssassin the
same way the EICAR test file is used to test a virus scanner.
Was this actually an innocuous mail? or was someone discussing the GTUBE
string or purposefully sending a GTUBE email?
At 03:53 AM 4/4/2003 +0200, Patrick Steiner wrote:
>--------snip----------
>X-MailScanner-VirusCheck: Found to be clean
>X-MailScanner-SpamCheck: spam, SpamAssassin (score=494.7, required 4.4, AWL,
> FOR_JUST_SOME_AMT, GTUBE, PATCH_UNIFIED_DIFF)
>X-MailScanner-SpamScore:
>ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss
>--------snip----------
>
>It looks very funny but why is the score so very high???
From danieltan at shopnsave.com.sg Fri Apr 4 05:23:28 2003
From: danieltan at shopnsave.com.sg (Daniel Tan)
Date: Thu Jan 12 21:17:41 2006
Subject: Using spam assassin
Message-ID: <007e01c2fa61$f2a0ee80$3900a8c0@Daniel>
Hi,
typing in this command spamassassin --lint gave me this
Cannot open bayes_path /root/.spamassassin/bayes R/O: No such file or
directory
ignored the error and continue to edit spam.assassin.prefs.conf file and
wrote local rule set
my ruleset can't work including those default nasty e-card filter.
is it the right place to define my ruleset to search user's email on subject
line and the body that contain words set in my ruleset, the email will be
served as spam.
eg. if my ruleset ask to search for words on "sex" or "adult" in the subject
and body, the mail coming in will be considered spam if it has these words
in it.
Regards,
Daniel Tan
67469188 Ext.665
DID: 68430665
MIS Department
Shop N Save Pte Ltd
: danieltan@shopnsave.com.sg
[This e-mail is confidential and may also be privileged. If you are not the
intended recipient, please delete it and notify us immediately; you should
not copy or use it for any purpose, nor disclose its contents to any other
person. Thank you.]
From P.G.M.Peters at civ.utwente.nl Fri Apr 4 08:55:14 2003
From: P.G.M.Peters at civ.utwente.nl (Peter Peters)
Date: Thu Jan 12 21:17:41 2006
Subject: Exchange/Outlook client configuration
In-Reply-To: <20030403225053.GD608@affymetrix.com>
References: <20030403192815.GB608@affymetrix.com>
<20030403225053.GD608@affymetrix.com>
Message-ID: <5heq8vkobntnbgctup3ncunnhrc7nipv48@4ax.com>
On Thu, 3 Apr 2003 14:50:53 -0800, you wrote:
> 2) send Spam to the Exchange server, and configure Outlook clients to
> automatically dump tagged Spam into a Junk folder
>
>The key issue is tech support load. Any required user training or client
>configuration will have to be supported for ~800 users, and I do not want
>our tech support department to hate me. :) So it's very important for me
>to have the simplest user experience possible.
I have set up a website with instructions and have the users do it
themselves. Have a look at
http://home.student.utwente.nl/p.g.m.peters/outlookrule_viewlet.html.
--
Peter Peters, senior netwerkbeheerder
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente, Postbus 217, 7500 AE Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/civ
From Douglas.Hall at PROQUEST.CO.UK Fri Apr 4 10:00:00 2003
From: Douglas.Hall at PROQUEST.CO.UK (Hall, Douglas)
Date: Thu Jan 12 21:17:41 2006
Subject: Sophos Licensing
Message-ID:
Cany any mailscanner+sophos users can help me out here. I've
received a quote from sophos for use with mailscanner, and
they include pricing for SAV Interface and SAV Connect licenses.
Does anyone know which license is needed for use with
MailScanner. I am only asking for verification here, because
the chap I spoke with at sophos seemed a little unsure(!).
Given the huge differential in price, I'd like to be sure
which is needed before I test sophos out any further.
Perhaps this should be in the FAQ?
thanks!
-Douglas
From jdostal at YCN.COM Fri Apr 4 10:04:06 2003
From: jdostal at YCN.COM (Joachim Dostal)
Date: Thu Jan 12 21:17:41 2006
Subject: 2 x "from=<>" in the logs
Message-ID:
hi,
have MailScanner 4.12, and 2 sendmail(8.12.8) processes. if i send a virus
mail (e.g. eicar.com) to the server i get following to lines:
===
Apr 2 15:51:22 mailsrv sendmail[2065]: h32DpLnl002065: from=<>, size=1259,
class=0, nrcpts=1, msgid=<200304021351.h32DpLnl002065@mailsrv.mydom.com>,
relay=root@localhost
Apr 2 15:51:22 mailsrv sendmail[2067]: h32DpMIg002067: from=<>, size=1513,
class=0, nrcpts=1, msgid=<200304021351.h32DpLnl002065@mailsrv.mydom.com>,
proto=ESMTP, daemon=MSA, relay=localhost [127.0.0.1]
===
are there any suggestions about this lines ?
thx4your help, joachim
From mailscanner at ecs.soton.ac.uk Fri Apr 4 10:15:30 2003
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:17:41 2006
Subject: SpamAssassin timed out and was killed,
In-Reply-To: <1049364388.3e8c07a464fd6@mail.printsoft.com>
Message-ID: <5.2.0.9.2.20030404101513.042d5ea8@imap.ecs.soton.ac.uk>
At 11:06 03/04/2003, you wrote:
>Hi All,
>
>I have search and searched and have not been able able to find any information
>on this error message or anything on how to fix it.
>
>.....SpamAssassin timed out and was killed,.....
>
>I am running MailScanner version 4.13-3 and SpamAssassin version 2.52
>
>Could anyone tell me how to do the following
>1. Turn up the logging to achive better logging of SpamAssassin errors in
>syslog
>2. What this error might be and point me in the direction of where to start
>looking.
The next release will have a "Debug SpamAssassin" configuration option.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
From mailscanner at ecs.soton.ac.uk Fri Apr 4 10:09:17 2003
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:17:41 2006
Subject: Sophos Licensing
In-Reply-To:
Message-ID: <5.2.0.9.2.20030404100807.04273120@imap.ecs.soton.ac.uk>
At 10:00 04/04/2003, you wrote:
>Cany any mailscanner+sophos users can help me out here. I've
>received a quote from sophos for use with mailscanner, and
>they include pricing for SAV Interface and SAV Connect licenses.
>
>Does anyone know which license is needed for use with
>MailScanner. I am only asking for verification here, because
>the chap I spoke with at sophos seemed a little unsure(!).
>
>Given the huge differential in price, I'd like to be sure
>which is needed before I test sophos out any further.
I *believe* the right answer is SAV Interface (or SAVI) licences. That has
certainly been the case in the past. It's not a cheap product by any means,
but it is a good one. Check you aren't entitled to any discounts
(quantity/education/charity/...)
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
From mailscanner at ecs.soton.ac.uk Fri Apr 4 10:16:35 2003
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:17:41 2006
Subject: F-Secure 4.50 not supported...
In-Reply-To: <03271286-65E3-11D7-88DD-000A9579E1DA@unearthed.org>
References: <5.2.0.9.2.20030402133441.025b9f50@imap.ecs.soton.ac.uk>
Message-ID: <5.2.0.9.2.20030404101605.0429f9a0@imap.ecs.soton.ac.uk>
At 15:46 03/04/2003, you wrote:
>Any word yet from F-Secure?
All sorted.
>Also, any emails to you are stopping at the server... maybe that is
>the reason?
One of our mail servers got screwed by the RedHat Network updates. Fixed now.
> ----- The following addresses had transient non-fatal errors -----
>jkf@roadrunner
> (expanded from: jkf)
>
> ----- Transcript of session follows -----
>jkf@roadrunner... Deferred: Connection refused by
>roadrunner.ecs.soton.ac.uk.
>Warning: message still undelivered after 3 hours
>Will keep trying until message is 1 week old
>Reporting-MTA: dns; magpie.ecs.soton.ac.uk
>Arrival-Date: Wed, 2 Apr 2003 22:48:30 +0100 (BST)
>
>Final-Recipient: RFC822; jkf@magpie.ecs.soton.ac.uk
>X-Actual-Recipient: RFC822; jkf@ecs.soton.ac.uk
>Action: delayed
>Status: 4.4.1
>Remote-MTA: DNS; roadrunner.ecs.soton.ac.uk
>Last-Attempt-Date: Thu, 3 Apr 2003 01:56:58 +0100 (BST)
>Will-Retry-Until: Wed, 9 Apr 2003 22:48:30 +0100 (BST)
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
From mailscanner at ecs.soton.ac.uk Fri Apr 4 10:12:21 2003
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:17:41 2006
Subject: Exchange/Outlook client configuration
In-Reply-To: <20030403225053.GD608@affymetrix.com>
References:
<20030403192815.GB608@affymetrix.com>
Message-ID: <5.2.0.9.2.20030404101023.042786b0@imap.ecs.soton.ac.uk>
At 23:50 03/04/2003, you wrote:
>Craig,
>
>On Thu, Apr 03, 2003 at 11:46:37AM -0800, Craig Pratt wrote:
> > Are you talking about filtering your spam into a separate mailbox
> > folder? Any other outlook-related configuration doesn't have much to do
> > with MailScanner.
>
>Yes, I'm basically trying to partition Spam into a seperate mailbox or
>folder so that users don't see Spam in their normal mailbox, but can
>retrieve misclassified valid mail.
>
> > We use procmail to put messages identified as spam (currently using the
> > subject line) into each user's "Bulk" folder, which is viewable via
> > IMAP. This also allows the user to find any misclassified e-mails and -
> > when we enable it - users can place false negatives in there for Bayes
> > filter training. You can also run a daily job to purge old messages out
> > of this folder. All this happens server-side - no outlook rules and
> > such.
>
>Is this on a Unix mail server? In my case, the mailboxes reside on an
>Exchange server, which limits my options. Exchange can supposedly be
>automated with vbscript, but the Exchange admins at my site won't touch
>it with a ten foot pole. The way I see it, I can either:
>
> 1) send Spam to a different mailserver, possibly with a webmail front-end
>
>or
>
> 2) send Spam to the Exchange server, and configure Outlook clients to
> automatically dump tagged Spam into a Junk folder
One approach to this, which a few people use, is to have 2 accounts per
user. One for the usual mail (e.g. jim) and one for their spam (e.g.
jim-spam). It is a trivial Custom Function to make the Spam Action forward
to "username-spam@yourdomain.com". Still involves some user training though.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
From mailscanner at ecs.soton.ac.uk Fri Apr 4 10:22:48 2003
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:17:41 2006
Subject: 2 x "from=<>" in the logs
In-Reply-To:
Message-ID: <5.2.0.9.2.20030404102223.04273f00@imap.ecs.soton.ac.uk>
At 10:04 04/04/2003, you wrote:
>hi,
>
>have MailScanner 4.12, and 2 sendmail(8.12.8) processes. if i send a virus
>mail (e.g. eicar.com) to the server i get following to lines:
They are probably the sender and postmaster warning messages being sent.
>===
>Apr 2 15:51:22 mailsrv sendmail[2065]: h32DpLnl002065: from=<>, size=1259,
>class=0, nrcpts=1, msgid=<200304021351.h32DpLnl002065@mailsrv.mydom.com>,
>relay=root@localhost
>
>Apr 2 15:51:22 mailsrv sendmail[2067]: h32DpMIg002067: from=<>, size=1513,
>class=0, nrcpts=1, msgid=<200304021351.h32DpLnl002065@mailsrv.mydom.com>,
>proto=ESMTP, daemon=MSA, relay=localhost [127.0.0.1]
>===
>are there any suggestions about this lines ?
>
>thx4your help, joachim
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
From mailscanner at ecs.soton.ac.uk Fri Apr 4 10:17:15 2003
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:17:41 2006
Subject: SpamAssassin timed out and was killed,
In-Reply-To:
Message-ID: <5.2.0.9.2.20030404101700.04258728@imap.ecs.soton.ac.uk>
The next release will work better with SpamAssassin 2.5x.
At 16:39 03/04/2003, you wrote:
>I have had lots of SpamAssassin timeouts since upgrading to version 2.52. I
>had to disable bayes for things to work again. In spam.assassin.prefs.conf,
>I put
>
>use_bayes 0
>auto_learn 0
>
>You can try it too and see if that helps. For me, I have to wait until I
>get my new mail server in which can handle the increased load of bayes
>filtering.
>
>Jason
>
> > -----Original Message-----
> > From: Brett Thomson [mailto:brett.thomson@PRINTSOFT.COM]
> > Sent: Thursday, April 03, 2003 5:06 AM
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: [MAILSCANNER] SpamAssassin timed out and was killed,
> >
> >
> > Hi All,
> >
> > I have search and searched and have not been able able to
> > find any information
> > on this error message or anything on how to fix it.
> >
> > .....SpamAssassin timed out and was killed,.....
> >
> > I am running MailScanner version 4.13-3 and SpamAssassin version 2.52
> >
> > Could anyone tell me how to do the following
> > 1. Turn up the logging to achive better logging of
> > SpamAssassin errors in syslog
> > 2. What this error might be and point me in the direction of
> > where to start
> > looking.
> >
> > Many Thanks
> > Brett.
> >
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
From mailscanner at ecs.soton.ac.uk Fri Apr 4 10:19:28 2003
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:17:41 2006
Subject: Forward Spam Action Clarification
In-Reply-To:
Message-ID: <5.2.0.9.2.20030404101737.0425d3b0@imap.ecs.soton.ac.uk>
At 19:43 03/04/2003, you wrote:
>Hello,
>
>I am getting ready to implement a spam actions ruleset:
>
>I have the following in /etc/MailScanner/rules/spam.actions.rules
>
>To: *@domain.com forward spam@domain.com
>
>I understand this and have tested it with success. Messages marked as
>spam are forwarded to the appropriate email address (and that' it). The
>message doesn't appear to be archived, sent to the original recipient,
>or anything more.
>
>However, I noticed that a few people have implemented the same rule but
>appended the delete action after the forwarding email address, like so:
>
>To: *@domain.com forward spam@domain.com delete
>
>Based on my testing, there doesn't seem to be a difference between these
>two rules. In other words, once it's forwarded, it's implicity deleted
>from the queue and appending delete as a second action doesn't seem to
>matter. Is this correct?
That is correct. In this case "delete" is a null operation as you have also
asked for it to go elsewhere, but do not want to deliver it to the original
recipient.
1 point about rulesets: always safer to add a "default" rule as well, e.g.
FromOrTo: default deliver
so you know what it will do in all cases. My code does have defaults
specified in it that will happen if you do not supply your own default
rule, but it's better if you set it yourself so you can be sure it does
what you want.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
From mailscanner at ecs.soton.ac.uk Fri Apr 4 11:59:06 2003
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:17:41 2006
Subject: ANNOUNCE: Version 4.14 released
Message-ID: <5.2.0.9.2.20030404114833.04279048@imap.ecs.soton.ac.uk>
I have just released MailScanner version 4.14.
Major new features are:
- Support for NOD32 1.99, F-Secure 4.50 and F-Prot 3.13.
- Support for SAVI Perl module to completely avoid startup delays with
Sophos scanner.
- Support for quirks of SpamAssassin 2.50 - 2.53.
- Fixed important bug in filename checking code causing it not to check
long filenames properly. I strongly advise all 4.13 users to upgrade.
People who should upgrade are:
- Anyone running 4.13
- Anyone using SpamAssassin 2.50-2.53
- Anyone using F-Prot
- Anyone using F-Secure
- Anyone using NOD32
Download it as usual from www.mailscanner.info
And why not help to spread the word by buying a T-shirt while you are there?
The full ChangeLog is this:
* New Features and Improvements *
- Added support for new (1.99) version of NOD32, using the "nod32-1.99"
Virus Scanner setting, which has totally different output and different
command-line switches from previous versions.
- Added support for new (4.50) version of F-Secure. Involves a new f-secure-
wrapper as well as new main code.
- Added support for new version of F-Prot 3.13.
- Added support for SAVI Perl module, using the "sophossavi" Virus Scanner
setting. See the main docs for instructions on how to install the SAVI
Perl module.
- Signed and/or encrypted messages can now be signed without breaking the
PGP/GPG signed portion of the message.
- RAV support improved in Cobalt RaQ systems.
- Added "Include Scanner Name In Reports" option to allow the virus scanner
name to appear in the scanning reports.
- "Debug SpamAssassin" option to help you sort out SpamAssassin problems.
- "Exim Split Spool" option to support split mail queues with Exim.
- Full support for quirks of SpamAssassin 2.5x.
- Added optional support in f-prot-wrapper script to support tmpfs and
ramdisks which F-Prot cannot use without assistance.
- Better error reporting when compiling configuration files.
- Improved OpenBSD installation and upgrading instructions.
- Added check of location of all required system commands.
- Improved wording of message to spam senders.
- Increased max size of messages sent to SpamAssassin.
Spam messages are getting bigger.
- All variables in the supplied conf file are now set to something, even if
just a blank value. This will make upgrade_MailScanner_conf work better.
- Speeded up deletion of working area directories (thanks to Tony F for that).
- No more reliance on hard-coded paths in SystemDefs.pm, this entire file is
now obsolete.
- Improved RedHat scripts to cope with glibc 2.3.x.
* Fixes *
- Fixed important bug in filename checking code causing it not to check
long filenames properly. I strongly advise all 4.13 users to upgrade.
- Changed setuid/setgid code so taint mode is not switched on.
- Fixed various other issues kindly brought to my attention by Tony Finch
at Cambridge Univ.
- Fixed problem with deleting recipients from messages with Exim.
- Fixed problem with headers being passed to SpamAssassin from Exim
incorrectly.
- Fixed problem when running internal TNEF decoder.
- Fixed locking problems when SpamAssassin 2.50 times out.
- Fixed "RBL Timeout 20 of 7" problem, and problem when no RBL's in use at all.
- Fixed dont_copy_prefs option in call to SpamAssassin.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
From Kevin.Spicer at BMRB.CO.UK Fri Apr 4 12:23:13 2003
From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin)
Date: Thu Jan 12 21:17:41 2006
Subject: "Delete As Spam" button for Exchange
Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0EBF4F5@pascal.priv.bmrb.co.uk>
Looks like we had the same idea! I'm curious whether your script would add any headers to the message (through the Mail::Client interface), the one drawback to me using fetchmail is that both fetchmail and the local MTA add headers (although this is far preferable to forwarding with Outlook). Would you mind letting me have a copy off list? (kevins@bmrb.co.uk).
I'm just about to start work on upgrading MS (I was waiting for the stable release of 4.14) so I'll be trying this out over the next few days.
>
> Hi Dale.
>
> Unfortunately we use Outlook / Exchange here too. :-) I
> have written a
> script that will connect to an IMAP mailbox and pull all of
> the messages out
> and feed them to sa-learn. In Exchange, we created two
> folders (Spam and
> Not Spam) in the Public Folders area. The script I wrote is
> in perl and
> uses Mail::Cclient to access the IMAP folders. When
> everything is complete,
> we will just have the users drag and drop their spam (and ham
> if needed)
> into these folders, and our script run from cron will feed
> them to sa-learn.
>
> I chose this method because Outlook can only forward email
> (not bounce).
> And forwarding email would change the it a little bit, which
> may impact the
> bayes filters.
>
> Currently I have had to turn off bayes checking as it puts
> too much of a
> load on my server, so I haven't fully tested it out. But I should be
> getting new hardware next week. When I am done with the
> script, I will post
> it to the list. You can email me off list if you'd like a preliminary
> version.
>
> Jason
>
> > -----Original Message-----
> > From: Dale Lovelace [mailto:dlovelace@HOTELS.COM]
> > Sent: Thursday, April 03, 2003 2:01 PM
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: [MAILSCANNER] "Delete As Spam" button for Exchange
> >
> >
> > Hi,
> >
> > I am trying to implement a "Delete As Spam" button in
> > VBScript for Outlook/Exchange that would allow a user to
> > delete a mail they considered spam from their Inbox, then
> > forward it to a special email address that I will use to then
> > feed to SpamAssassin's new bayesian learning. Before I got
> > started I thought I would ask if anyone had done anything
> > like that before, or if anyone knows of a script archive
> > somewhere that might have something along these lines. I
> > haven't done any VBScripting ever, so any tips at all would
> > be great! I'll be sure to release whatever I do come up with
> > to the world!
> >
> > Thanks,
> > Dale
> >
> > --
> > Dale Lovelace
> > System Administrator
> > hotels.com
> > (214) 361-7311 Ext. 1074
> >
>
BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material. If you have received this in error, please contact the
sender and delete this message immediately. Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited. BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.
From dll at SCITOOLS.COM Fri Apr 4 13:34:24 2003
From: dll at SCITOOLS.COM (Dan Leavitt)
Date: Thu Jan 12 21:17:41 2006
Subject: Sophos Licensing
References: <5.2.0.9.2.20030404100807.04273120@imap.ecs.soton.ac.uk>
Message-ID: <009e01c2faa6$a72c03f0$170aa8c0@DELL>
We just bought sophos for this purpose. You do indeed need
the SAVI license. We were told that we could buy that alone
or, depending on our needs and company size, it might be
more cost-effective to purchase the SAV Desktop license
which includes the use of SAVI and have desktop virus
protection as well. We opted for the latter.
Dan
----- Original Message -----
From: "Julian Field"
To:
Sent: Friday, April 04, 2003 4:09 AM
Subject: Re: Sophos Licensing
> At 10:00 04/04/2003, you wrote:
> >Cany any mailscanner+sophos users can help me out here. I've
> >received a quote from sophos for use with mailscanner, and
> >they include pricing for SAV Interface and SAV Connect licenses.
> >
> >Does anyone know which license is needed for use with
> >MailScanner. I am only asking for verification here, because
> >the chap I spoke with at sophos seemed a little unsure(!).
> >
> >Given the huge differential in price, I'd like to be sure
> >which is needed before I test sophos out any further.
>
> I *believe* the right answer is SAV Interface (or SAVI) licences. That has
> certainly been the case in the past. It's not a cheap product by any means,
> but it is a good one. Check you aren't entitled to any discounts
> (quantity/education/charity/...)
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
>
From mbowman at UDCOM.COM Fri Apr 4 14:17:20 2003
From: mbowman at UDCOM.COM (Matthew Bowman)
Date: Thu Jan 12 21:17:41 2006
Subject: Sophos Licensing
Message-ID:
Not aware of any License implications, however hen I contacted Sophos
about 2 weeks ago to evaluate their product their pricing I thought is too
high. Basically for an ISP they suggested that we pay per mailbox per
month. For 1000 mail boxes it would cost is $300/month!. We are currently
evaluating F-prot which I believe is $450/server per year -- much more
appetizing.
Regards, --
Matthew K Bowman
"Hall, Douglas"
Sent by: MailScanner mailing list
04/04/2003 04:00 AM
Please respond to MailScanner mailing list
To: MAILSCANNER@JISCMAIL.AC.UK
cc:
Subject: Sophos Licensing
Cany any mailscanner+sophos users can help me out here. I've
received a quote from sophos for use with mailscanner, and
they include pricing for SAV Interface and SAV Connect licenses.
Does anyone know which license is needed for use with
MailScanner. I am only asking for verification here, because
the chap I spoke with at sophos seemed a little unsure(!).
Given the huge differential in price, I'd like to be sure
which is needed before I test sophos out any further.
Perhaps this should be in the FAQ?
thanks!
-Douglas
From marco at MUW.EDU Fri Apr 4 15:16:13 2003
From: marco at MUW.EDU (Marco Obaid)
Date: Thu Jan 12 21:17:41 2006
Subject: Sophos Licensing
In-Reply-To:
References:
Message-ID: <1049465773.3e8d93adb4f14@webmail.MUW.Edu>
Quoting Matthew Bowman :
> Not aware of any License implications, however hen I contacted Sophos
> about 2 weeks ago to evaluate their product their pricing I thought is too
> high. Basically for an ISP they suggested that we pay per mailbox per
> month. For 1000 mail boxes it would cost is $300/month!. We are currently
> evaluating F-prot which I believe is $450/server per year -- much more
> appetizing.
>
Also, look into CommandSoft (http://www.commandsoftware.com/index.cfm).
I bought their product after I bought Sophos (I am running both). From cost-
perepectives Command is a great deal. I honestly do not trust Sophos as a
company anymore. The sales reps are not straight forward. The techs are good
but are not quick to admit screw-ups.
>From preformance perspectives, I am using Command with MailScanner since the
last screwed-up engine that Sophos released. It is much better than Sophos on
my end.
At any rate, my advice is to take your time evaluating other products. Sophos
is good but so are other products.
Marco
_________________________________________________________________
This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail
For the latest MUW Events, visit http://www.MUW.Edu/calendar
From david.osborne at NOTTINGHAM.AC.UK Fri Apr 4 14:55:13 2003
From: david.osborne at NOTTINGHAM.AC.UK (David Osborne)
Date: Thu Jan 12 21:17:41 2006
Subject: Virus scanner lock file not removed
Message-ID: <1049464512.13969.12.camel@simonside.ccc.nottingham.ac.uk>
On our systems with MailScanner & Sophos, the sophos-autoupdate script
creates /tmp/SophosBusy.lock but the file is never removed, preventing
MailScanner from running. If I remove the file manually, everything is
OK until the next hourly check. What's wrong with our installation?
We're using MailScanner 4-12-2 (installed from RPM), Sophos, Exim 3.36,
running on RedHat 8.0
--
David Osborne
Information Services, University of Nottingham
From mike at ZANKER.ORG Fri Apr 4 15:06:27 2003
From: mike at ZANKER.ORG (Mike Zanker)
Date: Thu Jan 12 21:17:41 2006
Subject: {Spam?} Re: The highest Spam score !!!
In-Reply-To: <2s2r8vol25gahdr4g937hribnevgdm5cf8@4ax.com>
References: <5.2.0.9.0.20030403213458.017e5350@xanadu.evi-inc.com>
<3E8D84F7.50009@bluewin.ch>
<2s2r8vol25gahdr4g937hribnevgdm5cf8@4ax.com>
Message-ID: <57088484.1049468787@jemima.zanker.org>
On 04 April 2003 15:41 +0200 Peter Peters
wrote:
> On Fri, 4 Apr 2003 15:13:27 +0200, you wrote:
>
>> Here is the full mail:
>>
>> ----------------------------------------------
>> testing. Let's get GTUBE in here:
Oops - quoting that on this mailing list is probably not a good idea!
Not only did this and the quoted e-mail score similarly but mailstats
then blocked smtp.jiscmail.ac.uk :(
Mike.
From mike at CAMAROSS.NET Fri Apr 4 15:16:03 2003
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:17:41 2006
Subject: {Spam?} Re: The highest Spam score !!!
In-Reply-To: <57088484.1049468787@jemima.zanker.org>
Message-ID: <00d801c2fab4$badb80c0$af01a8c0@home.middlefinger.net>
My mailstats did the exact same thing! :)
-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Mike Zanker
Sent: Friday, April 04, 2003 8:06 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: {Spam?} Re: The highest Spam score !!!
On 04 April 2003 15:41 +0200 Peter Peters
wrote:
> On Fri, 4 Apr 2003 15:13:27 +0200, you wrote:
>
>> Here is the full mail:
>>
>> ----------------------------------------------
>> testing. Let's get GTUBE in here:
Oops - quoting that on this mailing list is probably not a good idea!
Not only did this and the quoted e-mail score similarly but mailstats then
blocked smtp.jiscmail.ac.uk :(
Mike.
From jase at SENSIS.COM Fri Apr 4 15:22:09 2003
From: jase at SENSIS.COM (Desai, Jason)
Date: Thu Jan 12 21:17:41 2006
Subject: Virus scanner lock file not removed
Message-ID:
Check the ownership and permissions of the lock file. Perhaps you have
virus update script running as root create the file, but MailScanner
(running as user mail for Exim maybe) tries to lock the file but does not
have permission?
If this is the case, instead of deleting the file, try changing the owner of
it to mail, or whoever you run MailScanner as.
Jason
> -----Original Message-----
> From: David Osborne [mailto:david.osborne@NOTTINGHAM.AC.UK]
> Sent: Friday, April 04, 2003 8:55 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: [MAILSCANNER] Virus scanner lock file not removed
>
>
> On our systems with MailScanner & Sophos, the sophos-autoupdate script
> creates /tmp/SophosBusy.lock but the file is never removed, preventing
> MailScanner from running. If I remove the file manually, everything is
> OK until the next hourly check. What's wrong with our installation?
>
> We're using MailScanner 4-12-2 (installed from RPM), Sophos,
> Exim 3.36,
> running on RedHat 8.0
>
> --
> David Osborne
> Information Services, University of Nottingham
>
From david.osborne at NOTTINGHAM.AC.UK Fri Apr 4 16:19:47 2003
From: david.osborne at NOTTINGHAM.AC.UK (David Osborne)
Date: Thu Jan 12 21:17:41 2006
Subject: Virus scanner lock file not removed
In-Reply-To:
References:
Message-ID: <1049469586.13963.84.camel@simonside.ccc.nottingham.ac.uk>
Thanks for the suggestion, Jason, but the file seems to have the right
permissions, as we run our Exim as user exim, group exim:
$ ls -l /tmp/SophosBusy.lock
-rw------- 1 exim exim 94 Apr 4 16:01 \
/tmp/SophosBusy.lock
The file contains
Locked for updating Sophos IDE files by 1389
Unlocked after updating Sophos IDE files by 1389
as written by /usr/lib/MailScanner/sophos-autoupdate, where 1389
corresponds with a pid logged to /var/mail/maillog:
Apr 4 16:01:00 elgar update.virus.scanners: Found sophos installed
Apr 4 16:01:00 elgar update.virus.scanners: Updating sophos
Apr 4 16:01:01 elgar Sophos-autoupdate[1389]: Sophos successfully
updated in /usr/local/Sophos/366.200304041601
If I do nothing, the file's access time and contents change each time
the update runs at 1 min past the hour but the presence of the file
stops MailScanner from processing any mail waiting to be scanned. In the
sophos-autoupdate script, the LockSophos subroutine creates the file and
locks it and the UnlockSophos routine unlocks and closes it, but
shouldn't it unlink it as well?
David
On Fri, 2003-04-04 at 15:22, Desai, Jason wrote:
> Check the ownership and permissions of the lock file. Perhaps you have
> virus update script running as root create the file, but MailScanner
> (running as user mail for Exim maybe) tries to lock the file but does not
> have permission?
>
> If this is the case, instead of deleting the file, try changing the owner of
> it to mail, or whoever you run MailScanner as.
--
David Osborne
Information Services, University of Nottingham
From Cleveland at MAIL.WINNEFOX.ORG Fri Apr 4 16:31:02 2003
From: Cleveland at MAIL.WINNEFOX.ORG (Jody Cleveland)
Date: Thu Jan 12 21:17:41 2006
Subject: Exchange/Outlook client configuration
Message-ID: <84CFA712F666B44A94CE6BE116BAF4B0B4E5EF@MAIL>
> I set up a page on our intranet explaining what
> spam is ('borrowed' from the SA web site!), why their mail has been
> tagged as spam and how to set up an outlook rule to filter
> it.
Any way I could "borrow" that page?
Jody
From mailscanner at ecs.soton.ac.uk Fri Apr 4 16:25:47 2003
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:17:41 2006
Subject: Virus scanner lock file not removed
In-Reply-To: <1049469586.13963.84.camel@simonside.ccc.nottingham.ac.uk>
References:
Message-ID: <5.2.0.9.2.20030404162254.02bdc6a0@imap.ecs.soton.ac.uk>
The file is created but it never needs to be deleted. When the autoupdate
script does its job, it locks the file with an exclusive lock, does the
update, then unlocks it again.
MailScanner processes always lock the file with a "shared" lock when they
want to use the scanner. Lots of "shared" locks can be used on a file at
the same time (in this case, one per MailScanner child process), but only 1
"exclusive" lock can be held at a time, and that stops any "shared" locks
as well (which is what the autoupdate script uses).
So it's not the presence of the file that is stopping MailScanner running,
it's something else.
I use Sophos myself and have never had a problem of this sort, so I'm not
quite sure what is going wrong...
At 16:19 04/04/2003, you wrote:
>Thanks for the suggestion, Jason, but the file seems to have the right
>permissions, as we run our Exim as user exim, group exim:
>
>$ ls -l /tmp/SophosBusy.lock
>-rw------- 1 exim exim 94 Apr 4 16:01 \
>/tmp/SophosBusy.lock
>
>The file contains
> Locked for updating Sophos IDE files by 1389
> Unlocked after updating Sophos IDE files by 1389
>as written by /usr/lib/MailScanner/sophos-autoupdate, where 1389
>corresponds with a pid logged to /var/mail/maillog:
>
>Apr 4 16:01:00 elgar update.virus.scanners: Found sophos installed
>Apr 4 16:01:00 elgar update.virus.scanners: Updating sophos
>Apr 4 16:01:01 elgar Sophos-autoupdate[1389]: Sophos successfully
>updated in /usr/local/Sophos/366.200304041601
>
>If I do nothing, the file's access time and contents change each time
>the update runs at 1 min past the hour but the presence of the file
>stops MailScanner from processing any mail waiting to be scanned. In the
>sophos-autoupdate script, the LockSophos subroutine creates the file and
>locks it and the UnlockSophos routine unlocks and closes it, but
>shouldn't it unlink it as well?
>
>David
>
>On Fri, 2003-04-04 at 15:22, Desai, Jason wrote:
> > Check the ownership and permissions of the lock file. Perhaps you have
> > virus update script running as root create the file, but MailScanner
> > (running as user mail for Exim maybe) tries to lock the file but does not
> > have permission?
> >
> > If this is the case, instead of deleting the file, try changing the
> owner of
> > it to mail, or whoever you run MailScanner as.
>
>--
>David Osborne
>Information Services, University of Nottingham
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
From jaearick at COLBY.EDU Fri Apr 4 16:35:54 2003
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:17:41 2006
Subject: SAVI-Perl-0.15 doesn't like Sun's compiler
Message-ID:
Hi,
Having successfully upgraded to 4.14 this morning, I've
decided to try SAVI-Perl-0.15. My setup: Sun Solaris 8,
perl 5.8.0, built with Sun's Forte7 compiler. Bummer, it
doesn't like my compiler, and I'm not going to rebuild perl
with gcc to get around this:
(37)> perl Makefile.PL
Writing Makefile for SAVI
(38)> gmake
/opt/SUNWspro/bin/cc -c -I. -I/usr/local/include -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -O -DVERSION=\"0.15\" -DXS_VERSION=\"0.15\" -KPIC
"-I/opt/perl5/lib/5.8.0/sun4-solaris/CORE" SAVI.c
"sav_if/s_comput.h", line 706: #error: Unsupported compiler
cc: acomp failed for SAVI.c
gmake: *** [SAVI.o] Error 2
I sent a note to henson@acm.org asking for a way around this
problem. Anybody else encountered this?
Will SAVI-perl work with sophos 3.66, or only with later
versions? I'm still running 3.66 because 3.67 was such a pig...
--- Jeff Earickson
From mailscanner at ecs.soton.ac.uk Fri Apr 4 16:49:22 2003
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:17:41 2006
Subject: SAVI-Perl-0.15 doesn't like Sun's compiler
In-Reply-To:
Message-ID: <5.2.0.9.2.20030404164708.02c673c0@imap.ecs.soton.ac.uk>
At 16:35 04/04/2003, you wrote:
>Hi,
> Having successfully upgraded to 4.14 this morning, I've
>decided to try SAVI-Perl-0.15. My setup: Sun Solaris 8,
>perl 5.8.0, built with Sun's Forte7 compiler. Bummer, it
>doesn't like my compiler, and I'm not going to rebuild perl
>with gcc to get around this:
>
>(37)> perl Makefile.PL
>Writing Makefile for SAVI
>(38)> gmake
>/opt/SUNWspro/bin/cc -c -I. -I/usr/local/include -D_LARGEFILE_SOURCE
>-D_FILE_OFFSET_BITS=64 -O -DVERSION=\"0.15\" -DXS_VERSION=\"0.15\" -KPIC
>"-I/opt/perl5/lib/5.8.0/sun4-solaris/CORE" SAVI.c
>"sav_if/s_comput.h", line 706: #error: Unsupported compiler
>cc: acomp failed for SAVI.c
>gmake: *** [SAVI.o] Error 2
>
>I sent a note to henson@acm.org asking for a way around this
>problem. Anybody else encountered this?
All I can suggest is you install gcc from sunfreeware.com and try that.
It's only a 30 second job to uninstall it again.
>Will SAVI-perl work with sophos 3.66, or only with later
>versions? I'm still running 3.66 because 3.67 was such a pig...
It should work just fine with 3.66. 3.68 is better than 3.67.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
From brian at UNEARTHED.ORG Fri Apr 4 17:11:29 2003
From: brian at UNEARTHED.ORG (Brian May)
Date: Thu Jan 12 21:17:42 2006
Subject: ANNOUNCE: Version 4.14 released
References: <5.2.0.9.2.20030404114833.04279048@imap.ecs.soton.ac.uk>
Message-ID: <006e01c2fac4$da0af380$4d01000a@local.unearthed.org>
After the upgrade; when I restart MailScanner I get this message:
Latest MAilScanner, RedHat 7.3 all up2date...
Shutting down MailScanner daemons:
MailScanner: [ OK ]
incoming sendmail: head: /var/run/sendmail.in.pid: No such file or
directory
[ OK ]
outgoing sendmail: [ OK ]
Starting MailScanner daemons:
incoming sendmail: [ OK ]
outgoing sendmail: [ OK ]
MailScanner: [ OK ]
From mike at CAMAROSS.NET Fri Apr 4 17:11:59 2003
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:17:42 2006
Subject: ANNOUNCE: Version 4.14 released
In-Reply-To: <006e01c2fac4$da0af380$4d01000a@local.unearthed.org>
Message-ID: <00e001c2fac4$f2160aa0$af01a8c0@home.middlefinger.net>
My upgrade went flawlessly
-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Brian May
Sent: Friday, April 04, 2003 10:11 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: ANNOUNCE: Version 4.14 released
After the upgrade; when I restart MailScanner I get this message:
Latest MAilScanner, RedHat 7.3 all up2date...
Shutting down MailScanner daemons:
MailScanner: [ OK ]
incoming sendmail: head: /var/run/sendmail.in.pid: No such file or
directory
[ OK ]
outgoing sendmail: [ OK ]
Starting MailScanner daemons:
incoming sendmail: [ OK ]
outgoing sendmail: [ OK ]
MailScanner: [ OK ]
From sevans at FOUNDATION.SDSU.EDU Fri Apr 4 17:15:08 2003
From: sevans at FOUNDATION.SDSU.EDU (Steve Evans)
Date: Thu Jan 12 21:17:42 2006
Subject: ANNOUNCE: Version 4.14 released
Message-ID:
Does this mean we should definitely switch to the SAVI perl module or is
that still up for debate?
Steve Evans
SDSU Foundation
(619) 594-0653
-----Original Message-----
From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK]
Sent: Friday, April 04, 2003 2:59 AM
To: MAILSCANNER@JISCMAIL.AC.UK
I have just released MailScanner version 4.14.
Major new features are:
- Support for NOD32 1.99, F-Secure 4.50 and F-Prot 3.13.
- Support for SAVI Perl module to completely avoid startup delays with
Sophos scanner.
- Support for quirks of SpamAssassin 2.50 - 2.53.
- Fixed important bug in filename checking code causing it not to check
long filenames properly. I strongly advise all 4.13 users to upgrade.
People who should upgrade are:
- Anyone running 4.13
- Anyone using SpamAssassin 2.50-2.53
- Anyone using F-Prot
- Anyone using F-Secure
- Anyone using NOD32
Download it as usual from www.mailscanner.info
And why not help to spread the word by buying a T-shirt while you are
there?
The full ChangeLog is this:
* New Features and Improvements *
- Added support for new (1.99) version of NOD32, using the "nod32-1.99"
Virus Scanner setting, which has totally different output and
different
command-line switches from previous versions.
- Added support for new (4.50) version of F-Secure. Involves a new
f-secure-
wrapper as well as new main code.
- Added support for new version of F-Prot 3.13.
- Added support for SAVI Perl module, using the "sophossavi" Virus
Scanner
setting. See the main docs for instructions on how to install the
SAVI
Perl module.
- Signed and/or encrypted messages can now be signed without breaking
the
PGP/GPG signed portion of the message.
- RAV support improved in Cobalt RaQ systems.
- Added "Include Scanner Name In Reports" option to allow the virus
scanner
name to appear in the scanning reports.
- "Debug SpamAssassin" option to help you sort out SpamAssassin
problems.
- "Exim Split Spool" option to support split mail queues with Exim.
- Full support for quirks of SpamAssassin 2.5x.
- Added optional support in f-prot-wrapper script to support tmpfs and
ramdisks which F-Prot cannot use without assistance.
- Better error reporting when compiling configuration files.
- Improved OpenBSD installation and upgrading instructions.
- Added check of location of all required system commands.
- Improved wording of message to spam senders.
- Increased max size of messages sent to SpamAssassin.
Spam messages are getting bigger.
- All variables in the supplied conf file are now set to something, even
if
just a blank value. This will make upgrade_MailScanner_conf work
better.
- Speeded up deletion of working area directories (thanks to Tony F for
that).
- No more reliance on hard-coded paths in SystemDefs.pm, this entire
file is
now obsolete.
- Improved RedHat scripts to cope with glibc 2.3.x.
* Fixes *
- Fixed important bug in filename checking code causing it not to check
long filenames properly. I strongly advise all 4.13 users to upgrade.
- Changed setuid/setgid code so taint mode is not switched on.
- Fixed various other issues kindly brought to my attention by Tony
Finch
at Cambridge Univ.
- Fixed problem with deleting recipients from messages with Exim.
- Fixed problem with headers being passed to SpamAssassin from Exim
incorrectly.
- Fixed problem when running internal TNEF decoder.
- Fixed locking problems when SpamAssassin 2.50 times out.
- Fixed "RBL Timeout 20 of 7" problem, and problem when no RBL's in use
at all.
- Fixed dont_copy_prefs option in call to SpamAssassin.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
From Kevin.Spicer at BMRB.CO.UK Fri Apr 4 17:20:10 2003
From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin)
Date: Thu Jan 12 21:17:42 2006
Subject: ANNOUNCE: Version 4.14 released
Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0EBF4FA@pascal.priv.bmrb.co.uk>
I got that too, but I manually deleted var/run/sendmail*, killed all the sendmail processes then it was fine (although thinking on it now I'm not sure it was necessary). I think maybe the sendmail.in.pid is new for this version so the new init script couldn't find it because when you started it (with the old version) it wasn't created.
> -----Original Message-----
> From: Brian May [mailto:brian@UNEARTHED.ORG]
> Sent: 04 April 2003 17:11
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: [MAILSCANNER] ANNOUNCE: Version 4.14 released
>
>
> After the upgrade; when I restart MailScanner I get this message:
>
> Latest MAilScanner, RedHat 7.3 all up2date...
>
> Shutting down MailScanner daemons:
> MailScanner: [ OK ]
> incoming sendmail: head: /var/run/sendmail.in.pid:
> No such file or
> directory
> [ OK ]
> outgoing sendmail: [ OK ]
> Starting MailScanner daemons:
> incoming sendmail: [ OK ]
> outgoing sendmail: [ OK ]
> MailScanner: [ OK ]
>
BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material. If you have received this in error, please contact the
sender and delete this message immediately. Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited. BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.
From david.osborne at NOTTINGHAM.AC.UK Fri Apr 4 17:46:47 2003
From: david.osborne at NOTTINGHAM.AC.UK (David Osborne)
Date: Thu Jan 12 21:17:42 2006
Subject: Virus scanner lock file not removed
In-Reply-To: <5.2.0.9.2.20030404162254.02bdc6a0@imap.ecs.soton.ac.uk>
References:
<5.2.0.9.2.20030404162254.02bdc6a0@imap.ecs.soton.ac.uk>
Message-ID: <1049474806.16767.184.camel@simonside.ccc.nottingham.ac.uk>
Julian -- thanks for the explanation. Yesterday, a batch of messages was
only processed by MailScanner when I deleted the lock file. I've just
rebooted the machine and a test message went straight through.
David
On Fri, 2003-04-04 at 16:25, Julian Field wrote:
> The file is created but it never needs to be deleted. When the autoupdate
> script does its job, it locks the file with an exclusive lock, does the
> update, then unlocks it again.
>
> MailScanner processes always lock the file with a "shared" lock when they
> want to use the scanner. Lots of "shared" locks can be used on a file at
> the same time (in this case, one per MailScanner child process), but only 1
> "exclusive" lock can be held at a time, and that stops any "shared" locks
> as well (which is what the autoupdate script uses).
>
> So it's not the presence of the file that is stopping MailScanner running,
> it's something else.
>
> I use Sophos myself and have never had a problem of this sort, so I'm not
> quite sure what is going wrong...
--
David Osborne
Information Services, University of Nottingham
From mailscanner at ecs.soton.ac.uk Fri Apr 4 19:03:11 2003
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:17:42 2006
Subject: Virus scanner lock file not removed
In-Reply-To: <1049474806.16767.184.camel@simonside.ccc.nottingham.ac.uk>
References: <5.2.0.9.2.20030404162254.02bdc6a0@imap.ecs.soton.ac.uk>
<5.2.0.9.2.20030404162254.02bdc6a0@imap.ecs.soton.ac.uk>
Message-ID: <5.2.0.9.2.20030404190210.02203b78@imap.ecs.soton.ac.uk>
Your OS should clean up advisory locks when the process finishes, however
cleanly it does it. But it's possible that an OS bug could fail to release
a lock.
At 17:46 04/04/2003, you wrote:
>Julian -- thanks for the explanation. Yesterday, a batch of messages was
>only processed by MailScanner when I deleted the lock file. I've just
>rebooted the machine and a test message went straight through.
>
>David
>
>On Fri, 2003-04-04 at 16:25, Julian Field wrote:
> > The file is created but it never needs to be deleted. When the autoupdate
> > script does its job, it locks the file with an exclusive lock, does the
> > update, then unlocks it again.
> >
> > MailScanner processes always lock the file with a "shared" lock when they
> > want to use the scanner. Lots of "shared" locks can be used on a file at
> > the same time (in this case, one per MailScanner child process), but only 1
> > "exclusive" lock can be held at a time, and that stops any "shared" locks
> > as well (which is what the autoupdate script uses).
> >
> > So it's not the presence of the file that is stopping MailScanner running,
> > it's something else.
> >
> > I use Sophos myself and have never had a problem of this sort, so I'm not
> > quite sure what is going wrong...
>
>--
>David Osborne
>Information Services, University of Nottingham
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
From mailscanner at ecs.soton.ac.uk Fri Apr 4 19:00:09 2003
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:17:42 2006
Subject: ANNOUNCE: Version 4.14 released
In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0EBF4FA@pascal.priv.bmrb.co .uk>
Message-ID: <5.2.0.9.2.20030404185900.02203cd8@imap.ecs.soton.ac.uk>
At 17:20 04/04/2003, you wrote:
>I got that too, but I manually deleted var/run/sendmail*, killed all the
>sendmail processes then it was fine (although thinking on it now I'm not
>sure it was necessary). I think maybe the sendmail.in.pid is new for this
>version so the new init script couldn't find it because when you started
>it (with the old version) it wasn't created.
Yes, that's it. The restart tries to kill the old sendmail processes using
the new pid file which won't exist yet.
This will only occur once. You could avoid it by stopping the old
MailScanner before upgrading to the new one.
> > -----Original Message-----
> > From: Brian May [mailto:brian@UNEARTHED.ORG]
> > Sent: 04 April 2003 17:11
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: Re: [MAILSCANNER] ANNOUNCE: Version 4.14 released
> >
> >
> > After the upgrade; when I restart MailScanner I get this message:
> >
> > Latest MAilScanner, RedHat 7.3 all up2date...
> >
> > Shutting down MailScanner daemons:
> > MailScanner: [ OK ]
> > incoming sendmail: head: /var/run/sendmail.in.pid:
> > No such file or
> > directory
> > [ OK ]
> > outgoing sendmail: [ OK ]
> > Starting MailScanner daemons:
> > incoming sendmail: [ OK ]
> > outgoing sendmail: [ OK ]
> > MailScanner: [ OK ]
> >
>
>
>
>BMRB International
>http://www.bmrb.co.uk
>+44 (0)20 8566 5000
>_________________________________________________________________
>This message (and any attachment) is intended only for the
>recipient and may contain confidential and/or privileged
>material. If you have received this in error, please contact the
>sender and delete this message immediately. Disclosure, copying
>or other action taken in respect of this email or in
>reliance on it is prohibited. BMRB International Limited
>accepts no liability in relation to any personal emails, or
>content of any email which does not directly relate to our
>business.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
From mailscanner at ecs.soton.ac.uk Fri Apr 4 19:01:37 2003
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:17:42 2006
Subject: ANNOUNCE: Version 4.14 released
In-Reply-To:
Message-ID: <5.2.0.9.2.20030404190014.02242080@imap.ecs.soton.ac.uk>
I'm planning on switching to the SAVI module on my systems the next time I
upgrade them.
I see no reason to switch urgently at all, my current setup works perfectly
well.
At 17:15 04/04/2003, you wrote:
>Does this mean we should definitely switch to the SAVI perl module or is
>that still up for debate?
>
>Steve Evans
>SDSU Foundation
>(619) 594-0653
>
>-----Original Message-----
>From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK]
>Sent: Friday, April 04, 2003 2:59 AM
>To: MAILSCANNER@JISCMAIL.AC.UK
>
>I have just released MailScanner version 4.14.
>
>Major new features are:
>- Support for NOD32 1.99, F-Secure 4.50 and F-Prot 3.13.
>- Support for SAVI Perl module to completely avoid startup delays with
>Sophos scanner.
>- Support for quirks of SpamAssassin 2.50 - 2.53.
>- Fixed important bug in filename checking code causing it not to check
>long filenames properly. I strongly advise all 4.13 users to upgrade.
>
>People who should upgrade are:
> - Anyone running 4.13
> - Anyone using SpamAssassin 2.50-2.53
> - Anyone using F-Prot
> - Anyone using F-Secure
> - Anyone using NOD32
>
>Download it as usual from www.mailscanner.info
>
>And why not help to spread the word by buying a T-shirt while you are
>there?
>
>
>The full ChangeLog is this:
>
>* New Features and Improvements *
>
>- Added support for new (1.99) version of NOD32, using the "nod32-1.99"
> Virus Scanner setting, which has totally different output and
>different
> command-line switches from previous versions.
>- Added support for new (4.50) version of F-Secure. Involves a new
>f-secure-
> wrapper as well as new main code.
>- Added support for new version of F-Prot 3.13.
>- Added support for SAVI Perl module, using the "sophossavi" Virus
>Scanner
> setting. See the main docs for instructions on how to install the
>SAVI
> Perl module.
>- Signed and/or encrypted messages can now be signed without breaking
>the
> PGP/GPG signed portion of the message.
>- RAV support improved in Cobalt RaQ systems.
>- Added "Include Scanner Name In Reports" option to allow the virus
>scanner
> name to appear in the scanning reports.
>- "Debug SpamAssassin" option to help you sort out SpamAssassin
>problems.
>- "Exim Split Spool" option to support split mail queues with Exim.
>- Full support for quirks of SpamAssassin 2.5x.
>- Added optional support in f-prot-wrapper script to support tmpfs and
> ramdisks which F-Prot cannot use without assistance.
>- Better error reporting when compiling configuration files.
>- Improved OpenBSD installation and upgrading instructions.
>- Added check of location of all required system commands.
>- Improved wording of message to spam senders.
>- Increased max size of messages sent to SpamAssassin.
> Spam messages are getting bigger.
>- All variables in the supplied conf file are now set to something, even
>if
> just a blank value. This will make upgrade_MailScanner_conf work
>better.
>- Speeded up deletion of working area directories (thanks to Tony F for
>that).
>- No more reliance on hard-coded paths in SystemDefs.pm, this entire
>file is
> now obsolete.
>- Improved RedHat scripts to cope with glibc 2.3.x.
>
>* Fixes *
>
>- Fixed important bug in filename checking code causing it not to check
> long filenames properly. I strongly advise all 4.13 users to upgrade.
>- Changed setuid/setgid code so taint mode is not switched on.
>- Fixed various other issues kindly brought to my attention by Tony
>Finch
> at Cambridge Univ.
>- Fixed problem with deleting recipients from messages with Exim.
>- Fixed problem with headers being passed to SpamAssassin from Exim
>incorrectly.
>- Fixed problem when running internal TNEF decoder.
>- Fixed locking problems when SpamAssassin 2.50 times out.
>- Fixed "RBL Timeout 20 of 7" problem, and problem when no RBL's in use
>at all.
>- Fixed dont_copy_prefs option in call to SpamAssassin.
>--
>Julian Field
>www.MailScanner.info
>MailScanner thanks transtec Computers for their support
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
From sevans at FOUNDATION.SDSU.EDU Fri Apr 4 19:28:16 2003
From: sevans at FOUNDATION.SDSU.EDU (Steve Evans)
Date: Thu Jan 12 21:17:42 2006
Subject: Sophos in Perl
Message-ID:
Where can you get it? I couldn't find it in the download section of
Sophos's website.
Steve Evans
SDSU Foundation
(619) 594-0653
From mailscanner at ecs.soton.ac.uk Fri Apr 4 19:37:14 2003
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:17:42 2006
Subject: Sophos in Perl
In-Reply-To:
Message-ID: <5.2.0.9.2.20030404193453.027ea6f0@imap.ecs.soton.ac.uk>
At 19:28 04/04/2003, you wrote:
>Where can you get it? I couldn't find it in the download section of
>Sophos's website.
Follow the instructions in the SAVI installation notes I have written. If
you are running Linux you will find them in
/usr/share/doc/mailscanner-4.14/html/install/SAVI.shtml.
They are of course also on the website, in the "Installation Guides".
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
From Steve at swaney.com Fri Apr 4 19:38:48 2003
From: Steve at swaney.com (Stephen Swaney)
Date: Thu Jan 12 21:17:42 2006
Subject: Sophos in Perl
In-Reply-To:
References:
Message-ID: <1049481528.16180.1.camel@speedy>
Start here:
http://www.sophos.com/downloads/products/?type=eval
Steve Swaney
Steve@Swaney.com
On Fri, 2003-04-04 at 13:28, Steve Evans wrote:
> Where can you get it? I couldn't find it in the download section of
> Sophos's website.
>
> Steve Evans
> SDSU Foundation
> (619) 594-0653
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030404/2c78fbc6/attachment.html
From mike at ZANKER.ORG Fri Apr 4 19:40:07 2003
From: mike at ZANKER.ORG (Mike Zanker)
Date: Thu Jan 12 21:17:42 2006
Subject: Sophos in Perl
In-Reply-To:
References:
Message-ID: <73507984.1049485207@jemima.zanker.org>
On 04 April 2003 10:28 -0800 Steve Evans
wrote:
> Where can you get it? I couldn't find it in the download section of
> Sophos's website.
Mike.
From brian at UNEARTHED.ORG Fri Apr 4 19:29:49 2003
From: brian at UNEARTHED.ORG (Brian May)
Date: Thu Jan 12 21:17:42 2006
Subject: ANNOUNCE: Version 4.14 released
References: <5.2.0.9.2.20030404185900.02203cd8@imap.ecs.soton.ac.uk>
Message-ID: <001801c2fad8$7c6c7dc0$8801020a@brianmay>
I'm getting this now...
Apr 4 10:24:50 athena MailScanner[28166]: Commercial scanner f-secure timed
out!
I didn't have that on the previous version patched....
Brian
----- Original Message -----
From: "Julian Field"
To:
Sent: Friday, April 04, 2003 10:00 AM
Subject: Re: ANNOUNCE: Version 4.14 released
At 17:20 04/04/2003, you wrote:
>I got that too, but I manually deleted var/run/sendmail*, killed all the
>sendmail processes then it was fine (although thinking on it now I'm not
>sure it was necessary). I think maybe the sendmail.in.pid is new for this
>version so the new init script couldn't find it because when you started
>it (with the old version) it wasn't created.
Yes, that's it. The restart tries to kill the old sendmail processes using
the new pid file which won't exist yet.
This will only occur once. You could avoid it by stopping the old
MailScanner before upgrading to the new one.
> > -----Original Message-----
> > From: Brian May [mailto:brian@UNEARTHED.ORG]
> > Sent: 04 April 2003 17:11
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: Re: [MAILSCANNER] ANNOUNCE: Version 4.14 released
> >
> >
> > After the upgrade; when I restart MailScanner I get this message:
> >
> > Latest MAilScanner, RedHat 7.3 all up2date...
> >
> > Shutting down MailScanner daemons:
> > MailScanner: [ OK ]
> > incoming sendmail: head: /var/run/sendmail.in.pid:
> > No such file or
> > directory
> > [ OK ]
> > outgoing sendmail: [ OK ]
> > Starting MailScanner daemons:
> > incoming sendmail: [ OK ]
> > outgoing sendmail: [ OK ]
> > MailScanner: [ OK ]
> >
>
>
>
>BMRB International
>http://www.bmrb.co.uk
>+44 (0)20 8566 5000
>_________________________________________________________________
>This message (and any attachment) is intended only for the
>recipient and may contain confidential and/or privileged
>material. If you have received this in error, please contact the
>sender and delete this message immediately. Disclosure, copying
>or other action taken in respect of this email or in
>reliance on it is prohibited. BMRB International Limited
>accepts no liability in relation to any personal emails, or
>content of any email which does not directly relate to our
>business.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
From mailscanner at ecs.soton.ac.uk Fri Apr 4 19:59:43 2003
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:17:42 2006
Subject: ANNOUNCE: Version 4.14 released
In-Reply-To: <001801c2fad8$7c6c7dc0$8801020a@brianmay>
References: <5.2.0.9.2.20030404185900.02203cd8@imap.ecs.soton.ac.uk>
Message-ID: <5.2.0.9.2.20030404195710.0282e258@imap.ecs.soton.ac.uk>
At 19:29 04/04/2003, you wrote:
>I'm getting this now...
>
>Apr 4 10:24:50 athena MailScanner[28166]: Commercial scanner f-secure timed
>out!
>
>I didn't have that on the previous version patched....
Are you using the new f-secure-wrapper?
If you modified the old one, you may well not have the right one. Check for
/usr/lib/MailScanner/f-secure-wrapper.rpmnew
and rename it over the top of f-secure-wrapper.
2 or 3 of the wrapper scripts have changed, so make sure you don't have any
.rpmnew files that you aren't using.
>----- Original Message -----
>From: "Julian Field"
>To:
>Sent: Friday, April 04, 2003 10:00 AM
>Subject: Re: ANNOUNCE: Version 4.14 released
>
>
>At 17:20 04/04/2003, you wrote:
> >I got that too, but I manually deleted var/run/sendmail*, killed all the
> >sendmail processes then it was fine (although thinking on it now I'm not
> >sure it was necessary). I think maybe the sendmail.in.pid is new for this
> >version so the new init script couldn't find it because when you started
> >it (with the old version) it wasn't created.
>
>Yes, that's it. The restart tries to kill the old sendmail processes using
>the new pid file which won't exist yet.
>This will only occur once. You could avoid it by stopping the old
>MailScanner before upgrading to the new one.
>
>
> > > -----Original Message-----
> > > From: Brian May [mailto:brian@UNEARTHED.ORG]
> > > Sent: 04 April 2003 17:11
> > > To: MAILSCANNER@JISCMAIL.AC.UK
> > > Subject: Re: [MAILSCANNER] ANNOUNCE: Version 4.14 released
> > >
> > >
> > > After the upgrade; when I restart MailScanner I get this message:
> > >
> > > Latest MAilScanner, RedHat 7.3 all up2date...
> > >
> > > Shutting down MailScanner daemons:
> > > MailScanner: [ OK ]
> > > incoming sendmail: head: /var/run/sendmail.in.pid:
> > > No such file or
> > > directory
> > > [ OK ]
> > > outgoing sendmail: [ OK ]
> > > Starting MailScanner daemons:
> > > incoming sendmail: [ OK ]
> > > outgoing sendmail: [ OK ]
> > > MailScanner: [ OK ]
> > >
> >
> >
> >
> >BMRB International
> >http://www.bmrb.co.uk
> >+44 (0)20 8566 5000
> >_________________________________________________________________
> >This message (and any attachment) is intended only for the
> >recipient and may contain confidential and/or privileged
> >material. If you have received this in error, please contact the
> >sender and delete this message immediately. Disclosure, copying
> >or other action taken in respect of this email or in
> >reliance on it is prohibited. BMRB International Limited
> >accepts no liability in relation to any personal emails, or
> >content of any email which does not directly relate to our
> >business.
>
>--
>Julian Field
>www.MailScanner.info
>Professional Support Services at www.MailScanner.biz
>MailScanner thanks transtec Computers for their support
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
From mkettler at EVI-INC.COM Fri Apr 4 20:13:37 2003
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:17:42 2006
Subject: {Spam?} Re: The highest Spam score !!!
In-Reply-To: <00d801c2fab4$badb80c0$af01a8c0@home.middlefinger.net>
References: <57088484.1049468787@jemima.zanker.org>
Message-ID: <5.2.0.9.0.20030404140802.017ae260@xanadu.evi-inc.com>
This would be one very good example of why using SpamAssassin as a criteria
for block beyond the scope of a single email, or bouncing email is foolish
at best.
This is particularly true if you're not whitelisting mailing lists that
discuss spam filtering tools.
At 08:16 AM 4/4/2003 -0600, Mike Kercher wrote:
>My mailstats did the exact same thing! :)
>
>-----Original Message-----
>
>Oops - quoting that on this mailing list is probably not a good idea!
>
>Not only did this and the quoted e-mail score similarly but mailstats then
>blocked smtp.jiscmail.ac.uk :(
>
>Mike.
From brian at UNEARTHED.ORG Fri Apr 4 20:47:25 2003
From: brian at UNEARTHED.ORG (Brian May)
Date: Thu Jan 12 21:17:42 2006
Subject: ANNOUNCE: Version 4.14 released
References: <5.2.0.9.2.20030404185900.02203cd8@imap.ecs.soton.ac.uk>
<5.2.0.9.2.20030404195710.0282e258@imap.ecs.soton.ac.uk>
Message-ID: <002001c2fae3$8ed0bd40$8801020a@brianmay>
Julian,
Yes, I am running the new wrappers...
Although I have f-secure installed to /usr/local/fsav/ still... I updated
the wrapper to point to /usr/local/fsav/bin
Brian
----- Original Message -----
From: "Julian Field"
To:
Sent: Friday, April 04, 2003 10:59 AM
Subject: Re: ANNOUNCE: Version 4.14 released
At 19:29 04/04/2003, you wrote:
>I'm getting this now...
>
>Apr 4 10:24:50 athena MailScanner[28166]: Commercial scanner f-secure
timed
>out!
>
>I didn't have that on the previous version patched....
Are you using the new f-secure-wrapper?
If you modified the old one, you may well not have the right one. Check for
/usr/lib/MailScanner/f-secure-wrapper.rpmnew
and rename it over the top of f-secure-wrapper.
2 or 3 of the wrapper scripts have changed, so make sure you don't have any
.rpmnew files that you aren't using.
From dene at DATATECHIE.COM Fri Apr 4 21:17:14 2003
From: dene at DATATECHIE.COM (Dene Ulmschneider)
Date: Thu Jan 12 21:17:42 2006
Subject: ANNOUNCE: Version 4.14 released
In-Reply-To: <5.2.0.9.2.20030404195710.0282e258@imap.ecs.soton.ac.uk>
References: <001801c2fad8$7c6c7dc0$8801020a@brianmay>
<5.2.0.9.2.20030404185900.02203cd8@imap.ecs.soton.ac.uk>
Message-ID: <5.1.0.14.2.20030404145253.02bd7b90@192.168.1.112>
I just upgraded to the latest version and I must say that it went
perfectly. GREAT JOB Julian!
No errors at all after stopping MailScanner service that was running and
then doing upgrade and following all directions. I must admin that it
wasn't until AFTER the upgrade was complete that the thought of all of the
altered reports came into my mind - but to my surprise - they were not
touched at all by the upgrade.
Excellent product Julian - you can count on me for at least a T-Shirt or
two...and when I can find some time even a link on my site.
Thank You
Dene Ulmschneider
Data Techie Inc.
-------------------------------------------------------------------------
office: 718.738.8859
email: dene@datatechie.com
website: www.datatechie.com
-------------------------------------------------------------------------
"Life is too short...-...you should have dessert first"
At 07:59 PM 4/4/2003 +0100, you wrote:
>At 19:29 04/04/2003, you wrote:
>>I'm getting this now...
>>
>>Apr 4 10:24:50 athena MailScanner[28166]: Commercial scanner f-secure timed
>>out!
>>
>>I didn't have that on the previous version patched....
>
>Are you using the new f-secure-wrapper?
>If you modified the old one, you may well not have the right one. Check for
> /usr/lib/MailScanner/f-secure-wrapper.rpmnew
>and rename it over the top of f-secure-wrapper.
>
>2 or 3 of the wrapper scripts have changed, so make sure you don't have any
>.rpmnew files that you aren't using.
>
>>----- Original Message -----
>>From: "Julian Field"
>>To:
>>Sent: Friday, April 04, 2003 10:00 AM
>>Subject: Re: ANNOUNCE: Version 4.14 released
>>
>>
>>At 17:20 04/04/2003, you wrote:
>> >I got that too, but I manually deleted var/run/sendmail*, killed all the
>> >sendmail processes then it was fine (although thinking on it now I'm not
>> >sure it was necessary). I think maybe the sendmail.in.pid is new for this
>> >version so the new init script couldn't find it because when you started
>> >it (with the old version) it wasn't created.
>>
>>Yes, that's it. The restart tries to kill the old sendmail processes using
>>the new pid file which won't exist yet.
>>This will only occur once. You could avoid it by stopping the old
>>MailScanner before upgrading to the new one.
>>
>>
>> > > -----Original Message-----
>> > > From: Brian May [mailto:brian@UNEARTHED.ORG]
>> > > Sent: 04 April 2003 17:11
>> > > To: MAILSCANNER@JISCMAIL.AC.UK
>> > > Subject: Re: [MAILSCANNER] ANNOUNCE: Version 4.14 released
>> > >
>> > >
>> > > After the upgrade; when I restart MailScanner I get this message:
>> > >
>> > > Latest MAilScanner, RedHat 7.3 all up2date...
>> > >
>> > > Shutting down MailScanner daemons:
>> > > MailScanner: [ OK ]
>> > > incoming sendmail: head: /var/run/sendmail.in.pid:
>> > > No such file or
>> > > directory
>> > > [ OK ]
>> > > outgoing sendmail: [ OK ]
>> > > Starting MailScanner daemons:
>> > > incoming sendmail: [ OK ]
>> > > outgoing sendmail: [ OK ]
>> > > MailScanner: [ OK ]
>> > >
>> >
>> >
>> >
>> >BMRB International
>> >http://www.bmrb.co.uk
>> >+44 (0)20 8566 5000
>> >_________________________________________________________________
>> >This message (and any attachment) is intended only for the
>> >recipient and may contain confidential and/or privileged
>> >material. If you have received this in error, please contact the
>> >sender and delete this message immediately. Disclosure, copying
>> >or other action taken in respect of this email or in
>> >reliance on it is prohibited. BMRB International Limited
>> >accepts no liability in relation to any personal emails, or
>> >content of any email which does not directly relate to our
>> >business.
>>
>>--
>>Julian Field
>>www.MailScanner.info
>>Professional Support Services at www.MailScanner.biz
>>MailScanner thanks transtec Computers for their support
>
>--
>Julian Field
>www.MailScanner.info
>Professional Support Services at www.MailScanner.biz
>MailScanner thanks transtec Computers for their support
>
>--
>This message has been scanned for viruses and dangerous
>content by Data Techie, and is believed to be clean.
>Data Techie... always there to protect you!
>http://www.datatechie.com
From jase at SENSIS.COM Fri Apr 4 21:17:33 2003
From: jase at SENSIS.COM (Desai, Jason)
Date: Thu Jan 12 21:17:42 2006
Subject: Virus Warnings with MailScanner 4.14-9 and multiple scanners
Message-ID:
Hello. I just upgraded to MailScanner 4.14-9 (great job, Julian). I am
running McAfee and ClamAV for my virus scanners.
I sent myself a test messages with the eicar test virus. The test virus was
stripped from the message as I would expect, but the message is a little
strange (it is also attached). The message in the body of the email
mentions only ClamAV, and the attached VirusWarning.txt file only mentions
McAfee.
Reports to the sender and postmaster mention both as I would expect.
This is not a major issue, as the virus is being blocked. Is this a bug, or
a misconfiguration on my end?
MailScanner.conf:
Virus Scanning = yes
Virus Scanners = mcafee clamav
Deliver Disinfected Files =
/usr/local/MailScanner/etc/rules/deliver.disinfected.rules
deliver.disinfected.rules:
To: *@sensis.com yes
To: *@*.sensis.com yes
FromTo: default no
Thanks!
Jason
-------------- next part --------------
An embedded message was scrubbed...
From: "Desai, Jason"
Subject: {Virus?} Test Virus
Date: Fri, 4 Apr 2003 14:59:40 -0500
Size: 1794
Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030404/5a0aff1b/attachment.mht
From mailscanner at ecs.soton.ac.uk Fri Apr 4 21:19:03 2003
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:17:42 2006
Subject: ANNOUNCE: Version 4.14 released
In-Reply-To: <002001c2fae3$8ed0bd40$8801020a@brianmay>
References: <5.2.0.9.2.20030404185900.02203cd8@imap.ecs.soton.ac.uk>
<5.2.0.9.2.20030404195710.0282e258@imap.ecs.soton.ac.uk>
Message-ID: <5.2.0.9.2.20030404205734.03bccd78@imap.ecs.soton.ac.uk>
Virus scanners are a little awkward this weekend. We've got a power-outage
on Sunday while they fit a new feed to our big High Voltage Lab, so
virtually all my MailScanner development servers are switched off for the
weekend.
I'll see what I can do to run a test set through it.
I can't find F-Secure on their website to download. I managed to find it
the other day, but I can't find it now. Can someone mail me the URL of the
right download page please?
At 20:47 04/04/2003, you wrote:
>Julian,
>
>Yes, I am running the new wrappers...
>
>Although I have f-secure installed to /usr/local/fsav/ still... I updated
>the wrapper to point to /usr/local/fsav/bin
>
>Brian
>
>----- Original Message -----
>From: "Julian Field"
>To:
>Sent: Friday, April 04, 2003 10:59 AM
>Subject: Re: ANNOUNCE: Version 4.14 released
>
>
>At 19:29 04/04/2003, you wrote:
> >I'm getting this now...
> >
> >Apr 4 10:24:50 athena MailScanner[28166]: Commercial scanner f-secure
>timed
> >out!
> >
> >I didn't have that on the previous version patched....
>
>Are you using the new f-secure-wrapper?
>If you modified the old one, you may well not have the right one. Check for
> /usr/lib/MailScanner/f-secure-wrapper.rpmnew
>and rename it over the top of f-secure-wrapper.
>
>2 or 3 of the wrapper scripts have changed, so make sure you don't have any
>.rpmnew files that you aren't using.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
From mailscanner at ecs.soton.ac.uk Fri Apr 4 21:23:53 2003
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:17:42 2006
Subject: ANNOUNCE: Version 4.14 released
In-Reply-To: <5.1.0.14.2.20030404145253.02bd7b90@192.168.1.112>
References: <5.2.0.9.2.20030404195710.0282e258@imap.ecs.soton.ac.uk>
<001801c2fad8$7c6c7dc0$8801020a@brianmay>
<5.2.0.9.2.20030404185900.02203cd8@imap.ecs.soton.ac.uk>
Message-ID: <5.2.0.9.2.20030404212236.03c07840@imap.ecs.soton.ac.uk>
At 21:17 04/04/2003, you wrote:
>I just upgraded to the latest version and I must say that it went
>perfectly. GREAT JOB Julian!
>
>No errors at all after stopping MailScanner service that was running and
>then doing upgrade and following all directions. I must admin that it
>wasn't until AFTER the upgrade was complete that the thought of all of the
>altered reports came into my mind - but to my surprise - they were not
>touched at all by the upgrade.
>
>Excellent product Julian - you can count on me for at least a T-Shirt or
>two...and when I can find some time even a link on my site.
Glad to hear you like it!
P.S. I make a grand $1 on each item in the Store, they are there to help
spread the word, so I hope you don't mind being a walking advert :-)
>At 07:59 PM 4/4/2003 +0100, you wrote:
>>At 19:29 04/04/2003, you wrote:
>>>I'm getting this now...
>>>
>>>Apr 4 10:24:50 athena MailScanner[28166]: Commercial scanner f-secure timed
>>>out!
>>>
>>>I didn't have that on the previous version patched....
>>
>>Are you using the new f-secure-wrapper?
>>If you modified the old one, you may well not have the right one. Check for
>> /usr/lib/MailScanner/f-secure-wrapper.rpmnew
>>and rename it over the top of f-secure-wrapper.
>>
>>2 or 3 of the wrapper scripts have changed, so make sure you don't have any
>>.rpmnew files that you aren't using.
>>
>>>----- Original Message -----
>>>From: "Julian Field"
>>>To:
>>>Sent: Friday, April 04, 2003 10:00 AM
>>>Subject: Re: ANNOUNCE: Version 4.14 released
>>>
>>>
>>>At 17:20 04/04/2003, you wrote:
>>> >I got that too, but I manually deleted var/run/sendmail*, killed all the
>>> >sendmail processes then it was fine (although thinking on it now I'm not
>>> >sure it was necessary). I think maybe the sendmail.in.pid is new for this
>>> >version so the new init script couldn't find it because when you started
>>> >it (with the old version) it wasn't created.
>>>
>>>Yes, that's it. The restart tries to kill the old sendmail processes using
>>>the new pid file which won't exist yet.
>>>This will only occur once. You could avoid it by stopping the old
>>>MailScanner before upgrading to the new one.
>>>
>>>
>>> > > -----Original Message-----
>>> > > From: Brian May [mailto:brian@UNEARTHED.ORG]
>>> > > Sent: 04 April 2003 17:11
>>> > > To: MAILSCANNER@JISCMAIL.AC.UK
>>> > > Subject: Re: [MAILSCANNER] ANNOUNCE: Version 4.14 released
>>> > >
>>> > >
>>> > > After the upgrade; when I restart MailScanner I get this message:
>>> > >
>>> > > Latest MAilScanner, RedHat 7.3 all up2date...
>>> > >
>>> > > Shutting down MailScanner daemons:
>>> > > MailScanner: [ OK ]
>>> > > incoming sendmail: head: /var/run/sendmail.in.pid:
>>> > > No such file or
>>> > > directory
>>> > > [ OK ]
>>> > > outgoing sendmail: [ OK ]
>>> > > Starting MailScanner daemons:
>>> > > incoming sendmail: [ OK ]
>>> > > outgoing sendmail: [ OK ]
>>> > > MailScanner: [ OK ]
>>> > >
>>> >
>>> >
>>> >
>>> >BMRB International
>>> >http://www.bmrb.co.uk
>>> >+44 (0)20 8566 5000
>>> >_________________________________________________________________
>>> >This message (and any attachment) is intended only for the
>>> >recipient and may contain confidential and/or privileged
>>> >material. If you have received this in error, please contact the
>>> >sender and delete this message immediately. Disclosure, copying
>>> >or other action taken in respect of this email or in
>>> >reliance on it is prohibited. BMRB International Limited
>>> >accepts no liability in relation to any personal emails, or
>>> >content of any email which does not directly relate to our
>>> >business.
>>>
>>>--
>>>Julian Field
>>>www.MailScanner.info
>>>Professional Support Services at www.MailScanner.biz
>>>MailScanner thanks transtec Computers for their support
>>
>>--
>>Julian Field
>>www.MailScanner.info
>>Professional Support Services at www.MailScanner.biz
>>MailScanner thanks transtec Computers for their support
>>
>>--
>>This message has been scanned for viruses and dangerous
>>content by Data Techie, and is believed to be clean.
>>Data Techie... always there to protect you!
>>http://www.datatechie.com
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
From l_candelario at CRC.UPR.CLU.EDU Fri Apr 4 21:59:13 2003
From: l_candelario at CRC.UPR.CLU.EDU (Larry Candelario)
Date: Thu Jan 12 21:17:42 2006
Subject: Problems with F-prot working with zipped files
Message-ID:
Thanks Julian,
I had a little mix-up going on, since I was using instructions from the Open
WebMail site (which is where I got to know of MailScanner) and those
instructions where for the 3.22-10 version, though I did indeed download and
install 4.13-3.
I decided to delete all directories/files of MailScanner,
downloaded/installed 4.14-9 following your instructions for Linux-RPM, and
now all four EICAR files are being detected properly.
Thanks for the heads-up,
Larry Candelario
From l_candelario at CRC.UPR.CLU.EDU Fri Apr 4 21:59:13 2003
From: l_candelario at CRC.UPR.CLU.EDU (Larry Candelario)
Date: Thu Jan 12 21:17:42 2006
Subject: Problems with F-prot working with zipped files
Message-ID:
Thanks Julian,
I had a little mix-up going on, since I was using instructions from the Open
WebMail site (which is where I got to know of MailScanner) and those
instructions where for the 3.22-10 version, though I did indeed download and
install 4.13-3.
I decided to delete all directories/files of MailScanner,
downloaded/installed 4.14-9 following your instructions for Linux-RPM, and
now all four EICAR files are being detected properly.
Thanks for the heads-up,
Larry Candelario
From brian at UNEARTHED.ORG Fri Apr 4 22:20:53 2003
From: brian at UNEARTHED.ORG (Brian May)
Date: Thu Jan 12 21:17:42 2006
Subject: Fw: ANNOUNCE: Version 4.14 released
Message-ID: <001701c2faf0$18ebd940$8801020a@brianmay>
>From F-Secure's email to me...
http://europe.f-secure.com/exclude/download/fsav-wks-4-50-2111.zip
Just tested the d/l, and it worked... so there goes!
Brian
----- Original Message -----
From: "Julian Field"
To:
Sent: Friday, April 04, 2003 12:19 PM
Subject: Re: ANNOUNCE: Version 4.14 released
Virus scanners are a little awkward this weekend. We've got a power-outage
on Sunday while they fit a new feed to our big High Voltage Lab, so
virtually all my MailScanner development servers are switched off for the
weekend.
I'll see what I can do to run a test set through it.
I can't find F-Secure on their website to download. I managed to find it
the other day, but I can't find it now. Can someone mail me the URL of the
right download page please?
At 20:47 04/04/2003, you wrote:
>Julian,
>
>Yes, I am running the new wrappers...
>
>Although I have f-secure installed to /usr/local/fsav/ still... I updated
>the wrapper to point to /usr/local/fsav/bin
>
>Brian
>
>----- Original Message -----
>From: "Julian Field"
>To:
>Sent: Friday, April 04, 2003 10:59 AM
>Subject: Re: ANNOUNCE: Version 4.14 released
>
>
>At 19:29 04/04/2003, you wrote:
> >I'm getting this now...
> >
> >Apr 4 10:24:50 athena MailScanner[28166]: Commercial scanner f-secure
>timed
> >out!
> >
> >I didn't have that on the previous version patched....
>
>Are you using the new f-secure-wrapper?
>If you modified the old one, you may well not have the right one. Check for
> /usr/lib/MailScanner/f-secure-wrapper.rpmnew
>and rename it over the top of f-secure-wrapper.
>
>2 or 3 of the wrapper scripts have changed, so make sure you don't have any
>.rpmnew files that you aren't using.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
From mailscanner at LISTS.COM.AR Fri Apr 4 22:28:49 2003
From: mailscanner at LISTS.COM.AR (Mariano Absatz)
Date: Thu Jan 12 21:17:42 2006
Subject: wish list item (easy one :-)
Message-ID: <3E8DCEE1.1257.47CF5347@localhost>
Hi Julian,
today I was installing a new machine with MS+SA+ZMailer (with my yet to be
sufficiently tested queue-fooling scripts).
I installed SA in a non-standard place (esp. the rules directories), and
found that the SA rules weren't found at all. As the standard spamassassin
script _did_ find everything I browsed it and found the following:
my $PREFIX = '/usr'; # substituted at 'make' time
my $DEF_RULES_DIR = '/app/SpamAssassin/etc/rules/default'; # substituted at
'make' time
my $LOCAL_RULES_DIR = '/app/SpamAssassin/etc/rules/local'; # substituted at
'make' time
and then...
# create the tester factory
my $spamtest = new Mail::SpamAssassin ({
rules_filename => $opt{'config-file'},
userprefs_filename => $opt{'prefs-file'},
local_tests_only => $opt{'local'},
debug => defined($opt{'debug-level'}),
dont_copy_prefs => ($opt{'create-prefs'} ? 0 : 1),
PREFIX => $PREFIX,
DEF_RULES_DIR => $DEF_RULES_DIR,
LOCAL_RULES_DIR => $LOCAL_RULES_DIR,
});
I hardwired this into MailScanner/SA.pm like this:
if ($prefs ne "") {
$MailScanner::SA::SAspamtest = new Mail::SpamAssassin(
{'userprefs_filename' => $prefs,
'PREFIX' => '/usr',
'DEF_RULES_DIR' => '/app/SpamAssassin/etc/rules/default',
'LOCAL_RULES_DIR' => '/app/SpamAssassin/etc/rules/local',
'dont_copy_prefs' => 0 });
} else {
$MailScanner::SA::SAspamtest = new Mail::SpamAssassin(
{'PREFIX' => '/usr',
'DEF_RULES_DIR' => '/app/SpamAssassin/etc/rules/default',
'LOCAL_RULES_DIR' => '/app/SpamAssassin/etc/rules/local'});
}
but it would be nice if you could add a couple of lines to Config.pm and
ConfigDefs.pl with some new config variables like
SpamAssassin prefix
SpamAssassin default rules directory
SpamAssassin local rules directory
or something like that.
If you want, I can modify your latest release and send you the patches...
AFAIK, it would only touch three files...
--
Mariano Absatz
El Baby
----------------------------------------------------------
Late one night in the middle of the day, two dead
soldiers got up to fight. Back to back they faced
each other, pulled out their swords and shot one
another. A deaf policeman heard the noise, got up
and shot the twice dead boys. If you don't believe
me, ask the blind man who saw it all, through a
knothole in a wooden brick wall.
From mailscanner at ecs.soton.ac.uk Fri Apr 4 22:40:57 2003
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:17:42 2006
Subject: wish list item (easy one :-)
In-Reply-To: <3E8DCEE1.1257.47CF5347@localhost>
Message-ID: <5.2.0.9.2.20030404223947.022cce98@imap.ecs.soton.ac.uk>
I obviously should have published these options after all :)
There are already 3 undocumented configuration options for setting the
location of SpamAssassin. They are:
SpamAssassin Local Rules Dir
SpamAssassin Default Rules Dir
SpamAssassin Install Prefix
A combination of those 3 will let you do what you need.
At 22:28 04/04/2003, you wrote:
>Hi Julian,
>
>today I was installing a new machine with MS+SA+ZMailer (with my yet to be
>sufficiently tested queue-fooling scripts).
>
>I installed SA in a non-standard place (esp. the rules directories), and
>found that the SA rules weren't found at all. As the standard spamassassin
>script _did_ find everything I browsed it and found the following:
>
>my $PREFIX = '/usr'; # substituted at 'make' time
>my $DEF_RULES_DIR = '/app/SpamAssassin/etc/rules/default'; # substituted at
>'make' time
>my $LOCAL_RULES_DIR = '/app/SpamAssassin/etc/rules/local'; # substituted at
>'make' time
>
>and then...
>
># create the tester factory
> my $spamtest = new Mail::SpamAssassin ({
> rules_filename => $opt{'config-file'},
> userprefs_filename => $opt{'prefs-file'},
> local_tests_only => $opt{'local'},
> debug => defined($opt{'debug-level'}),
> dont_copy_prefs => ($opt{'create-prefs'} ? 0 : 1),
> PREFIX => $PREFIX,
> DEF_RULES_DIR => $DEF_RULES_DIR,
> LOCAL_RULES_DIR => $LOCAL_RULES_DIR,
> });
>
>
>I hardwired this into MailScanner/SA.pm like this:
>
> if ($prefs ne "") {
> $MailScanner::SA::SAspamtest = new Mail::SpamAssassin(
> {'userprefs_filename' => $prefs,
> 'PREFIX' => '/usr',
> 'DEF_RULES_DIR' => '/app/SpamAssassin/etc/rules/default',
> 'LOCAL_RULES_DIR' => '/app/SpamAssassin/etc/rules/local',
> 'dont_copy_prefs' => 0 });
> } else {
> $MailScanner::SA::SAspamtest = new Mail::SpamAssassin(
> {'PREFIX' => '/usr',
> 'DEF_RULES_DIR' => '/app/SpamAssassin/etc/rules/default',
> 'LOCAL_RULES_DIR' => '/app/SpamAssassin/etc/rules/local'});
> }
>
>but it would be nice if you could add a couple of lines to Config.pm and
>ConfigDefs.pl with some new config variables like
>SpamAssassin prefix
>SpamAssassin default rules directory
>SpamAssassin local rules directory
>or something like that.
>
>If you want, I can modify your latest release and send you the patches...
>AFAIK, it would only touch three files...
>
>
>
>--
>Mariano Absatz
>El Baby
>----------------------------------------------------------
>Late one night in the middle of the day, two dead
>soldiers got up to fight. Back to back they faced
>each other, pulled out their swords and shot one
>another. A deaf policeman heard the noise, got up
>and shot the twice dead boys. If you don't believe
>me, ask the blind man who saw it all, through a
>knothole in a wooden brick wall.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
From mis at KAYNE.COM Fri Apr 4 22:45:33 2003
From: mis at KAYNE.COM (Joshua Pickering)
Date: Thu Jan 12 21:17:42 2006
Subject: MailScanner/Sendmail for Dummies??
Message-ID: <015401c2faf3$8517ed90$fc64a8c0@jp1500>
All,
I realize that asking for a little help with Sendmail is slightly off-topic for this mailing list. However, I think MailScanner is an excellent product (*big* props to you, Julian) and I see the fact that you have to wrap your head around Sendmail prior to being able to deploy it as being a real Achilles heel to it. I was born in a Windows world and have been steadily making inroads into the land of OpenSource (even deploying my first Samba printserver last week). However, sendmail is a beast - a beast that requires a tremendous amount of knowledge to configure. The guy who wrote Sendmail wrote in the forward to the O'Reilly book that Sendmail is complicated because 'life is complicated.' With all due respect to him, I see that mentality as being one of the biggest obstacles to the OpenSource community. There are plenty of people in my position who would love to be able to work more with OpenSource Technologies, but are significantly hampered by the level of complexity of some of this stuff. The MailScanner.conf file is great - well commented, easy to understand variables and parameters (another tip of the hat to Julian). But the configuration of Sendmail is so convoluted that the configuration file has configuration files (M4)! It's like Vi or Emacs - so arcane! I realize that this type of technology is complicated, but configuring it shouldn't have to be. I wish I wrote code so I could contribute more. However, I think getting the configuration of this stuff to the point so that it's manageable to someone who doesn't have the bandwidth to learn Sendmail will be the key to more widespread adoption of it.
I am looking to build a RedHat-based MailScanner/Sendmail/SpamAssassin/VirusScan box that would sit between my T1 and my Exchange server. For those familiar with it, I would be replacing an existing Windows 2000 Server running GFI MailEssentials. All email comes in through the T1, is processed by the MailEssentials box (virus scanning/content filtering, etc.) and is then passed on to the Exchange server. All outgoing mail is passed to the MailEssentials box and delivered from there. I would imagine this to be a fairly common type of configuration, with one of the only major deltas being multiple mail servers.
I would like to propose the following (and will even donate webspace to that end) - let's create a repository of common Sendmail configurations, MySQL configurations, MTA configurations (e.g. Exchange Server tips) with the specific goal of facilitating MailScanner deployments. I know this is not a Sendmail list, but I think there must be plenty of people like me who would want to deploy MailScanner but are stopped in their tracks by the formidable task of configuring Sendmail. I would even be open to writing and hosting a 'MailScanner for Dummies' type website. The docs on the MailScanner site are a great place to start but, IMHO, have some holes that need to be filled. I'd like to help out for the common cause in any way I can.
Anyway, it's just an idea. I'm not trying to make any enemies here - I genuinely want to help out. Your comments and thoughts are welcomed. And, if anyone has any good recommendations for books or sites that help simplify the configuration of Sendmail, I'm all ears (or eyes).
Thanks,
Joshua Pickering
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030404/af5f142e/attachment.html
From mailscanner at ecs.soton.ac.uk Fri Apr 4 23:05:44 2003
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:17:42 2006
Subject: MailScanner/Sendmail for Dummies??
In-Reply-To: <015401c2faf3$8517ed90$fc64a8c0@jp1500>
Message-ID: <5.2.0.9.2.20030404230015.0266c678@imap.ecs.soton.ac.uk>
To get you started with sendmail, make sure you have both the "sendmail"
RPM and the "sendmail-cf" RPM.
Save a copy of your /etc/mail/sendmail.mc, and use this instead:
divert(-1)
divert(0)dnl
VERSIONID(`@(#)Client.mc (Jules) 22/7/99')
#
# JKF These are the only things you need to change
#
define(`SMTPserver', exchange.yourdomain.com)
OSTYPE(linux)
# JKF Leave the rest of this alone
define(`confDONT_INIT_GROUPS', `True')
FEATURE(nullclient, SMTPserver)
Put this in /etc/mail/sendmail.mc. Then put a line in /etc/mail/access like
this:
yourdomain.com RELAY
Then do this:
cd /etc/mail
make
which will build new versions of the config files for you.
Then you should find that your sendmail will relay mail from the outside
world onto your Exchange server.
Once all that is working nicely, set about installing MailScanner.
At 22:45 04/04/2003, you wrote:
>All,
>
>I realize that asking for a little help with Sendmail is slightly
>off-topic for this mailing list. However, I think MailScanner is an
>excellent product (*big* props to you, Julian) and I see the fact that you
>have to wrap your head around Sendmail prior to being able to deploy it as
>being a real Achilles heel to it. I was born in a Windows world and have
>been steadily making inroads into the land of OpenSource (even deploying
>my first Samba printserver last week). However, sendmail is a beast - a
>beast that requires a tremendous amount of knowledge to configure. The
>guy who wrote Sendmail wrote in the forward to the O'Reilly book that
>Sendmail is complicated because 'life is complicated.' With all due
>respect to him, I see that mentality as being one of the biggest obstacles
>to the OpenSource community. There are plenty of people in my position
>who would love to be able to work more with OpenSource Technologies, but
>are significantly hampered by the level of complexity of some of this
>stuff. The MailScanner.conf file is great - well commented, easy to
>understand variables and parameters (another tip of the hat to
>Julian). But the configuration of Sendmail is so convoluted that the
>configuration file has configuration files (M4)! It's like Vi or Emacs -
>so arcane! I realize that this type of technology is complicated, but
>configuring it shouldn't have to be. I wish I wrote code so I could
>contribute more. However, I think getting the configuration of this stuff
>to the point so that it's manageable to someone who doesn't have the
>bandwidth to learn Sendmail will be the key to more widespread adoption of it.
>
>I am looking to build a RedHat-based
>MailScanner/Sendmail/SpamAssassin/VirusScan box that would sit between my
>T1 and my Exchange server. For those familiar with it, I would be
>replacing an existing Windows 2000 Server running GFI MailEssentials. All
>email comes in through the T1, is processed by the MailEssentials box
>(virus scanning/content filtering, etc.) and is then passed on to the
>Exchange server. All outgoing mail is passed to the MailEssentials box
>and delivered from there. I would imagine this to be a fairly common type
>of configuration, with one of the only major deltas being multiple mail
>servers.
>
>I would like to propose the following (and will even donate webspace to
>that end) - let's create a repository of common Sendmail configurations,
>MySQL configurations, MTA configurations (e.g. Exchange Server tips) with
>the specific goal of facilitating MailScanner deployments. I know this is
>not a Sendmail list, but I think there must be plenty of people like me
>who would want to deploy MailScanner but are stopped in their tracks by
>the formidable task of configuring Sendmail. I would even be open to
>writing and hosting a 'MailScanner for Dummies' type website. The docs on
>the MailScanner site are a great place to start but, IMHO, have some holes
>that need to be filled. I'd like to help out for the common cause in any
>way I can.
>
>Anyway, it's just an idea. I'm not trying to make any enemies here - I
>genuinely want to help out. Your comments and thoughts are
>welcomed. And, if anyone has any good recommendations for books or sites
>that help simplify the configuration of Sendmail, I'm all ears (or eyes).
>
>Thanks,
>
>Joshua Pickering
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030404/717fd0e0/attachment.html
From mailscanner at LISTS.COM.AR Fri Apr 4 23:09:24 2003
From: mailscanner at LISTS.COM.AR (Mariano Absatz)
Date: Thu Jan 12 21:17:42 2006
Subject: wish list item (easy one :-)
In-Reply-To: <5.2.0.9.2.20030404223947.022cce98@imap.ecs.soton.ac.uk>
References: <3E8DCEE1.1257.47CF5347@localhost>
Message-ID: <3E8DD864.7667.47F47B6E@localhost>
El 4 Apr 2003 a las 22:40, Julian Field escribi?:
> I obviously should have published these options after all :)
Gee... I didn't see it 'cause I was working based on 4.13 (I try to develop
over latest public release and not over beta, so I only debug my own
errors)... since you just release 4-14 and it has this one thing I want,
seems like I'll be forward-porting my mods this weekend...
Great work, Julian!
BTW, the guy working on the _real_ ZMailer port is advancing faster than I
am, so maybe I'll be dropping my code soon... he was based on 4-14-3 or
something like that, and he'll probably be forward-porting to 4-14-9 next
week.
Have a nice weekend.
>
> There are already 3 undocumented configuration options for setting the
> location of SpamAssassin. They are:
> SpamAssassin Local Rules Dir
> SpamAssassin Default Rules Dir
> SpamAssassin Install Prefix
> A combination of those 3 will let you do what you need.
>
> At 22:28 04/04/2003, you wrote:
> >Hi Julian,
> >
> >today I was installing a new machine with MS+SA+ZMailer (with my yet to be
> >sufficiently tested queue-fooling scripts).
> >
> >I installed SA in a non-standard place (esp. the rules directories), and
> >found that the SA rules weren't found at all. As the standard spamassassin
> >script _did_ find everything I browsed it and found the following:
> >
> >my $PREFIX = '/usr'; # substituted at 'make' time
> >my $DEF_RULES_DIR = '/app/SpamAssassin/etc/rules/default'; # substituted at
> >'make' time
> >my $LOCAL_RULES_DIR = '/app/SpamAssassin/etc/rules/local'; # substituted at
> >'make' time
> >
> >and then...
> >
> ># create the tester factory
> > my $spamtest = new Mail::SpamAssassin ({
> > rules_filename => $opt{'config-file'},
> > userprefs_filename => $opt{'prefs-file'},
> > local_tests_only => $opt{'local'},
> > debug => defined($opt{'debug-level'}),
> > dont_copy_prefs => ($opt{'create-prefs'} ? 0 : 1),
> > PREFIX => $PREFIX,
> > DEF_RULES_DIR => $DEF_RULES_DIR,
> > LOCAL_RULES_DIR => $LOCAL_RULES_DIR,
> > });
> >
> >
> >I hardwired this into MailScanner/SA.pm like this:
> >
> > if ($prefs ne "") {
> > $MailScanner::SA::SAspamtest = new Mail::SpamAssassin(
> > {'userprefs_filename' => $prefs,
> > 'PREFIX' => '/usr',
> > 'DEF_RULES_DIR' => '/app/SpamAssassin/etc/rules/default',
> > 'LOCAL_RULES_DIR' => '/app/SpamAssassin/etc/rules/local',
> > 'dont_copy_prefs' => 0 });
> > } else {
> > $MailScanner::SA::SAspamtest = new Mail::SpamAssassin(
> > {'PREFIX' => '/usr',
> > 'DEF_RULES_DIR' => '/app/SpamAssassin/etc/rules/default',
> > 'LOCAL_RULES_DIR' => '/app/SpamAssassin/etc/rules/local'});
> > }
> >
> >but it would be nice if you could add a couple of lines to Config.pm and
> >ConfigDefs.pl with some new config variables like
> >SpamAssassin prefix
> >SpamAssassin default rules directory
> >SpamAssassin local rules directory
> >or something like that.
> >
> >If you want, I can modify your latest release and send you the patches...
> >AFAIK, it would only touch three files...
> >
--
Mariano Absatz
El Baby
----------------------------------------------------------
Why should I care about posterity?
What's posterity ever done for me?
-- Groucho Marx
From mailscanner at LISTS.COM.AR Fri Apr 4 23:24:56 2003
From: mailscanner at LISTS.COM.AR (Mariano Absatz)
Date: Thu Jan 12 21:17:42 2006
Subject: [O/T] Re: MailScanner/Sendmail for Dummies??
In-Reply-To: <015401c2faf3$8517ed90$fc64a8c0@jp1500>
Message-ID: <3E8DDC08.29816.4802B440@localhost>
El 4 Apr 2003 a las 13:45, Joshua Pickering escribi?:
> All,
>
> I realize that asking for a little help with Sendmail is slightly
> off-topic for this mailing list. However, I think MailScanner is an
> excellent product (*big* props to you, Julian) and I see the fact that
> you have to wrap your head around Sendmail prior to being able to deploy
> it as being a real Achilles heel to it. I was born in a Windows world
> and have been steadily making inroads into the land of OpenSource (even
> deploying my first Samba printserver last week). However, sendmail is a
> beast - a beast that requires a tremendous amount of knowledge to
> configure. The guy who wrote Sendmail wrote in the forward to the
> O'Reilly book that Sendmail is complicated because 'life is
> complicated.' With all due respect to him, I see that mentality as
> being one of the biggest obstacles to the OpenSource community. There
Well... with all due respect to sendmail _and_ Eric Allman, you shouldn't
take it as an open source reference...
The problem with sendmail is not that it's open source... the problems are
that 1) it's _very_ old, 2) it tries to do awfully many things... In fact, as
he says in the bat book preface, he made the configuration flexible to adapt
to the rapidly changing protocol scene of the 1980's...
Well, for about a decade, the mail protocol scene has calmed down... there's
little inter-domain mail away from SMTP/ESMTP, so, unless you are still using
islands of UUCP, BITNET or some other archaic mail protocol/infrastructure,
you should choose another mail server... or be prepare to study.
I myself use another old (but not-so-old) mail server that also handles UUCP
and other protocols (http://ZMailer.org), but I wouldn't recommend it to
anyone that doesn't want to study a lot (even read C code).
If you are up to using an open source mail server, I would suggest either
Postfix or qmail. If you are in a plain SMTP world (as most of us are), both
are really powerful, better engineered than sendmail (learnt from its
mistakes), faster and _really_ easier to learn.
I guess Exim also falls in this category, but I never used it... in fact, it
_has_ to be easier than sendmail... almost _any_ server is easier to
configure than sendmail...
The fact that "life is complicated" is a problem if you want to model life...
but modelling a mail environment (given you don't live in the 1980's) is
usually easier than life :-)
If you want to use MailScanner you should either use a plain vanilla rpm
sendmail configuration or opt for Exim...
If you want to see good, clean, open source software, stay away from sendmail
(or bind, for that matter, another old beast).
> are plenty of people in my position who would love to be able to work
> more with OpenSource Technologies, but are significantly hampered by the
> level of complexity of some of this stuff. The MailScanner.conf file is
> great - well commented, easy to understand variables and parameters
> (another tip of the hat to Julian). But the configuration of Sendmail
> is so convoluted that the configuration file has configuration files
> (M4)! It's like Vi or Emacs - so arcane! I realize that this type of
> technology is complicated, but configuring it shouldn't have to be. I
> wish I wrote code so I could contribute more. However, I think getting
> the configuration of this stuff to the point so that it's manageable to
> someone who doesn't have the bandwidth to learn Sendmail will be the key
> to more widespread adoption of it.
>
> I am looking to build a RedHat-based
> MailScanner/Sendmail/SpamAssassin/VirusScan box that would sit between
> my T1 and my Exchange server. For those familiar with it, I would be
> replacing an existing Windows 2000 Server running GFI MailEssentials.
> All email comes in through the T1, is processed by the MailEssentials
> box (virus scanning/content filtering, etc.) and is then passed on to
> the Exchange server. All outgoing mail is passed to the MailEssentials
> box and delivered from there. I would imagine this to be a fairly
> common type of configuration, with one of the only major deltas being
> multiple mail servers.
>
> I would like to propose the following (and will even donate webspace to
> that end) - let's create a repository of common Sendmail configurations,
> MySQL configurations, MTA configurations (e.g. Exchange Server tips)
> with the specific goal of facilitating MailScanner deployments. I know
> this is not a Sendmail list, but I think there must be plenty of people
> like me who would want to deploy MailScanner but are stopped in their
> tracks by the formidable task of configuring Sendmail. I would even be
> open to writing and hosting a 'MailScanner for Dummies' type website.
> The docs on the MailScanner site are a great place to start but, IMHO,
> have some holes that need to be filled. I'd like to help out for the
> common cause in any way I can.
>
> Anyway, it's just an idea. I'm not trying to make any enemies here - I
> genuinely want to help out. Your comments and thoughts are welcomed.
> And, if anyone has any good recommendations for books or sites that help
> simplify the configuration of Sendmail, I'm all ears (or eyes).
>
> Thanks,
>
> Joshua Pickering
>
>
>
--
Mariano Absatz
El Baby
----------------------------------------------------------
Your e-mail has been returned due to insufficient voltage.
From mike at CAMAROSS.NET Fri Apr 4 23:49:56 2003
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:17:42 2006
Subject: MailScanner/Sendmail for Dummies??
In-Reply-To: <5.2.0.9.2.20030404230015.0266c678@imap.ecs.soton.ac.uk>
Message-ID: <011201c2fafc$84942880$af01a8c0@home.middlefinger.net>
After you make the modifications to /etc/mail/sendmail.mc , don't forget to
run "m4 /etc/mail/sendmail.mc > /etc/sendmail.cf" to generate your new
/etc/sendmail.cf
Mike
-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Julian Field
Sent: Friday, April 04, 2003 4:06 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: MailScanner/Sendmail for Dummies??
To get you started with sendmail, make sure you have both the "sendmail" RPM
and the "sendmail-cf" RPM.
Save a copy of your /etc/mail/sendmail.mc, and use this instead:
divert(-1)
divert(0)dnl
VERSIONID(`@(#)Client.mc (Jules) 22/7/99')
#
# JKF These are the only things you need to change
#
define(`SMTPserver', exchange.yourdomain.com)
OSTYPE(linux)
# JKF Leave the rest of this alone
define(`confDONT_INIT_GROUPS', `True')
FEATURE(nullclient, SMTPserver)
Put this in /etc/mail/sendmail.mc. Then put a line in /etc/mail/access like
this:
yourdomain.com RELAY
Then do this:
cd /etc/mail
make
which will build new versions of the config files for you.
Then you should find that your sendmail will relay mail from the outside
world onto your Exchange server.
Once all that is working nicely, set about installing MailScanner.
At 22:45 04/04/2003, you wrote:
All,
I realize that asking for a little help with Sendmail is slightly off-topic
for this mailing list. However, I think MailScanner is an excellent product
(*big* props to you, Julian) and I see the fact that you have to wrap your
head around Sendmail prior to being able to deploy it as being a real
Achilles heel to it. I was born in a Windows world and have been steadily
making inroads into the land of OpenSource (even deploying my first Samba
printserver last week). However, sendmail is a beast - a beast that
requires a tremendous amount of knowledge to configure. The guy who wrote
Sendmail wrote in the forward to the O'Reilly book that Sendmail is
complicated because 'life is complicated.' With all due respect to him, I
see that mentality as being one of the biggest obstacles to the OpenSource
community. There are plenty of people in my position who would love to be
able to work more with OpenSource Technologies, but are significantly
hampered by the level of complexity of some of this stuff. The
MailScanner.conf file is great - well commented, easy to understand
variables and parameters (another tip of the hat to Julian). But the
configuration of Sendmail is so convoluted that the configuration file has
configuration files (M4)! It's like Vi or Emacs - so arcane! I realize
that this type of technology is complicated, but configuring it shouldn't
have to be. I wish I wrote code so I could contribute more. However, I
think getting the configuration of this stuff to the point so that it's
manageable to someone who doesn't have the bandwidth to learn Sendmail will
be the key to more widespread adoption of it.
I am looking to build a RedHat-based
MailScanner/Sendmail/SpamAssassin/VirusScan box that would sit between my T1
and my Exchange server. For those familiar with it, I would be replacing an
existing Windows 2000 Server running GFI MailEssentials. All email comes in
through the T1, is processed by the MailEssentials box (virus
scanning/content filtering, etc.) and is then passed on to the Exchange
server. All outgoing mail is passed to the MailEssentials box and delivered
from there. I would imagine this to be a fairly common type of
configuration, with one of the only major deltas being multiple mail
servers.
I would like to propose the following (and will even donate webspace to that
end) - let's create a repository of common Sendmail configurations, MySQL
configurations, MTA configurations (e.g. Exchange Server tips) with the
specific goal of facilitating MailScanner deployments. I know this is not a
Sendmail list, but I think there must be plenty of people like me who would
want to deploy MailScanner but are stopped in their tracks by the formidable
task of configuring Sendmail. I would even be open to writing and hosting a
'MailScanner for Dummies' type website. The docs on the MailScanner site
are a great place to start but, IMHO, have some holes that need to be
filled. I'd like to help out for the common cause in any way I can.
Anyway, it's just an idea. I'm not trying to make any enemies here - I
genuinely want to help out. Your comments and thoughts are welcomed. And,
if anyone has any good recommendations for books or sites that help simplify
the configuration of Sendmail, I'm all ears (or eyes).
Thanks,
Joshua Pickering
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
From joe at QITC.CO.UK Sat Apr 5 02:18:56 2003
From: joe at QITC.CO.UK (Joe Quinn)
Date: Thu Jan 12 21:17:42 2006
Subject: ANNOUNCE: Version 4.14 released
References: <5.2.0.9.2.20030404185900.02203cd8@imap.ecs.soton.ac.uk>
Message-ID: <013f01c2fb11$54c7ef00$ac720550@T20>
I tried these suggestions but the RaQ has a problem that can wait till morning
:-(
Joe Quinn
www.qitc.net
----- Original Message -----
From: "Julian Field"
To:
Sent: Friday, April 04, 2003 7:00 PM
Subject: Re: ANNOUNCE: Version 4.14 released
At 17:20 04/04/2003, you wrote:
>I got that too, but I manually deleted var/run/sendmail*, killed all the
>sendmail processes then it was fine (although thinking on it now I'm not
>sure it was necessary). I think maybe the sendmail.in.pid is new for this
>version so the new init script couldn't find it because when you started
>it (with the old version) it wasn't created.
Yes, that's it. The restart tries to kill the old sendmail processes using
the new pid file which won't exist yet.
This will only occur once. You could avoid it by stopping the old
MailScanner before upgrading to the new one.
> > -----Original Message-----
> > From: Brian May [mailto:brian@UNEARTHED.ORG]
> > Sent: 04 April 2003 17:11
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: Re: [MAILSCANNER] ANNOUNCE: Version 4.14 released
> >
> >
> > After the upgrade; when I restart MailScanner I get this message:
> >
> > Latest MAilScanner, RedHat 7.3 all up2date...
> >
> > Shutting down MailScanner daemons:
> > MailScanner: [ OK ]
> > incoming sendmail: head: /var/run/sendmail.in.pid:
> > No such file or
> > directory
> > [ OK ]
> > outgoing sendmail: [ OK ]
> > Starting MailScanner daemons:
> > incoming sendmail: [ OK ]
> > outgoing sendmail: [ OK ]
> > MailScanner: [ OK ]
> >
>
>
>
>BMRB International
>http://www.bmrb.co.uk
>+44 (0)20 8566 5000
>_________________________________________________________________
>This message (and any attachment) is intended only for the
>recipient and may contain confidential and/or privileged
>material. If you have received this in error, please contact the
>sender and delete this message immediately. Disclosure, copying
>or other action taken in respect of this email or in
>reliance on it is prohibited. BMRB International Limited
>accepts no liability in relation to any personal emails, or
>content of any email which does not directly relate to our
>business.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
From mailscanner at LISTS.COM.AR Sat Apr 5 03:54:53 2003
From: mailscanner at LISTS.COM.AR (Mariano Absatz)
Date: Thu Jan 12 21:17:42 2006
Subject: languages.conf
Message-ID: <3E8E1B4D.8144.48F9DC03@localhost>
Hi,
I started using the Spanish translations in my test environment and found a
couple of problems...
All the mailers I have (Pegasus & Outlook for windows, plain old "mail" and
elm for linux) don't correctly interpret MIME header encoding for unknown
headers (e.g. X-MailScanner-SpamCheck:), so they look awful when they are
encoded...
This doesn't lead to a clear solution, since you _do_ have to encode 8 bit
headers, but I was wondering:
Do all texts that go into headers come from the languages.conf file?
Do all texts that are in the languages.conf file go into headers?
If both are true, at least in Spanish, I could edit them so they _don't_ have
8 bit characters, either by using other words or by, like in pre-MIME times
replacing accented characters (or the infamous "?") by non-accented
characters.
If one of the premises is not true, could you identify which are the
words/phrases that go into the headers?
Another one: shouldn't these settings (in MailScanner.conf) be commented out?
and be defaulted from language.conf entries? This would help towards
internationalization... obviously, if entries in MailScanner.conf would
override the defaults:
Clean Header Value = Found to be clean
Infected Header Value = Found to be infected
Disinfected Header Value = Disinfected
Information Header Value = Please contact the ISP for more information
--
Mariano Absatz
El Baby
----------------------------------------------------------
I write all my critical routines in assembler, and my comedy routines in
FORTRAN.
-- Anonymous
From dh at UPTIME.AT Sat Apr 5 12:33:45 2003
From: dh at UPTIME.AT (David)
Date: Thu Jan 12 21:17:42 2006
Subject: [O/T] Re: MailScanner/Sendmail for Dummies??
In-Reply-To: <3E8DDC08.29816.4802B440@localhost>
Message-ID: <7638EEAA-675A-11D7-A71D-000393920D6C@uptime.at>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
On Samstag, April 5, 2003, at 12:24 Uhr, Mariano Absatz wrote:
> If you are up to using an open source mail server, I would suggest
> either
> Postfix or qmail. If you are in a plain SMTP world (as most of us
> are), both
> are really powerful, better engineered than sendmail (learnt from its
> mistakes), faster and _really_ easier to learn.
??????????
..and as always use the right tools for your specific setup. Even
though I can agree with most parts we still use sendmail, why? Because
with our specific load and the amount of data we pass in our specific
setup every other MTA we tested choked and only sendmail chose to
happily run through the peek hours.
so be prepared to do a lot of testing
and just on a personal account, sendmail can be made pretty secure even
though it can be a kludge as well ;)
- -d
- - Face me and you shall surely perish.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (Darwin)
iD8DBQE+jr8fiW/Ta/pxHPQRA8RdAKCZvggV9rqTWxagNBK+kJ+UZ9W7GwCdGE6p
E/mszNlBx/Djvmh82Nkh198=
=46xQ
-----END PGP SIGNATURE-----
From mike at ZANKER.ORG Sat Apr 5 07:23:17 2003
From: mike at ZANKER.ORG (Mike Zanker)
Date: Thu Jan 12 21:17:42 2006
Subject: MailScanner/Sendmail for Dummies??
In-Reply-To: <011201c2fafc$84942880$af01a8c0@home.middlefinger.net>
References: <011201c2fafc$84942880$af01a8c0@home.middlefinger.net>
Message-ID: <115697843.1049527397@jemima.zanker.org>
On 04 April 2003 16:49 -0600 Mike Kercher wrote:
> After you make the modifications to /etc/mail/sendmail.mc , don't
> forget to run "m4 /etc/mail/sendmail.mc > /etc/sendmail.cf" to
> generate your new /etc/sendmail.cf
That depends on the version of Red Hat being used. From 8.0 onwards
sendmail.cf moved to /etc/mail and will be made from sendmail.mc by
running "make" in that directory. Previous Red Hat versions (and the
new Enterprise products) will need m4 running manually, as you said.
Mike.
From mailscanner at ecs.soton.ac.uk Sat Apr 5 13:48:24 2003
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:17:42 2006
Subject: ANNOUNCE: Version 4.14 released
In-Reply-To: <013f01c2fb11$54c7ef00$ac720550@T20>
References: <5.2.0.9.2.20030404185900.02203cd8@imap.ecs.soton.ac.uk>
Message-ID: <5.2.0.9.2.20030405134724.02494830@imap.ecs.soton.ac.uk>
Shutdown all the sendmail processes before starting MailScanner for the
first time.
/etc/rc.d/init.d/sendmail stop
then
ps ax | grep -i mail
and kill any leftovers. Then when you start MailScanner it should work.
At 02:18 05/04/2003, you wrote:
>I tried these suggestions but the RaQ has a problem that can wait till morning
>
>:-(
>
>Joe Quinn
>www.qitc.net
>
>----- Original Message -----
>From: "Julian Field"
>To:
>Sent: Friday, April 04, 2003 7:00 PM
>Subject: Re: ANNOUNCE: Version 4.14 released
>
>
>At 17:20 04/04/2003, you wrote:
> >I got that too, but I manually deleted var/run/sendmail*, killed all the
> >sendmail processes then it was fine (although thinking on it now I'm not
> >sure it was necessary). I think maybe the sendmail.in.pid is new for this
> >version so the new init script couldn't find it because when you started
> >it (with the old version) it wasn't created.
>
>Yes, that's it. The restart tries to kill the old sendmail processes using
>the new pid file which won't exist yet.
>This will only occur once. You could avoid it by stopping the old
>MailScanner before upgrading to the new one.
>
>
> > > -----Original Message-----
> > > From: Brian May [mailto:brian@UNEARTHED.ORG]
> > > Sent: 04 April 2003 17:11
> > > To: MAILSCANNER@JISCMAIL.AC.UK
> > > Subject: Re: [MAILSCANNER] ANNOUNCE: Version 4.14 released
> > >
> > >
> > > After the upgrade; when I restart MailScanner I get this message:
> > >
> > > Latest MAilScanner, RedHat 7.3 all up2date...
> > >
> > > Shutting down MailScanner daemons:
> > > MailScanner: [ OK ]
> > > incoming sendmail: head: /var/run/sendmail.in.pid:
> > > No such file or
> > > directory
> > > [ OK ]
> > > outgoing sendmail: [ OK ]
> > > Starting MailScanner daemons:
> > > incoming sendmail: [ OK ]
> > > outgoing sendmail: [ OK ]
> > > MailScanner: [ OK ]
> > >
> >
> >
> >
> >BMRB International
> >http://www.bmrb.co.uk
> >+44 (0)20 8566 5000
> >_________________________________________________________________
> >This message (and any attachment) is intended only for the
> >recipient and may contain confidential and/or privileged
> >material. If you have received this in error, please contact the
> >sender and delete this message immediately. Disclosure, copying
> >or other action taken in respect of this email or in
> >reliance on it is prohibited. BMRB International Limited
> >accepts no liability in relation to any personal emails, or
> >content of any email which does not directly relate to our
> >business.
>
>--
>Julian Field
>www.MailScanner.info
>Professional Support Services at www.MailScanner.biz
>MailScanner thanks transtec Computers for their support
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
From jaearick at COLBY.EDU Sat Apr 5 14:07:32 2003
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:17:42 2006
Subject: SAVI-Perl-0.15 doesn't like Sun's compiler
In-Reply-To: <5.2.0.9.2.20030404164708.02c673c0@imap.ecs.soton.ac.uk>
References: <5.2.0.9.2.20030404164708.02c673c0@imap.ecs.soton.ac.uk>
Message-ID:
Julian,
Paul Henson has provided me with a fix to this problem for
SAVI-Perl-0.15, so (maybe) he might put out a new version in
the near future. I also suggested that he have the Makefile.PL
query for the sophos install location.
Suggestion: add step 6 of
http://www.sng.ecs.soton.ac.uk/mailscanner/install/SAVI.shtml
to the Sophos.install script, if you haven't already done it.
Thanks.
--- Jeff Earickson
From mailscanner at ecs.soton.ac.uk Sat Apr 5 14:23:06 2003
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:17:42 2006
Subject: SAVI-Perl-0.15 doesn't like Sun's compiler
In-Reply-To:
References: <5.2.0.9.2.20030404164708.02c673c0@imap.ecs.soton.ac.uk>
<5.2.0.9.2.20030404164708.02c673c0@imap.ecs.soton.ac.uk>
Message-ID: <5.2.0.9.2.20030405142248.02671e18@imap.ecs.soton.ac.uk>
At 14:07 05/04/2003, you wrote:
> Suggestion: add step 6 of
>http://www.sng.ecs.soton.ac.uk/mailscanner/install/SAVI.shtml
>to the Sophos.install script, if you haven't already done it.
Good idea. Done.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
From mailscanner at ecs.soton.ac.uk Sat Apr 5 15:21:50 2003
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:17:42 2006
Subject: MailScanner 4.14 on RaQ3
Message-ID: <5.2.0.9.2.20030405151449.039a34e8@imap.ecs.soton.ac.uk>
If you are having trouble getting MailScanner 4.14 started/stopped on a
RaQ3 system,
replace
/etc/rc.d/init.d/MailScanner
with the file at
http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/etc-rc.d-init.d-MailScanner.RaQ3
This does not apply to RaQ4 systems or anything newer than that.
(It is caused by RaQ3 systems running sendmail 8.9.3)
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
From scouty at BROMBERG.DEMON.NL Sat Apr 5 22:37:50 2003
From: scouty at BROMBERG.DEMON.NL (Matthijs Althoff)
Date: Thu Jan 12 21:17:42 2006
Subject: "spamassassin" redhat 9 mailscanner
Message-ID:
my setup:
OS : Redhat 9
Sendmail : 8.12.8/8.12.8 (rpm)
MailScanner : 4.14.9 (rpm)
Spamassassin : 2.53 (rpm)
Tonight I have upgraded my Redhat 8 box to 9. The update process wend
smooth with hardly problems worth mentioning. The only odd thing I found
was that spamassassin was set back to 2.44 which comes with RedHat 9 and
had overwritten my custom 2.52 on the system. I have de-installed the RPM
cleanup files hanging on the system and installed the 2.53 rpm.
The problem is that MailScanner is not starting with "Use SpamAssassin
= yes" this is what the log shows..
Apr 5 23:14:38 bromberg MailScanner[10491]:
MailScanner E-Mail Virus Scanner version 4.14-9 starting...
Apr 5 23:14:48 bromberg MailScanner[10495]:
MailScanner E-Mail Virus Scanner version 4.14-9 starting...
and on and on and on and on and on and on and on and on...
When I set "Use SpamAssassin = no" MailScanner starts fine
MailScanner[10696]: MailScanner E-Mail Virus Scanner version 4.14-9
starting...
MailScanner[10696]: Using locktype = flock
MailScanner[10700]: MailScanner E-Mail Virus Scanner version 4.14-9
starting...
MailScanner[10700]: Using locktype = flock
but of course without spamassassin checks.. I have downgraded to 2.52 but
this does not solve the problem. I have completely removed everything down
to MailScanner, spamassassin and sendmail but have no clue where to
look now..
From donovan at HUFFDATASYSTEMS.COM Sun Apr 6 07:59:24 2003
From: donovan at HUFFDATASYSTEMS.COM (Donovan Huff | HUFF DATA SYSTEMS)
Date: Thu Jan 12 21:17:42 2006
Subject: Score is -35 but it is still marked as s p a m, why?
Message-ID: <00fa01c2fc0a$100068d0$34c75a42@x27>
I am wondering why messages marked with a score such as -35 are tagged as s p a m in the subject line when the required as 5 and all
the header information says it is not s p a m, I have attached the message. I've had this issue several times and with different
MailScanner versions.
Regards,
Donovan Huff
Owner/Operator
HUFF DATA SYSTEMS
donovan@huffdatasystems.com
http://www.huffdatasystems.com/
(361) 781-0631
------------------------------------------------------
Web Hosting Starting at $5.00/mo
http://www.huffdatasystems.com/
------------------------------------------------------
-------------- next part --------------
An embedded message was scrubbed...
From: Lewis Bergman
Subject: Re: {Spam?} RE: [Motorola] Adjacent towers causing multipath/high noise?
Date: Fri, 4 Apr 2003 18:40:37 -0600
Size: 2382
Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030406/ebd66f47/Re_Spam_RE_MotorolaAdjacenttowerscausingmultipath_highnoise_.eml
From SJCJonker at SJC.NL Sun Apr 6 08:58:10 2003
From: SJCJonker at SJC.NL (Stijn Jonker)
Date: Thu Jan 12 21:17:42 2006
Subject: Logging and high score spam email
Message-ID:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello all,
With the recent gtube sig on the maillinglist i noticed something
strange. The message was nowhere to find an no log message or so.
So i decided to finally do some testing. From an external account i send
myself an email message with the gtube signature. In the attachment is an
snippet of my log, it only list logging from the one email with the gtube
signature.
My settings:
High SpamAssassin Score = 100
High Scoring Spam Actions = store
Is it correct that it doesn't log anything to syslog? Maybe i missed
a config options somewhere.
On all other Mailscanner actions it always reports a final action like:
"Uninfected delivered X messages" (Or cleaned etc etc) If it's nothing i
missed maybe it is an idea to log a message when the high spam score is
reached and what action is taken? Something like: Message is High
score spam:
For your info the following version details:
MailScanner 4.14-9
Sendmail 8.11.6 (with fixes)
Linux RH7.3 all patches
Perl 5.6.1
let me know anybody needs more info.
- --
Met Vriendelijke groet/Yours Sincerely
Stijn Jonker
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE+j94UjU9r45tKnOARAiURAJ9JQbNRkNCqWuh21jzQucAdRtoBEgCgnqvD
1no5B3S/RI7TWfnhZ076qMY=
=krgu
-----END PGP SIGNATURE-----
-------------- next part --------------
Apr 6 09:40:32 ph-dmz-01 sendmail[18093]: h367eLg18081: to=, delay=00:00:11, xdelay=00:00:00, mailer=esmtp, pri=120978, relay=smtp-final.sjc.nl. [192.168.175.101], dsn=2.0.0, stat=Sent (Ok: queued as 0DD091581D)
Apr 6 09:43:07 ph-dmz-01 sendmail[18210]: h367h7g18210: from=, size=1039, class=0, nrcpts=1, msgid=<200304060743.h367h68i063567@xs1.xs4all.nl>, proto=ESMTP, daemon=MTA, relay=pd-zf-01.sjc.nl [192.168.253.254]
Apr 6 09:43:07 ph-dmz-01 sendmail[18210]: h367h7g18210: to=, delay=00:00:00, mailer=esmtp, pri=31039, stat=queued
Apr 6 09:43:11 ph-dmz-01 MailScanner[17873]: New Batch: Scanning 1 messages, 1468 bytes
Apr 6 09:43:12 ph-dmz-01 MailScanner[17873]: Spam Checks: Found 1 spam messages
Apr 6 09:43:12 ph-dmz-01 MailScanner[17873]: Virus and Content Scanning: Starting
From so-mlist-alias at all-about-shift.com Sun Apr 6 10:42:56 2003
From: so-mlist-alias at all-about-shift.com (Soeren Gerlach)
Date: Thu Jan 12 21:17:42 2006
Subject: Question regarding the Message.pm in lib/MailScanner
Message-ID: <200304061142.56699.so-mlist-alias@all-about-shift.com>
This one goes probably direct to Julian, as he might know best about it ,-))
I added a new function to CustomConfig.pm to get some extended logging about
spam and virus for each mail. Although I found the information about spam
quite easy for viruses it simply overwhelmed me, whats available in the
message object ,-)) What is the appropriate hash or array to look at If I
simply wan to know what's the name of the virus, if one has been found?
Thanks & regards,
Soeren Gerlach
From scouty at BROMBERG.DEMON.NL Sun Apr 6 11:42:20 2003
From: scouty at BROMBERG.DEMON.NL (Matthijs Althoff)
Date: Thu Jan 12 21:17:42 2006
Subject: "spamassassin" redhat 9 mailscanner
Message-ID:
On Sat, 5 Apr 2003 22:37:50 +0100, Matthijs Althoff
wrote:
>The problem is that MailScanner is not starting with "Use SpamAssassin
>= yes" this is what the log shows..
I have removed spamassassin 2.53 and installed the standard 2.44 which
comes with
From mailscanner at ecs.soton.ac.uk Sun Apr 6 11:42:46 2003
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:17:42 2006
Subject: "spamassassin" redhat 9 mailscanner
In-Reply-To:
Message-ID: <5.2.0.9.2.20030406114154.024c2ec8@imap.ecs.soton.ac.uk>
The RPM is installing SpamAssassin in a location where Perl can't find it.
Build SpamAssassin from source (ie the .tar.gz distribution) instead.
At 22:37 05/04/2003, you wrote:
>my setup:
>
>OS : Redhat 9
>Sendmail : 8.12.8/8.12.8 (rpm)
>MailScanner : 4.14.9 (rpm)
>Spamassassin : 2.53 (rpm)
>
>Tonight I have upgraded my Redhat 8 box to 9. The update process wend
>smooth with hardly problems worth mentioning. The only odd thing I found
>was that spamassassin was set back to 2.44 which comes with RedHat 9 and
>had overwritten my custom 2.52 on the system. I have de-installed the RPM
>cleanup files hanging on the system and installed the 2.53 rpm.
>
>The problem is that MailScanner is not starting with "Use SpamAssassin
>= yes" this is what the log shows..
>
>Apr 5 23:14:38 bromberg MailScanner[10491]:
>MailScanner E-Mail Virus Scanner version 4.14-9 starting...
>Apr 5 23:14:48 bromberg MailScanner[10495]:
>MailScanner E-Mail Virus Scanner version 4.14-9 starting...
>and on and on and on and on and on and on and on and on...
>
>When I set "Use SpamAssassin = no" MailScanner starts fine
>
>MailScanner[10696]: MailScanner E-Mail Virus Scanner version 4.14-9
>starting...
>MailScanner[10696]: Using locktype = flock
>MailScanner[10700]: MailScanner E-Mail Virus Scanner version 4.14-9
>starting...
>MailScanner[10700]: Using locktype = flock
>
>but of course without spamassassin checks.. I have downgraded to 2.52 but
>this does not solve the problem. I have completely removed everything down
>to MailScanner, spamassassin and sendmail but have no clue where to
>look now..
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
From scouty at BROMBERG.DEMON.NL Sun Apr 6 11:43:33 2003
From: scouty at BROMBERG.DEMON.NL (Matthijs Althoff)
Date: Thu Jan 12 21:17:42 2006
Subject: "spamassassin" redhat 9 mailscanner
Message-ID:
On Sat, 5 Apr 2003 22:37:50 +0100, Matthijs Althoff
wrote:
ooops pressed the wrong button
>The problem is that MailScanner is not starting with "Use SpamAssassin
>= yes" this is what the log shows..
I have removed spamassassin 2.53 and installed the standard 2.44 which
comes with RedHat 9 and it starts again. It seems the problems lays within
MailScanner and the spamassassin rpm from spassassin.org..
From mailscanner at ecs.soton.ac.uk Sun Apr 6 11:52:50 2003
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:17:42 2006
Subject: Score is -35 but it is still marked as s p a m, why?
In-Reply-To: <00fa01c2fc0a$100068d0$34c75a42@x27>
Message-ID: <5.2.0.9.2.20030406115108.02690f00@imap.ecs.soton.ac.uk>
What version of Perl are you running? There is a Perl bug somewhere around
this code, I had to write it the way I did because Perl was getting
arithmetic comparison wrong sometimes.
What version of MailScanner are you running?
At 07:59 06/04/2003, you wrote:
>I am wondering why messages marked with a score such as -35 are tagged as
>s p a m in the subject line when the required as 5 and all
>the header information says it is not s p a m, I have attached the
>message. I've had this issue several times and with different
>MailScanner versions.
>
>
>Regards,
>
>Donovan Huff
>Owner/Operator
>HUFF DATA SYSTEMS
>donovan@huffdatasystems.com
>http://www.huffdatasystems.com/
>(361) 781-0631
>
>------------------------------------------------------
>Web Hosting Starting at $5.00/mo
>http://www.huffdatasystems.com/
>------------------------------------------------------
>
>Return-Path:
>Received: from core.huffdatasystems.net (root@localhost)
> by huffdatasystems.com (8.11.6/8.11.6) with ESMTP id h350nqp27062
> for ; Fri, 4 Apr 2003 18:49:52 -0600
>X-ClientAddr: 198.63.203.3
>Received: from part-15.org (mail.midconqc.com [198.63.203.3])
> by core.huffdatasystems.net (8.11.6/8.11.6) with SMTP id h350nlg27050
> for ; Fri, 4 Apr 2003 18:49:47 -0600
>Received: from lewis.abi.tconline.net [208.29.17.215] by pdqlink.com with
>ESMTP
> (SMTPD32-4.07) id A788E0013A; Fri, 04 Apr 2003 18:47:04 CDT
>Received: from localhost (localhost [[UNIX: localhost]])
> by lewis.abi.tconline.net (8.11.6/8.11.6) id h350ecB12126
> for Motorola@part-15.org; Fri, 4 Apr 2003 18:40:38 -0600
>Content-Type: text/plain;
> charset="iso-8859-1"
>From: Lewis Bergman
>Organization: Texas Communications, Inc.
>To: Motorola@part-15.org
>Date: Fri, 4 Apr 2003 18:40:37 -0600
>User-Agent: KMail/1.4.1
>References: <003001c2fb03$77925e70$0200a8c0@villanova.com>
>In-Reply-To: <003001c2fb03$77925e70$0200a8c0@villanova.com>
>MIME-Version: 1.0
>Content-Transfer-Encoding: 8bit
>Message-Id: <200304041840.37839.lbergman@wtxs.net>
>Subject: Re: {Spam?} RE: [Motorola] Adjacent towers causing multipath/high
>noise?
>Precedence: bulk
>Sender: Motorola-owner@part-15.org
>Reply-To: Motorola@part-15.org
>X-MailScanner-Information: Please contact the ISP for more information
>X-MailScanner: Found to be clean
>X-MailScanner-SpamCheck: not spam, SpamAssassin (score=-35.1, required 5,
> AWL, BAYES_01, IN_REP_TO, NORMAL_HTTP_TO_IP, QUOTED_EMAIL_TEXT,
> REFERENCES, REPLY_WITH_QUOTES, SIGNATURE_LONG_DENSE, SMTPD_IN_RCVD,
> USER_AGENT_KMAIL)
>Status:
>
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
From mailscanner at ecs.soton.ac.uk Sun Apr 6 12:01:39 2003
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:17:42 2006
Subject: Question regarding the Message.pm in lib/MailScanner
In-Reply-To: <200304061142.56699.so-mlist-alias@all-about-shift.com>
Message-ID: <5.2.0.9.2.20030406115443.02664da0@imap.ecs.soton.ac.uk>
At 10:42 06/04/2003, you wrote:
>This one goes probably direct to Julian, as he might know best about it ,-))
>
>I added a new function to CustomConfig.pm to get some extended logging about
>spam and virus for each mail. Although I found the information about spam
>quite easy for viruses it simply overwhelmed me, whats available in the
>message object ,-)) What is the appropriate hash or array to look at If I
>simply wan to know what's the name of the virus, if one has been found?
The output parsers don't extract the name of the virus (except F-Prot and
F-Secure if I remember rightly).
The scanner report lines are stored though, so you could try and extract it
from there, just for the scanners you are using.
while(($filename, $report) = each %{$message->{virusreports}}) {
push @allreports, split(/\n/, $report);
}
# You now have 1 virus report in each element of @allreports.
# So, knowing the output structure of your particular scanner(s),
# you can pull out the name of the virus.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
From kevins at BMRB.CO.UK Sun Apr 6 12:16:16 2003
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:17:42 2006
Subject: Score is -35 but it is still marked as s p a m, why?
In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0EDF6A9@pascal.priv.bmrb.co.uk>
References: <5C0296D26910694BB9A9BBFC577E7AB0EDF6A9@pascal.priv.bmrb.co.uk>
Message-ID: <1049627777.14684.15.camel@bach.kevinspicer.co.uk>
On Sun, 2003-04-06 at 07:59, Donovan Huff | HUFF DATA SYSTEMS wrote:
I am wondering why messages marked with a score such as -35 are tagged
as s p a m in the subject line when the required as 5 and all
the header information says it is not s p a m, I have attached the
message. I've had this issue several times and with different
MailScanner versions.
If you look at the subject of the mail notice that it begins...
Re: {Spam?}
So the pass through a Mailscanner that generated the -35 score is not
the same pass that altered the subject - it may not even have been your
Mailscanner that did it. I would suggest changing your spam subject in
some subtle way (maybe square brackets, ALL CAPS or two question marks)
so you can see if it is generated by your mailscanner.
BTW... one of the reasons it got such a low score is that you have
auto-whitelisting on, which is probably not such a good idea with MS
(unless this machine doesn't serve multiple users). Check the archives
for the reasons!
BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material. If you have received this in error, please contact the
sender and delete this message immediately. Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited. BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.
From so-mlist-alias at all-about-shift.com Sun Apr 6 13:09:16 2003
From: so-mlist-alias at all-about-shift.com (Soeren Gerlach)
Date: Thu Jan 12 21:17:42 2006
Subject: Question regarding the Message.pm in lib/MailScanner
In-Reply-To: <5.2.0.9.2.20030406115443.02664da0@imap.ecs.soton.ac.uk>
References: <5.2.0.9.2.20030406115443.02664da0@imap.ecs.soton.ac.uk>
Message-ID: <200304061409.16457.so-mlist-alias@all-about-shift.com>
Thanks for the answer! I'll give it a try.
Best regards,
Soeren
> At 10:42 06/04/2003, you wrote:
> >This one goes probably direct to Julian, as he might know best about it
> > ,-))
> >
> >I added a new function to CustomConfig.pm to get some extended logging
> > about spam and virus for each mail. Although I found the information
> > about spam quite easy for viruses it simply overwhelmed me, whats
> > available in the message object ,-)) What is the appropriate hash or
> > array to look at If I simply wan to know what's the name of the virus,
> > if one has been found?
>
> The output parsers don't extract the name of the virus (except F-Prot and
> F-Secure if I remember rightly).
> The scanner report lines are stored though, so you could try and extract
> it from there, just for the scanners you are using.
>
> while(($filename, $report) = each %{$message->{virusreports}}) {
> push @allreports, split(/\n/, $report);
> }
> # You now have 1 virus report in each element of @allreports.
> # So, knowing the output structure of your particular scanner(s),
> # you can pull out the name of the virus.
From scouty at BROMBERG.DEMON.NL Sun Apr 6 13:23:55 2003
From: scouty at BROMBERG.DEMON.NL (Matthijs Althoff)
Date: Thu Jan 12 21:17:42 2006
Subject: "spamassassin" redhat 9 mailscanner
Message-ID:
On Sun, 6 Apr 2003 11:42:46 +0100, Julian Field
wrote:
>The RPM is installing SpamAssassin in a location where Perl can't find it.
>Build SpamAssassin from source (ie the .tar.gz distribution) instead.
That seems to do the job after building the 2.53 from tar.gz it runs fine..
From nathan at TCPNETWORKS.NET Sun Apr 6 15:20:24 2003
From: nathan at TCPNETWORKS.NET (Nathan Johanson)
Date: Thu Jan 12 21:17:42 2006
Subject: MailScanner/Sendmail for Dummies??
Message-ID:
Actually you can use "make" to build the *.cf file in earlier versions of RedHat as well (notably the 7.x series). The working directory is different. Instead of /etc/mail, it's /usr/share/sendmail-cf/cf. The redhat.mc file located in this directory is a good place to start (doesn't need a lot of changes), add your m4 macros, and then run make redhat.cf, and then cp redhat.cf /etc/sendmail.cf.
Nathan
-----Original Message-----
From: Mike Zanker [mailto:mike@ZANKER.ORG]
Sent: Fri 4/4/2003 10:23 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Cc:
Subject: Re: MailScanner/Sendmail for Dummies??
On 04 April 2003 16:49 -0600 Mike Kercher wrote:
> After you make the modifications to /etc/mail/sendmail.mc , don't
> forget to run "m4 /etc/mail/sendmail.mc > /etc/sendmail.cf" to
> generate your new /etc/sendmail.cf
That depends on the version of Red Hat being used. From 8.0 onwards
sendmail.cf moved to /etc/mail and will be made from sendmail.mc by
running "make" in that directory. Previous Red Hat versions (and the
new Enterprise products) will need m4 running manually, as you said.
Mike.
From isp-list at TULSACONNECT.COM Sun Apr 6 16:46:59 2003
From: isp-list at TULSACONNECT.COM (ISP List)
Date: Thu Jan 12 21:17:42 2006
Subject: Bayes database - can it be copied?
Message-ID: <5.2.1.1.2.20030406104517.04b5fea8@securemail.tulsaconnect.com>
I've got two identical boxes, both running MS 4.14 and SA 2.53. The first
one is our 10 MX, the second is 20 MX. The first gets a *lot* more mail
than the second, and as a result the Bayes database is 90% larger than on
MX 20. Can I copy the bayes files in ~root/.spamassassion from the first
machine to the second to "jump start" its Bayes functionality?
-------------------------------------
Mike Bacher / mike@sparklogic.com
Use OptiGold ISP? Check out OptiSkin!
http://www.sparklogic.com/optiskin/
-------------------------------------
From mailscanner at ecs.soton.ac.uk Sun Apr 6 16:56:02 2003
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:17:42 2006
Subject: Bayes database - can it be copied?
In-Reply-To: <5.2.1.1.2.20030406104517.04b5fea8@securemail.tulsaconnect. com>
Message-ID: <5.2.0.9.2.20030406164838.026aaaa8@imap.ecs.soton.ac.uk>
At 16:46 06/04/2003, you wrote:
>I've got two identical boxes, both running MS 4.14 and SA 2.53. The first
>one is our 10 MX, the second is 20 MX. The first gets a *lot* more mail
>than the second, and as a result the Bayes database is 90% larger than on
>MX 20. Can I copy the bayes files in ~root/.spamassassion from the first
>machine to the second to "jump start" its Bayes functionality?
I think as long as you do it carefully, then you will probably be okay. The
critical time is between the creation/update of the 2 db files.
Say your machines are called mx10 and mx20, then something like this should
do it pretty well. I'm assuming you are using scp, but just change the scp
for rcp if that's what you are using.
On mx20:
cd ~root/.spamassassin
mkdir new_files 2>/dev/null
scp 'mx10:.spamassassin/*' new_files
mv -f new_files/* .
I do all the files at once to minimise the time when the db files aren't
consistent with each other, as this isn't doing any proper locking. Just
copying the files straight into ~/.spamassassin would make the
"inconsistent" time a lot longer.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
From donovan at HUFFDATASYSTEMS.COM Sun Apr 6 19:08:34 2003
From: donovan at HUFFDATASYSTEMS.COM (Donovan Huff | HUFF DATA SYSTEMS)
Date: Thu Jan 12 21:17:42 2006
Subject: Score is -35 but it is still marked as s p a m, why?
References: <5C0296D26910694BB9A9BBFC577E7AB0EDF6A9@pascal.priv.bmrb.co.uk>
<1049627777.14684.15.camel@bach.kevinspicer.co.uk>
Message-ID: <00f301c2fc67$8ae8f870$46c65a42@x27>
Well unfortunatlly if I don't have auto whitelisting on it starts marking everything as spam for some reason that is unknown to me,
that is actually why I turned it on because low scores (those below five) were even getting tagged as spam. As far as the "{Spam?}"
in the subject, that is added by MailScanner without doubt as it is listed in the config and changing it will change the tag. If I
can resolve the issue where when auto white listing is turned off just about everything starts being tagged as spam even if it is
not found to be spam and has a lower than require score then I will turn off auto white listing. Right now with auto whitelisting
on, it just tags some e-mail that it doesn't find to be spam and has a lower than required score with the modified subject line
addition of "{Spam?}.
Perl v5.6.0
MailScanner 4.13-3
SpamAssassin 2.52
----- Original Message -----
From: "Kevin Spicer"
To:
Sent: Sunday, April 06, 2003 6:16 AM
Subject: Re: Score is -35 but it is still marked as s p a m, why?
> On Sun, 2003-04-06 at 07:59, Donovan Huff | HUFF DATA SYSTEMS wrote:
>
>
> I am wondering why messages marked with a score such as -35 are tagged
> as s p a m in the subject line when the required as 5 and all
> the header information says it is not s p a m, I have attached the
> message. I've had this issue several times and with different
> MailScanner versions.
>
> If you look at the subject of the mail notice that it begins...
> Re: {Spam?}
> So the pass through a Mailscanner that generated the -35 score is not
> the same pass that altered the subject - it may not even have been your
> Mailscanner that did it. I would suggest changing your spam subject in
> some subtle way (maybe square brackets, ALL CAPS or two question marks)
> so you can see if it is generated by your mailscanner.
>
> BTW... one of the reasons it got such a low score is that you have
> auto-whitelisting on, which is probably not such a good idea with MS
> (unless this machine doesn't serve multiple users). Check the archives
> for the reasons!
>
>
>
>
> BMRB International
> http://www.bmrb.co.uk
> +44 (0)20 8566 5000
> _________________________________________________________________
> This message (and any attachment) is intended only for the
> recipient and may contain confidential and/or privileged
> material. If you have received this in error, please contact the
> sender and delete this message immediately. Disclosure, copying
> or other action taken in respect of this email or in
> reliance on it is prohibited. BMRB International Limited
> accepts no liability in relation to any personal emails, or
> content of any email which does not directly relate to our
> business.
From donovan at HUFFDATASYSTEMS.COM Sun Apr 6 19:09:49 2003
From: donovan at HUFFDATASYSTEMS.COM (Donovan Huff | HUFF DATA SYSTEMS)
Date: Thu Jan 12 21:17:43 2006
Subject: Score is -35 but it is still marked as s p a m, why?
References: <5.2.0.9.2.20030406115108.02690f00@imap.ecs.soton.ac.uk>
Message-ID: <00f901c2fc67$b81e9c00$46c65a42@x27>
Running the following versions:
Perl v5.6.0
MailScanner 4.13-3
SpamAssassin 2.52
TIA,
Donovan
----- Original Message -----
From: "Julian Field"
To:
Sent: Sunday, April 06, 2003 5:52 AM
Subject: Re: Score is -35 but it is still marked as s p a m, why?
> What version of Perl are you running? There is a Perl bug somewhere around
> this code, I had to write it the way I did because Perl was getting
> arithmetic comparison wrong sometimes.
> What version of MailScanner are you running?
>
> At 07:59 06/04/2003, you wrote:
>
> >I am wondering why messages marked with a score such as -35 are tagged as
> >s p a m in the subject line when the required as 5 and all
> >the header information says it is not s p a m, I have attached the
> >message. I've had this issue several times and with different
> >MailScanner versions.
> >
> >
> >Regards,
> >
> >Donovan Huff
> >Owner/Operator
> >HUFF DATA SYSTEMS
> >donovan@huffdatasystems.com
> >http://www.huffdatasystems.com/
> >(361) 781-0631
> >
> >------------------------------------------------------
> >Web Hosting Starting at $5.00/mo
> >http://www.huffdatasystems.com/
> >------------------------------------------------------
> >
> >Return-Path:
> >Received: from core.huffdatasystems.net (root@localhost)
> > by huffdatasystems.com (8.11.6/8.11.6) with ESMTP id h350nqp27062
> > for ; Fri, 4 Apr 2003 18:49:52 -0600
> >X-ClientAddr: 198.63.203.3
> >Received: from part-15.org (mail.midconqc.com [198.63.203.3])
> > by core.huffdatasystems.net (8.11.6/8.11.6) with SMTP id h350nlg27050
> > for ; Fri, 4 Apr 2003 18:49:47 -0600
> >Received: from lewis.abi.tconline.net [208.29.17.215] by pdqlink.com with
> >ESMTP
> > (SMTPD32-4.07) id A788E0013A; Fri, 04 Apr 2003 18:47:04 CDT
> >Received: from localhost (localhost [[UNIX: localhost]])
> > by lewis.abi.tconline.net (8.11.6/8.11.6) id h350ecB12126
> > for Motorola@part-15.org; Fri, 4 Apr 2003 18:40:38 -0600
> >Content-Type: text/plain;
> > charset="iso-8859-1"
> >From: Lewis Bergman
> >Organization: Texas Communications, Inc.
> >To: Motorola@part-15.org
> >Date: Fri, 4 Apr 2003 18:40:37 -0600
> >User-Agent: KMail/1.4.1
> >References: <003001c2fb03$77925e70$0200a8c0@villanova.com>
> >In-Reply-To: <003001c2fb03$77925e70$0200a8c0@villanova.com>
> >MIME-Version: 1.0
> >Content-Transfer-Encoding: 8bit
> >Message-Id: <200304041840.37839.lbergman@wtxs.net>
> >Subject: Re: {Spam?} RE: [Motorola] Adjacent towers causing multipath/high
> >noise?
> >Precedence: bulk
> >Sender: Motorola-owner@part-15.org
> >Reply-To: Motorola@part-15.org
> >X-MailScanner-Information: Please contact the ISP for more information
> >X-MailScanner: Found to be clean
> >X-MailScanner-SpamCheck: not spam, SpamAssassin (score=-35.1, required 5,
> > AWL, BAYES_01, IN_REP_TO, NORMAL_HTTP_TO_IP, QUOTED_EMAIL_TEXT,
> > REFERENCES, REPLY_WITH_QUOTES, SIGNATURE_LONG_DENSE, SMTPD_IN_RCVD,
> > USER_AGENT_KMAIL)
> >Status:
> >
>
> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
From mailscanner at ecs.soton.ac.uk Sun Apr 6 19:21:13 2003
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:17:43 2006
Subject: Score is -35 but it is still marked as s p a m, why?
In-Reply-To: <00f901c2fc67$b81e9c00$46c65a42@x27>
References: <5.2.0.9.2.20030406115108.02690f00@imap.ecs.soton.ac.uk>
Message-ID: <5.2.0.9.2.20030406192002.02752978@imap.ecs.soton.ac.uk>
I don't know of anyone else suffering problems with all mail being marked
as spam, so I suspect it's something in your configuration.
Try upgrading to SpamAssassin 2.53 as well, just in case you are hitting a
bug there.
At 19:09 06/04/2003, you wrote:
>Running the following versions:
>
>Perl v5.6.0
>MailScanner 4.13-3
>SpamAssassin 2.52
>
>
>TIA,
>
>Donovan
>
>----- Original Message -----
>From: "Julian Field"
>To:
>Sent: Sunday, April 06, 2003 5:52 AM
>Subject: Re: Score is -35 but it is still marked as s p a m, why?
>
>
> > What version of Perl are you running? There is a Perl bug somewhere around
> > this code, I had to write it the way I did because Perl was getting
> > arithmetic comparison wrong sometimes.
> > What version of MailScanner are you running?
> >
> > At 07:59 06/04/2003, you wrote:
> >
> > >I am wondering why messages marked with a score such as -35 are tagged as
> > >s p a m in the subject line when the required as 5 and all
> > >the header information says it is not s p a m, I have attached the
> > >message. I've had this issue several times and with different
> > >MailScanner versions.
> > >
> > >
> > >Regards,
> > >
> > >Donovan Huff
> > >Owner/Operator
> > >HUFF DATA SYSTEMS
> > >donovan@huffdatasystems.com
> > >http://www.huffdatasystems.com/
> > >(361) 781-0631
> > >
> > >------------------------------------------------------
> > >Web Hosting Starting at $5.00/mo
> > >http://www.huffdatasystems.com/
> > >------------------------------------------------------
> > >
> > >Return-Path:
> > >Received: from core.huffdatasystems.net (root@localhost)
> > > by huffdatasystems.com (8.11.6/8.11.6) with ESMTP id h350nqp27062
> > > for ; Fri, 4 Apr 2003 18:49:52 -0600
> > >X-ClientAddr: 198.63.203.3
> > >Received: from part-15.org (mail.midconqc.com [198.63.203.3])
> > > by core.huffdatasystems.net (8.11.6/8.11.6) with SMTP id
> h350nlg27050
> > > for ; Fri, 4 Apr 2003 18:49:47 -0600
> > >Received: from lewis.abi.tconline.net [208.29.17.215] by pdqlink.com with
> > >ESMTP
> > > (SMTPD32-4.07) id A788E0013A; Fri, 04 Apr 2003 18:47:04 CDT
> > >Received: from localhost (localhost [[UNIX: localhost]])
> > > by lewis.abi.tconline.net (8.11.6/8.11.6) id h350ecB12126
> > > for Motorola@part-15.org; Fri, 4 Apr 2003 18:40:38 -0600
> > >Content-Type: text/plain;
> > > charset="iso-8859-1"
> > >From: Lewis Bergman
> > >Organization: Texas Communications, Inc.
> > >To: Motorola@part-15.org
> > >Date: Fri, 4 Apr 2003 18:40:37 -0600
> > >User-Agent: KMail/1.4.1
> > >References: <003001c2fb03$77925e70$0200a8c0@villanova.com>
> > >In-Reply-To: <003001c2fb03$77925e70$0200a8c0@villanova.com>
> > >MIME-Version: 1.0
> > >Content-Transfer-Encoding: 8bit
> > >Message-Id: <200304041840.37839.lbergman@wtxs.net>
> > >Subject: Re: {Spam?} RE: [Motorola] Adjacent towers causing multipath/high
> > >noise?
> > >Precedence: bulk
> > >Sender: Motorola-owner@part-15.org
> > >Reply-To: Motorola@part-15.org
> > >X-MailScanner-Information: Please contact the ISP for more information
> > >X-MailScanner: Found to be clean
> > >X-MailScanner-SpamCheck: not spam, SpamAssassin (score=-35.1, required 5,
> > > AWL, BAYES_01, IN_REP_TO, NORMAL_HTTP_TO_IP, QUOTED_EMAIL_TEXT,
> > > REFERENCES, REPLY_WITH_QUOTES, SIGNATURE_LONG_DENSE,
> SMTPD_IN_RCVD,
> > > USER_AGENT_KMAIL)
> > >Status:
> > >
> >
> > --
> > Julian Field
> > www.MailScanner.info
> > Professional Support Services at www.MailScanner.biz
> > MailScanner thanks transtec Computers for their support
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
From kevins at BMRB.CO.UK Sun Apr 6 21:20:35 2003
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:17:43 2006
Subject: Score is -35 but it is still marked as s p a m, why?
In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0EDF6B7@pascal.priv.bmrb.co.uk>
References: <5C0296D26910694BB9A9BBFC577E7AB0EDF6B7@pascal.priv.bmrb.co.uk>
Message-ID: <1049660435.14663.33.camel@bach.kevinspicer.co.uk>
Right now with auto whitelisting
on, it just tags some e-mail that it doesn't find to be spam and has a
lower than required score with the modified subject line
addition of "{Spam?}.
Okay, so you've established that its your MailScanner thats adding the
tags. I don't know how representative the mail you posted was, but by
virtue of the fact the '{Spam?}' tag is not the first thing on the
subject line it might have been added when the email left your site
(before being replied to).
To find out if this is the case you might like to turn on spam logging
in MailScanner.conf...
Log Spam = yes
Hopefully this will enable you to prove whether the spam tag is being
added when the mail leaves your site & if so will capture the
SpamAssassin rules triggered to enable you to work out why.
BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material. If you have received this in error, please contact the
sender and delete this message immediately. Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited. BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.
From mailscanner at jiscmail.ac.uk Sun Apr 6 23:15:22 2003
From: mailscanner at jiscmail.ac.uk (mailscanner)
Date: Thu Jan 12 21:17:43 2006
Subject: {VIRUS?} Worm Klez.E immunity
Message-ID: <20030406221450.WCPW7505.simmts2-srv.bellnexxia.net@Qeqrgvf>
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030406/cb5e7ab1/attachment.html
-------------- next part --------------
This is a message from the MailScanner E-Mail Virus Protection Service
----------------------------------------------------------------------
The original e-mail attachment "Support.exe"
was believed to be infected by a virus and has been replaced by this warning
message.
If you wish to receive a copy of the *infected* attachment, please
e-mail helpdesk and include the whole of this message
in your request. Alternatively, you can call them, with
the contents of this message to hand when you call.
At Sun Apr 6 23:16:02 2003 the virus scanner said:
>>> Virus 'W32/Klez-H' found in file Support.exe
Executable DOS/Windows programs are dangerous in email (Support.exe)
Note to Help Desk: Look on magpie in /export/2/var/MailScanner/quarantine/20030406 (message XAA11485).
--
Postmaster
Mailscanner thanks transtec Computers for their support
From donovan at HUFFDATASYSTEMS.COM Sun Apr 6 22:46:37 2003
From: donovan at HUFFDATASYSTEMS.COM (Donovan Huff | HUFF DATA SYSTEMS)
Date: Thu Jan 12 21:17:43 2006
Subject: Score is -35 but it is still marked as s p a m, why?
References: <5C0296D26910694BB9A9BBFC577E7AB0EDF6B7@pascal.priv.bmrb.co.uk>
<1049660435.14663.33.camel@bach.kevinspicer.co.uk>
Message-ID: <023b01c2fc86$011b2a90$46c65a42@x27>
Okay it must have been a bug with the previous version(s) of MailScanner and/or SpamAssassin because it is working now with the auto
whitelisting off. It might have also been another option in the /etc/init.d/MailScanner that I had changed, but now went back to
the stock MailScanner init.d script.
MailScanner v14.4-9
SpamAssassin v2.53
Regards,
Donovan Huff
Owner/Operator
HUFF DATA SYSTEMS
donovan@huffdatasystems.com
http://www.huffdatasystems.com/
(361) 781-0631
------------------------------------------------------
Web Hosting Starting at $5.00/mo
http://www.huffdatasystems.com/
------------------------------------------------------
----- Original Message -----
From: "Kevin Spicer"
To:
Sent: Sunday, April 06, 2003 3:20 PM
Subject: Re: Score is -35 but it is still marked as s p a m, why?
> Right now with auto whitelisting
> on, it just tags some e-mail that it doesn't find to be spam and has a
> lower than required score with the modified subject line
> addition of "{Spam?}.
>
> Okay, so you've established that its your MailScanner thats adding the
> tags. I don't know how representative the mail you posted was, but by
> virtue of the fact the '{Spam?}' tag is not the first thing on the
> subject line it might have been added when the email left your site
> (before being replied to).
> To find out if this is the case you might like to turn on spam logging
> in MailScanner.conf...
> Log Spam = yes
>
> Hopefully this will enable you to prove whether the spam tag is being
> added when the mail leaves your site & if so will capture the
> SpamAssassin rules triggered to enable you to work out why.
>
>
>
>
> BMRB International
> http://www.bmrb.co.uk
> +44 (0)20 8566 5000
> _________________________________________________________________
> This message (and any attachment) is intended only for the
> recipient and may contain confidential and/or privileged
> material. If you have received this in error, please contact the
> sender and delete this message immediately. Disclosure, copying
> or other action taken in respect of this email or in
> reliance on it is prohibited. BMRB International Limited
> accepts no liability in relation to any personal emails, or
> content of any email which does not directly relate to our
> business.
From jaearick at COLBY.EDU Mon Apr 7 02:25:11 2003
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:17:43 2006
Subject: sophossavi as beta support
Message-ID:
Julian,
I installed Paul Henson's modified Perl-SAVI, set "sophossavi"
in mailscanner, and got thumped on the head by the syslog warning
pointing me to
www.sng.ecs.soton.ac.uk/mailscanner/install/codestatus.shtml,
so I suppose sophossavi should get a word of mention there....
--- Jeff Earickson
From isp-list at TULSACONNECT.COM Mon Apr 7 03:24:27 2003
From: isp-list at TULSACONNECT.COM (ISP List)
Date: Thu Jan 12 21:17:43 2006
Subject: Bayes database - can it be copied?
In-Reply-To: <5.2.0.9.2.20030406164838.026aaaa8@imap.ecs.soton.ac.uk>
References: <5.2.1.1.2.20030406104517.04b5fea8@securemail.tulsaconnect. com>
Message-ID: <5.2.1.1.2.20030406212214.04e24a88@securemail.tulsaconnect.com>
>I think as long as you do it carefully, then you will probably be okay. The
>critical time is between the creation/update of the 2 db files.
>
>Say your machines are called mx10 and mx20, then something like this should
>do it pretty well. I'm assuming you are using scp, but just change the scp
>for rcp if that's what you are using.
>
>On mx20:
>
>cd ~root/.spamassassin
>mkdir new_files 2>/dev/null
>scp 'mx10:.spamassassin/*' new_files
>mv -f new_files/* .
>
>I do all the files at once to minimise the time when the db files aren't
>consistent with each other, as this isn't doing any proper locking. Just
>copying the files straight into ~/.spamassassin would make the
>"inconsistent" time a lot longer.
That seemed to work fine. Thanks.
Now that I'm going to be feeding this box mass quantities of tasty spam, I
had a thought. Does the bayesian stuff pay attention to the headers, e.g.
the From and To lines? Since my E-mail address might be in the From line
someplace (Eudora puts it there even if you do a Redirect, after the
original From line..), the system won't start to think I'm a spammer since
I'm sending it lots of spam, will it? :-)
-------------------------------------
Mike Bacher / mike@sparklogic.com
Use OptiGold ISP? Check out OptiSkin!
http://www.sparklogic.com/optiskin/
-------------------------------------
From P.G.M.Peters at civ.utwente.nl Mon Apr 7 08:55:29 2003
From: P.G.M.Peters at civ.utwente.nl (Peter Peters)
Date: Thu Jan 12 21:17:43 2006
Subject: Exchange/Outlook client configuration
In-Reply-To: <84CFA712F666B44A94CE6BE116BAF4B0B4E5EF@MAIL>
References: <84CFA712F666B44A94CE6BE116BAF4B0B4E5EF@MAIL>
Message-ID:
On Fri, 4 Apr 2003 09:31:02 -0600, you wrote:
>> I set up a page on our intranet explaining what
>> spam is ('borrowed' from the SA web site!), why their mail has been
>> tagged as spam and how to set up an outlook rule to filter
>> it.
>
>Any way I could "borrow" that page?
What do you mean with borrow? You can use it as you see fit.
--
Peter Peters, senior netwerkbeheerder
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente, Postbus 217, 7500 AE Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/civ
From mailscanner at ecs.soton.ac.uk Mon Apr 7 10:16:17 2003
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:17:43 2006
Subject: 2 x "from=<>" in the logs
In-Reply-To:
Message-ID: <5.2.0.9.2.20030407101514.02596ee0@imap.ecs.soton.ac.uk>
The "<>" addresses in the envelope are intentional, as they help stop
automated bounce messages. But there are real addresses in the "From:"
headers so that people can manually reply to the messages if they need to.
At 08:43 07/04/2003, you wrote:
>yes thats seems to be right ... but why have they an empty form field ...
>is this a mailscanner problem or an sendmail trouble - need you more log-
>lines for deeper explaination ?
>
>thx4allinfos, joachim
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
From S.R.Patterson at SOTON.AC.UK Mon Apr 7 10:10:25 2003
From: S.R.Patterson at SOTON.AC.UK (Steven Patterson)
Date: Thu Jan 12 21:17:43 2006
Subject: 2 x "from=<>" in the logs
In-Reply-To:
References:
Message-ID:
On Apr 7, 2003 at 8:43am Joachim Dostal wrote:
JD> yes thats seems to be right ... but why have they an empty form field
JD> ... is this a mailscanner problem or an sendmail trouble - need you
JD> more log- lines for deeper explaination ?
It's not a problem at all.
It's a mail being bounced back to you from somewhere else. The empty from
field is deliberate to stop mail-bouncing loops. If a bounced mail in
turn bounces then it tries to go back to <>, which doesn't exist so the
mail is just discarded.
Steve
--
Steven Patterson, MSci OCP. Tel: +44 (0)2380 595810
Primary Information Services Support and Development
Information Systems Services, University of Southampton, UK.
Public PGP Key: http://www.bottleneck.org/pubkey.php
From jdostal at YCN.COM Mon Apr 7 10:30:01 2003
From: jdostal at YCN.COM (Joachim Dostal)
Date: Thu Jan 12 21:17:43 2006
Subject: 2 x "from=<>" in the logs
Message-ID:
THX A LOT for this description...
regards, joachim
From mailscanner at ecs.soton.ac.uk Mon Apr 7 10:30:59 2003
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:17:43 2006
Subject: sophossavi as beta support
In-Reply-To:
Message-ID: <5.2.0.9.2.20030407103029.0271a9a0@imap.ecs.soton.ac.uk>
At 02:25 07/04/2003, you wrote:
>Julian,
> I installed Paul Henson's modified Perl-SAVI, set "sophossavi"
>in mailscanner, and got thumped on the head by the syslog warning
>pointing me to
>www.sng.ecs.soton.ac.uk/mailscanner/install/codestatus.shtml,
>so I suppose sophossavi should get a word of mention there....
Thanks Jeff, I have updated the file. Far more scanners are fully supported
now.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
From mailscanner at ecs.soton.ac.uk Mon Apr 7 10:33:00 2003
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:17:43 2006
Subject: Bayes database - can it be copied?
In-Reply-To: <5.2.1.1.2.20030406212214.04e24a88@securemail.tulsaconnect. com>
References: <5.2.0.9.2.20030406164838.026aaaa8@imap.ecs.soton.ac.uk>
<5.2.1.1.2.20030406104517.04b5fea8@securemail.tulsaconnect. com>
Message-ID: <5.2.0.9.2.20030407103205.0271a830@imap.ecs.soton.ac.uk>
At 03:24 07/04/2003, you wrote:
>>I think as long as you do it carefully, then you will probably be okay. The
>>critical time is between the creation/update of the 2 db files.
>>
>>Say your machines are called mx10 and mx20, then something like this should
>>do it pretty well. I'm assuming you are using scp, but just change the scp
>>for rcp if that's what you are using.
>>
>>On mx20:
>>
>>cd ~root/.spamassassin
>>mkdir new_files 2>/dev/null
>>scp 'mx10:.spamassassin/*' new_files
>>mv -f new_files/* .
>>
>>I do all the files at once to minimise the time when the db files aren't
>>consistent with each other, as this isn't doing any proper locking. Just
>>copying the files straight into ~/.spamassassin would make the
>>"inconsistent" time a lot longer.
>
>That seemed to work fine. Thanks.
>
>Now that I'm going to be feeding this box mass quantities of tasty spam, I
>had a thought. Does the bayesian stuff pay attention to the headers, e.g.
>the From and To lines? Since my E-mail address might be in the From line
>someplace (Eudora puts it there even if you do a Redirect, after the
>original From line..), the system won't start to think I'm a spammer since
>I'm sending it lots of spam, will it? :-)
You can always add
bayes_ignore_header To
bayes_ignore_header From
to ~root/.spamassassin/user_prefs to force it to ignore them.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
From linux at mostert.nom.za Mon Apr 7 11:25:12 2003
From: linux at mostert.nom.za (Mozzi)
Date: Thu Jan 12 21:17:43 2006
Subject: Nederland Spamblock
Message-ID: <200304071225.13034.linux@mostert.nom.za>
Hallo all
I came acros this while looking up something on osirusoft .
They offer an rsync service for this list that got me thinking ;-)
http://basic.wirehub.nl/spamstats.html
http://basic.wirehub.nl/spamlist.txt
How can I addapt a ruleset to use this list? As the format is this:
From: user@nasty.domain.com yes
This way you can just rsync the list over everey hour and have additional spam
protection espesially on larger installations where spamassassin causes to
much hassle.
Just athought
Mozzi
From mailscanner at ecs.soton.ac.uk Mon Apr 7 11:52:38 2003
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:17:43 2006
Subject: Nederland Spamblock
In-Reply-To: <200304071225.13034.linux@mostert.nom.za>
Message-ID: <5.2.0.9.2.20030407115019.0227ee88@imap.ecs.soton.ac.uk>
At 11:25 07/04/2003, you wrote:
>Hallo all
>I came acros this while looking up something on osirusoft .
>They offer an rsync service for this list that got me thinking ;-)
>http://basic.wirehub.nl/spamstats.html
>http://basic.wirehub.nl/spamlist.txt
>
>How can I addapt a ruleset to use this list? As the format is this:
>From: user@nasty.domain.com yes
I would personally use a Custom Function to read this in its own format,
similar to the per-domain spam whitelist/blacklist code, and then do a fast
hash lookup at run time.
Creating a rule for every entry will be a lot slower, as then it has to
look through the rules in sequence, instead of just doing about 2 or 3 hash
table lookups each time you process a message.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
From linux at mostert.nom.za Mon Apr 7 12:00:16 2003
From: linux at mostert.nom.za (Mozzi)
Date: Thu Jan 12 21:17:43 2006
Subject: Reporting
Message-ID: <200304071300.16625.linux@mostert.nom.za>
Hallo again
I was asked for more spesific stats by the powers that be today.
I have the mrtg graphs running and I like them.
They want reports that state how may mails were processed, virii caught....etc
I thought I saw someone with a developed script on the list, if so can I have
the url please?
Mozzi
From P.G.M.Peters at civ.utwente.nl Mon Apr 7 12:52:44 2003
From: P.G.M.Peters at civ.utwente.nl (Peter Peters)
Date: Thu Jan 12 21:17:43 2006
Subject: Reporting
In-Reply-To: <200304071300.16625.linux@mostert.nom.za>
References: <200304071300.16625.linux@mostert.nom.za>
Message-ID:
On Mon, 7 Apr 2003 13:00:16 +0200, you wrote:
>Hallo again
>
>I was asked for more spesific stats by the powers that be today.
>I have the mrtg graphs running and I like them.
>They want reports that state how may mails were processed, virii caught....etc
>I thought I saw someone with a developed script on the list, if so can I have
>the url please?
I have put up our scripts at home.student.utwente.nl/p.g.m.peters. They
are called mailscanner2csv.pl and analog4mailscanner.pl. The second
script I use to mail me the results of one day. The other one puts the
same information in a csv-file. Occassionally I take that file and
update the information in an excel spreadsheet. I report monthly about
all kinds of security issues to our staff and I include the spreadsheet
of the previous month.
Manually I convert the csv and excel files to monthly versions. The
spreadsheet for the current month is available as mailscanner.xls at the
same location.
You will have to edit both perl scripts to accomodate for the blacklists
you use.
--
Peter Peters, senior netwerkbeheerder
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente, Postbus 217, 7500 AE Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/civ
From David.While at UCE.AC.UK Mon Apr 7 13:07:52 2003
From: David.While at UCE.AC.UK (David While)
Date: Thu Jan 12 21:17:43 2006
Subject: Reporting
Message-ID:
I think the one you are looking for is mine at
http://staff.cie.uce.ac.uk/~dwhile/mailstats/
-----------------------------------------------------------------
David While
Technical Development Manager
Faculty of Computing, Information & English
University of Central England
Tel: 0121 331 6211
Mozzi
Sent by: MailScanner mailing list
07/04/2003 12:00
Please respond to linux
To: MAILSCANNER@JISCMAIL.AC.UK
cc:
Subject: Reporting
Hallo again
I was asked for more spesific stats by the powers that be today.
I have the mrtg graphs running and I like them.
They want reports that state how may mails were processed, virii
caught....etc
I thought I saw someone with a developed script on the list, if so can I
have
the url please?
Mozzi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030407/de371086/attachment.html
From dot at DOTAT.AT Mon Apr 7 13:15:00 2003
From: dot at DOTAT.AT (Tony Finch)
Date: Thu Jan 12 21:17:43 2006
Subject: Logging and high score spam email
In-Reply-To:
Message-ID:
Stijn Jonker wrote:
>
>Is it correct that it doesn't log anything to syslog? Maybe i missed
>a config options somewhere.
Have you got "Log Spam = yes" in your configuration?
I've recently been adding some logging actions to the code (under a
"Log Message IDs" option) to make it easier to see what's happening to
each message in normal operation, especially which messages are in which
batch and how they get altered and where they end up. I've only covered
about a quarter of the cases so far though.
Tony.
--
f.a.n.finch http://dotat.at/
BAILEY: SOUTHERLY 5 OR 6, OCCASIONALLY 7, VEERING NORTHWESTERLY 4 LATER.
DRIZZLE THEN RAIN. MODERATE OR POOR.
From lbergman at WTXS.NET Mon Apr 7 13:49:04 2003
From: lbergman at WTXS.NET (Lewis Bergman)
Date: Thu Jan 12 21:17:43 2006
Subject: Score is -35 but it is still marked as s p a m, why?
In-Reply-To: <023b01c2fc86$011b2a90$46c65a42@x27>
References: <5C0296D26910694BB9A9BBFC577E7AB0EDF6B7@pascal.priv.bmrb.co.uk>
<1049660435.14663.33.camel@bach.kevinspicer.co.uk>
<023b01c2fc86$011b2a90$46c65a42@x27>
Message-ID: <9068.199.1.199.63.1049719744.squirrel@wtxs.net>
Donovan Huff | HUFF DATA SYSTEMS said:
> Okay it must have been a bug with the previous version(s) of MailScanner
> and/or SpamAssassin because it is working now with the auto whitelisting
> off. It might have also been another option in the
> /etc/init.d/MailScanner that I had changed, but now went back to the
> stock MailScanner init.d script.
Most likely not a bug. Auto whitelisting is not a good feature to use for
a site wide implementation. There was a lengthy explanation of why a few
months back. The long and the short of it is a spammer can manipulate the
auto whitelist, accidently or on purpose, so their mail goes through
exactly as you noticed.
--
Lewis Bergman
Texas Communications
4309 Maple ST.
Abilene, TX 79602
915-695-6962
From mike at CAMAROSS.NET Mon Apr 7 14:19:31 2003
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:17:43 2006
Subject: Nederland Spamblock
In-Reply-To: <200304071225.13034.linux@mostert.nom.za>
Message-ID: <01d801c2fd08$5363a480$af01a8c0@home.middlefinger.net>
I incorporated this list once...when I went to hash it to my access.db, it
kicked back a bunch of duplicates that I had to go find and weed out. Other
than that, it's worked fairly well.
Mike
-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Mozzi
Sent: Monday, April 07, 2003 5:25 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Nederland Spamblock
Hallo all
I came acros this while looking up something on osirusoft . They offer an
rsync service for this list that got me thinking ;-)
http://basic.wirehub.nl/spamstats.html
http://basic.wirehub.nl/spamlist.txt
How can I addapt a ruleset to use this list? As the format is this:
From: user@nasty.domain.com yes
This way you can just rsync the list over everey hour and have additional
spam protection espesially on larger installations where spamassassin causes
to much hassle.
Just athought
Mozzi
From sylvain.phaneuf at IMSU.OXFORD.AC.UK Mon Apr 7 16:06:53 2003
From: sylvain.phaneuf at IMSU.OXFORD.AC.UK (Sylvain Phaneuf)
Date: Thu Jan 12 21:17:43 2006
Subject: Reporting
Message-ID:
thats reminds me of a couple on unresolved questions I have...
The 1st one is the top page header is not updated when mailstats.pl runs. See: http://mailscan.imsu.ox.ac.uk/mailstats-mrtg/
The graphs on that top page are updated fine and so are those produced individually for the messages entering the system, server load, etc. On those secondary pages, the headers are updated automatically.
The second thing is that the graphs dont get reset to zero at midnight, but get reset only once a week, on Sundays. This may be as designed, but having used the MailScanner-MRTG, I find it useful that these number/graphs are reset to zero each day. Where can I change these settings?
Can someone point me in the right direction please?
Sylvain
===========================================================
Sylvain Phaneuf --- Computing Manager | phone : +44 (0)1865 221323
Information Management Services Unit - Medical Sciences Division
Oxford University | email : sylvain.phaneuf@imsu.ox.ac.uk
Room 3A25B John Radcliffe Hospital | fax : +44 (0) 1865 221322
Oxford OX3 9DU England
===========================================================
>>> David.While@UCE.AC.UK 07/04/2003 13:07:52 >>>
I think the one you are looking for is mine at
http://staff.cie.uce.ac.uk/~dwhile/mailstats/
-----------------------------------------------------------------
David While
Technical Development Manager
Faculty of Computing, Information & English
University of Central England
Tel: 0121 331 6211
Mozzi
Sent by: MailScanner mailing list
07/04/2003 12:00
Please respond to linux
To: MAILSCANNER@JISCMAIL.AC.UK
cc:
Subject: Reporting
Hallo again
I was asked for more spesific stats by the powers that be today.
I have the mrtg graphs running and I like them.
They want reports that state how may mails were processed, virii
caught....etc
I thought I saw someone with a developed script on the list, if so can I
have
the url please?
Mozzi
From dgeorgiades at POWERENG.COM Mon Apr 7 16:06:42 2003
From: dgeorgiades at POWERENG.COM (Derrick Georgiades)
Date: Thu Jan 12 21:17:43 2006
Subject: Whitelisting half a site
Message-ID:
I have had the issue of an email that is tagged as spam is delivered to
multiple recipients successfully if one recipient is whitelist. Some of my
users want MailScanner scanning there incoming emails and some do not.
Because of this I have about 300 user addresses in my whitelist file.
IE:
To: jdoe@mydomain.com yes
This works except when a spam mail has multiple recipients for my domain. I
know that there is no functionality to create two separate emails, but is
there a better way to whitelist?
From raymond at PROLOCATION.NET Mon Apr 7 16:14:13 2003
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:17:43 2006
Subject: Reporting
In-Reply-To:
Message-ID:
Hi!
> The second thing is that the graphs dont get reset to zero at midnight,
> but get reset only once a week, on Sundays. This may be as designed, but
> having used the MailScanner-MRTG, I find it useful that these
> number/graphs are reset to zero each day. Where can I change these
> settings?
Could it be this has to do with your logrotation ? Set the logrotation to
rotate daily at 00:00 and it will work just fine. At least, that worked
for me :)
Most likely you only rotate one a week, at Sundays...
Bye,
Raymond.
From sylvain.phaneuf at IMSU.OXFORD.AC.UK Mon Apr 7 16:30:50 2003
From: sylvain.phaneuf at IMSU.OXFORD.AC.UK (Sylvain Phaneuf)
Date: Thu Jan 12 21:17:43 2006
Subject: Reporting
Message-ID:
Thanks,
I have changed my log rotation this morning to daily. I will see tomorrow morning.
How about the header that is not updated? Has anyone got any idea?
Sylvain
>>> raymond@PROLOCATION.NET 07/04/2003 16:14:13 >>>
Hi!
> The second thing is that the graphs dont get reset to zero at midnight,
> but get reset only once a week, on Sundays. This may be as designed, but
> having used the MailScanner-MRTG, I find it useful that these
> number/graphs are reset to zero each day. Where can I change these
> settings?
Could it be this has to do with your logrotation ? Set the logrotation to
rotate daily at 00:00 and it will work just fine. At least, that worked
for me :)
Most likely you only rotate one a week, at Sundays...
Bye,
Raymond.
From raymond at PROLOCATION.NET Mon Apr 7 16:39:22 2003
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:17:43 2006
Subject: Reporting
In-Reply-To:
Message-ID:
Hi!
> I have changed my log rotation this morning to daily. I will see
> tomorrow morning.
Also have a look on the time its changing logs, default for RH is 04:00
if i am right, if you dont want to see gaps make that 00:00 :))
Bye,
Raymond.
From Jan-Peter.Koopmann at SECEIDOS.DE Mon Apr 7 16:43:19 2003
From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann)
Date: Thu Jan 12 21:17:43 2006
Subject: FreeBSD port 4.14-9 released
Message-ID: <4E7026FF8A422749B1553FE508E0068007F11E@message.intern.akctech.de>
Hi,
You can download the newest FreeBSD port at
http://www.seceidos.de/downloads/freebsd/ports/mailscanner-4.14.9.tgz
Please give it a try and report any problems to me.
Thanks,
JP
From michael at ERG.ABDN.AC.UK Mon Apr 7 18:08:11 2003
From: michael at ERG.ABDN.AC.UK (Michael Forrest)
Date: Thu Jan 12 21:17:43 2006
Subject: Multiple Scanners
Message-ID: <000001c2fd28$47312f00$0a01000a@ENTERPRISE>
Hi All,
I've just been playing with multiple virus scanners and I remember a
thread a on this newsgroup about customising the output sent to the
postmaster. I was wondering if this had become a feature yet, had a look
through and didn't see anything on it.
Basically, in the postmaster report would it be possible to include the
names of scanners that detected the various viruses?
--
The following e-mail messages were found to have viruses in them:
Sender: xxxxx@aol.com
IP Address: xxx.xxx.xxx.xxx
Recipient: xxxxxx@erg.abdn.ac.uk
Subject: Fwd: Newest Security Pack
MessageID: h3783IKa013104
Report: >>> Virus 'W32/Gibe-D' found in file
./h3783IKa013104/patch152.exe
patch152.exe contains Worm.Gibe.B
Executable DOS/Windows programs are dangerous in email
(patch152.exe)
--
So the report could be or something similar?
Report: Sophos - Virus 'W32/Gibe-D' found in file
./h3783IKa013104/patch152.exe
ClamAV - patch152.exe contains Worm.Gibe.B
Executable DOS/Windows programs are dangerous in email
(patch152.exe)
Anyone done this or what?
Thanks,
Michael.
From Kevin.Spicer at BMRB.CO.UK Mon Apr 7 18:09:17 2003
From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin)
Date: Thu Jan 12 21:17:43 2006
Subject: Multiple Scanners
Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0EBF4FF@pascal.priv.bmrb.co.uk>
Its in the latest version.
> -----Original Message-----
> From: Michael Forrest [mailto:michael@ERG.ABDN.AC.UK]
> Sent: 07 April 2003 18:08
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Multiple Scanners
>
>
> Hi All,
>
> I've just been playing with multiple virus scanners and I remember a
> thread a on this newsgroup about customising the output sent to the
> postmaster. I was wondering if this had become a feature yet,
> had a look
> through and didn't see anything on it.
>
> Basically, in the postmaster report would it be possible to
> include the
> names of scanners that detected the various viruses?
>
> --
> The following e-mail messages were found to have viruses in them:
>
> Sender: xxxxx@aol.com
> IP Address: xxx.xxx.xxx.xxx
> Recipient: xxxxxx@erg.abdn.ac.uk
> Subject: Fwd: Newest Security Pack
> MessageID: h3783IKa013104
> Report: >>> Virus 'W32/Gibe-D' found in file
> ./h3783IKa013104/patch152.exe
> patch152.exe contains Worm.Gibe.B
> Executable DOS/Windows programs are dangerous in email
> (patch152.exe)
> --
>
>
> So the report could be or something similar?
>
> Report: Sophos - Virus 'W32/Gibe-D' found in file
> ./h3783IKa013104/patch152.exe
> ClamAV - patch152.exe contains Worm.Gibe.B
> Executable DOS/Windows programs are dangerous in email
> (patch152.exe)
>
> Anyone done this or what?
>
> Thanks,
>
> Michael.
>
BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material. If you have received this in error, please contact the
sender and delete this message immediately. Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited. BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.
From mailscanner at ecs.soton.ac.uk Mon Apr 7 18:12:02 2003
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:17:43 2006
Subject: Multiple Scanners
In-Reply-To: <000001c2fd28$47312f00$0a01000a@ENTERPRISE>
Message-ID: <5.2.0.9.2.20030407181143.023a0e30@imap.ecs.soton.ac.uk>
# Include the name of the virus scanner in each of the scanner reports.
# Very useful if you use several virus scanners, but a bad idea if you
# don't want to let your customers know which scanners you use.
Include Scanner Name In Reports = yes
At 18:08 07/04/2003, you wrote:
>Hi All,
>
>I've just been playing with multiple virus scanners and I remember a
>thread a on this newsgroup about customising the output sent to the
>postmaster. I was wondering if this had become a feature yet, had a look
>through and didn't see anything on it.
>
>Basically, in the postmaster report would it be possible to include the
>names of scanners that detected the various viruses?
>
>--
>The following e-mail messages were found to have viruses in them:
>
> Sender: xxxxx@aol.com
>IP Address: xxx.xxx.xxx.xxx
> Recipient: xxxxxx@erg.abdn.ac.uk
> Subject: Fwd: Newest Security Pack
> MessageID: h3783IKa013104
> Report: >>> Virus 'W32/Gibe-D' found in file
>./h3783IKa013104/patch152.exe
> patch152.exe contains Worm.Gibe.B
> Executable DOS/Windows programs are dangerous in email
>(patch152.exe)
>--
>
>
>So the report could be or something similar?
>
>Report: Sophos - Virus 'W32/Gibe-D' found in file
>./h3783IKa013104/patch152.exe
> ClamAV - patch152.exe contains Worm.Gibe.B
> Executable DOS/Windows programs are dangerous in email
>(patch152.exe)
>
>Anyone done this or what?
>
>Thanks,
>
>Michael.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
From raymond at PROLOCATION.NET Mon Apr 7 18:18:17 2003
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:17:43 2006
Subject: Multiple Scanners
In-Reply-To: <000001c2fd28$47312f00$0a01000a@ENTERPRISE>
Message-ID:
Hi!
> Basically, in the postmaster report would it be possible to include the
> names of scanners that detected the various viruses?
Its available, and working just fine :)
# Include the name of the virus scanner in each of the scanner reports.
# Very useful if you use several virus scanners, but a bad idea if you
# don't want to let your customers know which scanners you use.
Include Scanner Name In Reports = yes
Bye,
Raymond.
From ralloway at WINBEAM.COM Mon Apr 7 18:10:47 2003
From: ralloway at WINBEAM.COM (Richard D Alloway)
Date: Thu Jan 12 21:17:43 2006
Subject: Porn msg identification?
Message-ID:
Hi there!
I was wondering if anyone had come up with a way to add a header or
perhaps prepend the subject line with something like {Porn?} based on the
language/content of an email?
I want to be able to give our users something they can filter their mail
against if they don't want to receive ANY adult messages.
Our customers like the ability to filter against {Spam?} in the subject
line for possible spam.
Thanks!
-Rich
From mailscanner at ecs.soton.ac.uk Mon Apr 7 18:24:11 2003
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:17:43 2006
Subject: Porn msg identification?
In-Reply-To:
Message-ID: <5.2.0.9.2.20030407182200.021ff8e8@imap.ecs.soton.ac.uk>
The problem of nasty porn spam can largely be solved with the "striphtml"
spam action, as it removes all images from spam. In case it's not really
spam, all the links in the message are maintained, but you don't have to
suffer the images. This is keeping most of my users happy here.
At 18:10 07/04/2003, you wrote:
>Hi there!
>
>I was wondering if anyone had come up with a way to add a header or
>perhaps prepend the subject line with something like {Porn?} based on the
>language/content of an email?
>
>I want to be able to give our users something they can filter their mail
>against if they don't want to receive ANY adult messages.
>
>Our customers like the ability to filter against {Spam?} in the subject
>line for possible spam.
>
>Thanks!
>
>-Rich
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
From mailscanner at ecs.soton.ac.uk Mon Apr 7 18:29:36 2003
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:17:43 2006
Subject: Porn msg identification?
In-Reply-To: <5.2.0.9.2.20030407182200.021ff8e8@imap.ecs.soton.ac.uk>
References:
Message-ID: <5.2.0.9.2.20030407182646.025a3008@imap.ecs.soton.ac.uk>
Another thing you can do is go through the porn detection rules in
SpamAssassin (look in /usr/share/spamassassin/20_porn.cf) and set a high
score for each of them (probably need to do that in
~root/.spamassassin/user_prefs, but it may work in
/etc/MailScanner/spam.assassin.prefs.conf). Then set a very high score for
the "High Scoring" threshold, and "delete" for the High Scoring Spam Actions.
At 18:24 07/04/2003, you wrote:
>The problem of nasty porn spam can largely be solved with the "striphtml"
>spam action, as it removes all images from spam. In case it's not really
>spam, all the links in the message are maintained, but you don't have to
>suffer the images. This is keeping most of my users happy here.
>
>At 18:10 07/04/2003, you wrote:
>>Hi there!
>>
>>I was wondering if anyone had come up with a way to add a header or
>>perhaps prepend the subject line with something like {Porn?} based on the
>>language/content of an email?
>>
>>I want to be able to give our users something they can filter their mail
>>against if they don't want to receive ANY adult messages.
>>
>>Our customers like the ability to filter against {Spam?} in the subject
>>line for possible spam.
>>
>>Thanks!
>>
>>-Rich
>
>--
>Julian Field
>www.MailScanner.info
>Professional Support Services at www.MailScanner.biz
>MailScanner thanks transtec Computers for their support
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
From richard_cipher at YAHOO.COM Mon Apr 7 19:48:28 2003
From: richard_cipher at YAHOO.COM (Evert Ford)
Date: Thu Jan 12 21:17:43 2006
Subject: Deleting all Messages with a specific address in the "To:" field....
Message-ID:
An e-mail address associated with an old domain that is no longer used gets
nothing but spam
?
e-mail at that old address is forwarded to the new server by the ISP. The
"To:" field is still tagged with the old server's domain.
?
I have a rule to call everything at the old domain spam:
To:me@olddomain.comyes
I also have a rule for spam actions to delete it:
To:me@olddomain.comdelete
?
I look at the headers, and I see the old server info in the "To:" field,
but the e-mail goes through just fine, and isn't marked as spam. I checked
the whitelist rules, and it isn't whitelisted.
?
Is the ISP forward what's making this not work? Any Ideas? If I use
sendmail to delete it, it induces latency, and fetchmail dies
?
I am using fetchmail version 6.2, sendmail version 8.12-7 and MailScanner
4.14 on a Redhat Linux 7.2 system
?
Thanks for any Input!
?
Evert Ford
Westone Laboratories.
http://www.westone.com
From joelc at CTCHOUSTON.COM Mon Apr 7 19:59:15 2003
From: joelc at CTCHOUSTON.COM (Joel Colvin)
Date: Thu Jan 12 21:17:43 2006
Subject: failed MIME-tools install on redhat 8
Message-ID: <02a101c2fd37$c8b6d890$c460c2cc@hewlett9por0s0>
I've got a brand new install of RedHat 8.0 and it fails the install at the
MIME-Tools section. I have attached a section of the log.
I'm using MailScanner-4.14-9.
So I installed MIME-tools manually and then reran install.sh and got no
errors but then MailScanner sucked up all RAM in about 20 minutes and the
whole boxed locked with out of memory errors.
Now I have tried several other things to no avail. What is the best way to
remove all perl modules without reloading so I can start over with the
install?
Anybody know why I got this install error to begin with?
-----Install log file-----
Attempting to build and install perl-MIME-tools-5.411-pl4.2
Installing perl-MIME-tools-5.411-pl4.2.src.rpm
Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.78924
Patch #0 (mime-tools-patch1.txt):
Patch #1 (mime-tools-patch2.txt):
Patch #2 (mime-tools-patch3.txt):
Patch #3 (mime-tools-patch4.txt):
Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.78924
Checking if your kit is complete...
Looks good
Writing Makefile for MIME-tools
cp lib/MIME/Decoder/Gzip64.pm blib/lib/MIME/Decoder/Gzip64.pm
cp lib/MIME/Body.pm blib/lib/MIME/Body.pm
cp lib/MIME/Field/ContDisp.pm blib/lib/MIME/Field/ContDisp.pm
cp lib/MIME/Field/ContType.pm blib/lib/MIME/Field/ContType.pm
cp lib/MIME/Decoder/NBit.pm blib/lib/MIME/Decoder/NBit.pm
cp lib/MIME/Parser/Results.pm blib/lib/MIME/Parser/Results.pm
cp lib/MIME/Words.pm blib/lib/MIME/Words.pm
cp lib/MIME/Entity.pm blib/lib/MIME/Entity.pm
cp lib/MIME/Parser/Filer.pm blib/lib/MIME/Parser/Filer.pm
cp lib/MIME/Head.pm blib/lib/MIME/Head.pm
cp lib/MIME/Field/ParamVal.pm blib/lib/MIME/Field/ParamVal.pm
cp lib/MIME/Field/ConTraEnc.pm blib/lib/MIME/Field/ConTraEnc.pm
cp lib/MIME/Tools.pm blib/lib/MIME/Tools.pm
cp lib/MIME/Decoder/UU.pm blib/lib/MIME/Decoder/UU.pm
cp lib/MIME/Decoder/Binary.pm blib/lib/MIME/Decoder/Binary.pm
cp lib/MIME/Decoder.pm blib/lib/MIME/Decoder.pm
cp lib/MIME/Decoder/Base64.pm blib/lib/MIME/Decoder/Base64.pm
cp lib/MIME/Decoder/QuotedPrint.pm blib/lib/MIME/Decoder/QuotedPrint.pm
cp lib/MIME/WordDecoder.pm blib/lib/MIME/WordDecoder.pm
cp lib/MIME/Parser/Reader.pm blib/lib/MIME/Parser/Reader.pm
cp lib/MIME/Parser.pm blib/lib/MIME/Parser.pm
Manifying blib/man3/MIME::Body.3pm
Manifying blib/man3/MIME::Decoder::Gzip64.3pm
Manifying blib/man3/MIME::Field::ContDisp.3pm
Manifying blib/man3/MIME::Parser::Results.3pm
Manifying blib/man3/MIME::Field::ContType.3pm
Manifying blib/man3/MIME::Decoder::NBit.3pm
Manifying blib/man3/MIME::Entity.3pm
Manifying blib/man3/MIME::Head.3pm
Manifying blib/man3/MIME::Parser::Filer.3pm
Manifying blib/man3/MIME::Words.3pm
Manifying blib/man3/MIME::Field::ParamVal.3pm
Manifying blib/man3/MIME::Tools.3pm
Manifying blib/man3/MIME::Field::ConTraEnc.3pm
Manifying blib/man3/MIME::Decoder::Binary.3pm
Manifying blib/man3/MIME::Decoder.3pm
Manifying blib/man3/MIME::Decoder::UU.3pm
Manifying blib/man3/MIME::Decoder::QuotedPrint.3pm
Manifying blib/man3/MIME::Decoder::Base64.3pm
Manifying blib/man3/MIME::WordDecoder.3pm
Manifying blib/man3/MIME::Parser.3pm
Manifying blib/man3/MIME::Parser::Reader.3pm
PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e"
"test_harness(0, 'blib/lib', 'blib/arch')" t/*.t
t/Body...........dubious
Test returned status 2 (wstat 512, 0x200)
t/Decoder........dubious
Test returned status 2 (wstat 512, 0x200)
t/Entity.........dubious
Test returned status 2 (wstat 512, 0x200)
t/Gauntlet.......dubious
Test returned status 2 (wstat 512, 0x200)
t/Head...........dubious
Test returned status 2 (wstat 512, 0x200)
t/Misc...........dubious
Test returned status 2 (wstat 512, 0x200)
t/Parser.........dubious
Test returned status 2 (wstat 512, 0x200)
t/Ref............dubious
Test returned status 2 (wstat 512, 0x200)
t/WordDecoder....ok
t/Words..........ok
Failed Test Stat Wstat Total Fail Failed List of Failed
----------------------------------------------------------------------------
---
t/Body.t 2 512 ?? ?? % ??
t/Decoder.t 2 512 ?? ?? % ??
t/Entity.t 2 512 ?? ?? % ??
t/Gauntlet.t 2 512 ?? ?? % ??
t/Head.t 2 512 ?? ?? % ??
t/Misc.t 2 512 ?? ?? % ??
t/Parser.t 2 512 ?? ?? % ??
t/Ref.t 2 512 ?? ?? % ??
RPM build errors:
From mailscanner at ecs.soton.ac.uk Mon Apr 7 20:12:54 2003
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:17:43 2006
Subject: failed MIME-tools install on redhat 8
In-Reply-To: <02a101c2fd37$c8b6d890$c460c2cc@hewlett9por0s0>
Message-ID: <5.2.0.9.2.20030407201106.02709e00@imap.ecs.soton.ac.uk>
At 19:59 07/04/2003, you wrote:
>I've got a brand new install of RedHat 8.0 and it fails the install at the
>MIME-Tools section. I have attached a section of the log.
>
>I'm using MailScanner-4.14-9.
>
>So I installed MIME-tools manually and then reran install.sh and got no
>errors but then MailScanner sucked up all RAM in about 20 minutes and the
>whole boxed locked with out of memory errors.
>
>Now I have tried several other things to no avail. What is the best way to
>remove all perl modules without reloading so I can start over with the
>install?
Do a
rpm -qa | grep -i perl
to see all the perl RPM's you've got installed, then "rpm -e" them one at a
time.
Your manual MIME-tools build clearly didn't work properly as all the tests
returned "dubious" rather than "okay". I would guess one of the earlier
modules didn't install properly.
>Anybody know why I got this install error to begin with?
>
>-----Install log file-----
>
>Attempting to build and install perl-MIME-tools-5.411-pl4.2
>Installing perl-MIME-tools-5.411-pl4.2.src.rpm
>Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.78924
>Patch #0 (mime-tools-patch1.txt):
>Patch #1 (mime-tools-patch2.txt):
>Patch #2 (mime-tools-patch3.txt):
>Patch #3 (mime-tools-patch4.txt):
>Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.78924
>Checking if your kit is complete...
>Looks good
>Writing Makefile for MIME-tools
>cp lib/MIME/Decoder/Gzip64.pm blib/lib/MIME/Decoder/Gzip64.pm
>cp lib/MIME/Body.pm blib/lib/MIME/Body.pm
>cp lib/MIME/Field/ContDisp.pm blib/lib/MIME/Field/ContDisp.pm
>cp lib/MIME/Field/ContType.pm blib/lib/MIME/Field/ContType.pm
>cp lib/MIME/Decoder/NBit.pm blib/lib/MIME/Decoder/NBit.pm
>cp lib/MIME/Parser/Results.pm blib/lib/MIME/Parser/Results.pm
>cp lib/MIME/Words.pm blib/lib/MIME/Words.pm
>cp lib/MIME/Entity.pm blib/lib/MIME/Entity.pm
>cp lib/MIME/Parser/Filer.pm blib/lib/MIME/Parser/Filer.pm
>cp lib/MIME/Head.pm blib/lib/MIME/Head.pm
>cp lib/MIME/Field/ParamVal.pm blib/lib/MIME/Field/ParamVal.pm
>cp lib/MIME/Field/ConTraEnc.pm blib/lib/MIME/Field/ConTraEnc.pm
>cp lib/MIME/Tools.pm blib/lib/MIME/Tools.pm
>cp lib/MIME/Decoder/UU.pm blib/lib/MIME/Decoder/UU.pm
>cp lib/MIME/Decoder/Binary.pm blib/lib/MIME/Decoder/Binary.pm
>cp lib/MIME/Decoder.pm blib/lib/MIME/Decoder.pm
>cp lib/MIME/Decoder/Base64.pm blib/lib/MIME/Decoder/Base64.pm
>cp lib/MIME/Decoder/QuotedPrint.pm blib/lib/MIME/Decoder/QuotedPrint.pm
>cp lib/MIME/WordDecoder.pm blib/lib/MIME/WordDecoder.pm
>cp lib/MIME/Parser/Reader.pm blib/lib/MIME/Parser/Reader.pm
>cp lib/MIME/Parser.pm blib/lib/MIME/Parser.pm
>Manifying blib/man3/MIME::Body.3pm
>Manifying blib/man3/MIME::Decoder::Gzip64.3pm
>Manifying blib/man3/MIME::Field::ContDisp.3pm
>Manifying blib/man3/MIME::Parser::Results.3pm
>Manifying blib/man3/MIME::Field::ContType.3pm
>Manifying blib/man3/MIME::Decoder::NBit.3pm
>Manifying blib/man3/MIME::Entity.3pm
>Manifying blib/man3/MIME::Head.3pm
>Manifying blib/man3/MIME::Parser::Filer.3pm
>Manifying blib/man3/MIME::Words.3pm
>Manifying blib/man3/MIME::Field::ParamVal.3pm
>Manifying blib/man3/MIME::Tools.3pm
>Manifying blib/man3/MIME::Field::ConTraEnc.3pm
>Manifying blib/man3/MIME::Decoder::Binary.3pm
>Manifying blib/man3/MIME::Decoder.3pm
>Manifying blib/man3/MIME::Decoder::UU.3pm
>Manifying blib/man3/MIME::Decoder::QuotedPrint.3pm
>Manifying blib/man3/MIME::Decoder::Base64.3pm
>Manifying blib/man3/MIME::WordDecoder.3pm
>Manifying blib/man3/MIME::Parser.3pm
>Manifying blib/man3/MIME::Parser::Reader.3pm
>PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e"
>"test_harness(0, 'blib/lib', 'blib/arch')" t/*.t
>t/Body...........dubious
> Test returned status 2 (wstat 512, 0x200)
>t/Decoder........dubious
> Test returned status 2 (wstat 512, 0x200)
>t/Entity.........dubious
> Test returned status 2 (wstat 512, 0x200)
>t/Gauntlet.......dubious
> Test returned status 2 (wstat 512, 0x200)
>t/Head...........dubious
> Test returned status 2 (wstat 512, 0x200)
>t/Misc...........dubious
> Test returned status 2 (wstat 512, 0x200)
>t/Parser.........dubious
> Test returned status 2 (wstat 512, 0x200)
>t/Ref............dubious
> Test returned status 2 (wstat 512, 0x200)
>t/WordDecoder....ok
>t/Words..........ok
>Failed Test Stat Wstat Total Fail Failed List of Failed
>----------------------------------------------------------------------------
>---
>t/Body.t 2 512 ?? ?? % ??
>t/Decoder.t 2 512 ?? ?? % ??
>t/Entity.t 2 512 ?? ?? % ??
>t/Gauntlet.t 2 512 ?? ?? % ??
>t/Head.t 2 512 ?? ?? % ??
>t/Misc.t 2 512 ?? ?? % ??
>t/Parser.t 2 512 ?? ?? % ??
>t/Ref.t 2 512 ?? ?? % ??
>
>
>RPM build errors:
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
From mailscanner at ecs.soton.ac.uk Mon Apr 7 20:09:31 2003
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:17:43 2006
Subject: Deleting all Messages with a specific address in the "To:" field....
In-Reply-To:
Message-ID: <5.2.0.9.2.20030407200803.02714008@imap.ecs.soton.ac.uk>
At 19:48 07/04/2003, you wrote:
>An e-mail address associated with an old domain that is no longer used
>gets nothing but spam
>
>e-mail at that old address is forwarded to the new server by the ISP. The
>"To:" field is still tagged with the old server's domain.
>
>I have a rule to call everything at the old domain spam:
>To:me@olddomain.comyes
>I also have a rule for spam actions to delete it:
>To:me@olddomain.comdelete
>
>I look at the headers, and I see the old server info in the "To:" field,
>but the e-mail goes through just fine, and isn't marked as spam. I
>checked the whitelist rules, and it isn't whitelisted.
>
>Is the ISP forward what's making this not work? Any Ideas? If I use
>sendmail to delete it, it induces latency, and fetchmail dies
MailScanner doesn't use the From: and To: headers at all, they aren't what
is used to deliver the mail. It uses the envelope addresses which are what
actually govern the delivery of the mail.
If the old domain gets nothing but spam, why are you still receiving mail
from it? Seems to me that all you need to do is tell the ISP to stop
forwarding the old domain to the new one.
>
>I am using fetchmail version 6.2, sendmail version 8.12-7 and MailScanner
>4.14 on a Redhat Linux 7.2 system
>
>Thanks for any Input!
>
>Evert Ford
>Westone Laboratories.
>http://www.westone.com
>
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
From kevins at BMRB.CO.UK Mon Apr 7 21:05:04 2003
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:17:43 2006
Subject: Deleting all Messages with a specific address in the "To:" field....
In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0EDF6DA@pascal.priv.bmrb.co.uk>
References: <5C0296D26910694BB9A9BBFC577E7AB0EDF6DA@pascal.priv.bmrb.co.uk>
Message-ID: <1049745911.14329.16.camel@bach.kevinspicer.co.uk>
I am using fetchmail version 6.2, sendmail version 8.12-7 and
MailScanner
4.14 on a Redhat Linux 7.2 system
I think the problem may lie with the fact you're using fetchmail. As
Julian mentioned, MS looks at the envelope address, but generally
fetchmail doesn't know what that envelope address is (unless your ISP
adds an Envelope-to [or similar] header). Even if fetchmail picks up
clues to the envelope address it doesn't make any difference to MS
because fetchmail only attempts to work out which local user the mail
should be going to & pass that information onto your local MTA. In
other words fetchmail gives each mail a fresh envelope address based on
where it thinks it should end up.
If you really can't get your ISP to stop forwarding these addresses then
you may (depending on what headers your ISP add) be able to persuade
fetchmail to redirect those mails to a dedicated user on your machine.
BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material. If you have received this in error, please contact the
sender and delete this message immediately. Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited. BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.
From mbowman at UDCOM.COM Mon Apr 7 21:54:49 2003
From: mbowman at UDCOM.COM (Matthew Bowman)
Date: Thu Jan 12 21:17:43 2006
Subject: Porn msg identification?
Message-ID:
Julian,
I hadn't thought of using that until now.
Would the correct syntax be:-
To: default striphtml deliver
?
Regards, --
Matthew K Bowman Systems Administrator, Universal Digital Communications.
Julian Field
Sent by: MailScanner mailing list
04/07/2003 01:24 PM
Please respond to MailScanner mailing list
To: MAILSCANNER@JISCMAIL.AC.UK
cc:
Subject: Re: Porn msg identification?
The problem of nasty porn spam can largely be solved with the "striphtml"
spam action, as it removes all images from spam. In case it's not really
spam, all the links in the message are maintained, but you don't have to
suffer the images. This is keeping most of my users happy here.
At 18:10 07/04/2003, you wrote:
>Hi there!
>
>I was wondering if anyone had come up with a way to add a header or
>perhaps prepend the subject line with something like {Porn?} based on the
>language/content of an email?
>
>I want to be able to give our users something they can filter their mail
>against if they don't want to receive ANY adult messages.
>
>Our customers like the ability to filter against {Spam?} in the subject
>line for possible spam.
>
>Thanks!
>
>-Rich
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
From ralloway at WINBEAM.COM Tue Apr 8 01:48:03 2003
From: ralloway at WINBEAM.COM (Richard D Alloway)
Date: Thu Jan 12 21:17:43 2006
Subject: Porn msg identification?
In-Reply-To: <5.2.0.9.2.20030407182200.021ff8e8@imap.ecs.soton.ac.uk>
Message-ID:
Hmmm... I don't think that will satisfy my customers.
The problem is the language as well as the images contained within porn
spam.
The issue with setting the scores very high is that some customers will
want to receive "adult" emails while others don't want to receive any.
If there was a generic way to build a ruleset to modify the subject line
(or add/modify a header), that would probably take care of it! :)
Any chance something like this could be in MailScanner's future? *hint
hint* ;)
-Rich
On Mon, 7 Apr 2003, Julian Field wrote:
> The problem of nasty porn spam can largely be solved with the "striphtml"
> spam action, as it removes all images from spam. In case it's not really
> spam, all the links in the message are maintained, but you don't have to
> suffer the images. This is keeping most of my users happy here.
>
> At 18:10 07/04/2003, you wrote:
> >Hi there!
> >
> >I was wondering if anyone had come up with a way to add a header or
> >perhaps prepend the subject line with something like {Porn?} based on the
> >language/content of an email?
> >
> >I want to be able to give our users something they can filter their mail
> >against if they don't want to receive ANY adult messages.
> >
> >Our customers like the ability to filter against {Spam?} in the subject
> >line for possible spam.
> >
> >Thanks!
> >
> >-Rich
>
> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
>
From danieltan at shopnsave.com.sg Tue Apr 8 02:39:42 2003
From: danieltan at shopnsave.com.sg (Daniel Tan)
Date: Thu Jan 12 21:17:43 2006
Subject: ANNOUNCE: Version 4.14 released
References: <5.2.0.9.2.20030404114833.04279048@imap.ecs.soton.ac.uk>
Message-ID: <00a201c2fd6f$c0aaa040$3900a8c0@Daniel>
how do you check the correct version of mailscanner and spam assassin?
just recently i upgraded spam assassin to the latest version to avoid mails
to be stuck due to mailscanner unable to send it out
but i still got the problem yesterday.that's why i need to check whether it
was upgraded correctly
i am doing installing the latest version of mailscanner to avoid the old
problem...
hope it helps as the staff are gunning for my head coz their mails aren't
sent "on time"
----- Original Message -----
From: "Julian Field"
To:
Sent: Friday, April 04, 2003 6:59 PM
Subject: ANNOUNCE: Version 4.14 released
I have just released MailScanner version 4.14.
Major new features are:
- Support for NOD32 1.99, F-Secure 4.50 and F-Prot 3.13.
- Support for SAVI Perl module to completely avoid startup delays with
Sophos scanner.
- Support for quirks of SpamAssassin 2.50 - 2.53.
- Fixed important bug in filename checking code causing it not to check
long filenames properly. I strongly advise all 4.13 users to upgrade.
People who should upgrade are:
- Anyone running 4.13
- Anyone using SpamAssassin 2.50-2.53
- Anyone using F-Prot
- Anyone using F-Secure
- Anyone using NOD32
Download it as usual from www.mailscanner.info
And why not help to spread the word by buying a T-shirt while you are there?
The full ChangeLog is this:
* New Features and Improvements *
- Added support for new (1.99) version of NOD32, using the "nod32-1.99"
Virus Scanner setting, which has totally different output and different
command-line switches from previous versions.
- Added support for new (4.50) version of F-Secure. Involves a new f-secure-
wrapper as well as new main code.
- Added support for new version of F-Prot 3.13.
- Added support for SAVI Perl module, using the "sophossavi" Virus Scanner
setting. See the main docs for instructions on how to install the SAVI
Perl module.
- Signed and/or encrypted messages can now be signed without breaking the
PGP/GPG signed portion of the message.
- RAV support improved in Cobalt RaQ systems.
- Added "Include Scanner Name In Reports" option to allow the virus scanner
name to appear in the scanning reports.
- "Debug SpamAssassin" option to help you sort out SpamAssassin problems.
- "Exim Split Spool" option to support split mail queues with Exim.
- Full support for quirks of SpamAssassin 2.5x.
- Added optional support in f-prot-wrapper script to support tmpfs and
ramdisks which F-Prot cannot use without assistance.
- Better error reporting when compiling configuration files.
- Improved OpenBSD installation and upgrading instructions.
- Added check of location of all required system commands.
- Improved wording of message to spam senders.
- Increased max size of messages sent to SpamAssassin.
Spam messages are getting bigger.
- All variables in the supplied conf file are now set to something, even if
just a blank value. This will make upgrade_MailScanner_conf work better.
- Speeded up deletion of working area directories (thanks to Tony F for
that).
- No more reliance on hard-coded paths in SystemDefs.pm, this entire file is
now obsolete.
- Improved RedHat scripts to cope with glibc 2.3.x.
* Fixes *
- Fixed important bug in filename checking code causing it not to check
long filenames properly. I strongly advise all 4.13 users to upgrade.
- Changed setuid/setgid code so taint mode is not switched on.
- Fixed various other issues kindly brought to my attention by Tony Finch
at Cambridge Univ.
- Fixed problem with deleting recipients from messages with Exim.
- Fixed problem with headers being passed to SpamAssassin from Exim
incorrectly.
- Fixed problem when running internal TNEF decoder.
- Fixed locking problems when SpamAssassin 2.50 times out.
- Fixed "RBL Timeout 20 of 7" problem, and problem when no RBL's in use at
all.
- Fixed dont_copy_prefs option in call to SpamAssassin.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
From Kevin.Spicer at BMRB.CO.UK Tue Apr 8 09:02:55 2003
From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin)
Date: Thu Jan 12 21:17:43 2006
Subject: Porn msg identification?
Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0A4AD69@pascal.priv.bmrb.co.uk>
>
> Hmmm... I don't think that will satisfy my customers.
>
> The problem is the language as well as the images contained
> within porn
> spam.
>
> The issue with setting the scores very high is that some
> customers will
> want to receive "adult" emails while others don't want to receive any.
>
> If there was a generic way to build a ruleset to modify the
> subject line
> (or add/modify a header), that would probably take care of it! :)
>
I think that would be rather difficult to do! The problem is how to accurately identify it. SA does a pretty good job but isn't perfect (although personally I've not seen any of this type of spam which has got past SA). If someone had the time/effort it might be possible to adapt the filters in DansGuardian (or something similar), although IIRC they are mostly checks for certain language (which SA can do anyway) and blacklisted sites. I suppose it might be useful to filter out mails with hyperlinks to domains that would be blocked. I'm not aware of any free (as in freedom or beer) mail filters that do this.
Back to MailScanner as it is, if you're worried about the language as well as the images why not just bump the scores as Julian suggested and use the delete action?
BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material. If you have received this in error, please contact the
sender and delete this message immediately. Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited. BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.
From raymond at PROLOCATION.NET Tue Apr 8 08:49:30 2003
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:17:43 2006
Subject: ANNOUNCE: Version 4.14 released
In-Reply-To: <00a201c2fd6f$c0aaa040$3900a8c0@Daniel>
Message-ID:
Hello Daniel,
> how do you check the correct version of mailscanner and spam assassin?
> just recently i upgraded spam assassin to the latest version to avoid mails
> to be stuck due to mailscanner unable to send it out
> but i still got the problem yesterday.that's why i need to check whether it
For Spam Assasin:
[root@master .spamassassin]# spamassassin --version
SpamAssassin version 2.53
For Mailscanner, it prints the version number also in your maillog when
starting up, so have a look there.
> hope it helps as the staff are gunning for my head coz their mails aren't
> sent "on time"
Can you be a bit more specific ?
Bye,
Raymond.
From mailscanner at ecs.soton.ac.uk Tue Apr 8 08:46:34 2003
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:17:43 2006
Subject: Porn msg identification?
In-Reply-To:
Message-ID: <5.2.0.9.2.20030408084556.03e78c28@imap.ecs.soton.ac.uk>
At 21:54 07/04/2003, you wrote:
>Julian,
>
>I hadn't thought of using that until now.
>
>Would the correct syntax be:-
>
>To: default striphtml deliver
If you want to use a ruleset, that's right. However if it is for all cases,
just set
Spam Actions = striphtml deliver
High Scoring Spam Actions = striphtml deliver
>?
>
>Regards, --
>Matthew K Bowman Systems Administrator, Universal Digital Communications.
>
>
>
>
>
>Julian Field
>Sent by: MailScanner mailing list
>04/07/2003 01:24 PM
>Please respond to MailScanner mailing list
>
>
> To: MAILSCANNER@JISCMAIL.AC.UK
> cc:
> Subject: Re: Porn msg identification?
>
>
>The problem of nasty porn spam can largely be solved with the "striphtml"
>spam action, as it removes all images from spam. In case it's not really
>spam, all the links in the message are maintained, but you don't have to
>suffer the images. This is keeping most of my users happy here.
>
>At 18:10 07/04/2003, you wrote:
> >Hi there!
> >
> >I was wondering if anyone had come up with a way to add a header or
> >perhaps prepend the subject line with something like {Porn?} based on the
> >language/content of an email?
> >
> >I want to be able to give our users something they can filter their mail
> >against if they don't want to receive ANY adult messages.
> >
> >Our customers like the ability to filter against {Spam?} in the subject
> >line for possible spam.
> >
> >Thanks!
> >
> >-Rich
>
>--
>Julian Field
>www.MailScanner.info
>Professional Support Services at www.MailScanner.biz
>MailScanner thanks transtec Computers for their support
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
From mailscanner at ecs.soton.ac.uk Tue Apr 8 08:55:05 2003
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:17:43 2006
Subject: ANNOUNCE: Version 4.14 released
In-Reply-To: <00a201c2fd6f$c0aaa040$3900a8c0@Daniel>
References: <5.2.0.9.2.20030404114833.04279048@imap.ecs.soton.ac.uk>
Message-ID: <5.2.0.9.2.20030408084742.03ec8900@imap.ecs.soton.ac.uk>
At 02:39 08/04/2003, you wrote:
>how do you check the correct version of mailscanner and spam assassin?
perl -MMail::SpamAssassin -le 'print $Mail::SpamAssassin::VERSION;'
grep MailScannerVersion /usr/sbin/MailScanner
>just recently i upgraded spam assassin to the latest version to avoid mails
>to be stuck due to mailscanner unable to send it out
>but i still got the problem yesterday.that's why i need to check whether it
>was upgraded correctly
>i am doing installing the latest version of mailscanner to avoid the old
>problem...
>hope it helps as the staff are gunning for my head coz their mails aren't
>sent "on time"
>
>----- Original Message -----
>From: "Julian Field"
>To:
>Sent: Friday, April 04, 2003 6:59 PM
>Subject: ANNOUNCE: Version 4.14 released
>
>
>I have just released MailScanner version 4.14.
>
>Major new features are:
>- Support for NOD32 1.99, F-Secure 4.50 and F-Prot 3.13.
>- Support for SAVI Perl module to completely avoid startup delays with
>Sophos scanner.
>- Support for quirks of SpamAssassin 2.50 - 2.53.
>- Fixed important bug in filename checking code causing it not to check
>long filenames properly. I strongly advise all 4.13 users to upgrade.
>
>People who should upgrade are:
> - Anyone running 4.13
> - Anyone using SpamAssassin 2.50-2.53
> - Anyone using F-Prot
> - Anyone using F-Secure
> - Anyone using NOD32
>
>Download it as usual from www.mailscanner.info
>
>And why not help to spread the word by buying a T-shirt while you are there?
>
>
>The full ChangeLog is this:
>
>* New Features and Improvements *
>
>- Added support for new (1.99) version of NOD32, using the "nod32-1.99"
> Virus Scanner setting, which has totally different output and different
> command-line switches from previous versions.
>- Added support for new (4.50) version of F-Secure. Involves a new f-secure-
> wrapper as well as new main code.
>- Added support for new version of F-Prot 3.13.
>- Added support for SAVI Perl module, using the "sophossavi" Virus Scanner
> setting. See the main docs for instructions on how to install the SAVI
> Perl module.
>- Signed and/or encrypted messages can now be signed without breaking the
> PGP/GPG signed portion of the message.
>- RAV support improved in Cobalt RaQ systems.
>- Added "Include Scanner Name In Reports" option to allow the virus scanner
> name to appear in the scanning reports.
>- "Debug SpamAssassin" option to help you sort out SpamAssassin problems.
>- "Exim Split Spool" option to support split mail queues with Exim.
>- Full support for quirks of SpamAssassin 2.5x.
>- Added optional support in f-prot-wrapper script to support tmpfs and
> ramdisks which F-Prot cannot use without assistance.
>- Better error reporting when compiling configuration files.
>- Improved OpenBSD installation and upgrading instructions.
>- Added check of location of all required system commands.
>- Improved wording of message to spam senders.
>- Increased max size of messages sent to SpamAssassin.
> Spam messages are getting bigger.
>- All variables in the supplied conf file are now set to something, even if
> just a blank value. This will make upgrade_MailScanner_conf work better.
>- Speeded up deletion of working area directories (thanks to Tony F for
>that).
>- No more reliance on hard-coded paths in SystemDefs.pm, this entire file is
> now obsolete.
>- Improved RedHat scripts to cope with glibc 2.3.x.
>
>* Fixes *
>
>- Fixed important bug in filename checking code causing it not to check
> long filenames properly. I strongly advise all 4.13 users to upgrade.
>- Changed setuid/setgid code so taint mode is not switched on.
>- Fixed various other issues kindly brought to my attention by Tony Finch
> at Cambridge Univ.
>- Fixed problem with deleting recipients from messages with Exim.
>- Fixed problem with headers being passed to SpamAssassin from Exim
>incorrectly.
>- Fixed problem when running internal TNEF decoder.
>- Fixed locking problems when SpamAssassin 2.50 times out.
>- Fixed "RBL Timeout 20 of 7" problem, and problem when no RBL's in use at
>all.
>- Fixed dont_copy_prefs option in call to SpamAssassin.
>--
>Julian Field
>www.MailScanner.info
>MailScanner thanks transtec Computers for their support
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
From mailscanner at ecs.soton.ac.uk Tue Apr 8 08:47:33 2003
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:17:43 2006
Subject: Porn msg identification?
In-Reply-To:
References: <5.2.0.9.2.20030407182200.021ff8e8@imap.ecs.soton.ac.uk>
Message-ID: <5.2.0.9.2.20030408084645.03ec8030@imap.ecs.soton.ac.uk>
At 01:48 08/04/2003, you wrote:
>Hmmm... I don't think that will satisfy my customers.
>
>The problem is the language as well as the images contained within porn
>spam.
>
>The issue with setting the scores very high is that some customers will
>want to receive "adult" emails while others don't want to receive any.
Which is why you can set the spam high score using a ruleset so that
different users get different scoring thresholds.
>If there was a generic way to build a ruleset to modify the subject line
>(or add/modify a header), that would probably take care of it! :)
>
>Any chance something like this could be in MailScanner's future? *hint
>hint* ;)
>
>-Rich
>
>On Mon, 7 Apr 2003, Julian Field wrote:
>
> > The problem of nasty porn spam can largely be solved with the "striphtml"
> > spam action, as it removes all images from spam. In case it's not really
> > spam, all the links in the message are maintained, but you don't have to
> > suffer the images. This is keeping most of my users happy here.
> >
> > At 18:10 07/04/2003, you wrote:
> > >Hi there!
> > >
> > >I was wondering if anyone had come up with a way to add a header or
> > >perhaps prepend the subject line with something like {Porn?} based on the
> > >language/content of an email?
> > >
> > >I want to be able to give our users something they can filter their mail
> > >against if they don't want to receive ANY adult messages.
> > >
> > >Our customers like the ability to filter against {Spam?} in the subject
> > >line for possible spam.
> > >
> > >Thanks!
> > >
> > >-Rich
> >
> > --
> > Julian Field
> > www.MailScanner.info
> > Professional Support Services at www.MailScanner.biz
> > MailScanner thanks transtec Computers for their support
> >
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
From danieltan at shopnsave.com.sg Tue Apr 8 10:51:13 2003
From: danieltan at shopnsave.com.sg (Daniel Tan)
Date: Thu Jan 12 21:17:43 2006
Subject: ANNOUNCE: Version 4.14 released
References:
Message-ID: <040801c2fdb4$64c3f660$3900a8c0@Daniel>
the reason why i am ugrading is due to the fact that spamassassin 2.50 has
problems with mailscanner...
it seems like doing spamassassin --version is still at 2.50...although i
have already upgraded....now still to find out why it did not upgrade
----- Original Message -----
From: "Raymond Dijkxhoorn"
To:
Sent: Tuesday, April 08, 2003 3:49 PM
Subject: Re: ANNOUNCE: Version 4.14 released
Hello Daniel,
> how do you check the correct version of mailscanner and spam assassin?
> just recently i upgraded spam assassin to the latest version to avoid
mails
> to be stuck due to mailscanner unable to send it out
> but i still got the problem yesterday.that's why i need to check whether
it
For Spam Assasin:
[root@master .spamassassin]# spamassassin --version
SpamAssassin version 2.53
For Mailscanner, it prints the version number also in your maillog when
starting up, so have a look there.
> hope it helps as the staff are gunning for my head coz their mails aren't
> sent "on time"
Can you be a bit more specific ?
Bye,
Raymond.
From danieltan at shopnsave.com.sg Tue Apr 8 10:54:08 2003
From: danieltan at shopnsave.com.sg (Daniel Tan)
Date: Thu Jan 12 21:17:43 2006
Subject: ANNOUNCE: Version 4.14 released
References:
Message-ID: <040c01c2fdb4$cc510e80$3900a8c0@Daniel>
oh ya...1 more thing...maillog did not show mailscanner version at all....
Apr 8 17:51:33 mail MailScanner[24342]: New Batch: Scanning 1 message,
2131 bytes
----- Original Message -----
From: "Raymond Dijkxhoorn"
To:
Sent: Tuesday, April 08, 2003 3:49 PM
Subject: Re: ANNOUNCE: Version 4.14 released
Hello Daniel,
> how do you check the correct version of mailscanner and spam assassin?
> just recently i upgraded spam assassin to the latest version to avoid
mails
> to be stuck due to mailscanner unable to send it out
> but i still got the problem yesterday.that's why i need to check whether
it
For Spam Assasin:
[root@master .spamassassin]# spamassassin --version
SpamAssassin version 2.53
For Mailscanner, it prints the version number also in your maillog when
starting up, so have a look there.
> hope it helps as the staff are gunning for my head coz their mails aren't
> sent "on time"
Can you be a bit more specific ?
Bye,
Raymond.
From raymond at PROLOCATION.NET Tue Apr 8 10:57:30 2003
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:17:43 2006
Subject: ANNOUNCE: Version 4.14 released
In-Reply-To: <040c01c2fdb4$cc510e80$3900a8c0@Daniel>
Message-ID:
Hi!
> oh ya...1 more thing...maillog did not show mailscanner version at all....
>
> Apr 8 17:51:33 mail MailScanner[24342]: New Batch: Scanning 1 message,
> 2131 bytes
If you START or RESTART mailscanner it will...
But as Julian suggested you could also grep the version number from the
mailscanner itself.
Bye,
Raymond.
From vanhorn at whidbey.com Tue Apr 8 10:57:41 2003
From: vanhorn at whidbey.com (G. Armour Van Horn)
Date: Thu Jan 12 21:17:43 2006
Subject: New RBL to add (NJABL)
References: <200304071300.16625.linux@mostert.nom.za>
Message-ID: <3E929D15.140E5E28@whidbey.com>
Greetings,
I just learned of a new RBL that sounds reasonable, and is currently free, at
njabl.org. Has anyone incorporated that in spam.lists.conf, and if so, will you
share the lines you added?
Van
--
----------------------------------------------------------
Sign up now for Quotes of the Day, a handful of quotations
on a theme delivered every morning.
Enlightenment! Daily, for free!
mailto:twisted@whidbey.com?subject=Subscribe_QOTD
For web hosting and maintenance,
visit Van's home page: http://www.domainvanhorn.com/van/
----------------------------------------------------------
From vanhorn at whidbey.com Tue Apr 8 11:00:47 2003
From: vanhorn at whidbey.com (G. Armour Van Horn)
Date: Thu Jan 12 21:17:43 2006
Subject: Bayes setup
Message-ID: <3E929DCF.1CBA0BD0@whidbey.com>
Greetings:
I am running SpamAssassin 2.52 in MailScanner, and I've also been
following the discussions of the SpamBayes project fairly closely for
some months. One of the crucial elements of Bayesian detection is
training, but I don't see any place that documents how to get ham and
spam messages routed back to the server for training.
Is there some documentation? Am I just missing it by installing
SpamAssassin from cpan and MailScanner from RPMs?
Van
--
----------------------------------------------------------
Sign up now for Quotes of the Day, a handful of quotations
on a theme delivered every morning.
Enlightenment! Daily, for free!
mailto:twisted@whidbey.com?subject=Subscribe_QOTD
For web hosting and maintenance,
visit Van's home page: http://www.domainvanhorn.com/van/
----------------------------------------------------------
From dh at UPTIME.AT Tue Apr 8 11:11:27 2003
From: dh at UPTIME.AT (David)
Date: Thu Jan 12 21:17:43 2006
Subject: New Batch found xx Messages counter still broken ?
Message-ID: <76210F79-69AA-11D7-9325-000393920D6C@uptime.at>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Hi..
I know there was some discussion about this way back.
I just noticed, that the counter across MailScanner childs does not
seem to take in account how many messages are allready currently
processed.
So Child A says
New Batch found 11 Messages
Scanning x messages
and a second later the next child still says it found 11 messages
(maybe because the queuefile count is 11? )
is that normal, a bug, or simply idiot operator ?= ;) (namely me)
- -d
- -----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCC d+ s: a-- C+ UB++++ P+ L++ E--- W N+ o+++ K w--
O M+ V++ PS PE Y++ PGP++++ t+ 5 X- R+ tv-- b++++ DI D+
G e++++ h+ r++ y++
- ------END GEEK CODE BLOCK------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (Darwin)
iD8DBQE+kqBTiW/Ta/pxHPQRAyuFAJ987X4B5QkLB87+iKs6WinxqBbytwCgzdsd
NWKhuP8omtWgslf7RLcQqA8=
=f89/
-----END PGP SIGNATURE-----
From mike at ZANKER.ORG Tue Apr 8 11:23:41 2003
From: mike at ZANKER.ORG (Mike Zanker)
Date: Thu Jan 12 21:17:43 2006
Subject: New RBL to add (NJABL)
In-Reply-To: <3E929D15.140E5E28@whidbey.com>
References: <200304071300.16625.linux@mostert.nom.za>
<3E929D15.140E5E28@whidbey.com>
Message-ID: <70795734.1049801021@mallard.open.ac.uk>
On 08 April 2003 02:57 -0700 "G. Armour Van Horn"
wrote:
> I just learned of a new RBL that sounds reasonable, and is currently
> free, at njabl.org. Has anyone incorporated that in spam.lists.conf,
> and if so, will you share the lines you added?
You need something like:
NJABL dnsbl.njabl.org.
Mike.
From mike at ZANKER.ORG Tue Apr 8 11:29:42 2003
From: mike at ZANKER.ORG (Mike Zanker)
Date: Thu Jan 12 21:17:43 2006
Subject: New RBL to add (NJABL) (fwd)
Message-ID: <71156312.1049801382@mallard.open.ac.uk>
...and then add NJABL to the "Spam List = " line in MailScanner.conf.
Mike.
---------- Forwarded Message ----------
Date: 08 April 2003 11:23 +0100
From: Mike Zanker
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: New RBL to add (NJABL)
On 08 April 2003 02:57 -0700 "G. Armour Van Horn"
wrote:
> I just learned of a new RBL that sounds reasonable, and is currently
> free, at njabl.org. Has anyone incorporated that in spam.lists.conf,
> and if so, will you share the lines you added?
You need something like:
NJABL dnsbl.njabl.org.
Mike.
---------- End Forwarded Message ----------
From jonathan.stanton at FREECOM.NET Tue Apr 8 12:32:56 2003
From: jonathan.stanton at FREECOM.NET (Jonathan Stanton)
Date: Thu Jan 12 21:17:43 2006
Subject: Signed messages.
Message-ID: <01a301c2fdc2$99ed6570$0971e20a@benny>
Since the digital sig protects all message via a checksum and any
modification of message (body) will cause a change in checksum maybe the
answer to this is to have an option in the config "DONOTSIGNSIGNED" flag.
If the message is clean then you don't sign the message (this is a bit
like the "Sign Clean Messages" flag which I have to use a rule-set for all
the people I know that have Digital Certs) This would make it alot
easier. Any possibility?
Regards
Jonathan
Jonathan Stanton
Freecom.net (UK ISP)
-------
I'm not in denial. I'm just selective about the reality I accept.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3273 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030408/8c15ce04/smime.bin
From mailscanner at ecs.soton.ac.uk Tue Apr 8 14:35:16 2003
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:17:43 2006
Subject: Bayes setup
In-Reply-To: <3E929DCF.1CBA0BD0@whidbey.com>
Message-ID: <5.2.0.9.2.20030408142846.04af7f88@imap.ecs.soton.ac.uk>
At 11:00 08/04/2003, you wrote:
>Greetings:
>
>I am running SpamAssassin 2.52 in MailScanner, and I've also been
>following the discussions of the SpamBayes project fairly closely for
>some months. One of the crucial elements of Bayesian detection is
>training, but I don't see any place that documents how to get ham and
>spam messages routed back to the server for training.
>
>Is there some documentation? Am I just missing it by installing
>SpamAssassin from cpan and MailScanner from RPMs?
There are 2 parts to the answer to this:
1) You can set up a "spam" and a "notspam" email address for people to dump
wrongly categorised mail into. You then use sa-learn once every hour (or
day) to teach SpamAssassin about the messages it got wrong. I have already
posted a script to do this to this list, but have attached it again for you.
2) SpamAssassin is unique in being able to "auto-learn", i.e. teach itself.
It uses its other traditional rules to produce a score for each message. If
the score is very high (i.e. definitely spam) or very low (i.e. definitely
ham) then it feeds the message back into the learning code for the Bayes
engine. It only starts using the Bayes engine output as part of the overall
message score once it has auto-learned about 600 messages (I might well be
wrong on that figure, but it's a few hundred).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: learn.spam
Type: application/octet-stream
Size: 748 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030408/30c90012/learn.obj
-------------- next part --------------
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
From mailscanner at ecs.soton.ac.uk Tue Apr 8 14:40:44 2003
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:17:43 2006
Subject: New Batch found xx Messages counter still broken ?
In-Reply-To: <76210F79-69AA-11D7-9325-000393920D6C@uptime.at>
Message-ID: <5.2.0.9.2.20030408143532.04b17438@imap.ecs.soton.ac.uk>
At 11:11 08/04/2003, you wrote:
>I know there was some discussion about this way back.
>I just noticed, that the counter across MailScanner childs does not
>seem to take in account how many messages are allready currently
>processed.
>
>So Child A says
>
>New Batch found 11 Messages
>Scanning x messages
>
>and a second later the next child still says it found 11 messages
>(maybe because the queuefile count is 11? )
>
>is that normal, a bug, or simply idiot operator ?= ;) (namely me)
That is quite normal, and intentional. It looks through the queue counting
the number of messages in there (hence the "11") then tries to get
exclusive control over each message in turn. But it only gets control over
some of them (hence the "x").
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
From mailscanner at ecs.soton.ac.uk Tue Apr 8 14:27:24 2003
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:17:43 2006
Subject: ANNOUNCE: Version 4.14 released
In-Reply-To: <040801c2fdb4$64c3f660$3900a8c0@Daniel>
References:
Message-ID: <5.2.0.9.2.20030408142512.03dc91a8@imap.ecs.soton.ac.uk>
At 10:51 08/04/2003, you wrote:
>the reason why i am ugrading is due to the fact that spamassassin 2.50 has
>problems with mailscanner...
>it seems like doing spamassassin --version is still at 2.50...although i
>have already upgraded....now still to find out why it did not upgrade
But what did
perl -MMail::SpamAssassin -le 'print $Mail::SpamAssassin::VERSION;'
say?
That's checking the version of SpamAssassin you really have installed where
perl is looking for it, not just some version you happen to have unpacked
in another directory.
>----- Original Message -----
>From: "Raymond Dijkxhoorn"
>To:
>Sent: Tuesday, April 08, 2003 3:49 PM
>Subject: Re: ANNOUNCE: Version 4.14 released
>
>
>Hello Daniel,
>
> > how do you check the correct version of mailscanner and spam assassin?
> > just recently i upgraded spam assassin to the latest version to avoid
>mails
> > to be stuck due to mailscanner unable to send it out
> > but i still got the problem yesterday.that's why i need to check whether
>it
>
>For Spam Assasin:
>
>[root@master .spamassassin]# spamassassin --version
>SpamAssassin version 2.53
>
>For Mailscanner, it prints the version number also in your maillog when
>starting up, so have a look there.
>
> > hope it helps as the staff are gunning for my head coz their mails aren't
> > sent "on time"
>
>Can you be a bit more specific ?
>
>Bye,
>Raymond.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
From mailscanner at ecs.soton.ac.uk Tue Apr 8 15:01:04 2003
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:17:43 2006
Subject: RedHat 9
Message-ID: <5.2.0.9.2.20030408150015.03dbe950@imap.ecs.soton.ac.uk>
Just remembered to let you folks know that, as far as I can see,
MailScanner works fine with RedHat 9.
I've had it running here for quite a few days now, and it seems happy enough.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
From isp-list at TULSACONNECT.COM Tue Apr 8 16:06:40 2003
From: isp-list at TULSACONNECT.COM (ISP List)
Date: Thu Jan 12 21:17:43 2006
Subject: Bayes setup
In-Reply-To: <5.2.0.9.2.20030408142846.04af7f88@imap.ecs.soton.ac.uk>
References: <3E929DCF.1CBA0BD0@whidbey.com>
Message-ID: <5.2.1.1.2.20030408100542.047271f8@securemail.tulsaconnect.com>
>There are 2 parts to the answer to this:
>
>1) You can set up a "spam" and a "notspam" email address for people to dump
>wrongly categorised mail into. You then use sa-learn once every hour (or
>day) to teach SpamAssassin about the messages it got wrong. I have already
>posted a script to do this to this list, but have attached it again for you.
>
>2) SpamAssassin is unique in being able to "auto-learn", i.e. teach itself.
>It uses its other traditional rules to produce a score for each message. If
>the score is very high (i.e. definitely spam) or very low (i.e. definitely
>ham) then it feeds the message back into the learning code for the Bayes
>engine. It only starts using the Bayes engine output as part of the overall
>message score once it has auto-learned about 600 messages (I might well be
>wrong on that figure, but it's a few hundred).
Probably would be useful to write up a quick web page that has this script
and explanation, as I expect this question will continue to get asked..
-------------------------------------
Mike Bacher / mike@sparklogic.com
Use OptiGold ISP? Check out OptiSkin!
http://www.sparklogic.com/optiskin/
-------------------------------------
From mailscanner at ecs.soton.ac.uk Tue Apr 8 16:27:31 2003
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:17:43 2006
Subject: Bayes setup
In-Reply-To: <5.2.1.1.2.20030408100542.047271f8@securemail.tulsaconnect. com>
References: <5.2.0.9.2.20030408142846.04af7f88@imap.ecs.soton.ac.uk>
<3E929DCF.1CBA0BD0@whidbey.com>
Message-ID: <5.2.0.9.2.20030408162710.035e0a40@imap.ecs.soton.ac.uk>
At 16:06 08/04/2003, you wrote:
>>There are 2 parts to the answer to this:
>>
>>1) You can set up a "spam" and a "notspam" email address for people to dump
>>wrongly categorised mail into. You then use sa-learn once every hour (or
>>day) to teach SpamAssassin about the messages it got wrong. I have already
>>posted a script to do this to this list, but have attached it again for you.
>>
>>2) SpamAssassin is unique in being able to "auto-learn", i.e. teach itself.
>>It uses its other traditional rules to produce a score for each message. If
>>the score is very high (i.e. definitely spam) or very low (i.e. definitely
>>ham) then it feeds the message back into the learning code for the Bayes
>>engine. It only starts using the Bayes engine output as part of the overall
>>message score once it has auto-learned about 600 messages (I might well be
>>wrong on that figure, but it's a few hundred).
>
>Probably would be useful to write up a quick web page that has this script
>and explanation, as I expect this question will continue to get asked..
Which is why the Faq-o-matic is there, so you can write one :-)
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
From lists at STHOMAS.NET Tue Apr 8 17:04:51 2003
From: lists at STHOMAS.NET (Steve Thomas)
Date: Thu Jan 12 21:17:43 2006
Subject: Deleting all Messages with a specific address in the "To:" field....
In-Reply-To: ; from
richard_cipher@YAHOO.COM on Mon, Apr 07, 2003 at 12:48:28PM -0600
References:
Message-ID: <20030408090451.A2346@sthomas.net>
On Mon, Apr 07, 2003 at 12:48:28PM -0600, Evert Ford is rumored to have said:
> ?
> Is the ISP forward what's making this not work? Any Ideas? If I use
> sendmail to delete it, it induces latency, and fetchmail dies
> ?
> I am using fetchmail version 6.2, sendmail version 8.12-7 and MailScanner
> 4.14 on a Redhat Linux 7.2 system
Is procmail in that mix somewhere?
:0
* ^TO_myold@addr.ess
/dev/null
--
Steve Thomas
steve +at+ sthomas -dot- net
----------------------------------------------------------
"...subatomic matter in a particle accelerator that exists
for only a few microseconds seems to exhibit more uptime
than the RIAA's website."
-- Andrew Orlowski
TheRegister.co.uk
From raymond at PROLOCATION.NET Tue Apr 8 17:59:01 2003
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:17:44 2006
Subject: AMaViS-ng 0.1.6.x and postfix: possible open relay and mail loss (fwd)
Message-ID:
Hi!
Naturally nobody on the list uses Amavis anymore but just in
case you see it happening:
---------- Forwarded message ----------
Date: Mon, 7 Apr 2003 14:23:47 +0200
From: Phil Cyc
Subject: AMaViS-ng 0.1.6.x and postfix: possible open relay and mail loss
Hi everyone -
with postfix using AMaViS-ng 0.1.6.x (tested: 0.1.6.2 and 0.1.6.3; 0.1.4.x is
not vulnerable), all email gets forwarded to the address specified by the
"To:" header line, ignoring the real recipient given via "RCPT TO:".
Possible exploit:
--%snip%--
#> telnet somemx.domain.tld 25
(220 somemx.domain.tld ESMTP Postfix)
helo amavis-ng
(250 somemx.domain.tld)
mail from:userX@domainX.tld
(250 ok)
rcpt to:userY@domain.tld
(250 ok)
data
(354 End data with .)
From: userX@domainX.tld
To: userZ@domainZ.tld
Subject: AMaViS-ng 0.1.6.x bug
.
(250 Ok: queued as ...)
quit
(221 Bye)
--%snip%--
Requirements: The mx (somemx.domain.tld) having postfix and AMaViS-ng 0.1.6.x
installed must accept emails for userY@domain.tld.
What does it to:
userX@domainX.tld is sending an email to userY@domain.tld. The header of this
email contains "To: userZ@domain.tld". AMaViS-ng seems to parse the header
and forwards the email to userZ@domain.tld. userY@domain.tld does not get
this email.
As many postfix users trust their localhost (no restrictions for localhost),
it is possible to relay an email or a spam mail this way.
configuration files (relevant parts):
# $postfix/master.cf
smtp inet n - n - - smtpd -o content_filter=filter:
filter unix - n n - - pipe
flags=Rq user=mail argv=/usr/bin/amavis ${sender} -- ${recipient}
# end of master.cf
# $amavis-ng/amavis.conf
[global]
mail-transfer-agent = Postfix
[Postfix]
postfix = /usr/sbin/sendmail
args = -i -f
# end of amavis.conf
There is no problem with AMaViS == 0.1.4.x
Kind regards,
Phil Cyc
From ralloway at WINBEAM.COM Tue Apr 8 18:10:19 2003
From: ralloway at WINBEAM.COM (Richard D Alloway)
Date: Thu Jan 12 21:17:44 2006
Subject: Porn msg identification?
In-Reply-To: <5.2.0.9.2.20030408084645.03ec8030@imap.ecs.soton.ac.uk>
Message-ID:
Thanks for everyone's input for my problem, but I think the goal I am
trying to work towards is being lost in translation :)
What I think would be a great feature is to allow custom rulesets. The
more I think about it, the more I think being able to create a customer
header for the custom ruleset would be the way to go.
I imagine it working just like the Spam Score Header.
Based on the score from the ruleset file (in my case, I'd create an adult
language file) with scores per word, a custom header could be created
which shows the "severity" of the language:
Custom Score Header = X-MailScanner-Maturity:
Custom Score Header = A
Custom Score Ruleset = /etc/MailScanner/rules/Maturity.rules
/etc/MailScanner/rules/Maturity.rules could contain:
frick 1
frack 5
Then, a message which contains the word 'frick' 3 times and 'frack' once
would have a score of 8, so a header of:
X-MailScanner-Maturity = AAAAAAAA
A customer who wishes to never receive emails with any of the words in the
list can filter on the X-MailScanner-Maturity header containing 'A'.
A customer who wishes to receive mildly mature emails can filter on the
X-MailScanner-Maturity header containing 'AAAA', and so on...
This way, the email is delivered to the customer and the customer has the
option of deleting, moving to another folder, or doing nothing with the
email.
The reason I can't use the high score action, etc is that we delete spam
with a high score.
As an ISP, we do not force adult/mature content filtering on our
customers, but would like to offer a solution that empowers the end user
to decide the level of filtering.
Thanks for hearing me out...again :)
-Rich
On Tue, 8 Apr 2003, Julian Field wrote:
> At 01:48 08/04/2003, you wrote:
> >Hmmm... I don't think that will satisfy my customers.
> >
> >The problem is the language as well as the images contained within porn
> >spam.
> >
> >The issue with setting the scores very high is that some customers will
> >want to receive "adult" emails while others don't want to receive any.
>
> Which is why you can set the spam high score using a ruleset so that
> different users get different scoring thresholds.
>
> >If there was a generic way to build a ruleset to modify the subject line
> >(or add/modify a header), that would probably take care of it! :)
> >
> >Any chance something like this could be in MailScanner's future? *hint
> >hint* ;)
> >
> >-Rich
> >
> >On Mon, 7 Apr 2003, Julian Field wrote:
> >
> > > The problem of nasty porn spam can largely be solved with the "striphtml"
> > > spam action, as it removes all images from spam. In case it's not really
> > > spam, all the links in the message are maintained, but you don't have to
> > > suffer the images. This is keeping most of my users happy here.
> > >
> > > At 18:10 07/04/2003, you wrote:
> > > >Hi there!
> > > >
> > > >I was wondering if anyone had come up with a way to add a header or
> > > >perhaps prepend the subject line with something like {Porn?} based on the
> > > >language/content of an email?
> > > >
> > > >I want to be able to give our users something they can filter their mail
> > > >against if they don't want to receive ANY adult messages.
> > > >
> > > >Our customers like the ability to filter against {Spam?} in the subject
> > > >line for possible spam.
> > > >
> > > >Thanks!
> > > >
> > > >-Rich
> > >
> > > --
> > > Julian Field
> > > www.MailScanner.info
> > > Professional Support Services at www.MailScanner.biz
> > > MailScanner thanks transtec Computers for their support
> > >
>
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
>
From richard_cipher at YAHOO.COM Tue Apr 8 18:10:54 2003
From: richard_cipher at YAHOO.COM (Evert Ford)
Date: Thu Jan 12 21:17:44 2006
Subject: Deleting all Messages with a specific address in the "To:" field....
In-Reply-To: <20030408090451.A2346@sthomas.net>
References:
<20030408090451.A2346@sthomas.net>
Message-ID:
On Tue, 8 Apr 2003 09:04:51 -0700, Steve Thomas wrote:
> On Mon, Apr 07, 2003 at 12:48:28PM -0600, Evert Ford is rumored to have
> said:
>> ?
>> Is the ISP forward what's making this not work? Any Ideas? If I use
>> sendmail to delete it, it induces latency, and fetchmail dies
>> ?
>> I am using fetchmail version 6.2, sendmail version 8.12-7 and
>> MailScanner 4.14 on a Redhat Linux 7.2 system
>
> Is procmail in that mix somewhere?
>
> :0
> * ^TO_myold@addr.ess
> /dev/null
>
>
That should do the trick...I somehow forgot about procmail, and it won't
make fetchmail die because of latency in sendmail, and I don't have to
worry about the "To:" not matching the envelope.
Excellent suggestion!
Evert Ford
Westone Laboratories
www.westone.com
From mailscanner at ecs.soton.ac.uk Tue Apr 8 18:12:23 2003
From: mailscanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:17:44 2006
Subject: AMaViS-ng 0.1.6.x and postfix: possible open relay and mail loss (fwd)
In-Reply-To:
Message-ID: <5.2.0.9.2.20030408181135.0257b008@imap.ecs.soton.ac.uk>
Am I allowed to sound smug and say "this is exactly why MailScanner doesn't
get involved in SMTP provision or message delivery"...
At 17:59 08/04/2003, you wrote:
>Hi!
>
>Naturally nobody on the list uses Amavis anymore