From mailscanner at ecs.soton.ac.uk Wed Jan 1 11:48:50 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:48 2006 Subject: ANNOUNCE: Version 3.27 and 4.11 Message-ID: <5.2.0.9.2.20030101113005.02098d90@imap.ecs.soton.ac.uk> Happy New Year everyone! I have just released updated versions of both V3 and V4. The only change for V3 is an important security fix, which you can easily apply without upgrading if you don't want to. See the ChangeLog below for details. There are many improvements and changes for V4. A few of them are: - Security fix is included - Modify Subject: line to show a message has been scanned - Stop MailScanner replying to mailing lists that send it viruses - Quarantine-cleaning script included - Virus scanner update cron job replaced by global updater script - Full installation instructions for FreeBSD - Improved AntiVir, Sophos, F-Prot and F-Secure parsers Also, in the spirit of Perl tradition, there is now a MailScanner Poetry page for all you closet bards out there. Contributions are most welcome :-) It can all be downloaded as usual from www.mailscanner.info For completeness, here is the entry from the ChangeLog for V4.11: *Security* - *** Important Security Fix *** You must edit the "sendmail -bd ..." command in your init script and add -OPrivacyOptions=noetrn as otherwise people could maliciously bypass MailScanner on servers that are under heavy load. It is *vital* that you protect yourself with this change. However, please note there have been no reports at all of this problem being actively exploited. It is included in the init scripts that are part of the RPM distributions, so RPM users just need to upgrade to the latest mailscanner*rpm. *New Features and Improvements* - Added 2 more configuration options to modify the subject line whenever a message is scanned (but no other subject line changes have happened) so it is obvious to all that the message has been scanned. By default this will (if enabled) add "{Scanned}" to the end of the Subject: line. - Added "Never Notify Senders Of Precedence" configuration option so that you can stop MailScanner replying to postings to mailing lists and other bulk mail. - A modified version of Steve Patterson's "clean.quarantine" script is included as a daily cron job. It is disabled by default. Edit it to see how to enable it. If you edit it, it will not be over-written by later upgrades to MailScanner. - Written an update_virus_scanners script which updates all installed scanners. This is called hourly, as daily wasn't often enough and RedHat don't offer anything between hourly and daily. - Implemented full support for BSD with installation instructions based on the tar distribution. - Added Swedish translation of all reports. - Added Spanish and Slovak translation of language strings. - Added wrapper script for inoculan. - Added an AntiVir autoupdate script. - Improved AntiVir parser to handle new output format. - Sophos parser improved to detect Sophos complaining about being given 1 part of a multi-part archive. Gets flagged as a virus. - F-Prot and F-Secure parsers improved to handle unusual virus names and quieter handling of archives containing infected files. - Added "$filename" variable expansion in sender warnings. Used it in the English versions of the sender warnings. - Completely new daemonising code to fix problems with ssh sessions refusing to die. - Added "startin" and "startout" parameters to init.d scripts for RedHat and SuSE. - Improved error reporting slightly in configuration compiler. - Spam logging now includes the recipient domains as well as the sender. - Incoming Queue Dirs can now be a file listing directories which include wildcards. - Added the message's subject line to the sender spam reports. - Added a "sleep 5" in between the stop and start in "restart" in the init.d script. - Creates quarantine directories as required. - Added link checking in code for finding incoming queue dirs. - Added note for McAfee users about avoiding symlinks with anything even remotely connected to McAfee itself. - Added "Poetry" page to the web site for Nick's idle thoughts... *Fixes* - Fixed problem of orphaned queue files being left in incoming queue when MailScanner child processes are killed half-way through clearing a message. - Fixed file locking code in Config.pm so Exim users do not have to have the config files owned by exim.exim instead of root.root. - Fixed Exim missing-characters-from-start-of-message bug. - Fixed SpamAssassin "timeout 260 of 20" counter bug. - Fixed EximDiskStore file locking bug. - Fixed bug where unscanned messages are not properly archived if not archiving as raw queue files. - Fixed bug stopping Exim collecting large message batches. - Changed default virus scanner from "sophos" to "none". -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mike at ZANKER.ORG Wed Jan 1 11:55:41 2003 From: mike at ZANKER.ORG (Mike Zanker) Date: Thu Jan 12 21:16:48 2006 Subject: ANNOUNCE: Version 3.27 and 4.11 In-Reply-To: <5.2.0.9.2.20030101113005.02098d90@imap.ecs.soton.ac.uk> References: <5.2.0.9.2.20030101113005.02098d90@imap.ecs.soton.ac.uk> Message-ID: <137044629.1041422141@jemima.zanker.org> On 01 January 2003 11:48 +0000 Julian Field wrote: > Happy New Year everyone! And you... > I have just released updated versions of both V3 and V4. Thanks - I assume that only the mailscanner rpm for version 4 has changed and that the support packages are unchanged? Thanks, Mike. From mailscanner at ecs.soton.ac.uk Wed Jan 1 11:59:32 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:48 2006 Subject: ANNOUNCE: Version 3.27 and 4.11 In-Reply-To: <137044629.1041422141@jemima.zanker.org> References: <5.2.0.9.2.20030101113005.02098d90@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030101113005.02098d90@imap.ecs.soton.ac.uk> Message-ID: <5.2.0.9.2.20030101115837.03256e88@imap.ecs.soton.ac.uk> At 11:55 01/01/2003, you wrote: >>I have just released updated versions of both V3 and V4. > >Thanks - I assume that only the mailscanner rpm for version 4 has >changed and that the support packages are unchanged? Yes, correct. Sorry, I should have said that... -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From paul at ESPMAIL.CO.UK Wed Jan 1 13:11:17 2003 From: paul at ESPMAIL.CO.UK (Paul Welsh) Date: Thu Jan 12 21:16:48 2006 Subject: ANNOUNCE: Version 3.27 and 4.11 References: <5.2.0.9.2.20030101113005.02098d90@imap.ecs.soton.ac.uk> Message-ID: <001b01c2b197$484a4480$57e030d5@espmail> ----- Original Message ----- From: "Julian Field" To: Sent: 01 January 2003 11:48 Subject: ANNOUNCE: Version 3.27 and 4.11 > The only change for V3 is an important security fix, which you can easily > apply without upgrading if you don't want to. See the ChangeLog below for > details. > > - *** Important Security Fix *** > > You must edit the "sendmail -bd ..." command in your init script and add > -OPrivacyOptions=noetrn Happy New Year Julian. I have a raq3 and ETRN is disabled by default in the raq3 Sendmail configuration. Is this change therefore necessary? From joe at QITC.CO.UK Wed Jan 1 13:27:03 2003 From: joe at QITC.CO.UK (Joe Quinn) Date: Thu Jan 12 21:16:48 2006 Subject: ANNOUNCE: Version 3.27 and 4.11 A couple of questions References: <5.2.0.9.2.20030101113005.02098d90@imap.ecs.soton.ac.uk> Message-ID: <009a01c2b199$78e71d00$ed876751@T20> Hi, I just upgraded a RaQ4 and have a couple of questions; I would normally execute the following command to stop MailScanner; /etc/rc.d/init.d/MailScanner stop then check with; ps -auxw | grep -i mail just to make sure everything has stopped before restarting with; /etc/rc.d/init.d/MailScanner start However after the upgrade there are a few instances of mailscanner that won't shut down, should I just kill them? As I host loads of RaQs for customers, is there a way of determining which version of MailScanner is running, as sometimes I forget which RaQs have been updated? Perhaps something like; /etc/rc.d/init.d/MailScanner -V Next question, you say the autoupdate script has been changed, can I delete; f-prot.autoupdate -> /usr/lib/MailScanner/f-prot-autoupdate in the cron.daily directory? Also, when I manually execute; /etc/cron.daily/f-prot.autoupdate I would get an out put similar to; FTP address for retrieving files is ftp://eu-3.updates.f-prot.com/pub/ File SIGN.DEF is already up to date. File SIGN2.DEF is already up to date. File MACRO.DEF is already up to date. Nothing to be done. so I knew it was working OK but now if I try; /etc/cron.hourly/check_MailScanner I don't get any indication of whether it worked or not? Happy New Year to all :-) Joe Quinn, QITC Internet Solutions (joe@qitc.co.uk) Cisco re-seller, Cobalt Sapphire Partner. www.qitc.net/stocklist Web Site Hosting, Server Hosting, Co-location. Tel: (UK) +44 776 737 1234 From mike at ZANKER.ORG Wed Jan 1 13:43:34 2003 From: mike at ZANKER.ORG (Mike Zanker) Date: Thu Jan 12 21:16:48 2006 Subject: Version 4.11 wrapper scripts Message-ID: <143518118.1041428614@jemima.zanker.org> Just in case anyone else gets caught out, all the wrapper scripts have changed to support the new hourly update script and will be installed with an .rpmnew postfix (if you install the RPM version). You have to replace the previous one(s) by hand. It wasn't until cron mailed me a load of error messages that I noticed this :) Mike. From mailscanner at ecs.soton.ac.uk Wed Jan 1 14:29:44 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:48 2006 Subject: ANNOUNCE: Version 3.27 and 4.11 In-Reply-To: <001b01c2b197$484a4480$57e030d5@espmail> References: <5.2.0.9.2.20030101113005.02098d90@imap.ecs.soton.ac.uk> Message-ID: <5.2.0.9.2.20030101142842.03325b50@imap.ecs.soton.ac.uk> At 13:11 01/01/2003, you wrote: >----- Original Message ----- >From: "Julian Field" >To: >Sent: 01 January 2003 11:48 >Subject: ANNOUNCE: Version 3.27 and 4.11 > > > > The only change for V3 is an important security fix, which you can >easily > > apply without upgrading if you don't want to. See the ChangeLog below >for > > details. > > > > - *** Important Security Fix *** > > > > You must edit the "sendmail -bd ..." command in your init script >and add > > -OPrivacyOptions=noetrn > >Happy New Year Julian. I have a raq3 and ETRN is disabled by default in >the raq3 Sendmail configuration. Is this change therefore necessary? No. The key thing is to make sure that ETRN is disabled by any means necessary. My suggested change is just the easiest way of doing it on most systems. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Wed Jan 1 14:36:27 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:48 2006 Subject: Version 4.11 wrapper scripts In-Reply-To: <143518118.1041428614@jemima.zanker.org> Message-ID: <5.2.0.9.2.20030101143501.0328be50@imap.ecs.soton.ac.uk> At 13:43 01/01/2003, you wrote: >Just in case anyone else gets caught out, all the wrapper scripts have >changed to support the new hourly update script and will be installed >with an .rpmnew postfix (if you install the RPM version). You have to >replace the previous one(s) by hand. Well spotted. They are carefully marked to *not* overwrite in case you have changed them. But in this instance you do need to replace all your old ones with the new ones that support the optional "-IsItInstalled" command-line switch. >It wasn't until cron mailed me a load of error messages that I noticed >this :) Thankyou for pointing this out. I'll add a note to the downloads web page. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Wed Jan 1 14:34:45 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:48 2006 Subject: ANNOUNCE: Version 3.27 and 4.11 A couple of questions In-Reply-To: <009a01c2b199$78e71d00$ed876751@T20> References: <5.2.0.9.2.20030101113005.02098d90@imap.ecs.soton.ac.uk> Message-ID: <5.2.0.9.2.20030101142959.0325bea8@imap.ecs.soton.ac.uk> At 13:27 01/01/2003, you wrote: >I just upgraded a RaQ4 and have a couple of questions; >I would normally execute the following command to stop MailScanner; >/etc/rc.d/init.d/MailScanner stop >then check with; >ps -auxw | grep -i mail >just to make sure everything has stopped before restarting with; >/etc/rc.d/init.d/MailScanner start > >However after the upgrade there are a few instances of mailscanner that >won't shut down, should I just kill them? Yes. >As I host loads of RaQs for customers, is there a way of determining which >version of MailScanner is running, as sometimes I forget which RaQs have >been updated? Perhaps something like; > >/etc/rc.d/init.d/MailScanner -V There isn't at the moment (you need to look for the startup message in the logs, using something like fgrep "Virus Scanner version" /var/log/maillog If it is installed with RPM, you can of course just do rpm -q mailscanner >Next question, you say the autoupdate script has been changed, can I delete; > >f-prot.autoupdate -> /usr/lib/MailScanner/f-prot-autoupdate > >in the cron.daily directory? Yes. You should find the new one in the cron.hourly directory. >Also, when I manually execute; > >/etc/cron.daily/f-prot.autoupdate > >I would get an out put similar to; > >FTP address for retrieving files is ftp://eu-3.updates.f-prot.com/pub/ >File SIGN.DEF is already up to date. >File SIGN2.DEF is already up to date. >File MACRO.DEF is already up to date. >Nothing to be done. > >so I knew it was working OK but now if I try; > >/etc/cron.hourly/check_MailScanner > >I don't get any indication of whether it worked or not? The "check_MailScanner" script isn't the autoupdater, it's the check to ensure MailScanner is running. You want /etc/cron.hourly/update_virus_scanners -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Wed Jan 1 14:56:06 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:48 2006 Subject: Version 4.11 wrapper scripts In-Reply-To: <5.2.0.9.2.20030101143501.0328be50@imap.ecs.soton.ac.uk> References: <143518118.1041428614@jemima.zanker.org> Message-ID: <5.2.0.9.2.20030101145446.0331fe40@imap.ecs.soton.ac.uk> At 14:36 01/01/2003, you wrote: >At 13:43 01/01/2003, you wrote: >>Just in case anyone else gets caught out, all the wrapper scripts have >>changed to support the new hourly update script and will be installed >>with an .rpmnew postfix (if you install the RPM version). You have to >>replace the previous one(s) by hand. There is now a little script on the downloads page for you to cut and paste which will do all the renaming for you, saving your old versions. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Wed Jan 1 19:53:28 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:48 2006 Subject: Storing incoming work dir on ramdisk Message-ID: <5.2.0.9.2.20030101194245.02fa8ff0@imap.ecs.soton.ac.uk> I've just done an experiment on my biggest server (thankyou Transtec!). I am ignoring incoming SMTP traffic load for now, as I have yet to find enough machines to feed it SMTP traffic at 1.5 million messages per day. Using disk-based directories for mqueue.in mqueue MailScanner/incoming using Exim I can process about 1.1 million messages per day, using Sophos, SpamAssassin and the default RBL lists. With tmpfs-based directories for MailScanner/incoming this jumps to about 1.4 million messages per day, using the same settings. This is perfectly safe as the MailScanner/incoming directory is wiped at startup anyway, and no messages can be lost by power-outs. With tmpfs-based directories for mqueue.in mqueue MailScanner/incoming this increases to about 1.5 million messages per day, using the same settings. This is not safe as the mqueue.in and.mqueue would be lost on power-outs. So if you have the RAM to throw at it, and plenty of CPU horse-power to make use of it, you can increase your message throughput by roughly 30% by moving the MailScanner/incoming directory onto a tmpfs filesystem held in RAM. But if you run out of RAM and start swapping a lot, the performance will drop quickly. Tests done on a Transtec 2600 Workgroup Server, 2 x 2.4GHz/Zeon with 2Gb RAM, 15000rpm SCSI disk, 15 child processes. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From gerry at DORFAM.CA Wed Jan 1 20:37:16 2003 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:16:48 2006 Subject: Storing incoming work dir on ramdisk In-Reply-To: <5.2.0.9.2.20030101194245.02fa8ff0@imap.ecs.soton.ac.uk> Message-ID: On Wed, 1 Jan 2003, Julian Field wrote: > I've just done an experiment on my biggest server (thankyou Transtec!). > > I am ignoring incoming SMTP traffic load for now, as I have yet to find > enough machines to feed it SMTP traffic at 1.5 million messages per day. > > Using disk-based directories for > mqueue.in > mqueue > MailScanner/incoming > using Exim > I can process about 1.1 million messages per day, using Sophos, > SpamAssassin and the default RBL lists. > > With tmpfs-based directories for > MailScanner/incoming > this jumps to about 1.4 million messages per day, using the same settings. > This is perfectly safe as the MailScanner/incoming directory is wiped at > startup anyway, and no messages can be lost by power-outs. > > With tmpfs-based directories for > mqueue.in > mqueue > MailScanner/incoming > this increases to about 1.5 million messages per day, using the same > settings. This is not safe as the mqueue.in and.mqueue would be lost on > power-outs. > > So if you have the RAM to throw at it, and plenty of CPU horse-power to > make use of it, you can increase your message throughput by roughly 30% by > moving the MailScanner/incoming directory onto a tmpfs filesystem held in RAM. > > But if you run out of RAM and start swapping a lot, the performance will > drop quickly. > > Tests done on a Transtec 2600 Workgroup Server, 2 x 2.4GHz/Zeon with 2Gb > RAM, 15000rpm SCSI disk, 15 child processes. > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support Those are pretty impressive numbers! I noticed that you're testing with Exim instead of sendmail. Do you think there would be much difference if you used sendmail? BTW, do you think that Transtec would like to provide me with one of those servers? It would give my home mail server a little more "head room"! -- Gerry "The lyfe so short, the craft so long to learne" Chaucer From gerry at DORFAM.CA Wed Jan 1 20:44:20 2003 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:16:48 2006 Subject: Announce: mailscanner-mrtg version 0.04 is out! In-Reply-To: <95DD6F026D9C5C459E262B9C385C478E5981DB@h-file04.180096hotel.com> Message-ID: On Tue, 31 Dec 2002, Dale Lovelace wrote: > Hi! > > I have a new version of mailscanner-mrtg, Here is the latest > changelog: > > 0.04 Dec 15, 2002 > Changed subs to use sar for cross-platform (Solaris???): > iptraffic > remove Ethernet Device File from > mailscanner-mrtg.conf > add gauge option to mailscanner-mrtg.cfg > loadavg > memory > Die on even more things if not in $Config array > Increase MaxBytes for mailbytes in mailscanner-mrtg.cfg > Add the ability to restart MailScanner if processes are low > > As always mailscanner-mrtg is available in Red Hat RPM format and > .tar.gz from: > > http://mailscanner-mrtg.netfirms.com/ > > > Additional Credits in this release: > > Mike Brock pressed the send button for this email! He also spell-checked > it!!! > > Good Luck! > > Dale Lovelace > System Administrator > hotels.com > (214) 361-7311 Ext. 1074 Dale, once again, thanks for the package. I've started to rely a lot on those graphs but not just for MailScanner. I noticed the other day when I logged in from work that the cpu utilization was stuck at 100%. Turned out that my faxmodem had become wedged for some reason (never had that happen before??). However. I found that the amount of detail on the ethernet chart to be too much for the resolution being used. Also, I have no idea how to use the % data. It doesn't make any sense to me. I've commented out the option line in mailscanner-mrtg.cfg so that it doesn't bother with the % and just uses the default data. I find that more useful. Thanks again for your package! -- Gerry "The lyfe so short, the craft so long to learne" Chaucer From mike at CAMAROSS.NET Thu Jan 2 00:10:46 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:16:48 2006 Subject: ANNOUNCE: Version 3.27 and 4.11 In-Reply-To: <5.2.0.9.2.20030101113005.02098d90@imap.ecs.soton.ac.uk> Message-ID: <006b01c2b1f3$6685a8c0$6901a8c0@home.middlefinger.net> Anyone else seeing anything like this in the maillog: Jan 1 18:20:45 mail MailScanner[31377]: Spam Checks: Starting Jan 1 18:20:45 mail MailScanner[31377]: Looked up unknown string spam in language translation file /opt/MailScanner/etc/reports/en/languages.conf Jan 1 18:20:45 mail MailScanner[31377]: Looked up unknown string score in language translation file /opt/MailScanner/etc/reports/en/languages.conf Jan 1 18:20:45 mail MailScanner[31377]: Looked up unknown string required in language translation file /opt/MailScanner/etc/reports/en/languages.conf Jan 1 18:20:46 mail MailScanner[31377]: Looked up unknown string notspam in language translation file /opt/MailScanner/etc/reports/en/languages.conf Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Wednesday, January 01, 2003 5:49 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: ANNOUNCE: Version 3.27 and 4.11 Happy New Year everyone! I have just released updated versions of both V3 and V4. The only change for V3 is an important security fix, which you can easily apply without upgrading if you don't want to. See the ChangeLog below for details. There are many improvements and changes for V4. A few of them are: - Security fix is included - Modify Subject: line to show a message has been scanned - Stop MailScanner replying to mailing lists that send it viruses - Quarantine-cleaning script included - Virus scanner update cron job replaced by global updater script - Full installation instructions for FreeBSD - Improved AntiVir, Sophos, F-Prot and F-Secure parsers Also, in the spirit of Perl tradition, there is now a MailScanner Poetry page for all you closet bards out there. Contributions are most welcome :-) It can all be downloaded as usual from www.mailscanner.info For completeness, here is the entry from the ChangeLog for V4.11: *Security* - *** Important Security Fix *** You must edit the "sendmail -bd ..." command in your init script and add -OPrivacyOptions=noetrn as otherwise people could maliciously bypass MailScanner on servers that are under heavy load. It is *vital* that you protect yourself with this change. However, please note there have been no reports at all of this problem being actively exploited. It is included in the init scripts that are part of the RPM distributions, so RPM users just need to upgrade to the latest mailscanner*rpm. *New Features and Improvements* - Added 2 more configuration options to modify the subject line whenever a message is scanned (but no other subject line changes have happened) so it is obvious to all that the message has been scanned. By default this will (if enabled) add "{Scanned}" to the end of the Subject: line. - Added "Never Notify Senders Of Precedence" configuration option so that you can stop MailScanner replying to postings to mailing lists and other bulk mail. - A modified version of Steve Patterson's "clean.quarantine" script is included as a daily cron job. It is disabled by default. Edit it to see how to enable it. If you edit it, it will not be over-written by later upgrades to MailScanner. - Written an update_virus_scanners script which updates all installed scanners. This is called hourly, as daily wasn't often enough and RedHat don't offer anything between hourly and daily. - Implemented full support for BSD with installation instructions based on the tar distribution. - Added Swedish translation of all reports. - Added Spanish and Slovak translation of language strings. - Added wrapper script for inoculan. - Added an AntiVir autoupdate script. - Improved AntiVir parser to handle new output format. - Sophos parser improved to detect Sophos complaining about being given 1 part of a multi-part archive. Gets flagged as a virus. - F-Prot and F-Secure parsers improved to handle unusual virus names and quieter handling of archives containing infected files. - Added "$filename" variable expansion in sender warnings. Used it in the English versions of the sender warnings. - Completely new daemonising code to fix problems with ssh sessions refusing to die. - Added "startin" and "startout" parameters to init.d scripts for RedHat and SuSE. - Improved error reporting slightly in configuration compiler. - Spam logging now includes the recipient domains as well as the sender. - Incoming Queue Dirs can now be a file listing directories which include wildcards. - Added the message's subject line to the sender spam reports. - Added a "sleep 5" in between the stop and start in "restart" in the init.d script. - Creates quarantine directories as required. - Added link checking in code for finding incoming queue dirs. - Added note for McAfee users about avoiding symlinks with anything even remotely connected to McAfee itself. - Added "Poetry" page to the web site for Nick's idle thoughts... *Fixes* - Fixed problem of orphaned queue files being left in incoming queue when MailScanner child processes are killed half-way through clearing a message. - Fixed file locking code in Config.pm so Exim users do not have to have the config files owned by exim.exim instead of root.root. - Fixed Exim missing-characters-from-start-of-message bug. - Fixed SpamAssassin "timeout 260 of 20" counter bug. - Fixed EximDiskStore file locking bug. - Fixed bug where unscanned messages are not properly archived if not archiving as raw queue files. - Fixed bug stopping Exim collecting large message batches. - Changed default virus scanner from "sophos" to "none". -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mike at CAMAROSS.NET Thu Jan 2 00:14:52 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:16:48 2006 Subject: ANNOUNCE: Version 3.27 and 4.11 In-Reply-To: <006b01c2b1f3$6685a8c0$6901a8c0@home.middlefinger.net> Message-ID: <006c01c2b1f3$f920c980$6901a8c0@home.middlefinger.net> Just to clarify, I am running the RPM version, so there is nothing pointing to /opt in this MailScanner.conf Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mike Kercher Sent: Wednesday, January 01, 2003 6:11 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: ANNOUNCE: Version 3.27 and 4.11 Anyone else seeing anything like this in the maillog: Jan 1 18:20:45 mail MailScanner[31377]: Spam Checks: Starting Jan 1 18:20:45 mail MailScanner[31377]: Looked up unknown string spam in language translation file /opt/MailScanner/etc/reports/en/languages.conf Jan 1 18:20:45 mail MailScanner[31377]: Looked up unknown string score in language translation file /opt/MailScanner/etc/reports/en/languages.conf Jan 1 18:20:45 mail MailScanner[31377]: Looked up unknown string required in language translation file /opt/MailScanner/etc/reports/en/languages.conf Jan 1 18:20:46 mail MailScanner[31377]: Looked up unknown string notspam in language translation file /opt/MailScanner/etc/reports/en/languages.conf Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Wednesday, January 01, 2003 5:49 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: ANNOUNCE: Version 3.27 and 4.11 Happy New Year everyone! I have just released updated versions of both V3 and V4. The only change for V3 is an important security fix, which you can easily apply without upgrading if you don't want to. See the ChangeLog below for details. There are many improvements and changes for V4. A few of them are: - Security fix is included - Modify Subject: line to show a message has been scanned - Stop MailScanner replying to mailing lists that send it viruses - Quarantine-cleaning script included - Virus scanner update cron job replaced by global updater script - Full installation instructions for FreeBSD - Improved AntiVir, Sophos, F-Prot and F-Secure parsers Also, in the spirit of Perl tradition, there is now a MailScanner Poetry page for all you closet bards out there. Contributions are most welcome :-) It can all be downloaded as usual from www.mailscanner.info For completeness, here is the entry from the ChangeLog for V4.11: *Security* - *** Important Security Fix *** You must edit the "sendmail -bd ..." command in your init script and add -OPrivacyOptions=noetrn as otherwise people could maliciously bypass MailScanner on servers that are under heavy load. It is *vital* that you protect yourself with this change. However, please note there have been no reports at all of this problem being actively exploited. It is included in the init scripts that are part of the RPM distributions, so RPM users just need to upgrade to the latest mailscanner*rpm. *New Features and Improvements* - Added 2 more configuration options to modify the subject line whenever a message is scanned (but no other subject line changes have happened) so it is obvious to all that the message has been scanned. By default this will (if enabled) add "{Scanned}" to the end of the Subject: line. - Added "Never Notify Senders Of Precedence" configuration option so that you can stop MailScanner replying to postings to mailing lists and other bulk mail. - A modified version of Steve Patterson's "clean.quarantine" script is included as a daily cron job. It is disabled by default. Edit it to see how to enable it. If you edit it, it will not be over-written by later upgrades to MailScanner. - Written an update_virus_scanners script which updates all installed scanners. This is called hourly, as daily wasn't often enough and RedHat don't offer anything between hourly and daily. - Implemented full support for BSD with installation instructions based on the tar distribution. - Added Swedish translation of all reports. - Added Spanish and Slovak translation of language strings. - Added wrapper script for inoculan. - Added an AntiVir autoupdate script. - Improved AntiVir parser to handle new output format. - Sophos parser improved to detect Sophos complaining about being given 1 part of a multi-part archive. Gets flagged as a virus. - F-Prot and F-Secure parsers improved to handle unusual virus names and quieter handling of archives containing infected files. - Added "$filename" variable expansion in sender warnings. Used it in the English versions of the sender warnings. - Completely new daemonising code to fix problems with ssh sessions refusing to die. - Added "startin" and "startout" parameters to init.d scripts for RedHat and SuSE. - Improved error reporting slightly in configuration compiler. - Spam logging now includes the recipient domains as well as the sender. - Incoming Queue Dirs can now be a file listing directories which include wildcards. - Added the message's subject line to the sender spam reports. - Added a "sleep 5" in between the stop and start in "restart" in the init.d script. - Creates quarantine directories as required. - Added link checking in code for finding incoming queue dirs. - Added note for McAfee users about avoiding symlinks with anything even remotely connected to McAfee itself. - Added "Poetry" page to the web site for Nick's idle thoughts... *Fixes* - Fixed problem of orphaned queue files being left in incoming queue when MailScanner child processes are killed half-way through clearing a message. - Fixed file locking code in Config.pm so Exim users do not have to have the config files owned by exim.exim instead of root.root. - Fixed Exim missing-characters-from-start-of-message bug. - Fixed SpamAssassin "timeout 260 of 20" counter bug. - Fixed EximDiskStore file locking bug. - Fixed bug where unscanned messages are not properly archived if not archiving as raw queue files. - Fixed bug stopping Exim collecting large message batches. - Changed default virus scanner from "sophos" to "none". -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mike at CAMAROSS.NET Thu Jan 2 00:20:19 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:16:48 2006 Subject: ANNOUNCE: Version 3.27 and 4.11 In-Reply-To: <006b01c2b1f3$6685a8c0$6901a8c0@home.middlefinger.net> Message-ID: <006e01c2b1f4$bc2b3500$6901a8c0@home.middlefinger.net> Nevermind...I'm an idiot! I missed the languages.conf entry when I diff'd the MailScanner.confs Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mike Kercher Sent: Wednesday, January 01, 2003 6:11 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: ANNOUNCE: Version 3.27 and 4.11 Anyone else seeing anything like this in the maillog: Jan 1 18:20:45 mail MailScanner[31377]: Spam Checks: Starting Jan 1 18:20:45 mail MailScanner[31377]: Looked up unknown string spam in language translation file /opt/MailScanner/etc/reports/en/languages.conf Jan 1 18:20:45 mail MailScanner[31377]: Looked up unknown string score in language translation file /opt/MailScanner/etc/reports/en/languages.conf Jan 1 18:20:45 mail MailScanner[31377]: Looked up unknown string required in language translation file /opt/MailScanner/etc/reports/en/languages.conf Jan 1 18:20:46 mail MailScanner[31377]: Looked up unknown string notspam in language translation file /opt/MailScanner/etc/reports/en/languages.conf Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Wednesday, January 01, 2003 5:49 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: ANNOUNCE: Version 3.27 and 4.11 Happy New Year everyone! I have just released updated versions of both V3 and V4. The only change for V3 is an important security fix, which you can easily apply without upgrading if you don't want to. See the ChangeLog below for details. There are many improvements and changes for V4. A few of them are: - Security fix is included - Modify Subject: line to show a message has been scanned - Stop MailScanner replying to mailing lists that send it viruses - Quarantine-cleaning script included - Virus scanner update cron job replaced by global updater script - Full installation instructions for FreeBSD - Improved AntiVir, Sophos, F-Prot and F-Secure parsers Also, in the spirit of Perl tradition, there is now a MailScanner Poetry page for all you closet bards out there. Contributions are most welcome :-) It can all be downloaded as usual from www.mailscanner.info For completeness, here is the entry from the ChangeLog for V4.11: *Security* - *** Important Security Fix *** You must edit the "sendmail -bd ..." command in your init script and add -OPrivacyOptions=noetrn as otherwise people could maliciously bypass MailScanner on servers that are under heavy load. It is *vital* that you protect yourself with this change. However, please note there have been no reports at all of this problem being actively exploited. It is included in the init scripts that are part of the RPM distributions, so RPM users just need to upgrade to the latest mailscanner*rpm. *New Features and Improvements* - Added 2 more configuration options to modify the subject line whenever a message is scanned (but no other subject line changes have happened) so it is obvious to all that the message has been scanned. By default this will (if enabled) add "{Scanned}" to the end of the Subject: line. - Added "Never Notify Senders Of Precedence" configuration option so that you can stop MailScanner replying to postings to mailing lists and other bulk mail. - A modified version of Steve Patterson's "clean.quarantine" script is included as a daily cron job. It is disabled by default. Edit it to see how to enable it. If you edit it, it will not be over-written by later upgrades to MailScanner. - Written an update_virus_scanners script which updates all installed scanners. This is called hourly, as daily wasn't often enough and RedHat don't offer anything between hourly and daily. - Implemented full support for BSD with installation instructions based on the tar distribution. - Added Swedish translation of all reports. - Added Spanish and Slovak translation of language strings. - Added wrapper script for inoculan. - Added an AntiVir autoupdate script. - Improved AntiVir parser to handle new output format. - Sophos parser improved to detect Sophos complaining about being given 1 part of a multi-part archive. Gets flagged as a virus. - F-Prot and F-Secure parsers improved to handle unusual virus names and quieter handling of archives containing infected files. - Added "$filename" variable expansion in sender warnings. Used it in the English versions of the sender warnings. - Completely new daemonising code to fix problems with ssh sessions refusing to die. - Added "startin" and "startout" parameters to init.d scripts for RedHat and SuSE. - Improved error reporting slightly in configuration compiler. - Spam logging now includes the recipient domains as well as the sender. - Incoming Queue Dirs can now be a file listing directories which include wildcards. - Added the message's subject line to the sender spam reports. - Added a "sleep 5" in between the stop and start in "restart" in the init.d script. - Creates quarantine directories as required. - Added link checking in code for finding incoming queue dirs. - Added note for McAfee users about avoiding symlinks with anything even remotely connected to McAfee itself. - Added "Poetry" page to the web site for Nick's idle thoughts... *Fixes* - Fixed problem of orphaned queue files being left in incoming queue when MailScanner child processes are killed half-way through clearing a message. - Fixed file locking code in Config.pm so Exim users do not have to have the config files owned by exim.exim instead of root.root. - Fixed Exim missing-characters-from-start-of-message bug. - Fixed SpamAssassin "timeout 260 of 20" counter bug. - Fixed EximDiskStore file locking bug. - Fixed bug where unscanned messages are not properly archived if not archiving as raw queue files. - Fixed bug stopping Exim collecting large message batches. - Changed default virus scanner from "sophos" to "none". -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From x.mailscanner.mail at MELLONI.COM Thu Jan 2 00:24:38 2003 From: x.mailscanner.mail at MELLONI.COM (Bruno) Date: Thu Jan 12 21:16:48 2006 Subject: Centralized aliases Message-ID: <200301020024.h020Oaa31083@ori.rl.ac.uk> Long description, short question: I have been happily using Mailscanner in the proxy + mail server configuration described in the web site. I use Linux/sendmail for both the proxy (in the DMZ) and the mail server (in the LAN). Users only interact with the mail server and are never aware of the mailscanner proxy (unless it catches viruses or flags mail as spam). Quite nice. :) I also use aliases extensively so that when I have to give a vendor an email address I can give them one that is easily deleted if I find them abuse it or if they sell it to other vendors. Also nice. :) One minor annoyance is that if the aliases (as well as every other valid email address) are not defined on the proxy then the mail is rejected. So, all the email IDs and aliases have to be on the proxy. But if any ID or alias is not ALSO defined on the mail server then mail sent from the LAN to that ID tends to bounce since the mail server (correctly) thinks the mail is destined to itself but does not find the ID or alias. So, user IDs and aliases need to be defined twice, identically, in both the server and alias. And finally here comes the question: Is there any way to do the ID and mail alias definition in just one place? Maybe have the proxy's sendmail and Mailscanner somehow validate IDs and aliases against the regular mail server instead of checking its own list? Or something else? Thanks, Bruno From mike at CAMAROSS.NET Thu Jan 2 01:34:19 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:16:48 2006 Subject: Centralized aliases In-Reply-To: <200301020024.h020Oaa31083@ori.rl.ac.uk> Message-ID: <001e01c2b1ff$12beb4a0$9901a8c0@home.middlefinger.net> You might consider locating your aliases file on an NFS share. You could then use cron to run newaliases every so often. You 'd have to modify your sendmail to tell it the new location of aliases. Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Bruno Sent: Wednesday, January 01, 2003 6:25 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Centralized aliases Long description, short question: I have been happily using Mailscanner in the proxy + mail server configuration described in the web site. I use Linux/sendmail for both the proxy (in the DMZ) and the mail server (in the LAN). Users only interact with the mail server and are never aware of the mailscanner proxy (unless it catches viruses or flags mail as spam). Quite nice. :) I also use aliases extensively so that when I have to give a vendor an email address I can give them one that is easily deleted if I find them abuse it or if they sell it to other vendors. Also nice. :) One minor annoyance is that if the aliases (as well as every other valid email address) are not defined on the proxy then the mail is rejected. So, all the email IDs and aliases have to be on the proxy. But if any ID or alias is not ALSO defined on the mail server then mail sent from the LAN to that ID tends to bounce since the mail server (correctly) thinks the mail is destined to itself but does not find the ID or alias. So, user IDs and aliases need to be defined twice, identically, in both the server and alias. And finally here comes the question: Is there any way to do the ID and mail alias definition in just one place? Maybe have the proxy's sendmail and Mailscanner somehow validate IDs and aliases against the regular mail server instead of checking its own list? Or something else? Thanks, Bruno From pg at NEWHONEST.COM Thu Jan 2 02:39:10 2003 From: pg at NEWHONEST.COM (pg) Date: Thu Jan 12 21:16:48 2006 Subject: ANNOUNCE: Version 3.27 and 4.11 References: <5.2.0.9.2.20030101113005.02098d90@imap.ecs.soton.ac.uk> Message-ID: <001d01c2b208$22bba300$2101a8c0@jasonnb> I'm using Redhat 7.2. I tried to upgrade to 3.27 from 3.26 but the following error message appeared : error: unpacking of archive failed on file /var/spool/mqueue.in: cpio: rename failed - Is a directory -Jason ----- Original Message ----- From: "Julian Field" To: Sent: Wednesday, January 01, 2003 7:48 PM Subject: ANNOUNCE: Version 3.27 and 4.11 > Happy New Year everyone! > > I have just released updated versions of both V3 and V4. > > The only change for V3 is an important security fix, which you can easily > apply without upgrading if you don't want to. See the ChangeLog below for > details. > > There are many improvements and changes for V4. A few of them are: > - Security fix is included > - Modify Subject: line to show a message has been scanned > - Stop MailScanner replying to mailing lists that send it viruses > - Quarantine-cleaning script included > - Virus scanner update cron job replaced by global updater script > - Full installation instructions for FreeBSD > - Improved AntiVir, Sophos, F-Prot and F-Secure parsers > > Also, in the spirit of Perl tradition, there is now a MailScanner Poetry > page for all you closet bards out there. Contributions are most welcome :-) > > It can all be downloaded as usual from > www.mailscanner.info > > > > > > For completeness, here is the entry from the ChangeLog for V4.11: > > *Security* > - *** Important Security Fix *** > > You must edit the "sendmail -bd ..." command in your init script and add > -OPrivacyOptions=noetrn > as otherwise people could maliciously bypass MailScanner on servers that > are under heavy load. > It is *vital* that you protect yourself with this change. > However, please note there have been no reports at all of this problem > being actively exploited. > It is included in the init scripts that are part of the RPM > distributions, so RPM users just need to upgrade to the latest mailscanner*rpm. > > *New Features and Improvements* > - Added 2 more configuration options to modify the subject line whenever a > message is scanned (but no other subject line changes have happened) so it > is obvious to all that the message has been scanned. By default this will > (if enabled) add "{Scanned}" to the end of the Subject: line. > - Added "Never Notify Senders Of Precedence" configuration option so that > you can stop MailScanner replying to postings to mailing lists and other > bulk mail. > - A modified version of Steve Patterson's "clean.quarantine" script is > included as a daily cron job. It is disabled by default. Edit it to see how > to enable it. If you edit it, it will not be over-written by later upgrades > to MailScanner. > - Written an update_virus_scanners script which updates all installed > scanners. This is called hourly, as daily wasn't often enough and RedHat > don't offer anything between hourly and daily. > - Implemented full support for BSD with installation instructions based on > the tar distribution. > - Added Swedish translation of all reports. > - Added Spanish and Slovak translation of language strings. > - Added wrapper script for inoculan. > - Added an AntiVir autoupdate script. > - Improved AntiVir parser to handle new output format. > - Sophos parser improved to detect Sophos complaining about being given 1 > part of a multi-part archive. Gets flagged as a virus. > - F-Prot and F-Secure parsers improved to handle unusual virus names and > quieter handling of archives containing infected files. > - Added "$filename" variable expansion in sender warnings. Used it in the > English versions of the sender warnings. > - Completely new daemonising code to fix problems with ssh sessions > refusing to die. > - Added "startin" and "startout" parameters to init.d scripts for RedHat > and SuSE. > - Improved error reporting slightly in configuration compiler. > - Spam logging now includes the recipient domains as well as the sender. > - Incoming Queue Dirs can now be a file listing directories which include > wildcards. > - Added the message's subject line to the sender spam reports. > - Added a "sleep 5" in between the stop and start in "restart" in the > init.d script. > - Creates quarantine directories as required. > - Added link checking in code for finding incoming queue dirs. > - Added note for McAfee users about avoiding symlinks with anything even > remotely connected to McAfee itself. > - Added "Poetry" page to the web site for Nick's idle thoughts... > > *Fixes* > - Fixed problem of orphaned queue files being left in incoming queue when > MailScanner child processes are killed half-way through clearing a message. > - Fixed file locking code in Config.pm so Exim users do not have to have > the config files owned by exim.exim instead of root.root. > - Fixed Exim missing-characters-from-start-of-message bug. > - Fixed SpamAssassin "timeout 260 of 20" counter bug. > - Fixed EximDiskStore file locking bug. > - Fixed bug where unscanned messages are not properly archived if not > archiving as raw queue files. > - Fixed bug stopping Exim collecting large message batches. > - Changed default virus scanner from "sophos" to "none". > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > From ucs_rat at SHSU.EDU Thu Jan 2 02:40:44 2003 From: ucs_rat at SHSU.EDU (Robert A. Thompson) Date: Thu Jan 12 21:16:48 2006 Subject: ANNOUNCE: Version 3.27 and 4.11 In-Reply-To: <001d01c2b208$22bba300$2101a8c0@jasonnb> References: <5.2.0.9.2.20030101113005.02098d90@imap.ecs.soton.ac.uk> <001d01c2b208$22bba300$2101a8c0@jasonnb> Message-ID: <1041475244.9856.11.camel@ra.thethompsonhouse.com> re-download the rpm. sounds like you have a bad rpm. Might try a md5sum to check the file. I assume the md5sums are on the website. --rat On Wed, 2003-01-01 at 20:39, pg wrote: > I'm using Redhat 7.2. I tried to upgrade to 3.27 from 3.26 but the following > error message appeared : > > error: unpacking of archive failed on file /var/spool/mqueue.in: cpio: > rename failed - Is a directory > > -Jason > > ----- Original Message ----- > From: "Julian Field" > To: > Sent: Wednesday, January 01, 2003 7:48 PM > Subject: ANNOUNCE: Version 3.27 and 4.11 > > > > Happy New Year everyone! > > > > I have just released updated versions of both V3 and V4. > > > > The only change for V3 is an important security fix, which you can easily > > apply without upgrading if you don't want to. See the ChangeLog below for > > details. > > > > There are many improvements and changes for V4. A few of them are: > > - Security fix is included > > - Modify Subject: line to show a message has been scanned > > - Stop MailScanner replying to mailing lists that send it viruses > > - Quarantine-cleaning script included > > - Virus scanner update cron job replaced by global updater script > > - Full installation instructions for FreeBSD > > - Improved AntiVir, Sophos, F-Prot and F-Secure parsers > > > > Also, in the spirit of Perl tradition, there is now a MailScanner Poetry > > page for all you closet bards out there. Contributions are most welcome > :-) > > > > It can all be downloaded as usual from > > www.mailscanner.info > > > > > > > > > > > > For completeness, here is the entry from the ChangeLog for V4.11: > > > > *Security* > > - *** Important Security Fix *** > > > > You must edit the "sendmail -bd ..." command in your init script and > add > > -OPrivacyOptions=noetrn > > as otherwise people could maliciously bypass MailScanner on servers > that > > are under heavy load. > > It is *vital* that you protect yourself with this change. > > However, please note there have been no reports at all of this problem > > being actively exploited. > > It is included in the init scripts that are part of the RPM > > distributions, so RPM users just need to upgrade to the latest > mailscanner*rpm. > > > > *New Features and Improvements* > > - Added 2 more configuration options to modify the subject line whenever a > > message is scanned (but no other subject line changes have happened) so it > > is obvious to all that the message has been scanned. By default this will > > (if enabled) add "{Scanned}" to the end of the Subject: line. > > - Added "Never Notify Senders Of Precedence" configuration option so that > > you can stop MailScanner replying to postings to mailing lists and other > > bulk mail. > > - A modified version of Steve Patterson's "clean.quarantine" script is > > included as a daily cron job. It is disabled by default. Edit it to see > how > > to enable it. If you edit it, it will not be over-written by later > upgrades > > to MailScanner. > > - Written an update_virus_scanners script which updates all installed > > scanners. This is called hourly, as daily wasn't often enough and RedHat > > don't offer anything between hourly and daily. > > - Implemented full support for BSD with installation instructions based on > > the tar distribution. > > - Added Swedish translation of all reports. > > - Added Spanish and Slovak translation of language strings. > > - Added wrapper script for inoculan. > > - Added an AntiVir autoupdate script. > > - Improved AntiVir parser to handle new output format. > > - Sophos parser improved to detect Sophos complaining about being given 1 > > part of a multi-part archive. Gets flagged as a virus. > > - F-Prot and F-Secure parsers improved to handle unusual virus names and > > quieter handling of archives containing infected files. > > - Added "$filename" variable expansion in sender warnings. Used it in the > > English versions of the sender warnings. > > - Completely new daemonising code to fix problems with ssh sessions > > refusing to die. > > - Added "startin" and "startout" parameters to init.d scripts for RedHat > > and SuSE. > > - Improved error reporting slightly in configuration compiler. > > - Spam logging now includes the recipient domains as well as the sender. > > - Incoming Queue Dirs can now be a file listing directories which include > > wildcards. > > - Added the message's subject line to the sender spam reports. > > - Added a "sleep 5" in between the stop and start in "restart" in the > > init.d script. > > - Creates quarantine directories as required. > > - Added link checking in code for finding incoming queue dirs. > > - Added note for McAfee users about avoiding symlinks with anything even > > remotely connected to McAfee itself. > > - Added "Poetry" page to the web site for Nick's idle thoughts... > > > > *Fixes* > > - Fixed problem of orphaned queue files being left in incoming queue when > > MailScanner child processes are killed half-way through clearing a > message. > > - Fixed file locking code in Config.pm so Exim users do not have to have > > the config files owned by exim.exim instead of root.root. > > - Fixed Exim missing-characters-from-start-of-message bug. > > - Fixed SpamAssassin "timeout 260 of 20" counter bug. > > - Fixed EximDiskStore file locking bug. > > - Fixed bug where unscanned messages are not properly archived if not > > archiving as raw queue files. > > - Fixed bug stopping Exim collecting large message batches. > > - Changed default virus scanner from "sophos" to "none". > > -- > > Julian Field > > www.MailScanner.info > > MailScanner thanks transtec Computers for their support > > From rhipolito at ECOMMSITE.COM Thu Jan 2 03:50:02 2003 From: rhipolito at ECOMMSITE.COM (Rodel P. Hipolito) Date: Thu Jan 12 21:16:48 2006 Subject: updating sophos Message-ID: HI Guys, How will i update the virus dat of sophos automatically? Thanks a lot!!! From lyons at digitalvoodoo.org Thu Jan 2 03:52:47 2003 From: lyons at digitalvoodoo.org (Tim Lyons) Date: Thu Jan 12 21:16:48 2006 Subject: updating sophos In-Reply-To: Message-ID: <000201c2b212$6ce90080$0200a8c0@keeper> Sophos should auto-update every night at ~4AM. The script that is executed is /usr/lib/MailScanner/sophos-autoupdate --Tim -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rodel P. Hipolito Sent: Wednesday, January 01, 2003 22:50 To: MAILSCANNER@JISCMAIL.AC.UK Subject: updating sophos HI Guys, How will i update the virus dat of sophos automatically? Thanks a lot!!! From pg at NEWHONEST.COM Thu Jan 2 08:08:04 2003 From: pg at NEWHONEST.COM (pg) Date: Thu Jan 12 21:16:48 2006 Subject: Error installing Version 3.27 References: <5.2.0.9.2.20030101113005.02098d90@imap.ecs.soton.ac.uk> <001d01c2b208$22bba300$2101a8c0@jasonnb> <1041475244.9856.11.camel@ra.thethompsonhouse.com> Message-ID: <002d01c2b236$17d7ec40$0301a8c0@jasonnb> I re-downloaded, but the result is exactly the same. I attach the full message as following : [xxxx]# rpm -Uvh mailscanner-3.27-1.i386.rpm Preparing... ########################################### [100%] 1:mailscanner warning: /usr/local/MailScanner/etc/viruses.to.delete.conf created as /usr/local/MailScanner/etc/viruses.to.delete.conf.rpmnew error: unpacking of archive failed on file /var/spool/mqueue.in: cpio: rename failed - Is a directory -Jason ----- Original Message ----- From: "Robert A. Thompson" To: Sent: Thursday, January 02, 2003 10:40 AM Subject: Re: ANNOUNCE: Version 3.27 and 4.11 > re-download the rpm. sounds like you have a bad rpm. Might try a > md5sum to check the file. I assume the md5sums are on the website. > > --rat > > On Wed, 2003-01-01 at 20:39, pg wrote: > > I'm using Redhat 7.2. I tried to upgrade to 3.27 from 3.26 but the following > > error message appeared : > > > > error: unpacking of archive failed on file /var/spool/mqueue.in: cpio: > > rename failed - Is a directory > > > > -Jason > > > > ----- Original Message ----- > > From: "Julian Field" > > To: > > Sent: Wednesday, January 01, 2003 7:48 PM > > Subject: ANNOUNCE: Version 3.27 and 4.11 > > > > > > > Happy New Year everyone! > > > > > > I have just released updated versions of both V3 and V4. > > > > > > The only change for V3 is an important security fix, which you can easily > > > apply without upgrading if you don't want to. See the ChangeLog below for > > > details. > > > > > > There are many improvements and changes for V4. A few of them are: > > > - Security fix is included > > > - Modify Subject: line to show a message has been scanned > > > - Stop MailScanner replying to mailing lists that send it viruses > > > - Quarantine-cleaning script included > > > - Virus scanner update cron job replaced by global updater script > > > - Full installation instructions for FreeBSD > > > - Improved AntiVir, Sophos, F-Prot and F-Secure parsers > > > > > > Also, in the spirit of Perl tradition, there is now a MailScanner Poetry > > > page for all you closet bards out there. Contributions are most welcome > > :-) > > > > > > It can all be downloaded as usual from > > > www.mailscanner.info > > > > > > > > > > > > > > > > > > For completeness, here is the entry from the ChangeLog for V4.11: > > > > > > *Security* > > > - *** Important Security Fix *** > > > > > > You must edit the "sendmail -bd ..." command in your init script and > > add > > > -OPrivacyOptions=noetrn > > > as otherwise people could maliciously bypass MailScanner on servers > > that > > > are under heavy load. > > > It is *vital* that you protect yourself with this change. > > > However, please note there have been no reports at all of this problem > > > being actively exploited. > > > It is included in the init scripts that are part of the RPM > > > distributions, so RPM users just need to upgrade to the latest > > mailscanner*rpm. > > > > > > *New Features and Improvements* > > > - Added 2 more configuration options to modify the subject line whenever a > > > message is scanned (but no other subject line changes have happened) so it > > > is obvious to all that the message has been scanned. By default this will > > > (if enabled) add "{Scanned}" to the end of the Subject: line. > > > - Added "Never Notify Senders Of Precedence" configuration option so that > > > you can stop MailScanner replying to postings to mailing lists and other > > > bulk mail. > > > - A modified version of Steve Patterson's "clean.quarantine" script is > > > included as a daily cron job. It is disabled by default. Edit it to see > > how > > > to enable it. If you edit it, it will not be over-written by later > > upgrades > > > to MailScanner. > > > - Written an update_virus_scanners script which updates all installed > > > scanners. This is called hourly, as daily wasn't often enough and RedHat > > > don't offer anything between hourly and daily. > > > - Implemented full support for BSD with installation instructions based on > > > the tar distribution. > > > - Added Swedish translation of all reports. > > > - Added Spanish and Slovak translation of language strings. > > > - Added wrapper script for inoculan. > > > - Added an AntiVir autoupdate script. > > > - Improved AntiVir parser to handle new output format. > > > - Sophos parser improved to detect Sophos complaining about being given 1 > > > part of a multi-part archive. Gets flagged as a virus. > > > - F-Prot and F-Secure parsers improved to handle unusual virus names and > > > quieter handling of archives containing infected files. > > > - Added "$filename" variable expansion in sender warnings. Used it in the > > > English versions of the sender warnings. > > > - Completely new daemonising code to fix problems with ssh sessions > > > refusing to die. > > > - Added "startin" and "startout" parameters to init.d scripts for RedHat > > > and SuSE. > > > - Improved error reporting slightly in configuration compiler. > > > - Spam logging now includes the recipient domains as well as the sender. > > > - Incoming Queue Dirs can now be a file listing directories which include > > > wildcards. > > > - Added the message's subject line to the sender spam reports. > > > - Added a "sleep 5" in between the stop and start in "restart" in the > > > init.d script. > > > - Creates quarantine directories as required. > > > - Added link checking in code for finding incoming queue dirs. > > > - Added note for McAfee users about avoiding symlinks with anything even > > > remotely connected to McAfee itself. > > > - Added "Poetry" page to the web site for Nick's idle thoughts... > > > > > > *Fixes* > > > - Fixed problem of orphaned queue files being left in incoming queue when > > > MailScanner child processes are killed half-way through clearing a > > message. > > > - Fixed file locking code in Config.pm so Exim users do not have to have > > > the config files owned by exim.exim instead of root.root. > > > - Fixed Exim missing-characters-from-start-of-message bug. > > > - Fixed SpamAssassin "timeout 260 of 20" counter bug. > > > - Fixed EximDiskStore file locking bug. > > > - Fixed bug where unscanned messages are not properly archived if not > > > archiving as raw queue files. > > > - Fixed bug stopping Exim collecting large message batches. > > > - Changed default virus scanner from "sophos" to "none". > > > -- > > > Julian Field > > > www.MailScanner.info > > > MailScanner thanks transtec Computers for their support > > > > From mailscanner at ecs.soton.ac.uk Thu Jan 2 09:34:53 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:48 2006 Subject: updating sophos In-Reply-To: <000201c2b212$6ce90080$0200a8c0@keeper> References: Message-ID: <5.2.0.9.2.20030102093408.03c2b7c0@imap.ecs.soton.ac.uk> At 03:52 02/01/2003, you wrote: >Sophos should auto-update every night at ~4AM. > >The script that is executed is /usr/lib/MailScanner/sophos-autoupdate The new "update_virus_scanners" script (in /etc/cron.hourly) will automatically trigger updates of all installed virus scanners once per hour. >--Tim > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of Rodel P. Hipolito >Sent: Wednesday, January 01, 2003 22:50 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: updating sophos > > >HI Guys, > > How will i update the virus dat of sophos automatically? > >Thanks a lot!!! -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Thu Jan 2 09:36:27 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:48 2006 Subject: Error installing Version 3.27 In-Reply-To: <002d01c2b236$17d7ec40$0301a8c0@jasonnb> References: <5.2.0.9.2.20030101113005.02098d90@imap.ecs.soton.ac.uk> <001d01c2b208$22bba300$2101a8c0@jasonnb> <1041475244.9856.11.camel@ra.thethompsonhouse.com> Message-ID: <5.2.0.9.2.20030102093524.03d8e228@imap.ecs.soton.ac.uk> This looks like a download problem, but you are the 2nd person to have the same problem. Can anyone confirm that the RPM for 3.27 actually does work on somebody's system, or do I need to rebuild it? At 08:08 02/01/2003, you wrote: >I re-downloaded, but the result is exactly the same. I attach the full >message as following : > >[xxxx]# rpm -Uvh mailscanner-3.27-1.i386.rpm >Preparing... ########################################### >[100%] > 1:mailscanner warning: >/usr/local/MailScanner/etc/viruses.to.delete.conf created as >/usr/local/MailScanner/etc/viruses.to.delete.conf.rpmnew >error: unpacking of archive failed on file /var/spool/mqueue.in: cpio: >rename failed - Is a directory > >-Jason > >----- Original Message ----- >From: "Robert A. Thompson" >To: >Sent: Thursday, January 02, 2003 10:40 AM >Subject: Re: ANNOUNCE: Version 3.27 and 4.11 > > > > re-download the rpm. sounds like you have a bad rpm. Might try a > > md5sum to check the file. I assume the md5sums are on the website. > > > > --rat > > > > On Wed, 2003-01-01 at 20:39, pg wrote: > > > I'm using Redhat 7.2. I tried to upgrade to 3.27 from 3.26 but the >following > > > error message appeared : > > > > > > error: unpacking of archive failed on file /var/spool/mqueue.in: cpio: > > > rename failed - Is a directory > > > > > > -Jason > > > > > > ----- Original Message ----- > > > From: "Julian Field" > > > To: > > > Sent: Wednesday, January 01, 2003 7:48 PM > > > Subject: ANNOUNCE: Version 3.27 and 4.11 > > > > > > > > > > Happy New Year everyone! > > > > > > > > I have just released updated versions of both V3 and V4. > > > > > > > > The only change for V3 is an important security fix, which you can >easily > > > > apply without upgrading if you don't want to. See the ChangeLog below >for > > > > details. > > > > > > > > There are many improvements and changes for V4. A few of them are: > > > > - Security fix is included > > > > - Modify Subject: line to show a message has been scanned > > > > - Stop MailScanner replying to mailing lists that send it viruses > > > > - Quarantine-cleaning script included > > > > - Virus scanner update cron job replaced by global updater script > > > > - Full installation instructions for FreeBSD > > > > - Improved AntiVir, Sophos, F-Prot and F-Secure parsers > > > > > > > > Also, in the spirit of Perl tradition, there is now a MailScanner >Poetry > > > > page for all you closet bards out there. Contributions are most >welcome > > > :-) > > > > > > > > It can all be downloaded as usual from > > > > www.mailscanner.info > > > > > > > > > > > > > > > > > > > > > > > > For completeness, here is the entry from the ChangeLog for V4.11: > > > > > > > > *Security* > > > > - *** Important Security Fix *** > > > > > > > > You must edit the "sendmail -bd ..." command in your init script >and > > > add > > > > -OPrivacyOptions=noetrn > > > > as otherwise people could maliciously bypass MailScanner on servers > > > that > > > > are under heavy load. > > > > It is *vital* that you protect yourself with this change. > > > > However, please note there have been no reports at all of this >problem > > > > being actively exploited. > > > > It is included in the init scripts that are part of the RPM > > > > distributions, so RPM users just need to upgrade to the latest > > > mailscanner*rpm. > > > > > > > > *New Features and Improvements* > > > > - Added 2 more configuration options to modify the subject line >whenever a > > > > message is scanned (but no other subject line changes have happened) >so it > > > > is obvious to all that the message has been scanned. By default this >will > > > > (if enabled) add "{Scanned}" to the end of the Subject: line. > > > > - Added "Never Notify Senders Of Precedence" configuration option so >that > > > > you can stop MailScanner replying to postings to mailing lists and >other > > > > bulk mail. > > > > - A modified version of Steve Patterson's "clean.quarantine" script is > > > > included as a daily cron job. It is disabled by default. Edit it to >see > > > how > > > > to enable it. If you edit it, it will not be over-written by later > > > upgrades > > > > to MailScanner. > > > > - Written an update_virus_scanners script which updates all installed > > > > scanners. This is called hourly, as daily wasn't often enough and >RedHat > > > > don't offer anything between hourly and daily. > > > > - Implemented full support for BSD with installation instructions >based on > > > > the tar distribution. > > > > - Added Swedish translation of all reports. > > > > - Added Spanish and Slovak translation of language strings. > > > > - Added wrapper script for inoculan. > > > > - Added an AntiVir autoupdate script. > > > > - Improved AntiVir parser to handle new output format. > > > > - Sophos parser improved to detect Sophos complaining about being >given 1 > > > > part of a multi-part archive. Gets flagged as a virus. > > > > - F-Prot and F-Secure parsers improved to handle unusual virus names >and > > > > quieter handling of archives containing infected files. > > > > - Added "$filename" variable expansion in sender warnings. Used it in >the > > > > English versions of the sender warnings. > > > > - Completely new daemonising code to fix problems with ssh sessions > > > > refusing to die. > > > > - Added "startin" and "startout" parameters to init.d scripts for >RedHat > > > > and SuSE. > > > > - Improved error reporting slightly in configuration compiler. > > > > - Spam logging now includes the recipient domains as well as the >sender. > > > > - Incoming Queue Dirs can now be a file listing directories which >include > > > > wildcards. > > > > - Added the message's subject line to the sender spam reports. > > > > - Added a "sleep 5" in between the stop and start in "restart" in the > > > > init.d script. > > > > - Creates quarantine directories as required. > > > > - Added link checking in code for finding incoming queue dirs. > > > > - Added note for McAfee users about avoiding symlinks with anything >even > > > > remotely connected to McAfee itself. > > > > - Added "Poetry" page to the web site for Nick's idle thoughts... > > > > > > > > *Fixes* > > > > - Fixed problem of orphaned queue files being left in incoming queue >when > > > > MailScanner child processes are killed half-way through clearing a > > > message. > > > > - Fixed file locking code in Config.pm so Exim users do not have to >have > > > > the config files owned by exim.exim instead of root.root. > > > > - Fixed Exim missing-characters-from-start-of-message bug. > > > > - Fixed SpamAssassin "timeout 260 of 20" counter bug. > > > > - Fixed EximDiskStore file locking bug. > > > > - Fixed bug where unscanned messages are not properly archived if not > > > > archiving as raw queue files. > > > > - Fixed bug stopping Exim collecting large message batches. > > > > - Changed default virus scanner from "sophos" to "none". > > > > -- > > > > Julian Field > > > > www.MailScanner.info > > > > MailScanner thanks transtec Computers for their support > > > > > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From zhangm at R3.SANYOSHK.COM Thu Jan 2 10:15:30 2003 From: zhangm at R3.SANYOSHK.COM (Zhang Ming(r3)) Date: Thu Jan 12 21:16:48 2006 Subject: Error installing Version 3.27 References: <5.2.0.9.2.20030101113005.02098d90@imap.ecs.soton.ac.uk> <001d01c2b208$22bba300$2101a8c0@jasonnb> <1041475244.9856.11.camel@ra.thethompsonhouse.com> <5.2.0.9.2.20030102093524.03d8e228@imap.ecs.soton.ac.uk> Message-ID: <057401c2b247$e1beb870$a4031bac@mis1n> Dear Mr.Julian, Just tested in my system, same error occured. for you inf. B.R. # rpm -Uvh mailscanner-3.27-1.i386.rpm Preparing... ########################################### [100%] 1:mailscanner error: unpacking of archive failed on file /var/spoo l/mqueue.in: cpio: rename failed - Is a directory ----- Original Message ----- From: "Julian Field" To: Sent: Thursday, January 02, 2003 5:36 PM Subject: Re: Error installing Version 3.27 > This looks like a download problem, but you are the 2nd person to have the > same problem. > > Can anyone confirm that the RPM for 3.27 actually does work on somebody's > system, or do I need to rebuild it? > > At 08:08 02/01/2003, you wrote: > >I re-downloaded, but the result is exactly the same. I attach the full > >message as following : > > > >[xxxx]# rpm -Uvh mailscanner-3.27-1.i386.rpm > >Preparing... ########################################### > >[100%] > > 1:mailscanner warning: > >/usr/local/MailScanner/etc/viruses.to.delete.conf created as > >/usr/local/MailScanner/etc/viruses.to.delete.conf.rpmnew > >error: unpacking of archive failed on file /var/spool/mqueue.in: cpio: > >rename failed - Is a directory > > > >-Jason > > > >----- Original Message ----- > >From: "Robert A. Thompson" > >To: > >Sent: Thursday, January 02, 2003 10:40 AM > >Subject: Re: ANNOUNCE: Version 3.27 and 4.11 > > > > > > > re-download the rpm. sounds like you have a bad rpm. Might try a > > > md5sum to check the file. I assume the md5sums are on the website. > > > > > > --rat > > > > > > On Wed, 2003-01-01 at 20:39, pg wrote: > > > > I'm using Redhat 7.2. I tried to upgrade to 3.27 from 3.26 but the > >following > > > > error message appeared : > > > > > > > > error: unpacking of archive failed on file /var/spool/mqueue.in: cpio: > > > > rename failed - Is a directory > > > > > > > > -Jason > > > > > > > > ----- Original Message ----- > > > > From: "Julian Field" > > > > To: > > > > Sent: Wednesday, January 01, 2003 7:48 PM > > > > Subject: ANNOUNCE: Version 3.27 and 4.11 > > > > > > > > > > > > > Happy New Year everyone! > > > > > > > > > > I have just released updated versions of both V3 and V4. > > > > > > > > > > The only change for V3 is an important security fix, which you can > >easily > > > > > apply without upgrading if you don't want to. See the ChangeLog below > >for > > > > > details. > > > > > > > > > > There are many improvements and changes for V4. A few of them are: > > > > > - Security fix is included > > > > > - Modify Subject: line to show a message has been scanned > > > > > - Stop MailScanner replying to mailing lists that send it viruses > > > > > - Quarantine-cleaning script included > > > > > - Virus scanner update cron job replaced by global updater script > > > > > - Full installation instructions for FreeBSD > > > > > - Improved AntiVir, Sophos, F-Prot and F-Secure parsers > > > > > > > > > > Also, in the spirit of Perl tradition, there is now a MailScanner > >Poetry > > > > > page for all you closet bards out there. Contributions are most > >welcome > > > > :-) > > > > > > > > > > It can all be downloaded as usual from > > > > > www.mailscanner.info > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > For completeness, here is the entry from the ChangeLog for V4.11: > > > > > > > > > > *Security* > > > > > - *** Important Security Fix *** > > > > > > > > > > You must edit the "sendmail -bd ..." command in your init script > >and > > > > add > > > > > -OPrivacyOptions=noetrn > > > > > as otherwise people could maliciously bypass MailScanner on servers > > > > that > > > > > are under heavy load. > > > > > It is *vital* that you protect yourself with this change. > > > > > However, please note there have been no reports at all of this > >problem > > > > > being actively exploited. > > > > > It is included in the init scripts that are part of the RPM > > > > > distributions, so RPM users just need to upgrade to the latest > > > > mailscanner*rpm. > > > > > > > > > > *New Features and Improvements* > > > > > - Added 2 more configuration options to modify the subject line > >whenever a > > > > > message is scanned (but no other subject line changes have happened) > >so it > > > > > is obvious to all that the message has been scanned. By default this > >will > > > > > (if enabled) add "{Scanned}" to the end of the Subject: line. > > > > > - Added "Never Notify Senders Of Precedence" configuration option so > >that > > > > > you can stop MailScanner replying to postings to mailing lists and > >other > > > > > bulk mail. > > > > > - A modified version of Steve Patterson's "clean.quarantine" script is > > > > > included as a daily cron job. It is disabled by default. Edit it to > >see > > > > how > > > > > to enable it. If you edit it, it will not be over-written by later > > > > upgrades > > > > > to MailScanner. > > > > > - Written an update_virus_scanners script which updates all installed > > > > > scanners. This is called hourly, as daily wasn't often enough and > >RedHat > > > > > don't offer anything between hourly and daily. > > > > > - Implemented full support for BSD with installation instructions > >based on > > > > > the tar distribution. > > > > > - Added Swedish translation of all reports. > > > > > - Added Spanish and Slovak translation of language strings. > > > > > - Added wrapper script for inoculan. > > > > > - Added an AntiVir autoupdate script. > > > > > - Improved AntiVir parser to handle new output format. > > > > > - Sophos parser improved to detect Sophos complaining about being > >given 1 > > > > > part of a multi-part archive. Gets flagged as a virus. > > > > > - F-Prot and F-Secure parsers improved to handle unusual virus names > >and > > > > > quieter handling of archives containing infected files. > > > > > - Added "$filename" variable expansion in sender warnings. Used it in > >the > > > > > English versions of the sender warnings. > > > > > - Completely new daemonising code to fix problems with ssh sessions > > > > > refusing to die. > > > > > - Added "startin" and "startout" parameters to init.d scripts for > >RedHat > > > > > and SuSE. > > > > > - Improved error reporting slightly in configuration compiler. > > > > > - Spam logging now includes the recipient domains as well as the > >sender. > > > > > - Incoming Queue Dirs can now be a file listing directories which > >include > > > > > wildcards. > > > > > - Added the message's subject line to the sender spam reports. > > > > > - Added a "sleep 5" in between the stop and start in "restart" in the > > > > > init.d script. > > > > > - Creates quarantine directories as required. > > > > > - Added link checking in code for finding incoming queue dirs. > > > > > - Added note for McAfee users about avoiding symlinks with anything > >even > > > > > remotely connected to McAfee itself. > > > > > - Added "Poetry" page to the web site for Nick's idle thoughts... > > > > > > > > > > *Fixes* > > > > > - Fixed problem of orphaned queue files being left in incoming queue > >when > > > > > MailScanner child processes are killed half-way through clearing a > > > > message. > > > > > - Fixed file locking code in Config.pm so Exim users do not have to > >have > > > > > the config files owned by exim.exim instead of root.root. > > > > > - Fixed Exim missing-characters-from-start-of-message bug. > > > > > - Fixed SpamAssassin "timeout 260 of 20" counter bug. > > > > > - Fixed EximDiskStore file locking bug. > > > > > - Fixed bug where unscanned messages are not properly archived if not > > > > > archiving as raw queue files. > > > > > - Fixed bug stopping Exim collecting large message batches. > > > > > - Changed default virus scanner from "sophos" to "none". > > > > > -- > > > > > Julian Field > > > > > www.MailScanner.info > > > > > MailScanner thanks transtec Computers for their support > > > > > > > > > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > From raymond at PROLOCATION.NET Thu Jan 2 10:19:38 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:16:48 2006 Subject: Error installing Version 3.27 In-Reply-To: <057401c2b247$e1beb870$a4031bac@mis1n> Message-ID: Hi! If you stop mailscanner, remove that irectory and then run the install? (quick and dirty) On Thu, 2 Jan 2003, Zhang Ming(r3) wrote: > Dear Mr.Julian, > > Just tested in my system, same error occured. > > for you inf. > > B.R. > > # rpm -Uvh mailscanner-3.27-1.i386.rpm > Preparing... ########################################### > [100%] > 1:mailscanner error: unpacking of archive failed on file > /var/spoo > l/mqueue.in: cpio: rename failed - Is a directory > > > > ----- Original Message ----- > From: "Julian Field" > To: > Sent: Thursday, January 02, 2003 5:36 PM > Subject: Re: Error installing Version 3.27 > > > > This looks like a download problem, but you are the 2nd person to have the > > same problem. > > > > Can anyone confirm that the RPM for 3.27 actually does work on somebody's > > system, or do I need to rebuild it? > > > > At 08:08 02/01/2003, you wrote: > > >I re-downloaded, but the result is exactly the same. I attach the full > > >message as following : > > > > > >[xxxx]# rpm -Uvh mailscanner-3.27-1.i386.rpm > > >Preparing... ########################################### > > >[100%] > > > 1:mailscanner warning: > > >/usr/local/MailScanner/etc/viruses.to.delete.conf created as > > >/usr/local/MailScanner/etc/viruses.to.delete.conf.rpmnew > > >error: unpacking of archive failed on file /var/spool/mqueue.in: cpio: > > >rename failed - Is a directory > > > > > >-Jason > > > > > >----- Original Message ----- > > >From: "Robert A. Thompson" > > >To: > > >Sent: Thursday, January 02, 2003 10:40 AM > > >Subject: Re: ANNOUNCE: Version 3.27 and 4.11 > > > > > > > > > > re-download the rpm. sounds like you have a bad rpm. Might try a > > > > md5sum to check the file. I assume the md5sums are on the website. > > > > > > > > --rat > > > > > > > > On Wed, 2003-01-01 at 20:39, pg wrote: > > > > > I'm using Redhat 7.2. I tried to upgrade to 3.27 from 3.26 but the > > >following > > > > > error message appeared : > > > > > > > > > > error: unpacking of archive failed on file /var/spool/mqueue.in: > cpio: > > > > > rename failed - Is a directory > > > > > > > > > > -Jason > > > > > > > > > > ----- Original Message ----- > > > > > From: "Julian Field" > > > > > To: > > > > > Sent: Wednesday, January 01, 2003 7:48 PM > > > > > Subject: ANNOUNCE: Version 3.27 and 4.11 > > > > > > > > > > > > > > > > Happy New Year everyone! > > > > > > > > > > > > I have just released updated versions of both V3 and V4. > > > > > > > > > > > > The only change for V3 is an important security fix, which you can > > >easily > > > > > > apply without upgrading if you don't want to. See the ChangeLog > below > > >for > > > > > > details. > > > > > > > > > > > > There are many improvements and changes for V4. A few of them are: > > > > > > - Security fix is included > > > > > > - Modify Subject: line to show a message has been scanned > > > > > > - Stop MailScanner replying to mailing lists that send it viruses > > > > > > - Quarantine-cleaning script included > > > > > > - Virus scanner update cron job replaced by global updater script > > > > > > - Full installation instructions for FreeBSD > > > > > > - Improved AntiVir, Sophos, F-Prot and F-Secure parsers > > > > > > > > > > > > Also, in the spirit of Perl tradition, there is now a MailScanner > > >Poetry > > > > > > page for all you closet bards out there. Contributions are most > > >welcome > > > > > :-) > > > > > > > > > > > > It can all be downloaded as usual from > > > > > > www.mailscanner.info > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > For completeness, here is the entry from the ChangeLog for V4.11: > > > > > > > > > > > > *Security* > > > > > > - *** Important Security Fix *** > > > > > > > > > > > > You must edit the "sendmail -bd ..." command in your init > script > > >and > > > > > add > > > > > > -OPrivacyOptions=noetrn > > > > > > as otherwise people could maliciously bypass MailScanner on > servers > > > > > that > > > > > > are under heavy load. > > > > > > It is *vital* that you protect yourself with this change. > > > > > > However, please note there have been no reports at all of this > > >problem > > > > > > being actively exploited. > > > > > > It is included in the init scripts that are part of the RPM > > > > > > distributions, so RPM users just need to upgrade to the latest > > > > > mailscanner*rpm. > > > > > > > > > > > > *New Features and Improvements* > > > > > > - Added 2 more configuration options to modify the subject line > > >whenever a > > > > > > message is scanned (but no other subject line changes have > happened) > > >so it > > > > > > is obvious to all that the message has been scanned. By default > this > > >will > > > > > > (if enabled) add "{Scanned}" to the end of the Subject: line. > > > > > > - Added "Never Notify Senders Of Precedence" configuration option > so > > >that > > > > > > you can stop MailScanner replying to postings to mailing lists and > > >other > > > > > > bulk mail. > > > > > > - A modified version of Steve Patterson's "clean.quarantine" > script is > > > > > > included as a daily cron job. It is disabled by default. Edit it > to > > >see > > > > > how > > > > > > to enable it. If you edit it, it will not be over-written by later > > > > > upgrades > > > > > > to MailScanner. > > > > > > - Written an update_virus_scanners script which updates all > installed > > > > > > scanners. This is called hourly, as daily wasn't often enough and > > >RedHat > > > > > > don't offer anything between hourly and daily. > > > > > > - Implemented full support for BSD with installation instructions > > >based on > > > > > > the tar distribution. > > > > > > - Added Swedish translation of all reports. > > > > > > - Added Spanish and Slovak translation of language strings. > > > > > > - Added wrapper script for inoculan. > > > > > > - Added an AntiVir autoupdate script. > > > > > > - Improved AntiVir parser to handle new output format. > > > > > > - Sophos parser improved to detect Sophos complaining about being > > >given 1 > > > > > > part of a multi-part archive. Gets flagged as a virus. > > > > > > - F-Prot and F-Secure parsers improved to handle unusual virus > names > > >and > > > > > > quieter handling of archives containing infected files. > > > > > > - Added "$filename" variable expansion in sender warnings. Used it > in > > >the > > > > > > English versions of the sender warnings. > > > > > > - Completely new daemonising code to fix problems with ssh > sessions > > > > > > refusing to die. > > > > > > - Added "startin" and "startout" parameters to init.d scripts for > > >RedHat > > > > > > and SuSE. > > > > > > - Improved error reporting slightly in configuration compiler. > > > > > > - Spam logging now includes the recipient domains as well as the > > >sender. > > > > > > - Incoming Queue Dirs can now be a file listing directories which > > >include > > > > > > wildcards. > > > > > > - Added the message's subject line to the sender spam reports. > > > > > > - Added a "sleep 5" in between the stop and start in "restart" in > the > > > > > > init.d script. > > > > > > - Creates quarantine directories as required. > > > > > > - Added link checking in code for finding incoming queue dirs. > > > > > > - Added note for McAfee users about avoiding symlinks with > anything > > >even > > > > > > remotely connected to McAfee itself. > > > > > > - Added "Poetry" page to the web site for Nick's idle thoughts... > > > > > > > > > > > > *Fixes* > > > > > > - Fixed problem of orphaned queue files being left in incoming > queue > > >when > > > > > > MailScanner child processes are killed half-way through clearing a > > > > > message. > > > > > > - Fixed file locking code in Config.pm so Exim users do not have > to > > >have > > > > > > the config files owned by exim.exim instead of root.root. > > > > > > - Fixed Exim missing-characters-from-start-of-message bug. > > > > > > - Fixed SpamAssassin "timeout 260 of 20" counter bug. > > > > > > - Fixed EximDiskStore file locking bug. > > > > > > - Fixed bug where unscanned messages are not properly archived if > not > > > > > > archiving as raw queue files. > > > > > > - Fixed bug stopping Exim collecting large message batches. > > > > > > - Changed default virus scanner from "sophos" to "none". > > > > > > -- > > > > > > Julian Field > > > > > > www.MailScanner.info > > > > > > MailScanner thanks transtec Computers for their support > > > > > > > > > > > > > > -- > > Julian Field > > www.MailScanner.info > > MailScanner thanks transtec Computers for their support > > > From mailscanner at ecs.soton.ac.uk Thu Jan 2 10:21:35 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:48 2006 Subject: Error installing Version 3.27 In-Reply-To: <057401c2b247$e1beb870$a4031bac@mis1n> References: <5.2.0.9.2.20030101113005.02098d90@imap.ecs.soton.ac.uk> <001d01c2b208$22bba300$2101a8c0@jasonnb> <1041475244.9856.11.camel@ra.thethompsonhouse.com> <5.2.0.9.2.20030102093524.03d8e228@imap.ecs.soton.ac.uk> Message-ID: <5.2.0.9.2.20030102101835.03aa5330@imap.ecs.soton.ac.uk> I have just rebuilt the RPM, can you try downloading and installing it again, to see if it is fixed now please? At 10:15 02/01/2003, you wrote: >Dear Mr.Julian, > >Just tested in my system, same error occured. > >for you inf. > >B.R. > ># rpm -Uvh mailscanner-3.27-1.i386.rpm >Preparing... ########################################### >[100%] > 1:mailscanner error: unpacking of archive failed on file >/var/spoo >l/mqueue.in: cpio: rename failed - Is a directory > > > >----- Original Message ----- >From: "Julian Field" >To: >Sent: Thursday, January 02, 2003 5:36 PM >Subject: Re: Error installing Version 3.27 > > > > This looks like a download problem, but you are the 2nd person to have the > > same problem. > > > > Can anyone confirm that the RPM for 3.27 actually does work on somebody's > > system, or do I need to rebuild it? > > > > At 08:08 02/01/2003, you wrote: > > >I re-downloaded, but the result is exactly the same. I attach the full > > >message as following : > > > > > >[xxxx]# rpm -Uvh mailscanner-3.27-1.i386.rpm > > >Preparing... ########################################### > > >[100%] > > > 1:mailscanner warning: > > >/usr/local/MailScanner/etc/viruses.to.delete.conf created as > > >/usr/local/MailScanner/etc/viruses.to.delete.conf.rpmnew > > >error: unpacking of archive failed on file /var/spool/mqueue.in: cpio: > > >rename failed - Is a directory > > > > > >-Jason > > > > > >----- Original Message ----- > > >From: "Robert A. Thompson" > > >To: > > >Sent: Thursday, January 02, 2003 10:40 AM > > >Subject: Re: ANNOUNCE: Version 3.27 and 4.11 > > > > > > > > > > re-download the rpm. sounds like you have a bad rpm. Might try a > > > > md5sum to check the file. I assume the md5sums are on the website. > > > > > > > > --rat > > > > > > > > On Wed, 2003-01-01 at 20:39, pg wrote: > > > > > I'm using Redhat 7.2. I tried to upgrade to 3.27 from 3.26 but the > > >following > > > > > error message appeared : > > > > > > > > > > error: unpacking of archive failed on file /var/spool/mqueue.in: >cpio: > > > > > rename failed - Is a directory > > > > > > > > > > -Jason > > > > > > > > > > ----- Original Message ----- > > > > > From: "Julian Field" > > > > > To: > > > > > Sent: Wednesday, January 01, 2003 7:48 PM > > > > > Subject: ANNOUNCE: Version 3.27 and 4.11 > > > > > > > > > > > > > > > > Happy New Year everyone! > > > > > > > > > > > > I have just released updated versions of both V3 and V4. > > > > > > > > > > > > The only change for V3 is an important security fix, which you can > > >easily > > > > > > apply without upgrading if you don't want to. See the ChangeLog >below > > >for > > > > > > details. > > > > > > > > > > > > There are many improvements and changes for V4. A few of them are: > > > > > > - Security fix is included > > > > > > - Modify Subject: line to show a message has been scanned > > > > > > - Stop MailScanner replying to mailing lists that send it viruses > > > > > > - Quarantine-cleaning script included > > > > > > - Virus scanner update cron job replaced by global updater script > > > > > > - Full installation instructions for FreeBSD > > > > > > - Improved AntiVir, Sophos, F-Prot and F-Secure parsers > > > > > > > > > > > > Also, in the spirit of Perl tradition, there is now a MailScanner > > >Poetry > > > > > > page for all you closet bards out there. Contributions are most > > >welcome > > > > > :-) > > > > > > > > > > > > It can all be downloaded as usual from > > > > > > www.mailscanner.info > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > For completeness, here is the entry from the ChangeLog for V4.11: > > > > > > > > > > > > *Security* > > > > > > - *** Important Security Fix *** > > > > > > > > > > > > You must edit the "sendmail -bd ..." command in your init >script > > >and > > > > > add > > > > > > -OPrivacyOptions=noetrn > > > > > > as otherwise people could maliciously bypass MailScanner on >servers > > > > > that > > > > > > are under heavy load. > > > > > > It is *vital* that you protect yourself with this change. > > > > > > However, please note there have been no reports at all of this > > >problem > > > > > > being actively exploited. > > > > > > It is included in the init scripts that are part of the RPM > > > > > > distributions, so RPM users just need to upgrade to the latest > > > > > mailscanner*rpm. > > > > > > > > > > > > *New Features and Improvements* > > > > > > - Added 2 more configuration options to modify the subject line > > >whenever a > > > > > > message is scanned (but no other subject line changes have >happened) > > >so it > > > > > > is obvious to all that the message has been scanned. By default >this > > >will > > > > > > (if enabled) add "{Scanned}" to the end of the Subject: line. > > > > > > - Added "Never Notify Senders Of Precedence" configuration option >so > > >that > > > > > > you can stop MailScanner replying to postings to mailing lists and > > >other > > > > > > bulk mail. > > > > > > - A modified version of Steve Patterson's "clean.quarantine" >script is > > > > > > included as a daily cron job. It is disabled by default. Edit it >to > > >see > > > > > how > > > > > > to enable it. If you edit it, it will not be over-written by later > > > > > upgrades > > > > > > to MailScanner. > > > > > > - Written an update_virus_scanners script which updates all >installed > > > > > > scanners. This is called hourly, as daily wasn't often enough and > > >RedHat > > > > > > don't offer anything between hourly and daily. > > > > > > - Implemented full support for BSD with installation instructions > > >based on > > > > > > the tar distribution. > > > > > > - Added Swedish translation of all reports. > > > > > > - Added Spanish and Slovak translation of language strings. > > > > > > - Added wrapper script for inoculan. > > > > > > - Added an AntiVir autoupdate script. > > > > > > - Improved AntiVir parser to handle new output format. > > > > > > - Sophos parser improved to detect Sophos complaining about being > > >given 1 > > > > > > part of a multi-part archive. Gets flagged as a virus. > > > > > > - F-Prot and F-Secure parsers improved to handle unusual virus >names > > >and > > > > > > quieter handling of archives containing infected files. > > > > > > - Added "$filename" variable expansion in sender warnings. Used it >in > > >the > > > > > > English versions of the sender warnings. > > > > > > - Completely new daemonising code to fix problems with ssh >sessions > > > > > > refusing to die. > > > > > > - Added "startin" and "startout" parameters to init.d scripts for > > >RedHat > > > > > > and SuSE. > > > > > > - Improved error reporting slightly in configuration compiler. > > > > > > - Spam logging now includes the recipient domains as well as the > > >sender. > > > > > > - Incoming Queue Dirs can now be a file listing directories which > > >include > > > > > > wildcards. > > > > > > - Added the message's subject line to the sender spam reports. > > > > > > - Added a "sleep 5" in between the stop and start in "restart" in >the > > > > > > init.d script. > > > > > > - Creates quarantine directories as required. > > > > > > - Added link checking in code for finding incoming queue dirs. > > > > > > - Added note for McAfee users about avoiding symlinks with >anything > > >even > > > > > > remotely connected to McAfee itself. > > > > > > - Added "Poetry" page to the web site for Nick's idle thoughts... > > > > > > > > > > > > *Fixes* > > > > > > - Fixed problem of orphaned queue files being left in incoming >queue > > >when > > > > > > MailScanner child processes are killed half-way through clearing a > > > > > message. > > > > > > - Fixed file locking code in Config.pm so Exim users do not have >to > > >have > > > > > > the config files owned by exim.exim instead of root.root. > > > > > > - Fixed Exim missing-characters-from-start-of-message bug. > > > > > > - Fixed SpamAssassin "timeout 260 of 20" counter bug. > > > > > > - Fixed EximDiskStore file locking bug. > > > > > > - Fixed bug where unscanned messages are not properly archived if >not > > > > > > archiving as raw queue files. > > > > > > - Fixed bug stopping Exim collecting large message batches. > > > > > > - Changed default virus scanner from "sophos" to "none". > > > > > > -- > > > > > > Julian Field > > > > > > www.MailScanner.info > > > > > > MailScanner thanks transtec Computers for their support > > > > > > > > > > > > > > -- > > Julian Field > > www.MailScanner.info > > MailScanner thanks transtec Computers for their support > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From clong at ALPHASYS.FR Thu Jan 2 11:36:05 2003 From: clong at ALPHASYS.FR (Christophe Long) Date: Thu Jan 12 21:16:48 2006 Subject: lock and mkdir problem with 4.11 Message-ID: <200301021236.05897.clong@alphasys.fr> I have installed the 4.11-1 from the tar ball archive, my system is a debian I have on it a perl 5.6.1 and sendmail 8.12.3 (-4) When I let MailScanner try to figure out which lock to use, it choses flock and I have ... Jan 2 03:00:40 halfdome mailscanner[21572]: MailScanner Jan 2 03:00:40 halfdome mailscanner[21572]: MailScanner E-Mail Virus Scanner version 4.11-1 starting... Jan 2 03:00:42 halfdome mailscanner[21572]: Using locktype = flock Jan 2 03:00:58 halfdome mailscanner[21572]: Could not open file >/var/spool/MailScanner/incoming/21572/h02B0Sv0021564.header: No such file or directory Jan 2 03:00:58 halfdome mailscanner[21572]: Cannot create + lock headers file /var/spool/MailScanner/incoming/21572/h02B0Sv0021564.header, When I switch to posix I have the same problem ... Any idea ? -- Christophe Long Technical Director - Alphasys Phone: +33 1 64 61 83 50 Fax: +33 1 64 73 53 42 From S.R.Patterson at SOTON.AC.UK Thu Jan 2 11:53:21 2003 From: S.R.Patterson at SOTON.AC.UK (Patterson S.R.) Date: Thu Jan 12 21:16:48 2006 Subject: lock and mkdir problem with 4.11 Message-ID: > -----Original Message----- > From: Christophe Long [mailto:clong@ALPHASYS.FR] > Sent: 02 January 2003 11:36 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: lock and mkdir problem with 4.11 > > > I have installed the 4.11-1 from the tar ball archive, my > system is a debian I have on it a perl 5.6.1 and sendmail 8.12.3 (-4) > > When I let MailScanner try to figure out which lock to use, > it choses flock and I have ... > > Jan 2 03:00:40 halfdome mailscanner[21572]: MailScanner > Jan 2 03:00:40 halfdome mailscanner[21572]: MailScanner > E-Mail Virus Scanner version 4.11-1 starting... Jan 2 > 03:00:42 halfdome mailscanner[21572]: Using locktype = flock > Jan 2 03:00:58 halfdome mailscanner[21572]: Could not open file > >/var/spool/MailScanner/incoming/21572/h02B0Sv0021564.header: No such > >file or > directory > Jan 2 03:00:58 halfdome mailscanner[21572]: Cannot create + > lock headers file > /var/spool/MailScanner/incoming/21572/h02B0Sv0021564.header, Do you have a /var/spool/MailScanner/incoming directory? Or indeed a /var/spool/MailScanner - beware the case sensitivity? Is it writeable by whichever user MailScanner is running as? (Not applicable if running as root) Is their execute permission for the MailScanner running user or group (not applicable if running as root) on every directory to that point, i.e. on /, /var, /var/spool, /var/spool/MailScanner, /var/spool/MailScanner/incoming ? Steve -- Steven Patterson MSci OCP. Tel: +44 (0)2380 595810 Primary Information Services Support and Development Information Systems Services, University of Southampton, UK. Public PGP Key: http://www.bottleneck.org/pubkey.php From clong at ALPHASYS.FR Thu Jan 2 12:29:37 2003 From: clong at ALPHASYS.FR (Christophe Long) Date: Thu Jan 12 21:16:48 2006 Subject: lock and mkdir problem with 4.11 In-Reply-To: References: Message-ID: <200301021329.37872.clong@alphasys.fr> it was more stupid than that, I make the migration from mailscanner 3 to 4 and I have stopped mailscanner 3 for that but have forgotten the script check_mailscanner ... Now it works ! Sorry ... Christophe Le Jeudi 2 Janvier 2003 12:53, vous avez ?crit : > > -----Original Message----- > > From: Christophe Long [mailto:clong@ALPHASYS.FR] > > Sent: 02 January 2003 11:36 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: lock and mkdir problem with 4.11 > > > > > > I have installed the 4.11-1 from the tar ball archive, my > > system is a debian I have on it a perl 5.6.1 and sendmail 8.12.3 (-4) > > > > When I let MailScanner try to figure out which lock to use, > > it choses flock and I have ... > > > > Jan 2 03:00:40 halfdome mailscanner[21572]: MailScanner > > Jan 2 03:00:40 halfdome mailscanner[21572]: MailScanner > > E-Mail Virus Scanner version 4.11-1 starting... Jan 2 > > 03:00:42 halfdome mailscanner[21572]: Using locktype = flock > > Jan 2 03:00:58 halfdome mailscanner[21572]: Could not open file > > > > >/var/spool/MailScanner/incoming/21572/h02B0Sv0021564.header: No such > > >file or > > > > directory > > Jan 2 03:00:58 halfdome mailscanner[21572]: Cannot create + > > lock headers file > > /var/spool/MailScanner/incoming/21572/h02B0Sv0021564.header, > > Do you have a /var/spool/MailScanner/incoming directory? Or indeed a > /var/spool/MailScanner - beware the case sensitivity? > > Is it writeable by whichever user MailScanner is running as? (Not > applicable if running as root) > > Is their execute permission for the MailScanner running user or group > (not applicable if running as root) on every directory to that point, > i.e. on /, /var, /var/spool, /var/spool/MailScanner, > /var/spool/MailScanner/incoming ? > > Steve -- Christophe Long Technical Director - Alphasys Phone: +33 1 64 61 83 50 Fax: +33 1 64 73 53 42 From alan at ESSEX.AC.UK Thu Jan 2 12:35:54 2003 From: alan at ESSEX.AC.UK (Stanier, Alan M) Date: Thu Jan 12 21:16:48 2006 Subject: Problem updating Sophos with MailScanner 3.26-2 Message-ID: <32381F0D81B1544ABED4BE3284266B09024841@sernt4.essex.ac.uk> I'm doing the regular updating of Sophos, and all goes well until the Sophos.install script tries to fetch the latest IDEs. Then it says Fetching latest IDE virus identities from www.sophos.com Lynx failed with error return 1 , Bad file descriptor at /usr/local/Sophos/bin/autoupdate line 83. What am I doing wrong? -------- Alan Stanier Essex University Information Systems Services Systems Group From Kevin.Spicer at BMRB.CO.UK Thu Jan 2 13:02:27 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:16:48 2006 Subject: Problem updating Sophos with MailScanner 3.26-2 Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0A32BEE@pascal.priv.bmrb.co.uk> > Fetching latest IDE virus identities from www.sophos.com > Lynx failed with error return 1 > , Bad file descriptor at /usr/local/Sophos/bin/autoupdate line 83. > > What am I doing wrong? > You're not doing anything wrong, as such. You need to install the latest version of Sophos. Sophos only provide IDES for versions less than three months old. Grab the latest package from the website (then you get 3 months rather than 2 months from the CD version). From alan at ESSEX.AC.UK Thu Jan 2 13:28:24 2003 From: alan at ESSEX.AC.UK (Stanier, Alan M) Date: Thu Jan 12 21:16:48 2006 Subject: Problem updating Sophos with MailScanner 3.26-2 Message-ID: <32381F0D81B1544ABED4BE3284266B09024842@sernt4.essex.ac.uk> > You're not doing anything wrong, as such. You need to > install the latest version of Sophos. Sophos only provide > IDES for versions less than three months old. Grab the latest > package from the website (then you get 3 months rather than 2 > months from the CD version). > Thanks for that. But that is what I thought I had done ... I obtained the latest version of linux.intel.libc6.tar.Z, put it on /tmp, then cd /tmp /usr/local/MailScanner/bin/Sophos.install It was at the end of that that I got the warning about File Descriptors. I believed that to install the lastest version of Sophos: was I wrong? From Kevin.Spicer at BMRB.CO.UK Thu Jan 2 13:44:41 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:16:48 2006 Subject: Problem updating Sophos with MailScanner 3.26-2 Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0A32BEF@pascal.priv.bmrb.co.uk> Check you have the right version... LD_LIBRARY_PATH=/usr/local/Sophos/lib export LD_LIBRARY_PATH /usr/local/Sophos/bin/sweep --version I get v. 3.64 (I think 3.65 is latest, so you should have 3.63, 3.64 or 3.65) > -----Original Message----- > From: Stanier, Alan M [mailto:alan@ESSEX.AC.UK] > Sent: 02 January 2003 13:28 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Problem updating Sophos with MailScanner 3.26-2 > > > > You're not doing anything wrong, as such. You need to > > install the latest version of Sophos. Sophos only provide > > IDES for versions less than three months old. Grab the latest > > package from the website (then you get 3 months rather than 2 > > months from the CD version). > > > > Thanks for that. But that is what I thought I had done ... I > obtained the latest version of linux.intel.libc6.tar.Z, put it > on /tmp, then > > cd /tmp > /usr/local/MailScanner/bin/Sophos.install > > It was at the end of that that I got the warning about > File Descriptors. > > I believed that to install the lastest version of Sophos: was > I wrong? > From pg at NEWHONEST.COM Thu Jan 2 14:52:44 2003 From: pg at NEWHONEST.COM (pg) Date: Thu Jan 12 21:16:48 2006 Subject: Error installing Version 3.27 References: <5.2.0.9.2.20030101113005.02098d90@imap.ecs.soton.ac.uk> <001d01c2b208$22bba300$2101a8c0@jasonnb> <1041475244.9856.11.camel@ra.thethompsonhouse.com> <5.2.0.9.2.20030102093524.03d8e228@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030102101835.03aa5330@imap.ecs.soton.ac.uk> Message-ID: <001f01c2b26e$9f0d7080$0301a8c0@jasonnb> The new rpm of mailscanner is working great now. Thank you! -Jason ----- Original Message ----- From: "Julian Field" To: Sent: Thursday, January 02, 2003 6:21 PM Subject: Re: Error installing Version 3.27 > I have just rebuilt the RPM, can you try downloading and installing it > again, to see if it is fixed now please? > > At 10:15 02/01/2003, you wrote: > >Dear Mr.Julian, > > > >Just tested in my system, same error occured. > > > >for you inf. > > > >B.R. > > > ># rpm -Uvh mailscanner-3.27-1.i386.rpm > >Preparing... ########################################### > >[100%] > > 1:mailscanner error: unpacking of archive failed on file > >/var/spoo > >l/mqueue.in: cpio: rename failed - Is a directory > > > > > > > >----- Original Message ----- > >From: "Julian Field" > >To: > >Sent: Thursday, January 02, 2003 5:36 PM > >Subject: Re: Error installing Version 3.27 > > > > > > > This looks like a download problem, but you are the 2nd person to have the > > > same problem. > > > > > > Can anyone confirm that the RPM for 3.27 actually does work on somebody's > > > system, or do I need to rebuild it? > > > > > > At 08:08 02/01/2003, you wrote: > > > >I re-downloaded, but the result is exactly the same. I attach the full > > > >message as following : > > > > > > > >[xxxx]# rpm -Uvh mailscanner-3.27-1.i386.rpm > > > >Preparing... ########################################### > > > >[100%] > > > > 1:mailscanner warning: > > > >/usr/local/MailScanner/etc/viruses.to.delete.conf created as > > > >/usr/local/MailScanner/etc/viruses.to.delete.conf.rpmnew > > > >error: unpacking of archive failed on file /var/spool/mqueue.in: cpio: > > > >rename failed - Is a directory > > > > > > > >-Jason > > > > > > > >----- Original Message ----- > > > >From: "Robert A. Thompson" > > > >To: > > > >Sent: Thursday, January 02, 2003 10:40 AM > > > >Subject: Re: ANNOUNCE: Version 3.27 and 4.11 > > > > > > > > > > > > > re-download the rpm. sounds like you have a bad rpm. Might try a > > > > > md5sum to check the file. I assume the md5sums are on the website. > > > > > > > > > > --rat > > > > > > > > > > On Wed, 2003-01-01 at 20:39, pg wrote: > > > > > > I'm using Redhat 7.2. I tried to upgrade to 3.27 from 3.26 but the > > > >following > > > > > > error message appeared : > > > > > > > > > > > > error: unpacking of archive failed on file /var/spool/mqueue.in: > >cpio: > > > > > > rename failed - Is a directory > > > > > > > > > > > > -Jason > > > > > > > > > > > > ----- Original Message ----- > > > > > > From: "Julian Field" > > > > > > To: > > > > > > Sent: Wednesday, January 01, 2003 7:48 PM > > > > > > Subject: ANNOUNCE: Version 3.27 and 4.11 > > > > > > > > > > > > > > > > > > > Happy New Year everyone! > > > > > > > > > > > > > > I have just released updated versions of both V3 and V4. > > > > > > > > > > > > > > The only change for V3 is an important security fix, which you can > > > >easily > > > > > > > apply without upgrading if you don't want to. See the ChangeLog > >below > > > >for > > > > > > > details. > > > > > > > > > > > > > > There are many improvements and changes for V4. A few of them are: > > > > > > > - Security fix is included > > > > > > > - Modify Subject: line to show a message has been scanned > > > > > > > - Stop MailScanner replying to mailing lists that send it viruses > > > > > > > - Quarantine-cleaning script included > > > > > > > - Virus scanner update cron job replaced by global updater script > > > > > > > - Full installation instructions for FreeBSD > > > > > > > - Improved AntiVir, Sophos, F-Prot and F-Secure parsers > > > > > > > > > > > > > > Also, in the spirit of Perl tradition, there is now a MailScanner > > > >Poetry > > > > > > > page for all you closet bards out there. Contributions are most > > > >welcome > > > > > > :-) > > > > > > > > > > > > > > It can all be downloaded as usual from > > > > > > > www.mailscanner.info > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > For completeness, here is the entry from the ChangeLog for V4.11: > > > > > > > > > > > > > > *Security* > > > > > > > - *** Important Security Fix *** > > > > > > > > > > > > > > You must edit the "sendmail -bd ..." command in your init > >script > > > >and > > > > > > add > > > > > > > -OPrivacyOptions=noetrn > > > > > > > as otherwise people could maliciously bypass MailScanner on > >servers > > > > > > that > > > > > > > are under heavy load. > > > > > > > It is *vital* that you protect yourself with this change. > > > > > > > However, please note there have been no reports at all of this > > > >problem > > > > > > > being actively exploited. > > > > > > > It is included in the init scripts that are part of the RPM > > > > > > > distributions, so RPM users just need to upgrade to the latest > > > > > > mailscanner*rpm. > > > > > > > > > > > > > > *New Features and Improvements* > > > > > > > - Added 2 more configuration options to modify the subject line > > > >whenever a > > > > > > > message is scanned (but no other subject line changes have > >happened) > > > >so it > > > > > > > is obvious to all that the message has been scanned. By default > >this > > > >will > > > > > > > (if enabled) add "{Scanned}" to the end of the Subject: line. > > > > > > > - Added "Never Notify Senders Of Precedence" configuration option > >so > > > >that > > > > > > > you can stop MailScanner replying to postings to mailing lists and > > > >other > > > > > > > bulk mail. > > > > > > > - A modified version of Steve Patterson's "clean.quarantine" > >script is > > > > > > > included as a daily cron job. It is disabled by default. Edit it > >to > > > >see > > > > > > how > > > > > > > to enable it. If you edit it, it will not be over-written by later > > > > > > upgrades > > > > > > > to MailScanner. > > > > > > > - Written an update_virus_scanners script which updates all > >installed > > > > > > > scanners. This is called hourly, as daily wasn't often enough and > > > >RedHat > > > > > > > don't offer anything between hourly and daily. > > > > > > > - Implemented full support for BSD with installation instructions > > > >based on > > > > > > > the tar distribution. > > > > > > > - Added Swedish translation of all reports. > > > > > > > - Added Spanish and Slovak translation of language strings. > > > > > > > - Added wrapper script for inoculan. > > > > > > > - Added an AntiVir autoupdate script. > > > > > > > - Improved AntiVir parser to handle new output format. > > > > > > > - Sophos parser improved to detect Sophos complaining about being > > > >given 1 > > > > > > > part of a multi-part archive. Gets flagged as a virus. > > > > > > > - F-Prot and F-Secure parsers improved to handle unusual virus > >names > > > >and > > > > > > > quieter handling of archives containing infected files. > > > > > > > - Added "$filename" variable expansion in sender warnings. Used it > >in > > > >the > > > > > > > English versions of the sender warnings. > > > > > > > - Completely new daemonising code to fix problems with ssh > >sessions > > > > > > > refusing to die. > > > > > > > - Added "startin" and "startout" parameters to init.d scripts for > > > >RedHat > > > > > > > and SuSE. > > > > > > > - Improved error reporting slightly in configuration compiler. > > > > > > > - Spam logging now includes the recipient domains as well as the > > > >sender. > > > > > > > - Incoming Queue Dirs can now be a file listing directories which > > > >include > > > > > > > wildcards. > > > > > > > - Added the message's subject line to the sender spam reports. > > > > > > > - Added a "sleep 5" in between the stop and start in "restart" in > >the > > > > > > > init.d script. > > > > > > > - Creates quarantine directories as required. > > > > > > > - Added link checking in code for finding incoming queue dirs. > > > > > > > - Added note for McAfee users about avoiding symlinks with > >anything > > > >even > > > > > > > remotely connected to McAfee itself. > > > > > > > - Added "Poetry" page to the web site for Nick's idle thoughts... > > > > > > > > > > > > > > *Fixes* > > > > > > > - Fixed problem of orphaned queue files being left in incoming > >queue > > > >when > > > > > > > MailScanner child processes are killed half-way through clearing a > > > > > > message. > > > > > > > - Fixed file locking code in Config.pm so Exim users do not have > >to > > > >have > > > > > > > the config files owned by exim.exim instead of root.root. > > > > > > > - Fixed Exim missing-characters-from-start-of-message bug. > > > > > > > - Fixed SpamAssassin "timeout 260 of 20" counter bug. > > > > > > > - Fixed EximDiskStore file locking bug. > > > > > > > - Fixed bug where unscanned messages are not properly archived if > >not > > > > > > > archiving as raw queue files. > > > > > > > - Fixed bug stopping Exim collecting large message batches. > > > > > > > - Changed default virus scanner from "sophos" to "none". > > > > > > > -- > > > > > > > Julian Field > > > > > > > www.MailScanner.info > > > > > > > MailScanner thanks transtec Computers for their support > > > > > > > > > > > > > > > > > > -- > > > Julian Field > > > www.MailScanner.info > > > MailScanner thanks transtec Computers for their support > > > > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > From mailscanner at ecs.soton.ac.uk Thu Jan 2 15:28:43 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:48 2006 Subject: Storing incoming work dir on ramdisk In-Reply-To: References: <5.2.0.9.2.20030101194245.02fa8ff0@imap.ecs.soton.ac.uk> Message-ID: <5.2.0.9.2.20030102152450.03e43088@imap.ecs.soton.ac.uk> At 20:37 01/01/2003, you wrote: >On Wed, 1 Jan 2003, Julian Field wrote: > > I've just done an experiment on my biggest server (thankyou Transtec!). > > > > I am ignoring incoming SMTP traffic load for now, as I have yet to find > > enough machines to feed it SMTP traffic at 1.5 million messages per day. > > > > Using disk-based directories for > > mqueue.in > > mqueue > > MailScanner/incoming > > using Exim > > I can process about 1.1 million messages per day, using Sophos, > > SpamAssassin and the default RBL lists. > > > > With tmpfs-based directories for > > MailScanner/incoming > > this jumps to about 1.4 million messages per day, using the same settings. > > This is perfectly safe as the MailScanner/incoming directory is wiped at > > startup anyway, and no messages can be lost by power-outs. > > > > With tmpfs-based directories for > > mqueue.in > > mqueue > > MailScanner/incoming > > this increases to about 1.5 million messages per day, using the same > > settings. This is not safe as the mqueue.in and.mqueue would be lost on > > power-outs. > > > > So if you have the RAM to throw at it, and plenty of CPU horse-power to > > make use of it, you can increase your message throughput by roughly 30% by > > moving the MailScanner/incoming directory onto a tmpfs filesystem held > in RAM. > > > > But if you run out of RAM and start swapping a lot, the performance will > > drop quickly. > > > > Tests done on a Transtec 2600 Workgroup Server, 2 x 2.4GHz/Zeon with 2Gb > > RAM, 15000rpm SCSI disk, 15 child processes. > > -- > > Julian Field > > www.MailScanner.info > > MailScanner thanks transtec Computers for their support > >Those are pretty impressive numbers! I noticed that you're testing with >Exim instead of sendmail. Do you think there would be much difference if >you used sendmail? Sorry for the delay, I have been pumping a few hundred thousand email messages through my server to find the timings. Sendmail is working a *lot* slower than Exim. All outgoing mail is pumped to a dual-CPU 1GHz P3 machine which is running a very simple SMTP "sink" that throws away everything it is sent, but speaks just enough SMTP to make the clients think they are talking to a real SMTP server. With sendmail, the stats are these: Sendmail, all directories on disk, 387300 per day. Sendmail, incoming+quarantine on tmpfs, 10:18:29-11:23:21, 444000 per day. Sendmail, all on tmpfs, 453000 per day. So with sendmail it isn't worth the bother as the overhead of just sending the SMTP traffic is so high. Interesting that Exim manages to do the same job in about 1/3 of the time! -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From jaearick at COLBY.EDU Thu Jan 2 15:41:17 2003 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:16:48 2006 Subject: Storing incoming work dir on ramdisk In-Reply-To: <5.2.0.9.2.20030102152450.03e43088@imap.ecs.soton.ac.uk> References: <5.2.0.9.2.20030101194245.02fa8ff0@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030102152450.03e43088@imap.ecs.soton.ac.uk> Message-ID: Julian, Sendmail has *always* been the performance pig and bottleneck on my mail-server. While MailScanner 4.x is great, the performance of MS 3.x was sufficiently fast to outrun sendmail on my system (a dual-CPU Sun E220R), always. ----------------------------------- Jeff A. Earickson, Ph.D Senior UNIX Sysadmin and Email Guru Information Technology Services Colby College, 4214 Mayflower Hill, Waterville ME, 04901-8842 phone: 207-872-3659 (fax = 3076) ----------------------------------- From chicks at CHICKS.NET Thu Jan 2 16:03:54 2003 From: chicks at CHICKS.NET (Christopher Hicks) Date: Thu Jan 12 21:16:48 2006 Subject: Centralized aliases In-Reply-To: <200301020024.h020Oaa31083@ori.rl.ac.uk> Message-ID: On Thu, 2 Jan 2003, Bruno wrote: > Is there any way to do the ID and mail alias definition in just one place? We've been looking at using sendmail's LDAP purported capabilities for this sort of thing, but we haven't even tested it yet. -- Programming is a Dark Art, and it will always be. The programmer is fighting against the two most destructive forces in the universe: entropy and human stupidity. They're not things you can always overcome with a "methodology" or on a schedule. -Damian Conway, Perl God From Kevin.Spicer at BMRB.CO.UK Thu Jan 2 16:12:22 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:16:48 2006 Subject: Centralized aliases Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0A32BF5@pascal.priv.bmrb.co.uk> > One minor annoyance is that if the aliases (as well as every > other valid > email address) are not defined on the proxy then the mail is > rejected. So, > all the email IDs and aliases have to be on the proxy. But > if any ID or > alias is not ALSO defined on the mail server then mail sent > from the LAN to > that ID tends to bounce since the mail server (correctly) > thinks the mail is > destined to itself but does not find the ID or alias. So, > user IDs and > aliases need to be defined twice, identically, in both the > server and alias. Maybe I'm missing something here, but I can't see why you need to duplicate your aliases - unless your mailscanner box isn't set up to relay for your domain. I use mailscanner in front of an exchange box and my mailscanner box doesn't know any of my users names. From smhickel at CHARTERMI.NET Thu Jan 2 16:19:28 2003 From: smhickel at CHARTERMI.NET (Steve Hickel) Date: Thu Jan 12 21:16:48 2006 Subject: ANNOUNCE: Version 3.27 and 4.11 In-Reply-To: <5.2.0.9.2.20030101113005.02098d90@imap.ecs.soton.ac.uk> References: <5.2.0.9.2.20030101113005.02098d90@imap.ecs.soton.ac.uk> Message-ID: <1041524367.2173.1.camel@steve.hickel.info> Julan, Thanks for all the work. Thanks for helping me troubleshoot my virus scan 'not-sure-it-is-scanning' issue the other day. Turns out it was scanning outgoing message, it just doesn't put any message in the body like my home system does, which I haven't figured out why not yet, but it is scanning. Again, Thanks, STeve On Wed, 2003-01-01 at 06:48, Julian Field wrote: > Happy New Year everyone! > > I have just released updated versions of both V3 and V4. > > The only change for V3 is an important security fix, which you can easily > apply without upgrading if you don't want to. See the ChangeLog below for > details. > > There are many improvements and changes for V4. A few of them are: > - Security fix is included > - Modify Subject: line to show a message has been scanned > - Stop MailScanner replying to mailing lists that send it viruses > - Quarantine-cleaning script included > - Virus scanner update cron job replaced by global updater script > - Full installation instructions for FreeBSD > - Improved AntiVir, Sophos, F-Prot and F-Secure parsers > > Also, in the spirit of Perl tradition, there is now a MailScanner Poetry > page for all you closet bards out there. Contributions are most welcome :-) > > It can all be downloaded as usual from > www.mailscanner.info > > > > > > For completeness, here is the entry from the ChangeLog for V4.11: > > *Security* > - *** Important Security Fix *** > > You must edit the "sendmail -bd ..." command in your init script and add > -OPrivacyOptions=noetrn > as otherwise people could maliciously bypass MailScanner on servers that > are under heavy load. > It is *vital* that you protect yourself with this change. > However, please note there have been no reports at all of this problem > being actively exploited. > It is included in the init scripts that are part of the RPM > distributions, so RPM users just need to upgrade to the latest mailscanner*rpm. > > *New Features and Improvements* > - Added 2 more configuration options to modify the subject line whenever a > message is scanned (but no other subject line changes have happened) so it > is obvious to all that the message has been scanned. By default this will > (if enabled) add "{Scanned}" to the end of the Subject: line. > - Added "Never Notify Senders Of Precedence" configuration option so that > you can stop MailScanner replying to postings to mailing lists and other > bulk mail. > - A modified version of Steve Patterson's "clean.quarantine" script is > included as a daily cron job. It is disabled by default. Edit it to see how > to enable it. If you edit it, it will not be over-written by later upgrades > to MailScanner. > - Written an update_virus_scanners script which updates all installed > scanners. This is called hourly, as daily wasn't often enough and RedHat > don't offer anything between hourly and daily. > - Implemented full support for BSD with installation instructions based on > the tar distribution. > - Added Swedish translation of all reports. > - Added Spanish and Slovak translation of language strings. > - Added wrapper script for inoculan. > - Added an AntiVir autoupdate script. > - Improved AntiVir parser to handle new output format. > - Sophos parser improved to detect Sophos complaining about being given 1 > part of a multi-part archive. Gets flagged as a virus. > - F-Prot and F-Secure parsers improved to handle unusual virus names and > quieter handling of archives containing infected files. > - Added "$filename" variable expansion in sender warnings. Used it in the > English versions of the sender warnings. > - Completely new daemonising code to fix problems with ssh sessions > refusing to die. > - Added "startin" and "startout" parameters to init.d scripts for RedHat > and SuSE. > - Improved error reporting slightly in configuration compiler. > - Spam logging now includes the recipient domains as well as the sender. > - Incoming Queue Dirs can now be a file listing directories which include > wildcards. > - Added the message's subject line to the sender spam reports. > - Added a "sleep 5" in between the stop and start in "restart" in the > init.d script. > - Creates quarantine directories as required. > - Added link checking in code for finding incoming queue dirs. > - Added note for McAfee users about avoiding symlinks with anything even > remotely connected to McAfee itself. > - Added "Poetry" page to the web site for Nick's idle thoughts... > > *Fixes* > - Fixed problem of orphaned queue files being left in incoming queue when > MailScanner child processes are killed half-way through clearing a message. > - Fixed file locking code in Config.pm so Exim users do not have to have > the config files owned by exim.exim instead of root.root. > - Fixed Exim missing-characters-from-start-of-message bug. > - Fixed SpamAssassin "timeout 260 of 20" counter bug. > - Fixed EximDiskStore file locking bug. > - Fixed bug where unscanned messages are not properly archived if not > archiving as raw queue files. > - Fixed bug stopping Exim collecting large message batches. > - Changed default virus scanner from "sophos" to "none". > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support -- Steve Hickel -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030102/dac9c005/attachment.bin From t.d.lee at DURHAM.AC.UK Thu Jan 2 16:20:06 2003 From: t.d.lee at DURHAM.AC.UK (David Lee) Date: Thu Jan 12 21:16:48 2006 Subject: Storing incoming work dir on ramdisk In-Reply-To: Message-ID: On Thu, 2 Jan 2003, Jeff A. Earickson wrote: > Julian, > Sendmail has *always* been the performance pig and bottleneck > on my mail-server. While MailScanner 4.x is great, the performance > of MS 3.x was sufficiently fast to outrun sendmail on my system > (a dual-CPU Sun E220R), always. Interesting. Poor old sendmail always seems to have blame heaped upon it. So I'm going to try to defend it (just a little at least). With MS 3.x we (university with 100,000 messages/day) found MS (and its environment), not sendmail, to be the bottleneck. This may have been because we did ORDB checks from MS, and the apparent MS slowness was actually DNS/ORDB latency. Certainly the migration to MS 4.x, with its ability for multiple, parallel MS processes has helped matters enormously. For our site MS 4.x/sendmail-8.11 on Sun Ultra-10/Solaris-8 copes adequately. The critical difference was upgrading MS from 3.x to 4.x. (But we are now moving to new dual-Intel Redhat, which seems even more comfortable. Still sendmail!) -- : David Lee I.T. Service : : Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham : : Phone: +44 191 374 2882 U.K. : From jaearick at COLBY.EDU Thu Jan 2 16:31:55 2003 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:16:49 2006 Subject: sendmail 8.12.7 squawking after MS 4.11-1 upgrade Message-ID: Gang, I upgraded from Mailscanner 4.10-1 to 4.11-1 this morning. Afterwords, sendmail 8.12.7 starting complaining: [ID 702911 mail.warning] File descriptors missing on startup: stderr; Bad file number I've seen a pile 'o these this morning. I dropped back to 4.10-1 and sendmail shut up. I upgraded from 8.12.6 to 8.12.7 on Dec 31, so this may be a new feature/bug of sendmail. The complaint above comes out of sendmail's main() routine. A quick look at the sendmail code, and it looks like sendmail is checking that the stdio file descriptors are available, and complains if not. Maybe stderr is closed/gone in MS when a sendmail process gets launched in 4.11-1? ----------------------------------- Jeff A. Earickson, Ph.D Senior UNIX Sysadmin and Email Guru Information Technology Services Colby College, 4214 Mayflower Hill, Waterville ME, 04901-8842 phone: 207-872-3659 (fax = 3076) ----------------------------------- From gavin at NETERGY.COM Thu Jan 2 16:49:18 2003 From: gavin at NETERGY.COM (Gavin Nelmes-Crocker) Date: Thu Jan 12 21:16:49 2006 Subject: sendmail 8.12.7 squawking after MS 4.11-1 upgrade In-Reply-To: Message-ID: I've also noticed something odd with sendmail when I installed 4.11 on a test box it keeps rebuilding the aliases after every message Jan 3 08:13:13 localhost MailScanner[2997]: Spam Checks: Found 1 spam messages Jan 3 08:13:13 localhost MailScanner[2997]: Spam Actions: message g03GDC803162 actions are deliver Jan 3 08:13:13 localhost MailScanner[2997]: Virus and Content Scanning: Starting Jan 3 08:13:14 localhost MailScanner[2997]: Filename Checks: Allowing g03GDC803162.header (no rule matched) Jan 3 08:13:14 localhost MailScanner[2997]: Filename Checks: Allowing msg-2997-1.txt Jan 3 08:13:14 localhost MailScanner[2997]: Uninfected: Delivered 1 messages Jan 3 16:13:14 localhost sendmail[3168]: alias database /etc/mail/aliases autorebuilt by root Jan 3 16:13:14 localhost sendmail[3168]: /etc/mail/aliases: 17 aliases, longest 10 bytes, 189 bytes total Jan 3 16:13:14 localhost sendmail[3168]: alias database /etc/mail/aliases.majordomo autorebuilt by root Jan 3 16:13:14 localhost sendmail[3168]: /etc/mail/aliases.majordomo: 12 aliases, longest 69 bytes, 519 bytes total this is a RaQ4 if that helps Gavin ps Julian thanks for your help on the MakeMaker and perl rpm stuff I've built fixed rpms for the RaQs. > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Jeff A. Earickson > Sent: 02 January 2003 16:32 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: sendmail 8.12.7 squawking after MS 4.11-1 upgrade > > > Gang, > I upgraded from Mailscanner 4.10-1 to 4.11-1 this morning. > Afterwords, sendmail 8.12.7 starting complaining: > > [ID 702911 mail.warning] File descriptors > missing on startup: stderr; Bad file number > > I've seen a pile 'o these this morning. I dropped back to 4.10-1 > and sendmail shut up. I upgraded from 8.12.6 to 8.12.7 on Dec 31, > so this may be a new feature/bug of sendmail. The complaint above > comes out of sendmail's main() routine. A quick look at the > sendmail code, and it looks like sendmail is checking that the stdio > file descriptors are available, and complains if not. Maybe stderr > is closed/gone in MS when a sendmail process gets launched in 4.11-1? > > ----------------------------------- > Jeff A. Earickson, Ph.D > Senior UNIX Sysadmin and Email Guru > Information Technology Services > Colby College, 4214 Mayflower Hill, > Waterville ME, 04901-8842 > phone: 207-872-3659 (fax = 3076) > ----------------------------------- -- This message has been scanned for viruses and dangerous content by the Netergy Virus Spam Defence, and is believed to be clean. For details on having your email scanned email nvsd@netergy.com From mailscanner at ecs.soton.ac.uk Thu Jan 2 17:54:25 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:49 2006 Subject: sendmail 8.12.7 squawking after MS 4.11-1 upgrade In-Reply-To: Message-ID: <5.2.0.9.2.20030102175232.03a5ed70@imap.ecs.soton.ac.uk> At 16:31 02/01/2003, you wrote: >Gang, > I upgraded from Mailscanner 4.10-1 to 4.11-1 this morning. >Afterwords, sendmail 8.12.7 starting complaining: > >[ID 702911 mail.warning] File descriptors > missing on startup: stderr; Bad file number > >I've seen a pile 'o these this morning. I dropped back to 4.10-1 >and sendmail shut up. I upgraded from 8.12.6 to 8.12.7 on Dec 31, >so this may be a new feature/bug of sendmail. The complaint above >comes out of sendmail's main() routine. A quick look at the >sendmail code, and it looks like sendmail is checking that the stdio >file descriptors are available, and complains if not. Maybe stderr >is closed/gone in MS when a sendmail process gets launched in 4.11-1? MS 4.11 does indeed close all the stdout, stdin stderr. This means that the forking off the daemon works properly, so you can close an SSH session that started MailScanner. If you look in /usr/sbin/MailScanner, you will find 3 consecutive "close(" function calls. Try commenting them out and see what happens. I might need to add some code attempt to re-open them later, but I'm not 100% sure how to do that yet. :-) -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Thu Jan 2 17:52:29 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:49 2006 Subject: sendmail 8.12.7 squawking after MS 4.11-1 upgrade In-Reply-To: References: Message-ID: <5.2.0.9.2.20030102175150.05d309d0@imap.ecs.soton.ac.uk> At 16:49 02/01/2003, you wrote: >I've also noticed something odd with sendmail when I installed 4.11 on a >test box it keeps rebuilding the aliases after every message > >Jan 3 08:13:13 localhost MailScanner[2997]: Spam Checks: Found 1 spam >messages >Jan 3 08:13:13 localhost MailScanner[2997]: Spam Actions: message >g03GDC803162 actions are deliver >Jan 3 08:13:13 localhost MailScanner[2997]: Virus and Content Scanning: >Starting >Jan 3 08:13:14 localhost MailScanner[2997]: Filename Checks: Allowing >g03GDC803162.header (no rule matched) >Jan 3 08:13:14 localhost MailScanner[2997]: Filename Checks: Allowing >msg-2997-1.txt >Jan 3 08:13:14 localhost MailScanner[2997]: Uninfected: Delivered 1 >messages >Jan 3 16:13:14 localhost sendmail[3168]: alias database /etc/mail/aliases >autorebuilt by root >Jan 3 16:13:14 localhost sendmail[3168]: /etc/mail/aliases: 17 aliases, >longest 10 bytes, 189 bytes total >Jan 3 16:13:14 localhost sendmail[3168]: alias database >/etc/mail/aliases.majordomo autorebuilt by root >Jan 3 16:13:14 localhost sendmail[3168]: /etc/mail/aliases.majordomo: 12 >aliases, longest 69 bytes, 519 bytes total > >this is a RaQ4 if that helps How about you just turn off AutoRebuildAliases? Quick and simple solution to the problem, though I haven't a clue what might be causing it. Your clock hasn't skewed has it? >Gavin >ps Julian thanks for your help on the MakeMaker and perl rpm stuff I've >built fixed rpms for the RaQs. > > > -----Original Message----- > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > > Behalf Of Jeff A. Earickson > > Sent: 02 January 2003 16:32 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: sendmail 8.12.7 squawking after MS 4.11-1 upgrade > > > > > > Gang, > > I upgraded from Mailscanner 4.10-1 to 4.11-1 this morning. > > Afterwords, sendmail 8.12.7 starting complaining: > > > > [ID 702911 mail.warning] File descriptors > > missing on startup: stderr; Bad file number > > > > I've seen a pile 'o these this morning. I dropped back to 4.10-1 > > and sendmail shut up. I upgraded from 8.12.6 to 8.12.7 on Dec 31, > > so this may be a new feature/bug of sendmail. The complaint above > > comes out of sendmail's main() routine. A quick look at the > > sendmail code, and it looks like sendmail is checking that the stdio > > file descriptors are available, and complains if not. Maybe stderr > > is closed/gone in MS when a sendmail process gets launched in 4.11-1? > > > > ----------------------------------- > > Jeff A. Earickson, Ph.D > > Senior UNIX Sysadmin and Email Guru > > Information Technology Services > > Colby College, 4214 Mayflower Hill, > > Waterville ME, 04901-8842 > > phone: 207-872-3659 (fax = 3076) > > ----------------------------------- > > >-- >This message has been scanned for viruses and dangerous content >by the Netergy Virus Spam Defence, and is believed to be clean. >For details on having your email scanned email nvsd@netergy.com -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Thu Jan 2 17:51:20 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:49 2006 Subject: Storing incoming work dir on ramdisk In-Reply-To: References: Message-ID: <5.2.0.9.2.20030102174748.03a47270@imap.ecs.soton.ac.uk> At 16:20 02/01/2003, you wrote: >On Thu, 2 Jan 2003, Jeff A. Earickson wrote: > > Julian, > > Sendmail has *always* been the performance pig and bottleneck > > on my mail-server. While MailScanner 4.x is great, the performance > > of MS 3.x was sufficiently fast to outrun sendmail on my system > > (a dual-CPU Sun E220R), always. > >Interesting. Poor old sendmail always seems to have blame heaped upon it. >So I'm going to try to defend it (just a little at least). > >With MS 3.x we (university with 100,000 messages/day) found MS (and its >environment), not sendmail, to be the bottleneck. This may have been >because we did ORDB checks from MS, and the apparent MS slowness was >actually DNS/ORDB latency. Yes, that's what I always found too. >Certainly the migration to MS 4.x, with its ability for multiple, parallel >MS processes has helped matters enormously. > >For our site MS 4.x/sendmail-8.11 on Sun Ultra-10/Solaris-8 copes >adequately. The critical difference was upgrading MS from 3.x to 4.x. >(But we are now moving to new dual-Intel Redhat, which seems even more >comfortable. Still sendmail!) I still run sendmail here too. Our servers cope happily with the mail load we give them, so I see no point in doing anything like trying to replace our (complicated) sendmail setup with anything else. We have been running a similar (in function) system since at least 1988 and it works just fine. The amusing thing is that is operates in a very similar way to the way a cluster of Exchange servers would behave (but has decent centralised management, etc). I have no plans to implement any production Exim servers here, but I was quite surprised with the test results. Next thing to try is on a much slower machine to see how much it is CPU-dependent. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From llasad1 at YAHOO.COM Thu Jan 2 20:53:46 2003 From: llasad1 at YAHOO.COM (lester lasad) Date: Thu Jan 12 21:16:49 2006 Subject: spam.whitelist.rules and domain of sender does not exist Message-ID: <20030102205346.2114.qmail@web41415.mail.yahoo.com> I am running MailScanner 4.10-1 on RedHat 7.3 and would like to allow email from a non-existent domain to be delivered. There are several reports that are generated in our internal network that are delivered via SMTP ( thru MailScanner ) and the email is not going thru because the sender does not exist. I have tried adding both and the ip address and the sender to the spam.whitelist.rules file but it continues to deny the emails. Has anyone run into this or is there a solution for this problem? I have stopped and restarted MailScanner "service MailScanner stop" and "service MailScanner start" after making the changes. I have also tried "service MailScanner restart". I have added the following line to spam.whitelist.rules From: invalidsender@abc.com yes From: 10.2.1.1 yes --------------------------------- Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030102/ad0abc4e/attachment.html From mike at CAMAROSS.NET Thu Jan 2 21:01:16 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:16:49 2006 Subject: spam.whitelist.rules and domain of sender does not exist In-Reply-To: <20030102205346.2114.qmail@web41415.mail.yahoo.com> Message-ID: <004001c2b2a2$17945b80$9901a8c0@home.middlefinger.net> Domain of sender error message is coming from sendmail and not MailScanner. Take a look at your /etc/mail/sendmail.mc and look for this line: dnl FEATURE(`accept_unresolvable_domains')dnl Remove the leading 'dnl' and rebuild your sendmail.cf and see if that helps. Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of lester lasad Sent: Thursday, January 02, 2003 2:54 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: spam.whitelist.rules and domain of sender does not exist I am running MailScanner 4.10-1 on RedHat 7.3 and would like to allow email from a non-existent domain to be delivered. There are several reports that are generated in our internal network that are delivered via SMTP ( thru MailScanner ) and the email is not going thru because the sender does not exist. I have tried adding both and the ip address and the sender to the spam.whitelist.rules file but it continues to deny the emails. Has anyone run into this or is there a solution for this problem? I have stopped and restarted MailScanner "service MailScanner stop" and "service MailScanner start" after making the changes. I have also tried "service MailScanner restart". I have added the following line to spam.whitelist.rules From: invalidsender@abc.com yes From: 10.2.1.1 yes --------------------------------- Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now From gavin at NETERGY.COM Thu Jan 2 22:09:45 2003 From: gavin at NETERGY.COM (Gavin Nelmes-Crocker) Date: Thu Jan 12 21:16:49 2006 Subject: sendmail 8.12.7 squawking after MS 4.11-1 upgrade In-Reply-To: <5.2.0.9.2.20030102175150.05d309d0@imap.ecs.soton.ac.uk> Message-ID: dmail[3168]: /etc/mail/aliases.majordomo: 12 > >aliases, longest 69 bytes, 519 bytes total > > > >this is a RaQ4 if that helps > > How about you just turn off AutoRebuildAliases? Quick and simple solution > to the problem, though I haven't a clue what might be causing it. Your > clock hasn't skewed has it? > > well I could if I knew where and how on a cobalt without breaking it - I'm presuming that turning it off is something within Sendmail not mailscanner as I didn't see anything in the conf file. The clock issue is an odd one - I've just restarted Mailscanner again and I notice its putting a different time into the log than the system time which is weird in itself Jan 3 22:05:52 localhost sendmail[17386]: starting daemon (8.10.2): SMTP Jan 3 22:05:52 localhost sendmail[17389]: starting daemon (8.10.2): queueing@00:15:00 Jan 3 14:05:55 localhost MailScanner[17399]: MailScanner Jan 3 14:05:55 localhost MailScanner[17399]: MailScanner E-Mail Virus Scanner version 4.11-1 starting... Jan 3 14:05:58 localhost MailScanner[17399]: Using locktype = flock Jan 3 14:06:05 localhost MailScanner[17406]: MailScanner Any ideas Gavin -- This message has been scanned for viruses and dangerous content by the Netergy Virus Spam Defence, and is believed to be clean. For details on having your email scanned email nvsd@netergy.com From michael at NSEC.DK Thu Jan 2 22:18:57 2003 From: michael at NSEC.DK (Michael Svendsen) Date: Thu Jan 12 21:16:49 2006 Subject: Centralized aliases Message-ID: <200301022218.h02MIvP24833@ns1.computopic.dk> You just have to arrange a so called "drop-box" ;) A possible solution could be: on your DMZ-mailserver you have to add one account for each domain. In your virtusertable just add: @yourdomain domainaccount On your LAN-mailserver you shall use fetchmail (you may already use fetchmail now) in your .fetchmailrc you shall have something like: poll DMZ-mailserver with proto pop3 user domainaccount there with password "hidden" is * here That should work ;) > > One minor annoyance is that if the aliases (as well as every > > other valid > > email address) are not defined on the proxy then the mail is > > rejected. So, > > all the email IDs and aliases have to be on the proxy. But > > if any ID or > > alias is not ALSO defined on the mail server then mail sent > > from the LAN to > > that ID tends to bounce since the mail server (correctly) > > thinks the mail is > > destined to itself but does not find the ID or alias. So, > > user IDs and > > aliases need to be defined twice, identically, in both the > > server and alias. > > Maybe I'm missing something here, but I can't see why you need to duplicate your aliases - unless your mailscanner box isn't set up to relay for your domain. I use mailscanner in front of an exchange box and my mailscanner box doesn't know any of my users names. > > Med venlig hilsen / Best Regards Michael Svendsen Newage Security From dwinkler at ALGORITHMICS.COM Thu Jan 2 22:22:47 2003 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:16:49 2006 Subject: Centralized aliases Message-ID: <06EE2C86D3DAD5119A6C0060943F3C970402C0A8@tormail1.algorithmics.com> or You could define you internal server as your smart host on the proxy server and there's no need to define any users or aliases on the proxy. -----Original Message----- From: Michael Svendsen [mailto:michael@nsec.dk] Sent: Thursday, January 02, 2003 5:19 PM To: MAILSCANNER@jiscmail.ac.uk Subject: Re: Centralized aliases You just have to arrange a so called "drop-box" ;) A possible solution could be: on your DMZ-mailserver you have to add one account for each domain. In your virtusertable just add: @yourdomain domainaccount On your LAN-mailserver you shall use fetchmail (you may already use fetchmail now) in your .fetchmailrc you shall have something like: poll DMZ-mailserver with proto pop3 user domainaccount there with password "hidden" is * here That should work ;) > > One minor annoyance is that if the aliases (as well as every > > other valid > > email address) are not defined on the proxy then the mail is > > rejected. So, > > all the email IDs and aliases have to be on the proxy. But > > if any ID or > > alias is not ALSO defined on the mail server then mail sent > > from the LAN to > > that ID tends to bounce since the mail server (correctly) > > thinks the mail is > > destined to itself but does not find the ID or alias. So, > > user IDs and > > aliases need to be defined twice, identically, in both the > > server and alias. > > Maybe I'm missing something here, but I can't see why you need to duplicate your aliases - unless your mailscanner box isn't set up to relay for your domain. I use mailscanner in front of an exchange box and my mailscanner box doesn't know any of my users names. > > Med venlig hilsen / Best Regards Michael Svendsen Newage Security -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030102/59018387/attachment.html From S.R.Patterson at SOTON.AC.UK Fri Jan 3 09:27:14 2003 From: S.R.Patterson at SOTON.AC.UK (Patterson S.R.) Date: Thu Jan 12 21:16:49 2006 Subject: sendmail 8.12.7 squawking after MS 4.11-1 upgrade Message-ID: > -----Original Message----- > From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > Sent: 02 January 2003 17:52 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: sendmail 8.12.7 squawking after MS 4.11-1 upgrade > > How about you just turn off AutoRebuildAliases? Quick and > simple solution to the problem, though I haven't a clue what > might be causing it. Your clock hasn't skewed has it? How about this? If autorebuild aliases is on in the cf file then presumably sendmail rebuilds the aliases each time the sendmail binary is run, and then periodically after that. Presumably, then, when mailscanner calls sendmail -qI then the aliases are rebuild as part of the start up of sendmail. Hence aliases are rebuilt after every (batch of) message(s) scanned. Turn off autorebuild either in your cf (well, in your m4 sources!), or if you feel you really do want it done periodically by the sendmail daemon (the sendmail -bd) then make sure it's explicitly turned off in the queue runs done by mailscanner with a command line option, or preferably make sure it's explicitly turned on by a command line option to the daemon sendmail (sendmail -bd -OAutoRebuildAliases=... if memory serves) Just my thoughts. Steve -- Steven Patterson MSci OCP. Tel: +44 (0)2380 595810 Primary Information Services Support and Development Information Systems Services, University of Southampton, UK. Public PGP Key: http://www.bottleneck.org/pubkey.php From mailscanner at ecs.soton.ac.uk Fri Jan 3 10:17:34 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:49 2006 Subject: sendmail 8.12.7 squawking after MS 4.11-1 upgrade In-Reply-To: Message-ID: <5.2.0.9.2.20030103101649.05e5eea0@imap.ecs.soton.ac.uk> At 09:27 03/01/2003, you wrote: > > -----Original Message----- > > From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > > Sent: 02 January 2003 17:52 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: sendmail 8.12.7 squawking after MS 4.11-1 upgrade > > > > How about you just turn off AutoRebuildAliases? Quick and > > simple solution to the problem, though I haven't a clue what > > might be causing it. Your clock hasn't skewed has it? > >How about this? > >If autorebuild aliases is on in the cf file then presumably sendmail >rebuilds the aliases each time the sendmail binary is run, and then >periodically after that. Presumably, then, when mailscanner calls >sendmail -qI then the aliases are rebuild as part of the >start up of sendmail. Hence aliases are rebuilt after every (batch of) >message(s) scanned. Sendmail should compare the date stamps and only rebuild it if the source is newer than the db file(s). >Turn off autorebuild either in your cf (well, in your m4 sources!), or >if you feel you really do want it done periodically by the sendmail >daemon (the sendmail -bd) then make sure it's explicitly turned off in >the queue runs done by mailscanner with a command line option, or >preferably make sure it's explicitly turned on by a command line option >to the daemon sendmail (sendmail -bd -OAutoRebuildAliases=... if memory >serves) > >Just my thoughts. > >Steve -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Fri Jan 3 10:18:59 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:49 2006 Subject: sendmail 8.12.7 squawking after MS 4.11-1 upgrade In-Reply-To: References: <5.2.0.9.2.20030102175150.05d309d0@imap.ecs.soton.ac.uk> Message-ID: <5.2.0.9.2.20030103101800.03b78930@imap.ecs.soton.ac.uk> At 22:09 02/01/2003, you wrote: >dmail[3168]: /etc/mail/aliases.majordomo: 12 > > >aliases, longest 69 bytes, 519 bytes total > > > > > >this is a RaQ4 if that helps > > > > How about you just turn off AutoRebuildAliases? Quick and simple solution > > to the problem, though I haven't a clue what might be causing it. Your > > clock hasn't skewed has it? > > > > >well I could if I knew where and how on a cobalt without breaking it - I'm >presuming that turning it off is something within Sendmail not mailscanner >as I didn't see anything in the conf file. > >The clock issue is an odd one - I've just restarted Mailscanner again and I >notice its putting a different time into the log than the system time which >is weird in itself That would certainly explain the behaviour you are seeing. I'm afraid I can only suggest that you check /etc/sysconfig/clock to ensure your timezone is set correctly. >Jan 3 22:05:52 localhost sendmail[17386]: starting daemon (8.10.2): SMTP >Jan 3 22:05:52 localhost sendmail[17389]: starting daemon (8.10.2): >queueing@00:15:00 >Jan 3 14:05:55 localhost MailScanner[17399]: MailScanner >Jan 3 14:05:55 localhost MailScanner[17399]: MailScanner E-Mail Virus >Scanner version 4.11-1 starting... >Jan 3 14:05:58 localhost MailScanner[17399]: Using locktype = flock >Jan 3 14:06:05 localhost MailScanner[17406]: MailScanner > >Any ideas > >Gavin > > >-- >This message has been scanned for viruses and dangerous content >by the Netergy Virus Spam Defence, and is believed to be clean. >For details on having your email scanned email nvsd@netergy.com -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From dustin.baer at IHS.COM Fri Jan 3 13:24:31 2003 From: dustin.baer at IHS.COM (Dustin Baer) Date: Thu Jan 12 21:16:49 2006 Subject: AutoRebuildAliases Message-ID: <3E158F0F.FA0E477A@ihs.com> AutoRebuildAliases has been deprecated since 8.10 and completely removed in 8.12.0: RELEASE_NOTES: Remove AutoRebuildAliases option, deprecated since 8.10. Dustin From Bobby at LIFE-EXTREME.COM Fri Jan 3 14:18:49 2003 From: Bobby at LIFE-EXTREME.COM (Bobbejaan van Elst) Date: Thu Jan 12 21:16:49 2006 Subject: Unrecognised keyword and Looked up unknown string In-Reply-To: <5.2.0.9.2.20030103101649.05e5eea0@imap.ecs.soton.ac.uk> References: Message-ID: <5.1.0.14.2.20030103145620.01bf2b50@mail.the-mask.net> Hi, I have installed the latest version of mailscanner and I get the following errors in my syslog: 1.) Jan 3 14:52:38 the-mask sendmail[3465]: h03DqbJ03465: from=, size=350, class=0, nrcpts=1, msgid=<5.1.0.14.2.20030103145209.01beec70@mail.the-mask.net>, proto=ESMTP, daemon=MTA, relay=iawxsrt-sst-fw01.wxs.nl [195.121.14.2] (may be forged) Jan 3 14:52:38 the-mask MailScanner[2411]: New Batch: Scanning 1 messages, 845 bytes Jan 3 14:52:38 the-mask MailScanner[2411]: Spam Checks: Starting Jan 3 14:52:38 the-mask MailScanner[2411]: Looked up unknown string spam in language translation file /opt/MailScanner/etc/reports/en/languages.conf Jan 3 14:52:39 the-mask MailScanner[2411]: Looked up unknown string score in language translation file /opt/MailScanner/etc/reports/en/languages.conf Jan 3 14:52:39 the-mask MailScanner[2411]: Looked up unknown string required in language translation file /opt/MailScanner/etc/reports/en/languages.conf Jan 3 14:52:39 the-mask MailScanner[2411]: Looked up unknown string notspam in language translation file /opt/MailScanner/etc/reports/en/languages.conf Jan 3 14:52:39 the-mask MailScanner[2411]: Virus and Content Scanning: Starting Jan 3 14:52:41 the-mask MailScanner[2411]: Uninfected: Delivered 1 messages Jan 3 14:52:42 the-mask sendmail[3473]: h03DqbJ03465: to=bvanelst, delay=00:00:05, xdelay=00:00:01, mailer=local, pri=120350, dsn=2.0.0, stat=Sent The problem here is I have not a directory /opt/MailScanner/ the file languages.conf is located in this directory: /etc/MailScanner/reports/en/languages.conf. My question how or where can I change this. 2.) Jan 3 15:07:53 the-mask sendmail[4199]: starting daemon (8.11.2): queueing@00:15:00 Jan 3 15:07:54 the-mask MailScanner[4210]: MailScanner Jan 3 15:07:54 the-mask MailScanner[4210]: MailScanner E-Mail Virus Scanner version 4.11-1 starting... Jan 3 15:07:54 the-mask MailScanner[4210]: Syntax error(s) in configuration file: Jan 3 15:07:54 the-mask MailScanner[4210]: Unrecognised keyword "piddir" at line 80 Jan 3 15:07:54 the-mask MailScanner[4210]: Aborting due to syntax errors in /etc/MailScanner/MailScanner.conf. I have put a "#" before line 80 and the problem is gone.. Has someone any idea? Met vriendelijke groet, Bobbejaan van Elst http://www.Life-eXtreme.com http://www.the-mask.net -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030103/ca0f7ce0/attachment.html From florusb at ASCIO.COM Fri Jan 3 14:24:15 2003 From: florusb at ASCIO.COM (Florus Both) Date: Thu Jan 12 21:16:49 2006 Subject: Unrecognised keyword and Looked up unknown string Message-ID: <2F15A97500CFA0469C9BACC2041F8AC7032E82B2@aries.dk.speednames.com> 2) the keyword has changed : PID file = /var/run/MailScanner.pid (i had the same after an upgrade, keeping the old MailScanner.conf file) Florus -----Original Message----- From: Bobbejaan van Elst [mailto:Bobby@LIFE-EXTREME.COM] Sent: 3. januar 2003 15:19 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Unrecognised keyword and Looked up unknown string Hi, I have installed the latest version of mailscanner and I get the following errors in my syslog: 1.) Jan 3 14:52:38 the-mask sendmail[3465]: h03DqbJ03465: from=, size=350, class=0, nrcpts=1, msgid=<5.1.0.14.2.20030103145209.01beec70@mail.the-mask.net>, proto=ESMTP, daemon=MTA, relay=iawxsrt-sst-fw01.wxs.nl [195.121.14.2] (may be forged) Jan 3 14:52:38 the-mask MailScanner[2411]: New Batch: Scanning 1 messages, 845 bytes Jan 3 14:52:38 the-mask MailScanner[2411]: Spam Checks: Starting Jan 3 14:52:38 the-mask MailScanner[2411]: Looked up unknown string spam in language translation file /opt/MailScanner/etc/reports/en/languages.conf Jan 3 14:52:39 the-mask MailScanner[2411]: Looked up unknown string score in language translation file /opt/MailScanner/etc/reports/en/languages.conf Jan 3 14:52:39 the-mask MailScanner[2411]: Looked up unknown string required in language translation file /opt/MailScanner/etc/reports/en/languages.conf Jan 3 14:52:39 the-mask MailScanner[2411]: Looked up unknown string notspam in language translation file /opt/MailScanner/etc/reports/en/languages.conf Jan 3 14:52:39 the-mask MailScanner[2411]: Virus and Content Scanning: Starting Jan 3 14:52:41 the-mask MailScanner[2411]: Uninfected: Delivered 1 messages Jan 3 14:52:42 the-mask sendmail[3473]: h03DqbJ03465: to=bvanelst, delay=00:00:05, xdelay=00:00:01, mailer=local, pri=120350, dsn=2.0.0, stat=Sent The problem here is I have not a directory /opt/MailScanner/ the file languages.conf is located in this directory: /etc/MailScanner/reports/en/languages.conf. My question how or where can I change this. 2.) Jan 3 15:07:53 the-mask sendmail[4199]: starting daemon (8.11.2): queueing@00:15:00 Jan 3 15:07:54 the-mask MailScanner[4210]: MailScanner Jan 3 15:07:54 the-mask MailScanner[4210]: MailScanner E-Mail Virus Scanner version 4.11-1 starting... Jan 3 15:07:54 the-mask MailScanner[4210]: Syntax error(s) in configuration file: Jan 3 15:07:54 the-mask MailScanner[4210]: Unrecognised keyword "piddir" at line 80 Jan 3 15:07:54 the-mask MailScanner[4210]: Aborting due to syntax errors in /etc/MailScanner/MailScanner.conf. I have put a "#" before line 80 and the problem is gone.. Has someone any idea? Met vriendelijke groet, Bobbejaan van Elst http://www.Life-eXtreme.com http://www.the-mask.net -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030103/0de5e511/attachment.html From paul_houselander at BRISTOL-LEA.ORG.UK Fri Jan 3 14:30:14 2003 From: paul_houselander at BRISTOL-LEA.ORG.UK (Paul Houselander) Date: Thu Jan 12 21:16:49 2006 Subject: MailScanner directory in 4.11-1 Message-ID: <01f201c2b334$a1ce0520$7b10140a@education.bcc.lan> Hi Just looking at version 4.11-1 I unpacked the tar archive and I noticed /opt/MailScanner/bin/MailScanner/* /opt/MailScanner/bin/MailScanner.pm Were now located in /opt/MailScanner/lib/MailScanner/* /opt/MailScanner/lib/MailScanner.pm Can I just confirm this new location is the correct location. Cheers Paul -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Mailscanner thanks transtec Computers for their support. From mailscanner at ecs.soton.ac.uk Fri Jan 3 14:37:45 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:49 2006 Subject: Unrecognised keyword and Looked up unknown string In-Reply-To: <5.1.0.14.2.20030103145620.01bf2b50@mail.the-mask.net> References: <5.2.0.9.2.20030103101649.05e5eea0@imap.ecs.soton.ac.uk> Message-ID: <5.2.0.9.2.20030103143556.03b586e0@imap.ecs.soton.ac.uk> At 14:18 03/01/2003, you wrote: >I have installed the latest version of mailscanner and I get the following >errors in my syslog: > >1.) > >Jan 3 14:52:38 the-mask sendmail[3465]: h03DqbJ03465: >from=, size=350, class=0, nrcpts=1, >msgid=<5.1.0.14.2.20030103145209.01beec70@mail.the-mask.net>, proto=ESMTP, >daemon=MTA, relay=iawxsrt-sst-fw01.wxs.nl [195.121.14.2] (may be forged) >Jan 3 14:52:38 the-mask MailScanner[2411]: New Batch: Scanning 1 >messages, 845 bytes >Jan 3 14:52:38 the-mask MailScanner[2411]: Spam Checks: Starting >Jan 3 14:52:38 the-mask MailScanner[2411]: Looked up unknown string spam >in language translation file /opt/MailScanner/etc/reports/en/languages.conf >Jan 3 14:52:39 the-mask MailScanner[2411]: Looked up unknown string score >in language translation file /opt/MailScanner/etc/reports/en/languages.conf >Jan 3 14:52:39 the-mask MailScanner[2411]: Looked up unknown string >required in language translation file >/opt/MailScanner/etc/reports/en/languages.conf >Jan 3 14:52:39 the-mask MailScanner[2411]: Looked up unknown string >notspam in language translation file >/opt/MailScanner/etc/reports/en/languages.conf >Jan 3 14:52:39 the-mask MailScanner[2411]: Virus and Content Scanning: >Starting >Jan 3 14:52:41 the-mask MailScanner[2411]: Uninfected: Delivered 1 messages >Jan 3 14:52:42 the-mask sendmail[3473]: h03DqbJ03465: to=bvanelst, >delay=00:00:05, xdelay=00:00:01, mailer=local, pri=120350, dsn=2.0.0, stat=Sent > >The problem here is I have not a directory /opt/MailScanner/ the file >languages.conf is located in this directory: >/etc/MailScanner/reports/en/languages.conf. > >My question how or where can I change this. You haven't incorporated your changes into the new MailScanner.conf file, you have just blindly used your old one and are therefore missing the configuration option # Set where to find all the strings used so they can be translated into # your local language. # This can also be the filename of a ruleset so you can produce different # languages for different messages. Language Strings = /etc/MailScanner/reports/en/languages.conf >2.) > >Jan 3 15:07:53 the-mask sendmail[4199]: starting daemon (8.11.2): >queueing@00:15:00 >Jan 3 15:07:54 the-mask MailScanner[4210]: MailScanner >Jan 3 15:07:54 the-mask MailScanner[4210]: MailScanner E-Mail Virus >Scanner version 4.11-1 starting... >Jan 3 15:07:54 the-mask MailScanner[4210]: Syntax error(s) in >configuration file: >Jan 3 15:07:54 the-mask MailScanner[4210]: Unrecognised keyword "piddir" >at line 80 >Jan 3 15:07:54 the-mask MailScanner[4210]: Aborting due to syntax errors >in /etc/MailScanner/MailScanner.conf. > >I have put a "#" before line 80 and the problem is gone.. Same problem as above. It is now a "PID File" and not a "PID Dir". Full description in your newly supplied MailScanner.conf file is # Set where to store the process id number so you can stop MailScanner PID file = /var/run/MailScanner.pid -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030103/5367dfe5/attachment.html From mailscanner at ecs.soton.ac.uk Fri Jan 3 14:38:29 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:49 2006 Subject: MailScanner directory in 4.11-1 In-Reply-To: <01f201c2b334$a1ce0520$7b10140a@education.bcc.lan> Message-ID: <5.2.0.9.2.20030103143801.06463008@imap.ecs.soton.ac.uk> At 14:30 03/01/2003, you wrote: >Hi > >Just looking at version 4.11-1 > >I unpacked the tar archive and I noticed > >/opt/MailScanner/bin/MailScanner/* >/opt/MailScanner/bin/MailScanner.pm > >Were now located in > >/opt/MailScanner/lib/MailScanner/* >/opt/MailScanner/lib/MailScanner.pm > >Can I just confirm this new location is the correct location. Yes, indeed. I moved them so that the RPM and tar distributions both use the same structure. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From Bobby at LIFE-EXTREME.COM Fri Jan 3 14:56:50 2003 From: Bobby at LIFE-EXTREME.COM (Bobbejaan van Elst) Date: Thu Jan 12 21:16:49 2006 Subject: Unrecognised keyword and Looked up unknown string In-Reply-To: <5.2.0.9.2.20030103143556.03b586e0@imap.ecs.soton.ac.uk> References: <5.1.0.14.2.20030103145620.01bf2b50@mail.the-mask.net> <5.2.0.9.2.20030103101649.05e5eea0@imap.ecs.soton.ac.uk> Message-ID: <5.1.0.14.2.20030103155029.01bf9b18@mail.the-mask.net> Julian, Thanx for your help. I did not know I was using the old config file, I tought that the new one replaced the old one. Met vriendelijke groet, Bobbejaan van Elst http://www.Life-eXtreme.com http://www.the-mask.net At 14:37 3-1-2003 +0000, you wrote: >At 14:18 03/01/2003, you wrote: >>I have installed the latest version of mailscanner and I get the >>following errors in my syslog: >> >>1.) >> >>Jan 3 14:52:38 the-mask sendmail[3465]: h03DqbJ03465: >>from=, size=350, class=0, nrcpts=1, >>msgid=<5.1.0.14.2.20030103145209.01beec70@mail.the-mask.net>, >>proto=ESMTP, daemon=MTA, relay=iawxsrt-sst-fw01.wxs.nl [195.121.14.2] >>(may be forged) >>Jan 3 14:52:38 the-mask MailScanner[2411]: New Batch: Scanning 1 >>messages, 845 bytes >>Jan 3 14:52:38 the-mask MailScanner[2411]: Spam Checks: Starting >>Jan 3 14:52:38 the-mask MailScanner[2411]: Looked up unknown string spam >>in language translation file /opt/MailScanner/etc/reports/en/languages.conf >>Jan 3 14:52:39 the-mask MailScanner[2411]: Looked up unknown string >>score in language translation file >>/opt/MailScanner/etc/reports/en/languages.conf >>Jan 3 14:52:39 the-mask MailScanner[2411]: Looked up unknown string >>required in language translation file >>/opt/MailScanner/etc/reports/en/languages.conf >>Jan 3 14:52:39 the-mask MailScanner[2411]: Looked up unknown string >>notspam in language translation file >>/opt/MailScanner/etc/reports/en/languages.conf >>Jan 3 14:52:39 the-mask MailScanner[2411]: Virus and Content Scanning: >>Starting >>Jan 3 14:52:41 the-mask MailScanner[2411]: Uninfected: Delivered 1 messages >>Jan 3 14:52:42 the-mask sendmail[3473]: h03DqbJ03465: to=bvanelst, >>delay=00:00:05, xdelay=00:00:01, mailer=local, pri=120350, dsn=2.0.0, stat=Sent >> >>The problem here is I have not a directory /opt/MailScanner/ the file >>languages.conf is located in this directory: >>/etc/MailScanner/reports/en/languages.conf. >> >>My question how or where can I change this. > >You haven't incorporated your changes into the new MailScanner.conf file, >you have just blindly used your old one and are therefore missing the >configuration option > ># Set where to find all the strings used so they can be translated into ># your local language. ># This can also be the filename of a ruleset so you can produce different ># languages for different messages. >Language Strings = /etc/MailScanner/reports/en/languages.conf > >>2.) >> >>Jan 3 15:07:53 the-mask sendmail[4199]: starting daemon (8.11.2): >>queueing@00:15:00 >>Jan 3 15:07:54 the-mask MailScanner[4210]: MailScanner >>Jan 3 15:07:54 the-mask MailScanner[4210]: MailScanner E-Mail Virus >>Scanner version 4.11-1 starting... >>Jan 3 15:07:54 the-mask MailScanner[4210]: Syntax error(s) in >>configuration file: >>Jan 3 15:07:54 the-mask MailScanner[4210]: Unrecognised keyword "piddir" >>at line 80 >>Jan 3 15:07:54 the-mask MailScanner[4210]: Aborting due to syntax errors >>in /etc/MailScanner/MailScanner.conf. >> >>I have put a "#" before line 80 and the problem is gone.. > >Same problem as above. >It is now a "PID File" and not a "PID Dir". Full description in your newly >supplied MailScanner.conf file is > ># Set where to store the process id number so you can stop MailScanner >PID file = /var/run/MailScanner.pid > >-- >Julian Field >www.MailScanner.info >MailScanner thanks transtec Computers for their support -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030103/9d6830b9/attachment.html From andersan at LTKALMAR.SE Fri Jan 3 15:03:28 2003 From: andersan at LTKALMAR.SE (Anders Andersson, IT) Date: Thu Jan 12 21:16:50 2006 Subject: Regarding a good but not to hard RBl and upgrade/reinstall Message-ID: <7B475DC5E9502B4D91EA73C283AE48D70263ED8E@lkl22.ltkalmar.se> Hi I was planning to use an RBL in sendmail but Im not sure which one to use. Since IM not to experinced at this I was hoping somone could recommend a good but pretty safe RBL. We prolly get around 500 msg's a day that makes it all the way to exchange and then get bounced. Planning to make a routine for extracting adresses from exchange and build aliases but this could be a short cut until thats done.... any suggestions? Oh, btw, any recommendation regarding upgrade to newest version. Uninstall prevous or just do upgrade? /Anders From mailscanner at ecs.soton.ac.uk Fri Jan 3 15:26:53 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:50 2006 Subject: Regarding a good but not to hard RBl and upgrade/reinstall In-Reply-To: <7B475DC5E9502B4D91EA73C283AE48D70263ED8E@lkl22.ltkalmar.se > Message-ID: <5.2.0.9.2.20030103152459.03a2a4b8@imap.ecs.soton.ac.uk> At 15:03 03/01/2003, you wrote: >I was planning to use an RBL in sendmail but Im not sure >which one to use. Since IM not to experinced at this >I was hoping somone could recommend a good but pretty >safe RBL. We prolly get around 500 msg's a day that makes it >all the way to exchange and then get bounced. >Planning to make a routine for extracting adresses from >exchange and build aliases but this could be a short cut until >thats done.... any suggestions? ORDB is good. Very few problems with them. >Oh, btw, any recommendation regarding upgrade to newest version. >Uninstall prevous or just do upgrade? Just upgrade. If you are using the RPM distribution, then you only need to upgrade the actual mailscanner*rpm file, you don't need to re-run install.sh. Be warned that you will need to check your configuration file carefully. In particular, definitely look out for PID File (new) PID Dir (old and removed) Language Strings (new) They are the 3 most important changes in there, and it will object if they aren't right. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Fri Jan 3 15:24:33 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:50 2006 Subject: Unrecognised keyword and Looked up unknown string In-Reply-To: <5.1.0.14.2.20030103155029.01bf9b18@mail.the-mask.net> References: <5.2.0.9.2.20030103143556.03b586e0@imap.ecs.soton.ac.uk> <5.1.0.14.2.20030103145620.01bf2b50@mail.the-mask.net> <5.2.0.9.2.20030103101649.05e5eea0@imap.ecs.soton.ac.uk> Message-ID: <5.2.0.9.2.20030103152349.05e49010@imap.ecs.soton.ac.uk> At 14:56 03/01/2003, you wrote: >Thanx for your help. No problem. >I did not know I was using the old config file, I tought that the new one >replaced the old one. It very carefully does not overwrite any configuration file, report or virus engine wrapper script that you have changed so that your customisations don't get lost. >Met vriendelijke groet, > > Bobbejaan van Elst >http://www.Life-eXtreme.com > http://www.the-mask.net > > >At 14:37 3-1-2003 +0000, you wrote: >>At 14:18 03/01/2003, you wrote: >>>I have installed the latest version of mailscanner and I get the >>>following errors in my syslog: >>> >>>1.) >>> >>>Jan 3 14:52:38 the-mask sendmail[3465]: h03DqbJ03465: >>>from=, size=350, class=0, nrcpts=1, >>>msgid=<5.1.0.14.2.20030103145209.01beec70@mail.the-mask.net>, >>>proto=ESMTP, daemon=MTA, relay=iawxsrt-sst-fw01.wxs.nl [195.121.14.2] >>>(may be forged) >>>Jan 3 14:52:38 the-mask MailScanner[2411]: New Batch: Scanning 1 >>>messages, 845 bytes >>>Jan 3 14:52:38 the-mask MailScanner[2411]: Spam Checks: Starting >>>Jan 3 14:52:38 the-mask MailScanner[2411]: Looked up unknown string >>>spam in language translation file >>>/opt/MailScanner/etc/reports/en/languages.conf >>>Jan 3 14:52:39 the-mask MailScanner[2411]: Looked up unknown string >>>score in language translation file >>>/opt/MailScanner/etc/reports/en/languages.conf >>>Jan 3 14:52:39 the-mask MailScanner[2411]: Looked up unknown string >>>required in language translation file >>>/opt/MailScanner/etc/reports/en/languages.conf >>>Jan 3 14:52:39 the-mask MailScanner[2411]: Looked up unknown string >>>notspam in language translation file >>>/opt/MailScanner/etc/reports/en/languages.conf >>>Jan 3 14:52:39 the-mask MailScanner[2411]: Virus and Content Scanning: >>>Starting >>>Jan 3 14:52:41 the-mask MailScanner[2411]: Uninfected: Delivered 1 >>>messages >>>Jan 3 14:52:42 the-mask sendmail[3473]: h03DqbJ03465: to=bvanelst, >>>delay=00:00:05, xdelay=00:00:01, mailer=local, pri=120350, dsn=2.0.0, stat=Sent >>> >>>The problem here is I have not a directory /opt/MailScanner/ the file >>>languages.conf is located in this directory: >>>/etc/MailScanner/reports/en/languages.conf. >>> >>>My question how or where can I change this. >> >>You haven't incorporated your changes into the new MailScanner.conf file, >>you have just blindly used your old one and are therefore missing the >>configuration option >> >># Set where to find all the strings used so they can be translated into >># your local language. >># This can also be the filename of a ruleset so you can produce different >># languages for different messages. >>Language Strings = /etc/MailScanner/reports/en/languages.conf >> >>>2.) >>> >>>Jan 3 15:07:53 the-mask sendmail[4199]: starting daemon (8.11.2): >>>queueing@00:15:00 >>>Jan 3 15:07:54 the-mask MailScanner[4210]: MailScanner >>>Jan 3 15:07:54 the-mask MailScanner[4210]: MailScanner E-Mail Virus >>>Scanner version 4.11-1 starting... >>>Jan 3 15:07:54 the-mask MailScanner[4210]: Syntax error(s) in >>>configuration file: >>>Jan 3 15:07:54 the-mask MailScanner[4210]: Unrecognised keyword >>>"piddir" at line 80 >>>Jan 3 15:07:54 the-mask MailScanner[4210]: Aborting due to syntax >>>errors in /etc/MailScanner/MailScanner.conf. >>> >>>I have put a "#" before line 80 and the problem is gone.. >> >>Same problem as above. >>It is now a "PID File" and not a "PID Dir". Full description in your >>newly supplied MailScanner.conf file is >> >># Set where to store the process id number so you can stop MailScanner >>PID file = /var/run/MailScanner.pid >> >>-- >>Julian Field >>www.MailScanner.info >>MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From rc at ITSS.NERC.AC.UK Fri Jan 3 15:39:07 2003 From: rc at ITSS.NERC.AC.UK (Ron Campbell) Date: Thu Jan 12 21:16:50 2006 Subject: MailScanner speed query ? Message-ID: <3E15AE9B.9020509@itss.nerc.ac.uk> I just noticed MailScanner take 3 1/2 minutes to process a batch containing one 2.5 MB message. I have Max SpamAssassin Size = 50000 in mailscanner.conf so this cannot be down to SA. Is this reasonable ? This is MS 4.05-3 and we dont have a linux server with lots of GHz - just a SUN ULTRA 5 :-( Cheers -- Ron From mailscanner at ecs.soton.ac.uk Fri Jan 3 16:05:46 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:50 2006 Subject: MailScanner speed query ? In-Reply-To: <3E15AE9B.9020509@itss.nerc.ac.uk> Message-ID: <5.2.0.9.2.20030103160426.063fa7a8@imap.ecs.soton.ac.uk> At 15:39 03/01/2003, you wrote: > I just noticed MailScanner take 3 1/2 minutes to process a batch >containing one 2.5 MB message. I have > >Max SpamAssassin Size = 50000 > >in mailscanner.conf so this cannot be down to SA. Is this reasonable ? That sounds very slow to me. What's the load average on your server like? Nothing hogging all your RAM or nicking your CPU by any chance? MailScanner should be a *lot* faster than that. I run it here on 2 Ultra-5's and they handle our department's mail load (13,000 incoming per day) with very great ease. >This is MS 4.05-3 and we dont have a linux server with lots of GHz - >just a SUN ULTRA 5 :-( -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From evertjan at VANRAMSELAAR.NL Fri Jan 3 17:23:50 2003 From: evertjan at VANRAMSELAAR.NL (Evert Jan van Ramselaar) Date: Thu Jan 12 21:16:50 2006 Subject: Scanner update result in log Message-ID: <000001c2b34c$e1d84a50$65000a0a@galaxy> Hi all, Just upgraded to v4.11, wich went perfectly! However, when running the new scanner update script (my compliments for that), I only get a success result for f-prot in my log, and not for sophos: Jan 3 18:01:03 ram1 update.virus.scanners: Found f-prot installed Jan 3 18:01:03 ram1 update.virus.scanners: Updating f-prot Jan 3 18:01:05 ram1 F-Prot autoupdate[23625]: F-Prot successfully updated. Jan 3 18:01:05 ram1 update.virus.scanners: Found sophos installed Jan 3 18:01:05 ram1 update.virus.scanners: Updating sophos Is there a difference between the update routines for f-prot and sophos? -- Evert Jan van Ramselaar Van Ramselaar Info Tech From mailscanner at ecs.soton.ac.uk Fri Jan 3 17:34:16 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:50 2006 Subject: Scanner update result in log In-Reply-To: <000001c2b34c$e1d84a50$65000a0a@galaxy> Message-ID: <5.2.0.9.2.20030103173308.06279568@imap.ecs.soton.ac.uk> At 17:23 03/01/2003, you wrote: >Hi all, > >Just upgraded to v4.11, wich went perfectly! > >However, when running the new scanner update script (my compliments for >that), I only get a success result for f-prot in my log, and not for >sophos: > >Jan 3 18:01:03 ram1 update.virus.scanners: Found f-prot installed >Jan 3 18:01:03 ram1 update.virus.scanners: Updating f-prot >Jan 3 18:01:05 ram1 F-Prot autoupdate[23625]: F-Prot successfully >updated. >Jan 3 18:01:05 ram1 update.virus.scanners: Found sophos installed >Jan 3 18:01:05 ram1 update.virus.scanners: Updating sophos > >Is there a difference between the update routines for f-prot and sophos? I have a feeling the Sophos one is silent. You can always add a line to /usr/lib/MailScanner/sophos-autoupdate so that it prints something. It's just that, as it is run by cron, you will get all the output mailed to you. I use the Sophos one so I wrote it to be quiet. Sorry they aren't consistent :-( -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From gavin at NETERGY.COM Fri Jan 3 18:04:17 2003 From: gavin at NETERGY.COM (Gavin Nelmes-Crocker) Date: Thu Jan 12 21:16:50 2006 Subject: AutoRebuildAliases In-Reply-To: <3E158F0F.FA0E477A@ihs.com> Message-ID: There hangs the problem - Cobalt RaQs are not as upgradeable (without breaking) and they run patched versions of Sendmail 8.10.2 on a RaQ4 so we are stuck with that. Unless some brave and Guru like person can build a Cobalt pkg to upgrade it failing that we have to fix this some other way and then wait for Cobalt to release an upgrade Gavin > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Dustin Baer > Sent: 03 January 2003 13:25 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: AutoRebuildAliases > > > AutoRebuildAliases has been deprecated since 8.10 and completely removed > in 8.12.0: > > RELEASE_NOTES: > > Remove AutoRebuildAliases option, deprecated since 8.10. > > Dustin > > -- > This message has been scanned for viruses and dangerous content > by the Netergy Virus Spam Defence, and is believed to be clean. > For details on having your email scanned email nvsd@netergy.com > -- This message has been scanned for viruses and dangerous content by the Netergy Virus Spam Defence, and is believed to be clean. For details on having your email scanned email nvsd@netergy.com From john.hanks at USU.EDU Fri Jan 3 18:44:12 2003 From: john.hanks at USU.EDU (John B. Hanks) Date: Thu Jan 12 21:16:50 2006 Subject: Quarantine configuration problem Message-ID: <5CA287DBA85BF649A45916B75FD20E0E029DB6@exchange01.blue.usu.edu> Hello, I have the following quarantine specific stuff specified in mailscanner.conf: Action = delete Quarantine Whole Message = no Quarantine Dir = /var/spool/MailScanner/quarantine I thought "Action = delete" was sufficient to disable quarantining, but messages are still being quarantined as follows: -- begin log entries -- Jan 3 11:38:02 noturus MailScanner[21587]: New Batch: Scanning 6 messages, 68717 bytes Jan 3 11:38:03 noturus MailScanner[21587]: Virus and Content Scanning: Starting Jan 3 11:38:03 noturus MailScanner[21587]: Content Checks: Detected Microsoft-specific exploits in h03Ibo424800 Jan 3 11:38:03 noturus MailScanner[21587]: Content Checks: Found 1 problems Jan 3 11:38:03 noturus MailScanner[21587]: Saved infected "msg-21587-145.html" to /var/spool/MailScanner/quarantine/20030103/h03Ibo 424800 Jan 3 11:38:03 noturus MailScanner[21587]: Uninfected: Delivered 5 messages Jan 3 11:38:03 noturus MailScanner[21587]: Cleaned: Delivered 1 cleaned messages Jan 3 11:38:03 noturus MailScanner[21587]: Sender Warnings: Delivered 1 warnings to virus senders Jan 3 11:38:04 noturus MailScanner[21587]: Notices: Warned about 1 messages -- end log entries -- What other parameters I need to modify to make MS stop quarantining messages? I don't have any deny rules in filenames.rules.conf so nothing should be happening there. Setup is RH 7.3, MailScanner 4.11-1, SpamAssasssin 2.42. Thanks, jbh From mailscanner at ecs.soton.ac.uk Fri Jan 3 19:01:08 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:50 2006 Subject: Quarantine configuration problem In-Reply-To: <5CA287DBA85BF649A45916B75FD20E0E029DB6@exchange01.blue.usu .edu> Message-ID: <5.2.0.9.2.20030103185927.02087a80@imap.ecs.soton.ac.uk> At 18:44 03/01/2003, you wrote: >I have the following quarantine specific stuff specified in >mailscanner.conf: > >Action = delete >Quarantine Whole Message = no >Quarantine Dir = /var/spool/MailScanner/quarantine "Action" isn't a valid option in MailScanner 4.x. What you are looking for is Quarantine Infections = no (the default supplied value is "yes"). >I thought "Action = delete" was sufficient to disable quarantining, but >messages are still being quarantined as follows: > >-- begin log entries -- >Jan 3 11:38:02 noturus MailScanner[21587]: New Batch: Scanning 6 messages, >68717 bytes >Jan 3 11:38:03 noturus MailScanner[21587]: Virus and Content Scanning: >Starting >Jan 3 11:38:03 noturus MailScanner[21587]: Content Checks: Detected >Microsoft-specific exploits in h03Ibo424800 >Jan 3 11:38:03 noturus MailScanner[21587]: Content Checks: Found 1 problems >Jan 3 11:38:03 noturus MailScanner[21587]: Saved infected >"msg-21587-145.html" to /var/spool/MailScanner/quarantine/20030103/h03Ibo >424800 >Jan 3 11:38:03 noturus MailScanner[21587]: Uninfected: Delivered 5 messages >Jan 3 11:38:03 noturus MailScanner[21587]: Cleaned: Delivered 1 cleaned >messages >Jan 3 11:38:03 noturus MailScanner[21587]: Sender Warnings: Delivered 1 >warnings to virus senders >Jan 3 11:38:04 noturus MailScanner[21587]: Notices: Warned about 1 messages >-- end log entries -- > >What other parameters I need to modify to make MS stop quarantining >messages? I don't have any deny rules in filenames.rules.conf so nothing >should be happening there. > >Setup is RH 7.3, MailScanner 4.11-1, SpamAssasssin 2.42. > >Thanks, > >jbh -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Fri Jan 3 18:58:31 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:50 2006 Subject: AutoRebuildAliases In-Reply-To: References: <3E158F0F.FA0E477A@ihs.com> Message-ID: <5.2.0.9.2.20030103185800.01fb3480@imap.ecs.soton.ac.uk> Why not just disable the AutoRebuildAliases option and do a manual newaliases command when you change the aliases files. At 18:04 03/01/2003, you wrote: >There hangs the problem - Cobalt RaQs are not as upgradeable (without >breaking) and they run patched versions of Sendmail 8.10.2 on a RaQ4 so we >are stuck with that. Unless some brave and Guru like person can build a >Cobalt pkg to upgrade it failing that we have to fix this some other >way and then wait for Cobalt to release an upgrade > >Gavin > > > -----Original Message----- > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > > Behalf Of Dustin Baer > > Sent: 03 January 2003 13:25 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: AutoRebuildAliases > > > > > > AutoRebuildAliases has been deprecated since 8.10 and completely removed > > in 8.12.0: > > > > RELEASE_NOTES: > > > > Remove AutoRebuildAliases option, deprecated since 8.10. > > > > Dustin > > > > -- > > This message has been scanned for viruses and dangerous content > > by the Netergy Virus Spam Defence, and is believed to be clean. > > For details on having your email scanned email nvsd@netergy.com > > > > >-- >This message has been scanned for viruses and dangerous content >by the Netergy Virus Spam Defence, and is believed to be clean. >For details on having your email scanned email nvsd@netergy.com -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From llasad1 at YAHOO.COM Fri Jan 3 19:03:12 2003 From: llasad1 at YAHOO.COM (lester lasad) Date: Thu Jan 12 21:16:50 2006 Subject: spam.whitelist.rules and domain of sender does not exist In-Reply-To: <004001c2b2a2$17945b80$9901a8c0@home.middlefinger.net> Message-ID: <20030103190312.22099.qmail@web41410.mail.yahoo.com> Thanks for the response, I removed dnl from the line referenced below and rebuilt the sendmail.cf and it is working now. I am curious to know if anyone is aware of any security issues involved in allowing unresolvable domains to send mail? What is the preferred setting for most people? Thanks again for the response. Mike Kercher wrote:Domain of sender error message is coming from sendmail and not MailScanner. Take a look at your /etc/mail/sendmail.mc and look for this line: dnl FEATURE(`accept_unresolvable_domains')dnl Remove the leading 'dnl' and rebuild your sendmail.cf and see if that helps. Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of lester lasad Sent: Thursday, January 02, 2003 2:54 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: spam.whitelist.rules and domain of sender does not exist I am running MailScanner 4.10-1 on RedHat 7.3 and would like to allow email from a non-existent domain to be delivered. There are several reports that are generated in our internal network that are delivered via SMTP ( thru MailScanner ) and the email is not going thru because the sender does not exist. I have tried adding both and the ip address and the sender to the spam.whitelist.rules file but it continues to deny the emails. Has anyone run into this or is there a solution for this problem? I have stopped and restarted MailScanner "service MailScanner stop" and "service MailScanner start" after making the changes. I have also tried "service MailScanner restart". I have added the following line to spam.whitelist.rules From: invalidsender@abc.com yes From: 10.2.1.1 yes --------------------------------- Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now --------------------------------- Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030103/9992eea2/attachment.html From mailscanner at ecs.soton.ac.uk Fri Jan 3 19:08:35 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:50 2006 Subject: spam.whitelist.rules and domain of sender does not exist In-Reply-To: <20030103190312.22099.qmail@web41410.mail.yahoo.com> References: <004001c2b2a2$17945b80$9901a8c0@home.middlefinger.net> Message-ID: <5.2.0.9.2.20030103190556.02e30e40@imap.ecs.soton.ac.uk> At 19:03 03/01/2003, you wrote: >Thanks for the response, I removed dnl from the line referenced below and >rebuilt the sendmail.cf and it is working now. I am curious to know if >anyone is aware of any security issues involved in allowing unresolvable >domains to send mail? What is the preferred setting for most people? Most people (AFAIK) don't allow messages from unresolvable domains as a mild anti-spam measure, as spammers used to use fake domain names. Anyone else got better reasons than that? It comes partly from the fact that if the domain name cannot be resolved, then you will never be able to deliver directly to the domain anyway, so why bother accepting the message at all? >Thanks again for the response. > > Mike Kercher wrote: >Domain of sender error message is coming from sendmail and not MailScanner. > >Take a look at your /etc/mail/sendmail.mc and look for this line: > >dnl FEATURE(`accept_unresolvable_domains')dnl > >Remove the leading 'dnl' and rebuild your sendmail.cf and see if that helps. > >Mike > > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of lester lasad >Sent: Thursday, January 02, 2003 2:54 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: spam.whitelist.rules and domain of sender does not exist > > > >I am running MailScanner 4.10-1 on RedHat 7.3 and would like to allow email >from a non-existent domain to be delivered. There are several reports that >are generated in our internal network that are delivered via SMTP ( thru >MailScanner ) and the email is not going thru because the sender does n! ot >exist. > >I have tried adding both and the ip address and the sender to the >spam.whitelist.rules file but it continues to deny the emails. Has anyone >run into this or is there a solution for this problem? I have stopped and >restarted MailScanner "service MailScanner stop" and "service MailScanner >start" after making the changes. I have also tried "service MailScanner >restart". I have added the following line to spam.whitelist.rules > >From: invalidsender@abc.com yes > >From: 10.2.1.1 yes > > > >--------------------------------- >Do you Yahoo!? >Yahoo! Mail Plus - Powerful. Affordable. Sign up now > > > >Do you Yahoo!? >Yahoo! Mail >Plus - Powerful. Affordable. >Sign up now -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From john.hanks at USU.EDU Fri Jan 3 19:08:47 2003 From: john.hanks at USU.EDU (John B. Hanks) Date: Thu Jan 12 21:16:50 2006 Subject: Quarantine configuration problem Message-ID: <5CA287DBA85BF649A45916B75FD20E0E4AE8@exchange01.blue.usu.edu> > "Action" isn't a valid option in MailScanner 4.x. > What you are looking for is > Quarantine Infections = no > (the default supplied value is "yes"). Thanks Julian, I am upgrading and that got brought over when I made the new conf file. jbh From support at INVICTANET.CO.UK Fri Jan 3 21:14:13 2003 From: support at INVICTANET.CO.UK (InvictaNet Customer Support) Date: Thu Jan 12 21:16:50 2006 Subject: FreeBSD Instructions Message-ID: I hope I don't seem picky, but.... I have been using FreeBsd since 3.0 and none of them have had an "opt" directory. I have allways installed software into /usr/local Apart from that, the instructions seem ok. Martyn Routley ----------------------------------------------------------------- InvictaNet - The Internet in Plain English, Guaranteed http://www.invictanet.co.uk martyn@support.invictanet.co.uk phone: 08707 440180 fax: 08707 440181 Ask us about our online Antivirus and Junk mail scanning service ----------------------------------------------------------------- JKF 26/12/2002 Installation instructions for FreeBSD ===================================== 1. Unpack the distribution into /opt and make a link to the new version cd /opt tar xvf MailScanner-4.11-1.tar ln -s MailScanner-4.11-1 MailScanner From john.hanks at USU.EDU Fri Jan 3 22:01:21 2003 From: john.hanks at USU.EDU (John B. Hanks) Date: Thu Jan 12 21:16:50 2006 Subject: Quarantine configuration problem Message-ID: <5CA287DBA85BF649A45916B75FD20E0E4AE9@exchange01.blue.usu.edu> > -----Original Message----- > From: John B. Hanks > Sent: Friday, January 03, 2003 12:09 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Quarantine configuration problem > > > > "Action" isn't a valid option in MailScanner 4.x. > > What you are looking for is > > Quarantine Infections = no > > (the default supplied value is "yes"). > > Thanks Julian, I am upgrading and that got brought over when > I made the new conf file. Ok, I was wrong (but I'm used to that.) When I look at mailscanner.conf.rpmnew it still has the following section: # Set what to do with infected attachments or messages. # keep ==> Store under the "Quarantine Dir" # delete ==> Just delete them #Action = delete Action = keep That is why I kept the Action line in my new conf file. I removed the Action = line and added a line to my mailscanner.conf like this: Quarantine Infections = no But infected messages are still being quarantined. When I upgraded I took the following steps (using the rpm version): 1. Stopped old mailscanner processes. 2. Ran Update-MakeMaker.sh 3. Ran install.sh 4. Compared rpmsave and rpmnew versions of conf files and migrated my settings over. 5. Started MailScanner Maybe I've missed some simple step or performed something out of order? Mailscanner is working fine with the exception of the quarantining. Thanks, jbh From mike at CAMAROSS.NET Fri Jan 3 22:07:48 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:16:50 2006 Subject: Quarantine configuration problem In-Reply-To: <5CA287DBA85BF649A45916B75FD20E0E4AE9@exchange01.blue.usu.edu> Message-ID: <011d01c2b374$8da31a50$6901a8c0@home.middlefinger.net> You should be looking at MailScanner.conf...maybe in /etc/MailScanner -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of John B. Hanks Sent: Friday, January 03, 2003 4:01 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Quarantine configuration problem > -----Original Message----- > From: John B. Hanks > Sent: Friday, January 03, 2003 12:09 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Quarantine configuration problem > > > > "Action" isn't a valid option in MailScanner 4.x. > > What you are looking for is > > Quarantine Infections = no > > (the default supplied value is "yes"). > > Thanks Julian, I am upgrading and that got brought over when I made > the new conf file. Ok, I was wrong (but I'm used to that.) When I look at mailscanner.conf.rpmnew it still has the following section: # Set what to do with infected attachments or messages. # keep ==> Store under the "Quarantine Dir" # delete ==> Just delete them #Action = delete Action = keep That is why I kept the Action line in my new conf file. I removed the Action = line and added a line to my mailscanner.conf like this: Quarantine Infections = no But infected messages are still being quarantined. When I upgraded I took the following steps (using the rpm version): 1. Stopped old mailscanner processes. 2. Ran Update-MakeMaker.sh 3. Ran install.sh 4. Compared rpmsave and rpmnew versions of conf files and migrated my settings over. 5. Started MailScanner Maybe I've missed some simple step or performed something out of order? Mailscanner is working fine with the exception of the quarantining. Thanks, jbh From mailscanner at ecs.soton.ac.uk Fri Jan 3 23:17:00 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:50 2006 Subject: FreeBSD Instructions In-Reply-To: Message-ID: <5.2.0.9.2.20030103231557.02b65960@imap.ecs.soton.ac.uk> At 21:14 03/01/2003, you wrote: >I hope I don't seem picky, but.... > >I have been using FreeBsd since 3.0 and none of them have had an "opt" >directory. I have allways installed software into /usr/local Future versions will have a "configure" script which will solve this problem. >Apart from that, the instructions seem ok. Great! >Martyn Routley >----------------------------------------------------------------- >InvictaNet - The Internet in Plain English, Guaranteed >http://www.invictanet.co.uk >martyn@support.invictanet.co.uk >phone: 08707 440180 >fax: 08707 440181 >Ask us about our online Antivirus and Junk mail scanning service >----------------------------------------------------------------- > > > > > >JKF 26/12/2002 > >Installation instructions for FreeBSD >===================================== > >1. Unpack the distribution into /opt and make a link to the new version > > cd /opt > tar xvf MailScanner-4.11-1.tar > ln -s MailScanner-4.11-1 MailScanner -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From john.hanks at USU.EDU Fri Jan 3 23:13:22 2003 From: john.hanks at USU.EDU (John B. Hanks) Date: Thu Jan 12 21:16:50 2006 Subject: Quarantine configuration problem Message-ID: <5CA287DBA85BF649A45916B75FD20E0E4AEA@exchange01.blue.usu.edu> Good point, editing the right set of configuration files is a very good idea. Thankfully it is Friday and this is almost over for a few days. Thanks, jbh > -----Original Message----- > From: Mike Kercher [mailto:mike@CAMAROSS.NET] > Sent: Friday, January 03, 2003 3:08 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Quarantine configuration problem > > > You should be looking at MailScanner.conf...maybe in /etc/MailScanner > From mailscanner-sub at WIREHUB.NET Sun Jan 5 01:04:19 2003 From: mailscanner-sub at WIREHUB.NET (Ben C. O. Grimm) Date: Thu Jan 12 21:16:50 2006 Subject: Regarding a good but not to hard RBl and upgrade/reinstall In-Reply-To: References: <7B475DC5E9502B4D91EA73C283AE48D70263ED8E@lkl22.ltkalmar.se > Message-ID: On 3 Jan 2003 16:30:23 +0100, Julian Field wrote: > ORDB is good. Very few problems with them. ORDB is losing some of its importance since the majority of spammers go through open proxies rather than open relays nowadays. We have very good results with our own DNSBL (blackholes.wirehub.net, which lists spam sources and open proxies, and includes the entire Spamhaus database) and DNSBLs listing insecure servers. See http://basic.wirehub.nl/spamstats.html for our numbers. Please note that spamfilering takes place in the listed order (first hit wins), so the blackholes.wirehub.net figures would be substantially higher when the order would be reversed. We are running these spamfilters for a pretty large business ISP, so the number of false positives is very low. Moreover, blackholes.wirehub.net is used by Excite and Ameritech, who are probably pretty conservative considering their massive mailflow. -- - Ben C. O. Grimm ----------------- Ben.Grimm@wirehub.net - - Wirehub! Internet Engineering - http://www.wirehub.net/ - - Private Ponderings ----------- http://www.bengrimm.net/ - - Wirehub! Internet ----------- part of easynet Group plc - From jorgen at GIVERSEN.NET Sun Jan 5 11:41:07 2003 From: jorgen at GIVERSEN.NET (=?ISO-8859-1?Q?J=F8rgen_Giversen?=) Date: Thu Jan 12 21:16:50 2006 Subject: Writing a extra line to the mail header Message-ID: <3E1819D3.9010200@giversen.net> Dear all I am trying to write an extra line into evry mail header. In Mailscanner.conf you can specify a vaiable like Mail Header = X-MailScanner: and the same for spam header and spam score How can i automaticaly write an extra line just under the line X-MailScanner: in all mail headers, with the content X-mailcheck ? setup: OS=RH7.3 MTA=Exim 3.36 Virusscanner=Mailscanner 4.11.1 & Sophos -- Best Regards J?rgen Giversen -- Denne meddelelse er blevet skannet for virus og farligt indhold af MailScanneren p? giversen.net. From mailscanner at ecs.soton.ac.uk Sun Jan 5 12:27:17 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:50 2006 Subject: Writing a extra line to the mail header In-Reply-To: <3E1819D3.9010200@giversen.net> Message-ID: <5.2.0.9.2.20030105122455.02f05ca0@imap.ecs.soton.ac.uk> At 11:41 05/01/2003, you wrote: >Dear all >I am trying to write an extra line into evry mail header. >In Mailscanner.conf you can specify a vaiable like >Mail Header = X-MailScanner: >and the same for spam header and spam score >How can i automaticaly write an extra line just under the line >X-MailScanner: >in all mail headers, with the content X-mailcheck ? > >setup: >OS=RH7.3 >MTA=Exim 3.36 >Virusscanner=Mailscanner 4.11.1 & Sophos That's more of an mta question really. I'm sure sendmail can do it, so can 1 of the Exim experts out there tell him how to do it in Exim? The other possibility, if this just applies to incoming mail, would be to use procmail to do it (though I'm no procmail expert, so don't ask me how... :-) -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From jorgen at GIVERSEN.NET Sun Jan 5 12:28:06 2003 From: jorgen at GIVERSEN.NET (=?ISO-8859-1?Q?J=F8rgen_Giversen?=) Date: Thu Jan 12 21:16:51 2006 Subject: Writing a extra line to the mail header In-Reply-To: <3E1819D3.9010200@giversen.net> References: <3E1819D3.9010200@giversen.net> Message-ID: <3E1824D6.5050201@giversen.net> J?rgen Giversen skrev: > Dear all > I am trying to write an extra line into evry mail header. > In Mailscanner.conf you can specify a vaiable like > Mail Header = X-MailScanner: > and the same for spam header and spam score > How can i automaticaly write an extra line just under the line > X-MailScanner: > in all mail headers, with the content X-mailcheck ? > > setup: > OS=RH7.3 > MTA=Exim 3.36 > Virusscanner=Mailscanner 4.11.1 & Sophos Never mind i found out by my self i will use the headers_add = in the exim.conf -- Best regards J?rgen Giversen www.giversen.net -- Denne meddelelse er blevet skannet for virus og farligt indhold af MailScanneren p? giversen.net. From P.G.M.Peters at civ.utwente.nl Sun Jan 5 12:35:31 2003 From: P.G.M.Peters at civ.utwente.nl (Peter Peters) Date: Thu Jan 12 21:16:51 2006 Subject: spam.whitelist.rules and domain of sender does not exist In-Reply-To: <5.2.0.9.2.20030103190556.02e30e40@imap.ecs.soton.ac.uk> References: <004001c2b2a2$17945b80$9901a8c0@home.middlefinger.net> <20030103190312.22099.qmail@web41410.mail.yahoo.com> <5.2.0.9.2.20030103190556.02e30e40@imap.ecs.soton.ac.uk> Message-ID: <5h9g1v83k6sdt2uq76rp7p807npr0mddku@4ax.com> On Fri, 3 Jan 2003 19:08:35 +0000, you wrote: >At 19:03 03/01/2003, you wrote: >>Thanks for the response, I removed dnl from the line referenced below and >>rebuilt the sendmail.cf and it is working now. I am curious to know if >>anyone is aware of any security issues involved in allowing unresolvable >>domains to send mail? What is the preferred setting for most people? > >Most people (AFAIK) don't allow messages from unresolvable domains as a >mild anti-spam measure, as spammers used to use fake domain names. Anyone >else got better reasons than that? It comes partly from the fact that if >the domain name cannot be resolved, then you will never be able to deliver >directly to the domain anyway, so why bother accepting the message at all? This was the main reason when spammers used only fake domains. Nowadays spammers use excisting domains so it won't work that well. But it turned out to be a good measure to prevent users from typing errors in their addresses. And to educate users who use munged addresses when using e-mail instead of only with usenet. -- Peter Peters senior netwerkbeheerder, Centrum voor Informatievoorziening, Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: +31 53 489 2301, fax:+31 53 489 2383, http://www.utwente.nl/civ From bill at SPIS.NET Sun Jan 5 21:25:47 2003 From: bill at SPIS.NET (Bill Omer) Date: Thu Jan 12 21:16:51 2006 Subject: MailScanner causing server to crash Message-ID: <1041801959.1004.32.camel@bill> I'm having a major problem with MailScanner (indirectly) and I am hoping that someone here may be able to help me with it. It seems that when MailScanner (4.10) is running, the server tends to reboot. However I don't believe that it is a problem with MailScanner. I say this because the server is running on a RAID5 setup with a Mylex DAC960 controller with Barracuda SCSI drives. I suspect that the machine is rebooting due to the slowness of the RAID array. I'm not exactly sure though, but I do feel that it is directly related. I'm currently running sendmail with spamass-milter with procmail to filter out and delete spam, but I would like to be able to filter viruses again. I have tried disabling Virus Scanning and Spam Checks, with both disabled the machine still crashes. The crashes are random, sometimes the server will stay up and work correctly for a few days, sometimes it can't last an hour. The machine its self is a quad Xeon 500MHz setup with a gig and a half of ram, running RedHat 8.0. There is nothing in the log files to point anywhere since the machine is rebooting before it can write to syslog. Could anyone offer any insight on this problem? Regards, Bill Omer From rkeech at KEECH.CX Sun Jan 5 21:46:08 2003 From: rkeech at KEECH.CX (Richard Keech) Date: Thu Jan 12 21:16:51 2006 Subject: MailScanner causing server to crash In-Reply-To: <1041801959.1004.32.camel@bill> References: <1041801959.1004.32.camel@bill> Message-ID: <1041803169.1346.120.camel@ender.keech.cx> Bill, Run the system in runlevel 3 so you have a text console. This will better let you see what messages are generated that might otherwise be lost. You need to determine if it is experiencing a kernel panic. So the console messages at the time of the event are vital. I suspect the only involvement with mailscanner is the load mailscanner places on the system. regards On Mon, 2003-01-06 at 08:25, Bill Omer wrote: > I'm having a major problem with MailScanner (indirectly) and I am hoping > that someone here may be able to help me with it. It seems that when > MailScanner (4.10) is running, the server tends to reboot. However I > don't believe that it is a problem with MailScanner. I say this because > the server is running on a RAID5 setup with a Mylex DAC960 controller > with Barracuda SCSI drives. > > I suspect that the machine is rebooting due to the slowness of the RAID > array. I'm not exactly sure though, but I do feel that it is directly > related. > > I'm currently running sendmail with spamass-milter with procmail to > filter out and delete spam, but I would like to be able to filter > viruses again. I have tried disabling Virus Scanning and Spam Checks, > with both disabled the machine still crashes. > > The crashes are random, sometimes the server will stay up and work > correctly for a few days, sometimes it can't last an hour. The machine > its self is a quad Xeon 500MHz setup with a gig and a half of ram, > running RedHat 8.0. There is nothing in the log files to point anywhere > since the machine is rebooting before it can write to syslog. > > Could anyone offer any insight on this problem? > > Regards, > Bill Omer > -- G. Richard Keech Chief Instructor / Senior Consultant Red Hat Asia-Pacific rkeech@redhat.com, richard@keech.cx Melbourne Australia http://people.redhat.com/rkeech +61-419-036-463 mobile +61-3-9370-5611 fax Legal: http://apac.redhat.com/disclaimer From bill at SPIS.NET Sun Jan 5 22:06:28 2003 From: bill at SPIS.NET (Bill Omer) Date: Thu Jan 12 21:16:51 2006 Subject: MailScanner causing server to crash In-Reply-To: <1041803169.1346.120.camel@ender.keech.cx> References: <1041801959.1004.32.camel@bill> <1041803169.1346.120.camel@ender.keech.cx> Message-ID: <1041804399.1004.38.camel@bill> I do have a console on the machine, but the machine doesn't sit there dead, it power-cycles it's self. That makes me want to believe that it's not a kernel panic. I'm going to try the version 3 series of mailscanner and see what kind of results I get with that. Since it doesn't fork (as I understand it) it may not create such a load to cause the machine to reboot. On Sun, 2003-01-05 at 15:46, Richard Keech wrote: > Bill, > > Run the system in runlevel 3 so you have a text console. > This will better let you see what messages are generated > that might otherwise be lost. > > You need to determine if it is experiencing a kernel panic. > So the console messages at the time of the event are vital. > > I suspect the only involvement with mailscanner is the load > mailscanner places on the system. > > regards > > On Mon, 2003-01-06 at 08:25, Bill Omer wrote: > > I'm having a major problem with MailScanner (indirectly) and I am hoping > > that someone here may be able to help me with it. It seems that when > > MailScanner (4.10) is running, the server tends to reboot. However I > > don't believe that it is a problem with MailScanner. I say this because > > the server is running on a RAID5 setup with a Mylex DAC960 controller > > with Barracuda SCSI drives. > > > > I suspect that the machine is rebooting due to the slowness of the RAID > > array. I'm not exactly sure though, but I do feel that it is directly > > related. > > > > I'm currently running sendmail with spamass-milter with procmail to > > filter out and delete spam, but I would like to be able to filter > > viruses again. I have tried disabling Virus Scanning and Spam Checks, > > with both disabled the machine still crashes. > > > > The crashes are random, sometimes the server will stay up and work > > correctly for a few days, sometimes it can't last an hour. The machine > > its self is a quad Xeon 500MHz setup with a gig and a half of ram, > > running RedHat 8.0. There is nothing in the log files to point anywhere > > since the machine is rebooting before it can write to syslog. > > > > Could anyone offer any insight on this problem? > > > > Regards, > > Bill Omer > > > -- > G. Richard Keech Chief Instructor / Senior Consultant > Red Hat Asia-Pacific rkeech@redhat.com, richard@keech.cx > Melbourne Australia http://people.redhat.com/rkeech > +61-419-036-463 mobile +61-3-9370-5611 fax > Legal: http://apac.redhat.com/disclaimer From rkeech at KEECH.CX Sun Jan 5 22:25:25 2003 From: rkeech at KEECH.CX (Richard Keech) Date: Thu Jan 12 21:16:51 2006 Subject: MailScanner causing server to crash In-Reply-To: <1041804399.1004.38.camel@bill> References: <1041801959.1004.32.camel@bill> <1041803169.1346.120.camel@ender.keech.cx> <1041804399.1004.38.camel@bill> Message-ID: <1041805525.2176.131.camel@ender.keech.cx> what value returns when you run cat /proc/sys/kernel/panic if it is 0 then on a panic the system should wait indefinitely. if it non-zero, then it will wait that many seconds. if it is not a kernel panic that you are seeing, and it is completely spontaneous with no log indication, then I'd be inclined to think that the problem is hardware related; either thermal or a memory problem. On Mon, 2003-01-06 at 09:06, Bill Omer wrote: > I do have a console on the machine, but the machine doesn't sit there > dead, it power-cycles it's self. That makes me want to believe that > it's not a kernel panic. > > I'm going to try the version 3 series of mailscanner and see what kind > of results I get with that. Since it doesn't fork (as I understand it) > it may not create such a load to cause the machine to reboot. > > > > On Sun, 2003-01-05 at 15:46, Richard Keech wrote: > > Bill, > > > > Run the system in runlevel 3 so you have a text console. > > This will better let you see what messages are generated > > that might otherwise be lost. > > > > You need to determine if it is experiencing a kernel panic. > > So the console messages at the time of the event are vital. > > > > I suspect the only involvement with mailscanner is the load > > mailscanner places on the system. > > > > regards > > > > On Mon, 2003-01-06 at 08:25, Bill Omer wrote: > > > I'm having a major problem with MailScanner (indirectly) and I am hoping > > > that someone here may be able to help me with it. It seems that when > > > MailScanner (4.10) is running, the server tends to reboot. However I > > > don't believe that it is a problem with MailScanner. I say this because > > > the server is running on a RAID5 setup with a Mylex DAC960 controller > > > with Barracuda SCSI drives. > > > > > > I suspect that the machine is rebooting due to the slowness of the RAID > > > array. I'm not exactly sure though, but I do feel that it is directly > > > related. > > > > > > I'm currently running sendmail with spamass-milter with procmail to > > > filter out and delete spam, but I would like to be able to filter > > > viruses again. I have tried disabling Virus Scanning and Spam Checks, > > > with both disabled the machine still crashes. > > > > > > The crashes are random, sometimes the server will stay up and work > > > correctly for a few days, sometimes it can't last an hour. The machine > > > its self is a quad Xeon 500MHz setup with a gig and a half of ram, > > > running RedHat 8.0. There is nothing in the log files to point anywhere > > > since the machine is rebooting before it can write to syslog. > > > > > > Could anyone offer any insight on this problem? > > > > > > Regards, > > > Bill Omer > > > > > -- > > G. Richard Keech Chief Instructor / Senior Consultant > > Red Hat Asia-Pacific rkeech@redhat.com, richard@keech.cx > > Melbourne Australia http://people.redhat.com/rkeech > > +61-419-036-463 mobile +61-3-9370-5611 fax > > Legal: http://apac.redhat.com/disclaimer > -- G. Richard Keech Chief Instructor / Senior Consultant Red Hat Asia-Pacific rkeech@redhat.com, richard@keech.cx Melbourne Australia http://people.redhat.com/rkeech +61-419-036-463 mobile +61-3-9370-5611 fax Legal: http://apac.redhat.com/disclaimer From jim at ENTROPHY-FREE.NET Sun Jan 5 23:31:42 2003 From: jim at ENTROPHY-FREE.NET (Jim Levie) Date: Thu Jan 12 21:16:51 2006 Subject: MailScanner causing server to crash In-Reply-To: <1041804399.1004.38.camel@bill> References: <1041801959.1004.32.camel@bill> <1041803169.1346.120.camel@ender.keech.cx> <1041804399.1004.38.camel@bill> Message-ID: <1041809502.15633.6.camel@chaos.entrophy-free.net> On Sun, 2003-01-05 at 16:06, Bill Omer wrote: > I do have a console on the machine, but the machine doesn't sit there > dead, it power-cycles it's self. That makes me want to believe that > it's not a kernel panic. > I take it that you've already examined the logs to see if anything interesting was logged before the reboot? Is the system up to date w/respect to the 8.0 errata? I did see some spontaneous reboots on a dual processor 8.0 box before the first or second round of errata was made available. I keep the boxes up to data and haven't see anything like that since. > I'm going to try the version 3 series of mailscanner and see what kind > of results I get with that. Since it doesn't fork (as I understand it) > it may not create such a load to cause the machine to reboot. > System load, per se, won't cause the reboot. However, if there's something flaky in the hardware configuration a high system load is more likely to expose the flaw. What is the typical system load? How much memory is installed? -- The instructions said to use Windows 98 or better, so I installed RedHat. From bill at SPIS.NET Sun Jan 5 22:41:22 2003 From: bill at SPIS.NET (Bill Omer) Date: Thu Jan 12 21:16:51 2006 Subject: MailScanner causing server to crash In-Reply-To: <1041805525.2176.131.camel@ender.keech.cx> References: <1041801959.1004.32.camel@bill> <1041803169.1346.120.camel@ender.keech.cx> <1041804399.1004.38.camel@bill> <1041805525.2176.131.camel@ender.keech.cx> Message-ID: <1041806497.1004.41.camel@bill> It returned a 0. On Sun, 2003-01-05 at 16:25, Richard Keech wrote: > what value returns when you run > > cat /proc/sys/kernel/panic > > > if it is 0 then on a panic the system should wait indefinitely. > if it non-zero, then it will wait that many seconds. > > if it is not a kernel panic that you are seeing, and it is > completely spontaneous with no log indication, then I'd > be inclined to think that the problem is hardware related; > either thermal or a memory problem. > > On Mon, 2003-01-06 at 09:06, Bill Omer wrote: > > I do have a console on the machine, but the machine doesn't sit there > > dead, it power-cycles it's self. That makes me want to believe that > > it's not a kernel panic. > > > > I'm going to try the version 3 series of mailscanner and see what kind > > of results I get with that. Since it doesn't fork (as I understand it) > > it may not create such a load to cause the machine to reboot. > > > > > > > > On Sun, 2003-01-05 at 15:46, Richard Keech wrote: > > > Bill, > > > > > > Run the system in runlevel 3 so you have a text console. > > > This will better let you see what messages are generated > > > that might otherwise be lost. > > > > > > You need to determine if it is experiencing a kernel panic. > > > So the console messages at the time of the event are vital. > > > > > > I suspect the only involvement with mailscanner is the load > > > mailscanner places on the system. > > > > > > regards > > > > > > On Mon, 2003-01-06 at 08:25, Bill Omer wrote: > > > > I'm having a major problem with MailScanner (indirectly) and I am hoping > > > > that someone here may be able to help me with it. It seems that when > > > > MailScanner (4.10) is running, the server tends to reboot. However I > > > > don't believe that it is a problem with MailScanner. I say this because > > > > the server is running on a RAID5 setup with a Mylex DAC960 controller > > > > with Barracuda SCSI drives. > > > > > > > > I suspect that the machine is rebooting due to the slowness of the RAID > > > > array. I'm not exactly sure though, but I do feel that it is directly > > > > related. > > > > > > > > I'm currently running sendmail with spamass-milter with procmail to > > > > filter out and delete spam, but I would like to be able to filter > > > > viruses again. I have tried disabling Virus Scanning and Spam Checks, > > > > with both disabled the machine still crashes. > > > > > > > > The crashes are random, sometimes the server will stay up and work > > > > correctly for a few days, sometimes it can't last an hour. The machine > > > > its self is a quad Xeon 500MHz setup with a gig and a half of ram, > > > > running RedHat 8.0. There is nothing in the log files to point anywhere > > > > since the machine is rebooting before it can write to syslog. > > > > > > > > Could anyone offer any insight on this problem? > > > > > > > > Regards, > > > > Bill Omer > > > > > > > -- > > > G. Richard Keech Chief Instructor / Senior Consultant > > > Red Hat Asia-Pacific rkeech@redhat.com, richard@keech.cx > > > Melbourne Australia http://people.redhat.com/rkeech > > > +61-419-036-463 mobile +61-3-9370-5611 fax > > > Legal: http://apac.redhat.com/disclaimer > > > -- > G. Richard Keech Chief Instructor / Senior Consultant > Red Hat Asia-Pacific rkeech@redhat.com, richard@keech.cx > Melbourne Australia http://people.redhat.com/rkeech > +61-419-036-463 mobile +61-3-9370-5611 fax > Legal: http://apac.redhat.com/disclaimer From bill at SPIS.NET Sun Jan 5 22:48:10 2003 From: bill at SPIS.NET (Bill Omer) Date: Thu Jan 12 21:16:51 2006 Subject: MailScanner causing server to crash In-Reply-To: <1041809502.15633.6.camel@chaos.entrophy-free.net> References: <1041801959.1004.32.camel@bill> <1041803169.1346.120.camel@ender.keech.cx> <1041804399.1004.38.camel@bill> <1041809502.15633.6.camel@chaos.entrophy-free.net> Message-ID: <1041806903.1004.47.camel@bill> On Sun, 2003-01-05 at 17:31, Jim Levie wrote: > On Sun, 2003-01-05 at 16:06, Bill Omer wrote: > > I do have a console on the machine, but the machine doesn't sit there > > dead, it power-cycles it's self. That makes me want to believe that > > it's not a kernel panic. > > > I take it that you've already examined the logs to see if anything > interesting was logged before the reboot? I try to monitor the logs as much as possible, but I've yet to see anything related to this problem. > > Is the system up to date w/respect to the 8.0 errata? I did see some > spontaneous reboots on a dual processor 8.0 box before the first or > second round of errata was made available. I keep the boxes up to data > and haven't see anything like that since. > > > I'm going to try the version 3 series of mailscanner and see what kind > > of results I get with that. Since it doesn't fork (as I understand it) > > it may not create such a load to cause the machine to reboot. > > > System load, per se, won't cause the reboot. However, if there's > something flaky in the hardware configuration a high system load is more > likely to expose the flaw. > > What is the typical system load? How much memory is installed? With MailScanner running, around 1.5. With only sendmail with spamass-milter running, around 0.5. There's a gig of ram installed (I earlier said a gig and a half, I was mistaken). Quad Xeon 500MHz cpu's. Again, without MailScanner running, I've been able to get over a week of uptime. With it running, it never goes more than a day or two. And that is with Virus Scanner = no and Spam Checks = no. -B > -- > The instructions said to use Windows 98 or better, so I installed > RedHat. From jim at ENTROPHY-FREE.NET Mon Jan 6 00:34:55 2003 From: jim at ENTROPHY-FREE.NET (Jim Levie) Date: Thu Jan 12 21:16:51 2006 Subject: MailScanner causing server to crash In-Reply-To: <1041806903.1004.47.camel@bill> References: <1041801959.1004.32.camel@bill> <1041803169.1346.120.camel@ender.keech.cx> <1041804399.1004.38.camel@bill> <1041809502.15633.6.camel@chaos.entrophy-free.net> <1041806903.1004.47.camel@bill> Message-ID: <1041813295.15579.22.camel@chaos.entrophy-free.net> On Sun, 2003-01-05 at 16:48, Bill Omer wrote: > On Sun, 2003-01-05 at 17:31, Jim Levie wrote: > > > > > I take it that you've already examined the logs to see if anything > > interesting was logged before the reboot? > > I try to monitor the logs as much as possible, but I've yet to see > anything related to this problem. > I figured as much... > > > > Is the system up to date w/respect to the 8.0 errata? I did see some > > spontaneous reboots on a dual processor 8.0 box before the first or > > second round of errata was made available. I keep the boxes up to data > > and haven't see anything like that since. > > What about the RedHat updates for 8.0? Are they in place? > > > > What is the typical system load? How much memory is installed? > > With MailScanner running, around 1.5. With only sendmail with > spamass-milter running, around 0.5. > System load doesn't sound like it is you problem. A load average of 1.5 is pretty much nothing. Now if it was running 15-20 that might be cause for concern. > There's a gig of ram installed (I earlier said a gig and a half, I was > mistaken). Quad Xeon 500MHz cpu's. > That should be plenty of memory for a mail server/scanner unless there are other demands on RAM. How much swap space is typically in use? > Again, without MailScanner running, I've been able to get over a week of > uptime. With it running, it never goes more than a day or two. And > that is with Virus Scanner = no and Spam Checks = no. > MailScanner bangs on the disk quite a bit as compared to just sendmail/procmail. My suspicion is that the fault is associated with the disk subsystem activity. Are the system and RAID controller BIOS versions current? -- The instructions said to use Windows 98 or better, so I installed RedHat. From nerijus at USERS.SOURCEFORGE.NET Mon Jan 6 01:39:10 2003 From: nerijus at USERS.SOURCEFORGE.NET (Nerijus Baliunas) Date: Thu Jan 12 21:16:51 2006 Subject: MailScanner causing server to crash In-Reply-To: <8C94C6E8-210B-11D7-948E-000393D6F5B0@lemon-computing.com> References: <8C94C6E8-210B-11D7-948E-000393D6F5B0@lemon-computing.com> Message-ID: <200301060140.h061e0i1032591@mx.ktv.lt> Please take this discussion offline, it is totally offtopic. One suggestion though - run http://www.memtest86.com. Nerijus From mailscanner at ecs.soton.ac.uk Mon Jan 6 04:00:35 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:51 2006 Subject: MailScanner causing server to crash In-Reply-To: <1041813295.15579.22.camel@chaos.entrophy-free.net> References: <1041806903.1004.47.camel@bill> <1041801959.1004.32.camel@bill> <1041803169.1346.120.camel@ender.keech.cx> <1041804399.1004.38.camel@bill> <1041809502.15633.6.camel@chaos.entrophy-free.net> <1041806903.1004.47.camel@bill> Message-ID: <5.2.0.9.2.20030106035912.01fcb010@imap.ecs.soton.ac.uk> At 00:34 06/01/2003, you wrote: >MailScanner bangs on the disk quite a bit as compared to just >sendmail/procmail. My suspicion is that the fault is associated with the >disk subsystem activity. You can considerably reduce the amount of disk traffic by moving the "incoming" and "quarantine" directories onto /dev/shm (ie into tmpfs) as you should have plenty of RAM spare to do it with. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From tdavis at COMSTECH.COM Mon Jan 6 03:59:47 2003 From: tdavis at COMSTECH.COM (Troy Davis) Date: Thu Jan 12 21:16:51 2006 Subject: Header not being written too Message-ID: RH 8.0 Sendmail Standard .conf file When I send an email to someone on that machine, when I look at the email in /var/spool/mail there not extra header that the mail scanner should be adding. Any help where to check what not happening would be great.. # service MailScanner status Checking MailScanner daemons: MailScanner: [ OK ] incoming sendmail: [ OK ] outgoing sendmail: [ OK ] Thanks Troy From ucs_rat at SHSU.EDU Mon Jan 6 02:09:35 2003 From: ucs_rat at SHSU.EDU (Robert A. Thompson) Date: Thu Jan 12 21:16:51 2006 Subject: MailScanner causing server to crash In-Reply-To: <8C94C6E8-210B-11D7-948E-000393D6F5B0@lemon-computing.com> References: <8C94C6E8-210B-11D7-948E-000393D6F5B0@lemon-computing.com> Message-ID: <1041818975.7328.36.camel@ra.thethompsonhouse.com> we use DAC960 hardware adn have seen similar things. Usually form pushing scsi limits(e.g. to long of cable, improper cable, and etc). The drives are fine and are logged in /var/log/messages along with dmesg. You can control the drives with /proc/rd/c0/user_command (where c0 stands for controller 0). You can see what is going on with /proc/rd/c0/current_status. I have a script that dumps the status to a port and a little visual c program that our helpdesk uses to monitor the status of the raid(since converted to VB). Even wrote a mon script at one point to parse the output and notify me of a failed drive, and planning on writing a nagios module for it(however this is low priority since I quite building things that pushed the scsi limits drives don't fail). Once notified, you can echo "make-online channel:ID" > /proc/rd/c0/user_command replacing channel and ID with the correct channel and ID of the drive that is dead. If you boot off the raid and loose 2 drives (or as I often see a channel) you will have a kernel panic. If your mounting /var/spool/mail on the raid then you will find your machine almost hangs just b/c of the amount of processing going on trying to find where to put mail on a busy server. Hope this help, and if you have any questions please feel free to contact me directly. --rat On Sun, 2003-01-05 at 18:12, Nick Phillips wrote: > On Monday, January 6, 2003, at 01:34 pm, Jim Levie wrote: > > > MailScanner bangs on the disk quite a bit as compared to just > > sendmail/procmail. My suspicion is that the fault is associated with > > the > > disk subsystem activity. > > Are you getting log messages from the DAC960 driver at all? You might > want to check > that by, say, fiddling with the control files in /proc (sorry, can't > remember which ones) to manually take a drive offline and see whether > it gets logged. > > It's just that I've seen problems with a DAC960 before where there were > communication errors between the controller and the drives (introduced > by the drive bay's backplane, IIRC), which caused the drives to be > marked as bad by the controller, one after the other. > > Once they were all down, kernel panic followed, IIRC. > > What type of server is it (brand, model etc.)? > > > > Cheers, > > > Nick From lists at MASONC.COM Mon Jan 6 10:03:36 2003 From: lists at MASONC.COM (Chris Mason) Date: Thu Jan 12 21:16:51 2006 Subject: Mailscanner and f-prot Message-ID: <000001c2b56a$e1439a20$7300a8c0@poseiden> I downloaded and installed the free Linux server f-prot and it seems to work well, is there a rp,m that will install mailscanner on a Redhat 7.3 server without much bother? I'm using spamassassin as well, will it integrate OK? Chris Mason masonc@masonc.com Box 340, The Valley, Anguilla, British West Indies Tel: 264 497 5670 Fax: 264 497 8463 Cell: 264 235 5670 http://www.anguillaguide.com/ The Anguilla Guide Talk to me in real time: Yahoo:netconcepts_anguilla US Fax and Voicemail: (815)301-9759 From mailscanner at ecs.soton.ac.uk Mon Jan 6 10:48:02 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:51 2006 Subject: Header not being written too In-Reply-To: Message-ID: <5.2.0.9.2.20030106104704.0296cab8@imap.ecs.soton.ac.uk> At 03:59 06/01/2003, you wrote: >RH 8.0 >Sendmail >Standard .conf file >When I send an email to someone on that machine, when I look at the email in >/var/spool/mail there not extra header that the mail scanner should be >adding. > >Any help where to check what not happening would be great.. ># service MailScanner status >Checking MailScanner daemons: > MailScanner: [ OK ] > incoming sendmail: [ OK ] > outgoing sendmail: [ OK ] Make sure you have done a service sendmail stop before you did service MailScanner start It sounds like your original sendmail process might still be alive. >Thanks >Troy -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Mon Jan 6 10:51:51 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:51 2006 Subject: Mailscanner and f-prot In-Reply-To: <000001c2b56a$e1439a20$7300a8c0@poseiden> Message-ID: <5.2.0.9.2.20030106105007.02d84e78@imap.ecs.soton.ac.uk> At 10:03 06/01/2003, you wrote: >I downloaded and installed the free Linux server f-prot and it seems to >work well, is there a rp,m that will install mailscanner on a Redhat 7.3 >server without much bother? Have you tried looking at the MailScanner web site before asking this? I advise you try the "Downloads" page. >I'm using spamassassin as well, will it integrate OK? Again, please RTM. The answer is yes. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From j.cormie at ABERTAY.AC.UK Mon Jan 6 13:43:57 2003 From: j.cormie at ABERTAY.AC.UK (Jason Cormie) Date: Thu Jan 12 21:16:51 2006 Subject: Exim Weirdness Message-ID: Mailscanner 3.26 Exim 3.35 just back from my hols looking at my mailscanner box. used eximstats to look at this mornings exim logs and found this... List of errors -------------- 1 0010295@ABERTAY.AC.UK: retry timeout exceeded 1 0010295@abertay.ac.uk: retry timeout exceeded 1 0010314@TAY.AC.UK: retry timeout exceeded 1 0010314@tay.ac.uk: retry timeout exceeded 1 0010331@abertay.ac.uk: retry timeout exceeded ....... These are all valid addresses which mailscanner should pickup scan then pass onto our exchange box I also found this which is disturbing... This message was created automatically by mail delivery software (Exim). A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: w.robb@abertay.ac.uk remote host address is the local host: retry timeout exceeded This is an address that should have been passed to exchange server. From mailscanner at ecs.soton.ac.uk Mon Jan 6 15:31:18 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:51 2006 Subject: Exim Weirdness In-Reply-To: Message-ID: <5.2.0.9.2.20030106153051.055be3d0@imap.ecs.soton.ac.uk> MailScanner does not get involved with the delivery process at all, so I don't think this is likely to be a MailScanner problem. At 13:43 06/01/2003, you wrote: >Mailscanner 3.26 >Exim 3.35 > >just back from my hols looking at my mailscanner box. >used eximstats to look at this mornings exim logs and found this... > >List of errors >-------------- > > 1 0010295@ABERTAY.AC.UK: retry timeout exceeded > > 1 0010295@abertay.ac.uk: retry timeout exceeded > > 1 0010314@TAY.AC.UK: retry timeout exceeded > > 1 0010314@tay.ac.uk: retry timeout exceeded > > 1 0010331@abertay.ac.uk: retry timeout exceeded > > >....... > >These are all valid addresses which mailscanner should pickup scan then pass >onto our exchange box >I also found this which is disturbing... > > This message was created automatically by mail delivery software >(Exim). > > A message that you sent could not be delivered to one or more of its > recipients. This is a permanent error. The following address(es) >failed: > > w.robb@abertay.ac.uk > remote host address is the local host: retry timeout >exceeded > >This is an address that should have been passed to exchange server. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From MHewryk at SYMCOR.COM Mon Jan 6 15:42:42 2003 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:16:51 2006 Subject: MailScanner forwards only " localdomain.localhost" emails to SpamAssassin Spam Checks: Found 1 spam messag Message-ID: Hello, I've installed and configured MailScanner v. 4.10 with SpamAssassin v. 2.43. It works OK (rbl disabled) but only if it sees the FROM ADDRESS like "...@localhost.localdomain" for eg. root@localhost.localdomain. In the summary if it is " from=" Spam Assasin is called and it checks email for spam. I accomplished it (sending email form xxx@localhost.localdomain by changing hosts file: 127.0.0.1 myhost localhost.localdomain localhost xxx.xxx.22.22 myhost myhost.mydomain.com At the end of mailog you can see that Spam Check worked and found a spam message! /var/log/maillog: Jan 2 11:32:38 myhost sendmail[28023]: h02GWc7o028023: from=root size=28, class=0, nrcpts=1, msgid =<200301021632.h02GWc7o028023@localhost.localdomain>, relay=root@localhost Jan 2 11:32:39 myhost sendmail[28029]: h02GWcLh028029: from =, size=333, class=0, nrcpts=1, msgid =<200301021632.h02GWc7o028023@localhost.localdomain>, proto=ESMTP, daemon=MTA, relay=myhost [127.0.0.1] Jan 2 11:32:39 myhost sendmail[28029]: h02GWcLh028029: to =, delay=00:00:01, mailer=esmtp, pri=30328, stat=queued Jan 2 11:32:40 myhost sendmail[28023]: h02GWc7o028023: to=maga@symcor.com, ctladdr=root (500/500), delay=00:00:02, xdelay=00:00:02, mailer=relay, pri=30023, relay=localhost.localdomain. [127.0.0.1], dsn=2.0.0, stat=Sent (h02GWcLh028029 Message accepted for delivery) Jan 2 11:32:41 myhost MailScanner[26429]: New Batch: Found 2 messages waiting Jan 2 11:32:41 myhost MailScanner[26429]: New Batch: Scanning 1 messages, 789 bytes Jan 2 11:33:11 myhost MailScanner[26519]: Spam Checks: Found 1 spam messages PROBLEM: If MailScanner/SpamAssassin sees that email is sent from eg. root@myhost.mydomain.com or any other domain is doesn't call SpamAssassin and doesn't do the spam check OR SpamAssassin doesn't do the Spam Check. In summary if the line is like this: from= or from= Spam Check is not performed. This is my hosts file for the example above. 127.0.01 localhost.localdomain localhost xxx.xxx.22.22 myhost myhost.mydomain.com I've disabled all rules in MailScanner.conf making sure that domains.to.scan and whitelists are not set up so stopping mydomain or anydomain by rules shoudn't be the issue. Any hint what I'm missing here. Thanks, Magda Hewryk From andrewh at CQG.COM Mon Jan 6 16:29:15 2003 From: andrewh at CQG.COM (Andrew M. Hoying) Date: Thu Jan 12 21:16:51 2006 Subject: OT: Dynamically updating /etc/mail/access Message-ID: <8A6DFB0865502242A29E25BDAEFBB9451ABE6A@d2sexchtest.cqg.com> Hello, Every day I go through and pull the top spamming domains and relays, except for the common ones that legitimate mail also comes from, verify them in net-abuse.sightings and add them to /etc/mail/access as REJECTed. Is there any program which dynamically updates with new spamming domains, and verified by a human, which can be used to update the /etc/mail/access.db file in near real time, instead of a day later like I usually do? Thanks, Andrew From thomas_duvally at BROWN.EDU Mon Jan 6 16:32:43 2003 From: thomas_duvally at BROWN.EDU (Thomas DuVally) Date: Thu Jan 12 21:16:51 2006 Subject: Negative SA value and scoring Message-ID: <1041870763.4148.13.camel@croithine> Question: If Spam Assassin returned a negative score for a piece of mail, would MailScanner still add a "Spam Score" (the sssss) to the message? I'm seeing some messages that don't have a Spam Report attached, but are getting a Spam Score of less than the threshold. The message IS spam, but has some phrases that could give it a negative value is SA. Does MailScanner handle the minus sign right for SpamScore like it does for SpamReport? -- Thomas J. DuVally Lead Systems Prog. CIS, Brown Univ. From mike at CAMAROSS.NET Mon Jan 6 16:41:04 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:16:51 2006 Subject: Dynamically updating /etc/mail/access In-Reply-To: <8A6DFB0865502242A29E25BDAEFBB9451ABE6A@d2sexchtest.cqg.com> Message-ID: <000401c2b5a2$682fd5d0$6901a8c0@home.middlefinger.net> http://staff.cie.uce.ac.uk/~dwhile/mailstats/ -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Andrew M. Hoying Sent: Monday, January 06, 2003 10:29 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: OT: Dynamically updating /etc/mail/access Hello, Every day I go through and pull the top spamming domains and relays, except for the common ones that legitimate mail also comes from, verify them in net-abuse.sightings and add them to /etc/mail/access as REJECTed. Is there any program which dynamically updates with new spamming domains, and verified by a human, which can be used to update the /etc/mail/access.db file in near real time, instead of a day later like I usually do? Thanks, Andrew From richard at HELPPLC.COM Mon Jan 6 17:00:49 2003 From: richard at HELPPLC.COM (Richard Sidlin) Date: Thu Jan 12 21:16:51 2006 Subject: Sophos Update File Message-ID: <000d01c2b5a5$2ce1ebf0$1d00000a@rich> Up to now, the file name has been linux.intel.libc6.tar.z but now, from the CD, the .z is missing. How would I install this update please. Richard Sidlin Help Internet Ltd 8 Brownfields Court Welwyn Garden City Herts AL7 1AJ T 01707 897111 F 01707 897143 M 07970 289773 E richard@helpinternet.co.uk From Kevin.Spicer at BMRB.CO.UK Mon Jan 6 17:04:02 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:16:51 2006 Subject: Sophos Update File Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0A32BFE@pascal.priv.bmrb.co.uk> > Up to now, the file name has been linux.intel.libc6.tar.z but > now, from > the CD, the .z is missing. How would I install this update please. The version on the web has the correct name - I'd recommend using the web version as the CD version is always a month out of date - which means you have to upgrade it every two months (when they stop supplying IDE files for it), whereas the web version only needs upgrading every three months. But maybe I'm just lazy.... From richard at HELPPLC.COM Mon Jan 6 17:10:08 2003 From: richard at HELPPLC.COM (Richard Sidlin) Date: Thu Jan 12 21:16:51 2006 Subject: Sophos Update File In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0A32BFE@pascal.priv.bmrb.co.uk> Message-ID: <000e01c2b5a6$79e6c280$1d00000a@rich> I don't have a web login, I only receive the disk :-) > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Spicer, Kevin > Sent: 06 January 2003 17:04 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Sophos Update File > > > > Up to now, the file name has been linux.intel.libc6.tar.z but > > now, from > > the CD, the .z is missing. How would I install this update please. > > The version on the web has the correct name - I'd recommend > using the web version as the CD version is always a month out > of date - which means you have to upgrade it every two months > (when they stop supplying IDE files for it), whereas the web > version only needs upgrading every three months. > > But maybe I'm just lazy.... > From mailscanner at ecs.soton.ac.uk Mon Jan 6 17:13:14 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:51 2006 Subject: Sophos Update File In-Reply-To: <000d01c2b5a5$2ce1ebf0$1d00000a@rich> Message-ID: <5.2.0.9.2.20030106171219.0545c4b0@imap.ecs.soton.ac.uk> At 17:00 06/01/2003, you wrote: >Up to now, the file name has been linux.intel.libc6.tar.z but now, from >the CD, the .z is missing. How would I install this update please. In which case cd /tmp tar xvf linux.intel.libc6.tar Sophos.install or else cd /tmp compress linux.intel.libc6.tar Sophos.install -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Mon Jan 6 17:11:50 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:51 2006 Subject: Negative SA value and scoring In-Reply-To: <1041870763.4148.13.camel@croithine> Message-ID: <5.2.0.9.2.20030106171107.0548fc30@imap.ecs.soton.ac.uk> At 16:32 06/01/2003, you wrote: >Question: > If Spam Assassin returned a negative score for a piece of mail, would >MailScanner still add a "Spam Score" (the sssss) to the message? I'm >seeing some messages that don't have a Spam Report attached, but are >getting a Spam Score of less than the threshold. The message IS spam, >but has some phrases that could give it a negative value is SA. > > Does MailScanner handle the minus sign right for SpamScore like > it does >for SpamReport? Can you give me an example of exactly what you mean? -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Mon Jan 6 17:15:48 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:51 2006 Subject: Sophos Update File In-Reply-To: <000e01c2b5a6$79e6c280$1d00000a@rich> References: <5C0296D26910694BB9A9BBFC577E7AB0A32BFE@pascal.priv.bmrb.co.uk> Message-ID: <5.2.0.9.2.20030106171510.0548f8e0@imap.ecs.soton.ac.uk> In which case I advise you email them all the relevant info about your purchase, and ask for a web login. At 17:10 06/01/2003, you wrote: >I don't have a web login, I only receive the disk :-) > > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Spicer, Kevin > > Sent: 06 January 2003 17:04 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Sophos Update File > > > > > > > Up to now, the file name has been linux.intel.libc6.tar.z but > > > now, from > > > the CD, the .z is missing. How would I install this update please. > > > > The version on the web has the correct name - I'd recommend > > using the web version as the CD version is always a month out > > of date - which means you have to upgrade it every two months > > (when they stop supplying IDE files for it), whereas the web > > version only needs upgrading every three months. > > > > But maybe I'm just lazy.... > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From thomas_duvally at BROWN.EDU Mon Jan 6 18:44:04 2003 From: thomas_duvally at BROWN.EDU (Thomas DuVally) Date: Thu Jan 12 21:16:51 2006 Subject: Negative SA value and scoring In-Reply-To: <5.2.0.9.2.20030106171107.0548fc30@imap.ecs.soton.ac.uk> References: <5.2.0.9.2.20030106171107.0548fc30@imap.ecs.soton.ac.uk> Message-ID: <1041878643.4150.37.camel@croithine> This message received a SpamScore of ss (2), but got no report and did NOT get logged as spam in syslogd. I am using 2.41 of SA, which I know has and older ruleset, but I think this is regardless of the rules. MS seems to be acting on the results of SA. Looking at the code in Message.pm, the function to handle sascore doesn't check the result of SAsaysspam. It just sees the score and acts on it as an integer. Does that possibly ignore the minus sign? From: Melissia Ozer To: Subject: user_name Cure Employment Stagnation Date: Sun, 05 Jan 2003 11:34:31 -0500 Mime-Version: 1.0 Content-Type: text/html Message-Id: X-Brown-MailScanner: Found to be clean X-Brown-MailScanner-SpamScore: ss Hi , user_name

YOUR DEGREE MAY BE CLOSER THAN YOU THINK
We remove the obstacles that cause adults to abandon hope.
DID YOU KNOW that you could earn your legitimate Associate's, Bachelor's, Master's or even
Doctorate degree, utilizing your already existing professional or academic expertise?

Prepare for the professional advancement you deserve
If you are an adult with a *CLIP* On Mon, 2003-01-06 at 12:11, Julian Field wrote: > At 16:32 06/01/2003, you wrote: > >Question: > > If Spam Assassin returned a negative score for a piece of mail, would > >MailScanner still add a "Spam Score" (the sssss) to the message? I'm > >seeing some messages that don't have a Spam Report attached, but are > >getting a Spam Score of less than the threshold. The message IS spam, > >but has some phrases that could give it a negative value is SA. > > > > Does MailScanner handle the minus sign right for SpamScore like > > it does > >for SpamReport? > > Can you give me an example of exactly what you mean? > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support -- Thomas DuVally Lead Sys. Prog. CIS, Brown Univ. 401.863.9466 From mailscanner at ecs.soton.ac.uk Mon Jan 6 18:51:22 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:51 2006 Subject: Negative SA value and scoring In-Reply-To: <1041878643.4150.37.camel@croithine> References: <5.2.0.9.2.20030106171107.0548fc30@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030106171107.0548fc30@imap.ecs.soton.ac.uk> Message-ID: <5.2.0.9.2.20030106184528.02d77d70@imap.ecs.soton.ac.uk> At 18:44 06/01/2003, you wrote: >This message received a SpamScore of ss (2), but got no report and did >NOT get logged as spam in syslogd. If the score (2) is less than your "Required SpamAssassin Score" value, then this is exactly what you should see. This means that your users can filter on SA scores less than your defined threshold, if they want to. If you want to always get the spam header, you have to tell it to always include it. > I am using 2.41 of SA, which I know >has and older ruleset, but I think this is regardless of the rules. MS >seems to be acting on the results of SA. > Looking at the code in Message.pm, the function to handle sascore >doesn't check the result of SAsaysspam. It just sees the score and acts >on it as an integer. Does that possibly ignore the minus sign? No. >From: Melissia Ozer >To: >Subject: user_name Cure Employment Stagnation >Date: Sun, 05 Jan 2003 11:34:31 -0500 >Mime-Version: 1.0 >Content-Type: text/html >Message-Id: >X-Brown-MailScanner: Found to be clean >X-Brown-MailScanner-SpamScore: ss > >Hi , user_name > >YOUR DEGREE MAY BE CLOSER THAN YOU THINK >We remove the obstacles that cause adults to abandon hope. >DID YOU KNOW that you could earn your legitimate Associate's, Bachelor's, >Master's or even >Doctorate degree, utilizing your already existing professional or academic >expertise? > >Prepare for the professional advancement you deserve >If you are an adult with a *CLIP* On Mon, 2003-01-06 at 12:11, Julian >Field wrote: > At 16:32 06/01/2003, you wrote: > >Question: > > If Spam >Assassin returned a negative score for a piece of mail, >would > >MailScanner still add a "Spam Score" (the sssss) to the message? >I'm > >seeing some messages that don't have a Spam Report attached, but >are > >getting a Spam Score of less than the threshold. The message IS >spam, > >but has some phrases that could give it a negative value is >SA. > > > > Does MailScanner handle the minus sign right for SpamScore >like > > it does > >for SpamReport? > > Can you give me an example of >exactly what you mean? > -- > Julian Field > www.MailScanner.info > >MailScanner thanks transtec Computers for their support -- Thomas DuVally >Lead Sys. Prog. CIS, Brown Univ. 401.863.9466 -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From thomas_duvally at BROWN.EDU Mon Jan 6 19:25:19 2003 From: thomas_duvally at BROWN.EDU (Thomas DuVally) Date: Thu Jan 12 21:16:51 2006 Subject: Negative SA value and scoring In-Reply-To: <5.2.0.9.2.20030106184528.02d77d70@imap.ecs.soton.ac.uk> References: <5.2.0.9.2.20030106171107.0548fc30@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030106171107.0548fc30@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030106184528.02d77d70@imap.ecs.soton.ac.uk> Message-ID: <1041881118.4150.44.camel@croithine> On Mon, 2003-01-06 at 13:51, Julian Field wrote: > At 18:44 06/01/2003, you wrote: > >This message received a SpamScore of ss (2), but got no report and did > >NOT get logged as spam in syslogd. > > If the score (2) is less than your "Required SpamAssassin Score" value, > then this is exactly what you should see. This means that your users can > filter on SA scores less than your defined threshold, if they want to. If > you want to always get the spam header, you have to tell it to always > include it. > We don't include the report unless it hits the threshold (Always Include SpamAssassin Report = no). So if it doesn't create a report, it shouldn't score it either, which is exactly how we see it working, with the exception of instances like this one. -- Thomas DuVally Lead Sys. Prog. CIS, Brown Univ. 401.863.9466 From MHewryk at SYMCOR.COM Mon Jan 6 19:28:12 2003 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:16:51 2006 Subject: MailScanner forwards only " localdomain.localhost" emails to SpamAssassin Spam Checks: Found 1 spam messag Message-ID: Any thought why MailScanner/SpamAssassin does the Spam Checks only for localhost? Thanks, Magda Hewryk -------------------------------- Mid-Range Systems RSP: 905-273-1637 CELL: 416-948-4427 Magda Hewryk cc: Sent by: Subject: MailScanner forwards only " localdomain.localhost" MailScanner emails to SpamAssassin Spam Checks: Found 1 spam messag mailing list 01/06/2003 10:42 AM Please respond to MailScanner mailing list Hello, I've installed and configured MailScanner v. 4.10 with SpamAssassin v. 2.43. It works OK (rbl disabled) but only if it sees the FROM ADDRESS like "...@localhost.localdomain" for eg. root@localhost.localdomain. In the summary if it is " from=" Spam Assasin is called and it checks email for spam. I accomplished it (sending email form xxx@localhost.localdomain by changing hosts file: 127.0.0.1 myhost localhost.localdomain localhost xxx.xxx.22.22 myhost myhost.mydomain.com At the end of mailog you can see that Spam Check worked and found a spam message! /var/log/maillog: Jan 2 11:32:38 myhost sendmail[28023]: h02GWc7o028023: from=root size=28, class=0, nrcpts=1, msgid =<200301021632.h02GWc7o028023@localhost.localdomain>, relay=root@localhost Jan 2 11:32:39 myhost sendmail[28029]: h02GWcLh028029: from =, size=333, class=0, nrcpts=1, msgid =<200301021632.h02GWc7o028023@localhost.localdomain>, proto=ESMTP, daemon=MTA, relay=myhost [127.0.0.1] Jan 2 11:32:39 myhost sendmail[28029]: h02GWcLh028029: to =, delay=00:00:01, mailer=esmtp, pri=30328, stat=queued Jan 2 11:32:40 myhost sendmail[28023]: h02GWc7o028023: to=maga@symcor.com, ctladdr=root (500/500), delay=00:00:02, xdelay=00:00:02, mailer=relay, pri=30023, relay=localhost.localdomain. [127.0.0.1], dsn=2.0.0, stat=Sent (h02GWcLh028029 Message accepted for delivery) Jan 2 11:32:41 myhost MailScanner[26429]: New Batch: Found 2 messages waiting Jan 2 11:32:41 myhost MailScanner[26429]: New Batch: Scanning 1 messages, 789 bytes Jan 2 11:33:11 myhost MailScanner[26519]: Spam Checks: Found 1 spam messages PROBLEM: If MailScanner/SpamAssassin sees that email is sent from eg. root@myhost.mydomain.com or any other domain is doesn't call SpamAssassin and doesn't do the spam check OR SpamAssassin doesn't do the Spam Check. In summary if the line is like this: from= or from= Spam Check is not performed. This is my hosts file for the example above. 127.0.01 localhost.localdomain localhost xxx.xxx.22.22 myhost myhost.mydomain.com I've disabled all rules in MailScanner.conf making sure that domains.to.scan and whitelists are not set up so stopping mydomain or anydomain by rules shoudn't be the issue. Any hint what I'm missing here. Thanks, Magda Hewryk From j.cormie at ABERTAY.AC.UK Mon Jan 6 19:48:29 2003 From: j.cormie at ABERTAY.AC.UK (Jason Cormie) Date: Thu Jan 12 21:16:51 2006 Subject: OT: Exim Weirdness Message-ID: Sorry Julian, All I know of exim has come from using it with mailscanner so I thought I'd try here before trying the exim lists. I have exim configured as it says in the mailscanner docs, so if it is a problem with my config then it is also a problem with either the documentation or the version of exim I am running. -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: 06, January, 2003 15:31 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Exim Weirdness MailScanner does not get involved with the delivery process at all, so I don't think this is likely to be a MailScanner problem. At 13:43 06/01/2003, you wrote: >Mailscanner 3.26 >Exim 3.35 > >just back from my hols looking at my mailscanner box. >used eximstats to look at this mornings exim logs and found this... > >List of errors >-------------- > > 1 0010295@ABERTAY.AC.UK: retry timeout exceeded > > 1 0010295@abertay.ac.uk: retry timeout exceeded > > 1 0010314@TAY.AC.UK: retry timeout exceeded > > 1 0010314@tay.ac.uk: retry timeout exceeded > > 1 0010331@abertay.ac.uk: retry timeout exceeded > > >....... > >These are all valid addresses which mailscanner should pickup scan then pass >onto our exchange box >I also found this which is disturbing... > > This message was created automatically by mail delivery software >(Exim). > > A message that you sent could not be delivered to one or more of its > recipients. This is a permanent error. The following address(es) >failed: > > w.robb@abertay.ac.uk > remote host address is the local host: retry timeout >exceeded > >This is an address that should have been passed to exchange server. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From scouty at BROMBERG.DEMON.NL Mon Jan 6 21:10:32 2003 From: scouty at BROMBERG.DEMON.NL (Matthijs Althoff) Date: Thu Jan 12 21:16:51 2006 Subject: MailScanner 4.11-1 errors Message-ID: <200301062110.h06LAWa29119@ori.rl.ac.uk> Just upgraded to the new mailscanner but found some errors at the end I can not define.. I also notice many perl conflicts during the upgrade is this all bad? To activate MailScanner run the following commands: service sendmail stop chkconfig sendmail off chkconfig --level 2345 MailScanner on service MailScanner start Can't call method "Destroy" on an undefined value at /usr/sbin/MailScanner line 426. BEGIN failed--compilation aborted at /usr/lib/perl5/vendor_perl/5.8.0/Mail/SpamAssassin/Dns.pm line 9. Compilation failed in require at /usr/lib/perl5/vendor_perl/5.8.0/Mail/SpamAssassin/EvalTests.pm line 9. BEGIN failed--compilation aborted at /usr/lib/perl5/vendor_perl/5.8.0/Mail/SpamAssassin/EvalTests.pm line 9. Compilation failed in require at /usr/lib/perl5/vendor_perl/5.8.0/Mail/SpamAssassin/PerMsgStatus.pm line 39. BEGIN failed--compilation aborted at /usr/lib/perl5/vendor_perl/5.8.0/Mail/SpamAssassin/PerMsgStatus.pm line 39. Compilation failed in require at /usr/lib/perl5/vendor_perl/5.8.0/Mail/SpamAssassin.pm line 50. BEGIN failed--compilation aborted at /usr/lib/perl5/vendor_perl/5.8.0/Mail/SpamAssassin.pm line 50. Compilation failed in require at /usr/lib/MailScanner/MailScanner/SA.pm line 74. Please do not forget to kill your MailScanner version 3 processes before starting version 4. From mailscanner-sub at WIREHUB.NET Mon Jan 6 21:14:02 2003 From: mailscanner-sub at WIREHUB.NET (Ben C. O. Grimm) Date: Thu Jan 12 21:16:51 2006 Subject: OT: Dynamically updating /etc/mail/access In-Reply-To: References: Message-ID: On 6 Jan 2003 17:29:59 +0100, "Andrew M. Hoying" wrote: > Hello, > > Every day I go through and pull the top spamming domains and relays, > except for the common ones that legitimate mail also comes from, verify > them in net-abuse.sightings and add them to /etc/mail/access as > REJECTed. Is there any program which dynamically updates with new > spamming domains, and verified by a human, which can be used to update > the /etc/mail/access.db file in near real time, instead of a day later > like I usually do? If you have rsync, try this one: http://basic.wirehub.nl/spamlist-usage.html The spamlist (http://basic.wirehub.nl/spamlist-extended.txt, 3,5 MB) is updated every hour. If you like, you can just use the domain names by grepping "JUNK$" from http://basic.wirehub.nl/spamlist.txt. -- - Ben C. O. Grimm ----------------- Ben.Grimm@wirehub.net - - Wirehub! Internet Engineering - http://www.wirehub.net/ - - Private Ponderings ----------- http://www.bengrimm.net/ - - Wirehub! Internet ----------- part of easynet Group plc - From andrewh at CQG.COM Mon Jan 6 21:20:21 2003 From: andrewh at CQG.COM (Andrew M. Hoying) Date: Thu Jan 12 21:16:51 2006 Subject: OT: Dynamically updating /etc/mail/access Message-ID: <8A6DFB0865502242A29E25BDAEFBB9451ABE7B@d2sexchtest.cqg.com> Thank you, that looks very useful. Andrew > -----Original Message----- > From: Ben C. O. Grimm [mailto:mailscanner-sub@WIREHUB.NET] > Sent: Monday, January 06, 2003 2:14 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: OT: Dynamically updating /etc/mail/access > > > On 6 Jan 2003 17:29:59 +0100, "Andrew M. Hoying" > wrote: > > > Hello, > > > > Every day I go through and pull the top spamming domains and relays, > > except for the common ones that legitimate mail also comes > from, verify > > them in net-abuse.sightings and add them to /etc/mail/access as > > REJECTed. Is there any program which dynamically updates with new > > spamming domains, and verified by a human, which can be > used to update > > the /etc/mail/access.db file in near real time, instead of > a day later > > like I usually do? > > If you have rsync, try this one: > http://basic.wirehub.nl/spamlist-usage.html The spamlist (http://basic.wirehub.nl/spamlist-extended.txt, 3,5 MB) is updated every hour. If you like, you can just use the domain names by grepping "JUNK$" from http://basic.wirehub.nl/spamlist.txt. -- - Ben C. O. Grimm ----------------- Ben.Grimm@wirehub.net - - Wirehub! Internet Engineering - http://www.wirehub.net/ - - Private Ponderings ----------- http://www.bengrimm.net/ - - Wirehub! Internet ----------- part of easynet Group plc - From mailscanner at ecs.soton.ac.uk Mon Jan 6 21:33:38 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:51 2006 Subject: MailScanner 4.11-1 errors In-Reply-To: <200301062110.h06LAWa29119@ori.rl.ac.uk> Message-ID: <5.2.0.9.2.20030106213123.02b18e20@imap.ecs.soton.ac.uk> At 21:10 06/01/2003, you wrote: >Just upgraded to the new mailscanner but found some errors >at the end I can not define.. I also notice many perl conflicts >during the upgrade is this all bad? Is your SpamAssassin correctly installed? That would produce the errors below. Installing SA from the tarball is the most reliable way. >To activate MailScanner run the following commands: > >service sendmail stop >chkconfig sendmail off >chkconfig --level 2345 MailScanner on >service MailScanner start > >Can't call method "Destroy" on an undefined value at > /usr/sbin/MailScanner line 426. >BEGIN failed--compilation aborted at >/usr/lib/perl5/vendor_perl/5.8.0/Mail/SpamAssassin/Dns.pm line 9. >Compilation failed in require >at /usr/lib/perl5/vendor_perl/5.8.0/Mail/SpamAssassin/EvalTests.pm >line 9. >BEGIN failed--compilation aborted >at /usr/lib/perl5/vendor_perl/5.8.0/Mail/SpamAssassin/EvalTests.pm line 9. >Compilation failed in require >at /usr/lib/perl5/vendor_perl/5.8.0/Mail/SpamAssassin/PerMsgStatus.pm line >39. >BEGIN failed--compilation aborted >at /usr/lib/perl5/vendor_perl/5.8.0/Mail/SpamAssassin/PerMsgStatus.pm line >39. >Compilation failed in require >at /usr/lib/perl5/vendor_perl/5.8.0/Mail/SpamAssassin.pm line 50. >BEGIN failed--compilation aborted >at /usr/lib/perl5/vendor_perl/5.8.0/Mail/SpamAssassin.pm line 50. >Compilation failed in require at /usr/lib/MailScanner/MailScanner/SA.pm >line 74. >Please do not forget to kill your MailScanner version 3 processes >before starting version 4. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From rybar at DATALOCK.SK Tue Jan 7 06:48:15 2003 From: rybar at DATALOCK.SK (Patrik Rybar) Date: Thu Jan 12 21:16:52 2006 Subject: notify sender Message-ID: <3E1A782F.9000300@datalock.sk> hallo, what i'm doing wrong ? in /etc/MailScanner/MailScanner.conf i have Notify Senders = /etc/MailScanner/rules/notify.rules in /etc/MailScanner/rules/notify.rules FromTo: default yes but notify mails goes to recipient not to the sender From bigdog at DOGPOUND.VNET.NET Tue Jan 7 04:15:30 2003 From: bigdog at DOGPOUND.VNET.NET (Matthew Davis) Date: Thu Jan 12 21:16:52 2006 Subject: Mailscanner and f-prot In-Reply-To: <1041903620.2689.7.camel@localhost.localdomain>; from lists@MASONC.COM on Mon, Jan 06, 2003 at 09:40:21PM -0400 References: <5.2.0.9.2.20030106105007.02d84e78@imap.ecs.soton.ac.uk> <1041903620.2689.7.camel@localhost.localdomain> Message-ID: <20030106231530.E5691@dogpound.vnet.net> Then from a rh7.3+spamassassin+mailscanner+f-prot user, it works great. They all behave very much nicely together. * Chris Mason (lists@MASONC.COM) wrote: > Thanks Julian. > I should be more clear - I'm not asking if there are RPMs, I seen them, > I wanted any personal experience with this combination from people who > have done this. I'll try it and see how it goes. > > Thanks again > > > On Mon, 2003-01-06 at 06:51, Julian Field wrote: > > At 10:03 06/01/2003, you wrote: > > >I downloaded and installed the free Linux server f-prot and it seems to > > >work well, is there a rp,m that will install mailscanner on a Redhat 7.3 > > >server without much bother? ---------------------------------------------- | Matthew Davis /\ http://dogpound.vnet.net/ | |--------------------------------------------| | Monday, January 06, 2003 / 11:10PM | ---------------------------------------------- Even in this corner of the galaxy, Captain, 2+2=4 ... Spock From lists at MASONC.COM Tue Jan 7 01:40:21 2003 From: lists at MASONC.COM (Chris Mason) Date: Thu Jan 12 21:16:52 2006 Subject: Mailscanner and f-prot In-Reply-To: <5.2.0.9.2.20030106105007.02d84e78@imap.ecs.soton.ac.uk> References: <5.2.0.9.2.20030106105007.02d84e78@imap.ecs.soton.ac.uk> Message-ID: <1041903620.2689.7.camel@localhost.localdomain> Thanks Julian. I should be more clear - I'm not asking if there are RPMs, I seen them, I wanted any personal experience with this combination from people who have done this. I'll try it and see how it goes. Thanks again On Mon, 2003-01-06 at 06:51, Julian Field wrote: > At 10:03 06/01/2003, you wrote: > >I downloaded and installed the free Linux server f-prot and it seems to > >work well, is there a rp,m that will install mailscanner on a Redhat 7.3 > >server without much bother? > > Have you tried looking at the MailScanner web site before asking this? I > advise you try the "Downloads" page. > > >I'm using spamassassin as well, will it integrate OK? > > Again, please RTM. The answer is yes. > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support From slawler at SYDNEY.NII.COM.AU Mon Jan 6 23:38:47 2003 From: slawler at SYDNEY.NII.COM.AU (Stewart Lawler) Date: Thu Jan 12 21:16:52 2006 Subject: OT: Dynamically updating /etc/mail/access In-Reply-To: <8A6DFB0865502242A29E25BDAEFBB9451ABE7B@d2sexchtest.cqg.com> References: <8A6DFB0865502242A29E25BDAEFBB9451ABE7B@d2sexchtest.cqg.com> Message-ID: <1041896326.2087.5.camel@empc-l01> this looks like a great solution - but what is the performance impact? The relay machine i'm running mailscanner on at the moment is rather old and might not cope with being given much more to do. :-) cheers, ..S. On Tue, 2003-01-07 at 08:20, Andrew M. Hoying wrote: > Thank you, that looks very useful. > > Andrew > > > -----Original Message----- > > From: Ben C. O. Grimm [mailto:mailscanner-sub@WIREHUB.NET] > > Sent: Monday, January 06, 2003 2:14 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: OT: Dynamically updating /etc/mail/access > > > > > > On 6 Jan 2003 17:29:59 +0100, "Andrew M. Hoying" > > wrote: > > > > > Hello, > > > > > > Every day I go through and pull the top spamming domains and relays, > > > except for the common ones that legitimate mail also comes > > from, verify > > > them in net-abuse.sightings and add them to /etc/mail/access as > > > REJECTed. Is there any program which dynamically updates with new > > > spamming domains, and verified by a human, which can be > > used to update > > > the /etc/mail/access.db file in near real time, instead of > > a day later > > > like I usually do? > > > > If you have rsync, try this one: > > > http://basic.wirehub.nl/spamlist-usage.html > > The spamlist (http://basic.wirehub.nl/spamlist-extended.txt, 3,5 MB) is > updated every hour. If you like, you can just use the domain names by > grepping "JUNK$" from http://basic.wirehub.nl/spamlist.txt. > > -- > - Ben C. O. Grimm ----------------- Ben.Grimm@wirehub.net - > - Wirehub! Internet Engineering - http://www.wirehub.net/ - > - Private Ponderings ----------- http://www.bengrimm.net/ - > - Wirehub! Internet ----------- part of easynet Group plc - -- Stewart Lawler Empower Group From mailscanner at ecs.soton.ac.uk Tue Jan 7 08:22:36 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:52 2006 Subject: notify sender In-Reply-To: <3E1A782F.9000300@datalock.sk> Message-ID: <5.2.0.9.2.20030107082203.03c34818@imap.ecs.soton.ac.uk> At 06:48 07/01/2003, you wrote: >hallo, >what i'm doing wrong ? > >in /etc/MailScanner/MailScanner.conf >i have >Notify Senders = /etc/MailScanner/rules/notify.rules > >in /etc/MailScanner/rules/notify.rules > >FromTo: default yes > >but notify mails goes to recipient not to the sender Have you edited the message file (ie what is in /etc/MailScanner/reports/en/....) and got the sender and recipient addresses the wrong way around? -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From j.cormie at ABERTAY.AC.UK Tue Jan 7 08:46:51 2003 From: j.cormie at ABERTAY.AC.UK (Jason Cormie) Date: Thu Jan 12 21:16:52 2006 Subject: Exim Weirdness Message-ID: Thanks Nick, Somehow I lost that section of my own docs between pilot 1, pilot 2 and production :-( Will implement and see what happens. Just out of curiosity, what exactly does it do and what would have happened without it? Jason On Mon, 2003-01-06 at 20:44, Nick Phillips wrote: > On Tuesday, January 7, 2003, at 04:31 am, Julian Field wrote: > > > MailScanner does not get involved with the delivery process at all, so > > I > > don't think this is likely to be a MailScanner problem. > > > > At 13:43 06/01/2003, you wrote: > >> Mailscanner 3.26 > >> Exim 3.35 > >> > >> just back from my hols looking at my mailscanner box. > >> used eximstats to look at this mornings exim logs and found this... > > > I expect you aren't calling exim_tidydb to clear out the retry database > on the incoming > side. Exactly what's needed is in the installation instructions (either > on the web site or in > the docs directory in the tarball). > > > Cheers, > > > Nick From Richard.Lush at HP.COM Tue Jan 7 09:30:18 2003 From: Richard.Lush at HP.COM (Lush, Richard) Date: Thu Jan 12 21:16:52 2006 Subject: Sophos Update File Message-ID: You don't need a web login you can download it as an eval customer. It is the same code as Sophos give it away free for unix. FWIW -----Original Message----- From: Richard Sidlin [mailto:richard@HELPPLC.COM] Sent: 06 January 2003 17:10 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Sophos Update File I don't have a web login, I only receive the disk :-) > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Spicer, Kevin > Sent: 06 January 2003 17:04 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Sophos Update File > > > > Up to now, the file name has been linux.intel.libc6.tar.z but now, > > from the CD, the .z is missing. How would I install this update > > please. > > The version on the web has the correct name - I'd recommend using the > web version as the CD version is always a month out of date - which > means you have to upgrade it every two months (when they stop > supplying IDE files for it), whereas the web version only needs > upgrading every three months. > > But maybe I'm just lazy.... > From support at INVICTANET.CO.UK Tue Jan 7 11:46:13 2003 From: support at INVICTANET.CO.UK (InvictaNet Customer Support) Date: Thu Jan 12 21:16:52 2006 Subject: SpamAssassin timeout Message-ID: Hi Since mid afternoon yesterday, spamassassin has timed out every time. I have tried increasing the timeout period to 30 seconds but that didn't help. Where can I find information on what is causing the timeout? - Mailscanner itself doesn't seem to have a problem and viruses are being detected ok. Martyn Routley From daniel at ZAJD.COM Tue Jan 7 12:16:53 2003 From: daniel at ZAJD.COM (Daniel Zajd) Date: Thu Jan 12 21:16:52 2006 Subject: SpamAssassin timeout In-Reply-To: Message-ID: Hi! I got the same problem since this morning. Everything have been working perfect until now. Anyone else having the same problem? Suggestions? //Daniel Mailsystem.net > Hi > Since mid afternoon yesterday, spamassassin has timed out every time. I have > tried increasing the timeout period to 30 seconds but that didn't help. > > Where can I find information on what is causing the timeout? - Mailscanner > itself doesn't seem to have a problem and viruses are being detected ok. > > > > Martyn Routley > > From Kevin.Spicer at BMRB.CO.UK Tue Jan 7 12:32:11 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:16:52 2006 Subject: SpamAssassin timeout Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0A4ACF6@pascal.priv.bmrb.co.uk> It may be a problem with one of the RBL checks not responding. I think you should be able to disable these by uncommenting skip rbl checks = 1 in /etc/MailScanner/spam.assassin.prefs.conf and then doing a 'service MailScanner reload' (I'm assuming this option is effective when SA is caled from MS?) > -----Original Message----- > From: Daniel Zajd [mailto:daniel@ZAJD.COM] > Sent: 07 January 2003 12:17 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: SpamAssassin timeout > > > Hi! > > I got the same problem since this morning. Everything have > been working > perfect until now. Anyone else having the same problem? Suggestions? > > //Daniel > Mailsystem.net > > > Hi > > Since mid afternoon yesterday, spamassassin has timed out > every time. I have > > tried increasing the timeout period to 30 seconds but that > didn't help. > > > > Where can I find information on what is causing the > timeout? - Mailscanner > > itself doesn't seem to have a problem and viruses are being > detected ok. > > > > > > > > Martyn Routley > > > > > From florusb at ASCIO.COM Tue Jan 7 12:34:18 2003 From: florusb at ASCIO.COM (Florus Both) Date: Thu Jan 12 21:16:52 2006 Subject: SpamAssassin timeout Message-ID: <2F15A97500CFA0469C9BACC2041F8AC7032E82E1@aries.dk.speednames.com> Same here. To make spamassassin at least do some check I commented "skip_rbl_checks 1" out in /etc/MailScanner/spam.assassin.prefs.conf Not a nice solution, but better then the timeout error. florus -----Original Message----- From: Daniel Zajd [mailto:daniel@ZAJD.COM] Sent: 7. januar 2003 13:17 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: SpamAssassin timeout Hi! I got the same problem since this morning. Everything have been working perfect until now. Anyone else having the same problem? Suggestions? //Daniel Mailsystem.net > Hi > Since mid afternoon yesterday, spamassassin has timed out every time. > I have tried increasing the timeout period to 30 seconds but that > didn't help. > > Where can I find information on what is causing the timeout? - > Mailscanner itself doesn't seem to have a problem and viruses are > being detected ok. > > > > Martyn Routley > > From David.Sullivan at BARNET.AC.UK Tue Jan 7 12:36:02 2003 From: David.Sullivan at BARNET.AC.UK (David Sullivan) Date: Thu Jan 12 21:16:52 2006 Subject: SpamAssassin timeout In-Reply-To: References: Message-ID: <3E1AC9D3.28252.1A578D09@localhost> On 7 Jan 2003 at 13:16, Daniel Zajd wrote: > Hi! > > I got the same problem since this morning. Everything have been > working perfect until now. Anyone else having the same problem? > Suggestions? > If you're doing RBL checks within SpamAssassin it may be down to that, the Osirusoft RBL seems to be having real problems at the moment. David. ============================================================== This communication may contain privileged or confidential information which is for the exclusive use of the intended recipient. If you are not the intended recipient, please note that you may not distribute or use this communication or the information it contains. If this e-mail has reached you in error, please delete it and any attachment. Internet communications are not secure and Barnet College does not accept legal responsibility for the content of this message. Any views or opinions expressed are those of the author and not necessarily those of Barnet College. Please note that Barnet College reserves the right to monitor the source/destinations of all incoming or outgoing e-mail communications. ============================================================== From daniel at ZAJD.COM Tue Jan 7 12:52:21 2003 From: daniel at ZAJD.COM (Daniel Zajd) Date: Thu Jan 12 21:16:52 2006 Subject: SpamAssassin timeout In-Reply-To: <3E1AC9D3.28252.1A578D09@localhost> Message-ID: I also uncommented "skip_rbl_checks 1" to get rid of the Time Out. Now it does some checking. So if the RBL-server doesn't answer MailScanner just kills the SpamAssain process then? Is it possible to test if the RBL-server answer and if not just skip it and do the rest? I saw that there is a new version (2.50) of SpamAssassin. Anyone tried it? //Daniel > On 7 Jan 2003 at 13:16, Daniel Zajd wrote: > >> Hi! >> >> I got the same problem since this morning. Everything have been >> working perfect until now. Anyone else having the same problem? >> Suggestions? >> > > If you're doing RBL checks within SpamAssassin it may be down to > that, the Osirusoft RBL seems to be having real problems at the > moment. > > David. > > ============================================================== > This communication may contain privileged or confidential information which > is for the exclusive use of the intended recipient. If you are not the > intended recipient, please note that you may not distribute or use this > communication or the information it contains. If this e-mail has reached you > in error, please delete it and any attachment. > > Internet communications are not secure and Barnet College does not accept > legal responsibility for the content of this message. Any views or opinions > expressed are those of the author and not necessarily those of Barnet College. > > Please note that Barnet College reserves the right to monitor the > source/destinations of all incoming or outgoing e-mail communications. > ============================================================== > > From Heinz.Knutzen at DZSH.DE Tue Jan 7 13:08:51 2003 From: Heinz.Knutzen at DZSH.DE (Knutzen, Heinz (DZ-SH)) Date: Thu Jan 12 21:16:52 2006 Subject: *.otf cause Windows to restart Message-ID: <6C645222B0A8BC4FBFACD7606D4306A822FDEC@dzrz-ex-1.dzsh.landsh.de> It seems to be possible to crash w2k and XP by opening special *.otf files. We will block these files using filename.rules.conf. >From bugtraq http://online.securityfocus.com/archive/1/305382 >>>> Subject: Opentype font file causes Windows to restart. Problem ------- The attached OpenType font file will cause Windows to restart immediately when the file is opened by the default viewer (fontview). I doubt anyone would suspect a "harmless" little font file of being able to cause such a thing to happen! Software affected ----------------- It has been tested on both Windows 2000 and Windows XP with exactly the same result -- an immediate restart. Other versions of Windows are untested. Fix --- No fix known. attachment: restart.otf <<<< Viele Gr??e -- Heinz From j.cormie at ABERTAY.AC.UK Tue Jan 7 13:17:35 2003 From: j.cormie at ABERTAY.AC.UK (Jason Cormie) Date: Thu Jan 12 21:16:52 2006 Subject: SpamAssassin timeout Message-ID: which rbl's are you using that are causing the timeout? -----Original Message----- From: Florus Both [mailto:florusb@ASCIO.COM] Sent: 07, January, 2003 12:34 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: SpamAssassin timeout Same here. To make spamassassin at least do some check I commented "skip_rbl_checks 1" out in /etc/MailScanner/spam.assassin.prefs.conf Not a nice solution, but better then the timeout error. florus -----Original Message----- From: Daniel Zajd [mailto:daniel@ZAJD.COM] Sent: 7. januar 2003 13:17 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: SpamAssassin timeout Hi! I got the same problem since this morning. Everything have been working perfect until now. Anyone else having the same problem? Suggestions? //Daniel Mailsystem.net > Hi > Since mid afternoon yesterday, spamassassin has timed out every time. > I have tried increasing the timeout period to 30 seconds but that > didn't help. > > Where can I find information on what is causing the timeout? - > Mailscanner itself doesn't seem to have a problem and viruses are > being detected ok. > > > > Martyn Routley > > From support at INVICTANET.CO.UK Tue Jan 7 13:24:48 2003 From: support at INVICTANET.CO.UK (InvictaNet Customer Support) Date: Thu Jan 12 21:16:52 2006 Subject: SpamAssassin timeout In-Reply-To: Message-ID: This seems to have been the case for me. I also disabled the rbl checks in mailscanner.conf, thus stopping all rbl checks. The message from David Sullivan about Osirusoft might explain why the problem arose in the first place. Thanks to all who responded so quickly. Martyn Routley ----------------------------------------------------------------- InvictaNet - The Internet in Plain English, Guaranteed http://www.invictanet.co.uk martyn@support.invictanet.co.uk phone: 08707 440180 fax: 08707 440181 Ask us about our online Antivirus and Junk mail scanning service ----------------------------------------------------------------- -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Spicer, Kevin Sent: 07 January 2003 12:32 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: SpamAssassin timeout It may be a problem with one of the RBL checks not responding. I think you should be able to disable these by uncommenting skip rbl checks = 1 in /etc/MailScanner/spam.assassin.prefs.conf and then doing a 'service MailScanner reload' (I'm assuming this option is effective when SA is caled from MS?) > -----Original Message----- > From: Daniel Zajd [mailto:daniel@ZAJD.COM] > Sent: 07 January 2003 12:17 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: SpamAssassin timeout > > > Hi! > > I got the same problem since this morning. Everything have > been working > perfect until now. Anyone else having the same problem? Suggestions? > > //Daniel > Mailsystem.net > > > Hi > > Since mid afternoon yesterday, spamassassin has timed out > every time. I have > > tried increasing the timeout period to 30 seconds but that > didn't help. > > > > Where can I find information on what is causing the > timeout? - Mailscanner > > itself doesn't seem to have a problem and viruses are being > detected ok. > > > > > > > > Martyn Routley > > > > > ---------------------------------------------- This message has been scanned for viruses and dangerous content by the http://www.anti84787.com MailScanner, and is believed to be clean. From Denis.Beauchemin at USHERBROOKE.CA Tue Jan 7 13:26:56 2003 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:16:52 2006 Subject: MailScanner-MRTG problem Message-ID: <1041946016.15742.5747.camel@dbeauchemin.si.usherbrooke.ca> Hello, One of my graphs maxes out and I can't seem to do what is right to correct it: The text below the graph is: Max : 2146.1 M bytes Average : 801.5 M bytes Current : 112.7 M bytes The definition for it is: # grep mailbytes /etc/mrtg/mailscanner-mrtg.cfg Target[mailbytes]: `/usr/sbin/mailscanner-mrtg mailbytes` Title[mailbytes]: Bytes of Mail Processed Background[mailbytes]: #ffffff PageTop[mailbytes]:

Bytes of Mail Processed

WithPeak[mailbytes]: wmy Directory[mailbytes]: mailbytes MaxBytes[mailbytes]: 5000000000000 AbsMax[mailbytes]: 100000000000000 YLegend[mailbytes]: Bytes ShortLegend[mailbytes]:  bytes     Legend1[mailbytes]: Average Bytes Legend2[mailbytes]: Legend3[mailbytes]: Maximum Bytes Legend4[mailbytes]: LegendI[mailbytes]: : LegendO[mailbytes]: I'm using mailscanner-mrtg-0.04-2.noarch.rpm. Any ideas? THanks! Denis -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: mailbytes-day.png Type: image/png Size: 2085 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030107/f7e14a18/mailbytes-day.png From mailscanner at ecs.soton.ac.uk Tue Jan 7 13:48:23 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:52 2006 Subject: SpamAssassin timeout In-Reply-To: References: <3E1AC9D3.28252.1A578D09@localhost> Message-ID: <5.2.0.9.2.20030107134556.03cb8f98@imap.ecs.soton.ac.uk> At 12:52 07/01/2003, you wrote: >I also uncommented "skip_rbl_checks 1" to get rid of the Time Out. Now it >does some checking. > >So if the RBL-server doesn't answer MailScanner just kills the SpamAssain >process then? Yes. And once it has timed out several times in a row, SpamAssassin will be ignored entirely until the next auto-restart a few hours later. >Is it possible to test if the RBL-server answer and if not >just skip it and do the rest? SpamAssassin can't do that. If you do the RBL checking with MailScanner, it will do what you want. SpamAssassin isn't very robust when services it is using fail. >I saw that there is a new version (2.50) of SpamAssassin. Anyone tried it? I never touch their x.x0 releases. The x.x1 released are usually better :-) > > On 7 Jan 2003 at 13:16, Daniel Zajd wrote: > > > >> Hi! > >> > >> I got the same problem since this morning. Everything have been > >> working perfect until now. Anyone else having the same problem? > >> Suggestions? > >> > > > > If you're doing RBL checks within SpamAssassin it may be down to > > that, the Osirusoft RBL seems to be having real problems at the > > moment. > > > > David. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From t.d.lee at DURHAM.AC.UK Tue Jan 7 12:56:53 2003 From: t.d.lee at DURHAM.AC.UK (David Lee) Date: Thu Jan 12 21:16:52 2006 Subject: SpamAssassin timeout In-Reply-To: Message-ID: On Tue, 7 Jan 2003, InvictaNet Customer Support wrote: > Since mid afternoon yesterday, spamassassin has timed out every time. I have > tried increasing the timeout period to 30 seconds but that didn't help. > > Where can I find information on what is causing the timeout? - Mailscanner > itself doesn't seem to have a problem and viruses are being detected ok. Ah! Interesting. Around 11:00 GMT/UT yesterday (Mon 6th Jan), I noticed our MailScanner inbound queue similarly started piling up and not clearing. Likewise we got SpamAssassin timeouts and I ended up inserting "skip_rbl_checks 1" into "spam.assassin.prefs.conf" which seemed to avoid the immediate problem. As far as I know there were no local changes coincident with this (it had been running happily since well before the Christmas holiday). We are: Redhat 7.3 MailScanner: 4.05-3 SpamAssassin 2.43 configuration policy: as delivered, change as little as possible ~25,000 emails per day Is there someone on this list who knows the murky depths of SpamAssassin and their interaction with MailScanner? (I don't!) My suspicion is that some RBL check, called from SpamAssassin, is in trouble, and that SpamAssassin's timeouts (either internally or as guided somehow by MailScanner) are not behaving properly. -- : David Lee I.T. Service : : Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham : : Phone: +44 191 374 2882 U.K. : From mailscanner at ecs.soton.ac.uk Tue Jan 7 14:40:11 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:52 2006 Subject: SpamAssassin timeout In-Reply-To: References: Message-ID: <5.2.0.9.2.20030107143819.03c9c9f0@imap.ecs.soton.ac.uk> At 12:56 07/01/2003, you wrote: >On Tue, 7 Jan 2003, InvictaNet Customer Support wrote: > > > Since mid afternoon yesterday, spamassassin has timed out every time. I > have > > tried increasing the timeout period to 30 seconds but that didn't help. > > > > Where can I find information on what is causing the timeout? - Mailscanner > > itself doesn't seem to have a problem and viruses are being detected ok. > >Ah! Interesting. > >Around 11:00 GMT/UT yesterday (Mon 6th Jan), I noticed our MailScanner >inbound queue similarly started piling up and not clearing. Likewise we >got SpamAssassin timeouts and I ended up inserting "skip_rbl_checks 1" >into "spam.assassin.prefs.conf" which seemed to avoid the immediate >problem. > >As far as I know there were no local changes coincident with this (it had >been running happily since well before the Christmas holiday). > >We are: > Redhat 7.3 > MailScanner: 4.05-3 > SpamAssassin 2.43 > configuration policy: as delivered, change as little as possible > ~25,000 emails per day > >Is there someone on this list who knows the murky depths of SpamAssassin >and their interaction with MailScanner? (I don't!) My suspicion is that >some RBL check, called from SpamAssassin, is in trouble, and that >SpamAssassin's timeouts (either internally or as guided somehow by >MailScanner) are not behaving properly. Have a look in your maillog for SpamAssassin timed out and was killed This should be followed by the failure number, which will hopefully slowly count up from 1. What log entries have you got of this type? -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From email-ian at POST1.COM Tue Jan 7 14:59:57 2003 From: email-ian at POST1.COM (eejs) Date: Thu Jan 12 21:16:52 2006 Subject: InoculateIT and Mailscanner for rh 7.3 and 8.0 References: <000201c2607b$45ee6350$6401a8c0@jamesdesktop> <3E1AEB30.77F65D05@post1.com> Message-ID: <3E1AEB6D.DD1D1D63@post1.com> you can also use this wrapper for cmdline scanning. eejs wrote: > > 1. Edit the wrapper script (mine is called inowrapper, f-prot user will have > this as f-protwrapper), uncomment the option header "LD_LIBRARY_PATH=" and > "export LD_LIBRARY_PATH" so it look something like this: > > LD_LIBRARY_PATH=/ino/lib: inoculateit>/ino/config:/ino/secu/lib > export LD_LIBRARY_PATH > > 2. Create symbolic link for file inoculateit>/ino/config/libarclib.so in > /ino/lib > > JS. -- |\,/| ()-@@ , `--')/ Kind regards, Ju Seong From email-ian at POST1.COM Tue Jan 7 15:04:52 2003 From: email-ian at POST1.COM (eejs) Date: Thu Jan 12 21:16:52 2006 Subject: InoculateIT and Mailscanner for rh 7.3 and 8.0 References: <000201c2607b$45ee6350$6401a8c0@jamesdesktop> <3E1AEB30.77F65D05@post1.com> <3E1AEB6D.DD1D1D63@post1.com> Message-ID: <3E1AEC94.2AAEDD88@post1.com> oops, this post was sent by mistake!! please ignore, sorry. eejs wrote: > > you can also use this wrapper for cmdline scanning. > > eejs wrote: > > > > 1. Edit the wrapper script (mine is called inowrapper, f-prot user will have > > this as f-protwrapper), uncomment the option header "LD_LIBRARY_PATH=" and > > "export LD_LIBRARY_PATH" so it look something like this: > > > > LD_LIBRARY_PATH=/ino/lib: > inoculateit>/ino/config:/ino/secu/lib > > export LD_LIBRARY_PATH > > > > 2. Create symbolic link for file > inoculateit>/ino/config/libarclib.so in > > /ino/lib > > > > JS. > > -- > |\,/| > ()-@@ , > `--')/ > Kind regards, > Ju Seong -- |\,/| ()-@@ , `--')/ Kind regards, Ju Seong From support at INVICTANET.CO.UK Tue Jan 7 15:14:55 2003 From: support at INVICTANET.CO.UK (InvictaNet Customer Support) Date: Thu Jan 12 21:16:52 2006 Subject: SpamAssassin timeout In-Reply-To: <5.2.0.9.2.20030107143819.03c9c9f0@imap.ecs.soton.ac.uk> Message-ID: From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Julian Field Sent: 07 January 2003 14:40 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: SpamAssassin timeout At 12:56 07/01/2003, you wrote: >On Tue, 7 Jan 2003, InvictaNet Customer Support wrote: > > > Since mid afternoon yesterday, spamassassin has timed out every time. I > have > > tried increasing the timeout period to 30 seconds but that didn't help. > > > > Where can I find information on what is causing the timeout? - Mailscanner > > itself doesn't seem to have a problem and viruses are being detected ok. > >Ah! Interesting. > >Around 11:00 GMT/UT yesterday (Mon 6th Jan), I noticed our MailScanner >inbound queue similarly started piling up and not clearing. Likewise we >got SpamAssassin timeouts and I ended up inserting "skip_rbl_checks 1" >into "spam.assassin.prefs.conf" which seemed to avoid the immediate >problem. > >As far as I know there were no local changes coincident with this (it had >been running happily since well before the Christmas holiday). > >We are: > Redhat 7.3 > MailScanner: 4.05-3 > SpamAssassin 2.43 > configuration policy: as delivered, change as little as possible > ~25,000 emails per day > >Is there someone on this list who knows the murky depths of SpamAssassin >and their interaction with MailScanner? (I don't!) My suspicion is that >some RBL check, called from SpamAssassin, is in trouble, and that >SpamAssassin's timeouts (either internally or as guided somehow by >MailScanner) are not behaving properly. Have a look in your maillog for SpamAssassin timed out and was killed This should be followed by the failure number, which will hopefully slowly count up from 1. What log entries have you got of this type? -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support I don't know about slowly....... Mine went from 1 to 10 quite rapidly. Since I disabled the RBL checks everything has gone fine. Martyn Routley ----------------------------------------------------------------- InvictaNet - The Internet in Plain English, Guaranteed http://www.invictanet.co.uk martyn@support.invictanet.co.uk phone: 08707 440180 fax: 08707 440181 Ask us about our online Antivirus and Junk mail scanning service ----------------------------------------------------------------- From Kevin.Spicer at BMRB.CO.UK Tue Jan 7 15:28:25 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:16:52 2006 Subject: SpamAssassin timeout Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0A4ACF7@pascal.priv.bmrb.co.uk> > >Is it possible to test if the RBL-server answer and if not > >just skip it and do the rest? > > SpamAssassin can't do that. If you do the RBL checking with > MailScanner, it > will do what you want. SpamAssassin isn't very robust when > services it is > using fail. > My understanding (read assumption!) was that if you use MailScanner to do the RBL checks, and then pass to SpamAssassin for further checks that any message from a host found in the RBL will be marked as SPAM, even if the spamassassin score would have been lower than the spam threshold. In other words the mailscanner RBL checks and the spamassassin checks are completely seperate(?). From mailscanner at ecs.soton.ac.uk Tue Jan 7 15:34:26 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:52 2006 Subject: SpamAssassin timeout In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0A4ACF7@pascal.priv.bmrb.co .uk> Message-ID: <5.2.0.9.2.20030107153414.04ed9d80@imap.ecs.soton.ac.uk> At 15:28 07/01/2003, you wrote: > > >Is it possible to test if the RBL-server answer and if not > > >just skip it and do the rest? > > > > SpamAssassin can't do that. If you do the RBL checking with > > MailScanner, it > > will do what you want. SpamAssassin isn't very robust when > > services it is > > using fail. > > > >My understanding (read assumption!) was that if you use MailScanner to do >the RBL checks, and then pass to SpamAssassin for further checks that any >message from a host found in the RBL will be marked as SPAM, even if the >spamassassin score would have been lower than the spam threshold. In >other words the mailscanner RBL checks and the spamassassin checks are >completely seperate(?). Correct. They are separate. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From MHewryk at SYMCOR.COM Tue Jan 7 15:38:18 2003 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:16:52 2006 Subject: SpamAssassin timeout - can't disable RBL check Message-ID: For some reason even if I disabled RBL checks I'm still timeout out from SpamAssassin. Yes, I stop/start MailScanner. Jan 7 10:28:28 tonka MailScanner[15526]: RBL Check no timed out and was killed, consecutive failure 1 of 7 Any hints why RBL is still active? I'm running : Redhat 7.3 MailScanner: 4.10 SpamAssassin 2.43 1)I've changes RBL check in spam.assassin.prefs.conf file: # By default, SpamAssassin will run RBL checks. If your ISP already # does this, set this to 1. # # skip_rbl_checks 1 - mnh this is by default commented out skip_rbl_checks 1 2) I've disabled RBLs from MailScanner.conf file # This is the list of spam blacklists (RBLs) which you are using. # See the "Spam List Definitions" file for more information about what # you can put here. # This can also be the filename of a ruleset. # mnh Spam List = ORDB-RBL Infinite-Monkeys # MAPS-RBL+ costs money (except .ac.uk) # mnh Spam List = ORDB-RBL #MAPS-RBL+ costs money (except .ac.uk) Spam List = no Thanks, Magda Hewryk -------------------------------- Mid-Range Systems RSP: 905-273-1637 CELL: 416-948-4427 InvictaNet Customer Support To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: SpamAssassin timeout Sent by: MailScanner mailing list 01/07/2003 10:14 AM Please respond to MailScanner mailing list From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Julian Field Sent: 07 January 2003 14:40 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: SpamAssassin timeout At 12:56 07/01/2003, you wrote: >On Tue, 7 Jan 2003, InvictaNet Customer Support wrote: > > > Since mid afternoon yesterday, spamassassin has timed out every time. I > have > > tried increasing the timeout period to 30 seconds but that didn't help. > > > > Where can I find information on what is causing the timeout? - Mailscanner > > itself doesn't seem to have a problem and viruses are being detected ok. > >Ah! Interesting. > >Around 11:00 GMT/UT yesterday (Mon 6th Jan), I noticed our MailScanner >inbound queue similarly started piling up and not clearing. Likewise we >got SpamAssassin timeouts and I ended up inserting "skip_rbl_checks 1" >into "spam.assassin.prefs.conf" which seemed to avoid the immediate >problem. > >As far as I know there were no local changes coincident with this (it had >been running happily since well before the Christmas holiday). > >We are: > Redhat 7.3 > MailScanner: 4.05-3 > SpamAssassin 2.43 > configuration policy: as delivered, change as little as possible > ~25,000 emails per day > >Is there someone on this list who knows the murky depths of SpamAssassin >and their interaction with MailScanner? (I don't!) My suspicion is that >some RBL check, called from SpamAssassin, is in trouble, and that >SpamAssassin's timeouts (either internally or as guided somehow by >MailScanner) are not behaving properly. Have a look in your maillog for SpamAssassin timed out and was killed This should be followed by the failure number, which will hopefully slowly count up from 1. What log entries have you got of this type? -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support I don't know about slowly....... Mine went from 1 to 10 quite rapidly. Since I disabled the RBL checks everything has gone fine. Martyn Routley ----------------------------------------------------------------- InvictaNet - The Internet in Plain English, Guaranteed http://www.invictanet.co.uk martyn@support.invictanet.co.uk phone: 08707 440180 fax: 08707 440181 Ask us about our online Antivirus and Junk mail scanning service ----------------------------------------------------------------- From David.Sullivan at BARNET.AC.UK Tue Jan 7 15:38:09 2003 From: David.Sullivan at BARNET.AC.UK (David Sullivan) Date: Thu Jan 12 21:16:52 2006 Subject: SpamAssassin timeout In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0A4ACF7@pascal.priv.bmrb.co.uk> Message-ID: <3E1AF483.10417.1AFE4BCF@localhost> On 7 Jan 2003 at 15:28, Spicer, Kevin wrote: > > >Is it possible to test if the RBL-server answer and if not > > >just skip it and do the rest? > > > > SpamAssassin can't do that. If you do the RBL checking with > > MailScanner, it > > will do what you want. SpamAssassin isn't very robust when > > services it is > > using fail. > > > > My understanding (read assumption!) was that if you use MailScanner to > do the RBL checks, and then pass to SpamAssassin for further checks > that any message from a host found in the RBL will be marked as SPAM, > even if the spamassassin score would have been lower than the spam > threshold. In other words the mailscanner RBL checks and the > spamassassin checks are completely seperate(?). I think you're misunderstanding the comment slightly. If MailScanner doing RBL checks notices that they've timed out a number of times in a row it will stop using the RBL checks till the next MailScanner restart. If you do the RBL checks within SpamAssassin this means that SpamAssasin as a whole will time out and cannot "disable the RBL checks" itself (as MailScanner does). In turn MailScanner should see that SpamAssassin is timing out and disable it till the next MailScanner restart. David. ============================================================== This communication may contain privileged or confidential information which is for the exclusive use of the intended recipient. If you are not the intended recipient, please note that you may not distribute or use this communication or the information it contains. If this e-mail has reached you in error, please delete it and any attachment. Internet communications are not secure and Barnet College does not accept legal responsibility for the content of this message. Any views or opinions expressed are those of the author and not necessarily those of Barnet College. Please note that Barnet College reserves the right to monitor the source/destinations of all incoming or outgoing e-mail communications. ============================================================== From MHewryk at SYMCOR.COM Tue Jan 7 15:50:06 2003 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:16:52 2006 Subject: Whitelist and MailScanner/SpamAssassin Message-ID: Hi, I'm running : Redhat 7.3 MailScanner: 4.10 SpamAssassin 2.43 I had a specific domain entered in MailScanner and SpamAssassin list. When I removed that domain form whitelists and stop/start MailScanner for some reason that domain is still not scanned for SPAM! I've disabled whitelists and still this domain is ignored: 1.) Is Definitely Not Spam = no # Is Definitely Not Spam = /etc/MailScanner/rules/spam.whitelist.rules 2.) SpamAssassin Auto Whitelist = no # mnh SpamAssassin Auto Whitelist = yes How can I check if the new configuration is really set and MailScanner.conf file is really reload properly? All logs show successful re-load. Is this something is the .spamassassin directory which overrides the setup from MailScanner.conf file? [root@tonka .spamassassin]# ls -ltr total 16 -rw-r--r-- 1 root root 1123 Dec 17 15:54 user_prefs -rw------- 1 root root 13111 Jan 3 00:22 auto-whitelist [root@tonka .spamassassin]# root@tonka MailScanner]# service MailScanner reload Reloading MailScanner workers: MailScanner: [ OK ] [root@tonka MailScanner]# n 7 10:46:02 tonka MailScanner[20269]: MailScanner child caught a SIGHUP Jan 7 10:46:02 tonka MailScanner[20308]: MailScanner child caught a SIGHUP Jan 7 10:46:02 tonka MailScanner[20376]: MailScanner child caught a SIGHUP Jan 7 10:46:02 tonka MailScanner[20412]: MailScanner child caught a SIGHUP Jan 7 10:46:02 tonka MailScanner[20415]: MailScanner child caught a SIGHUP Jan 7 10:46:02 tonka MailScanner[20557]: MailScanner Jan 7 10:46:02 tonka MailScanner[20557]: MailScanner E-Mail Virus Scanner version 4.10-1 starting... Jan 7 10:46:12 tonka MailScanner[20559]: MailScanner Jan 7 10:46:12 tonka MailScanner[20559]: MailScanner E-Mail Virus Scanner version 4.10-1 starting... root@tonka MailScanner]# ps -ef | grep Mail root 20265 1 0 10:43 ? 00:00:00 /usr/bin/perl -I/usr/lib/MailSca root 20557 20265 5 10:46 ? 00:00:04 /usr/bin/perl -I/usr/lib/MailSca root 20559 20265 7 10:46 ? 00:00:04 /usr/bin/perl -I/usr/lib/MailSca root 20602 20265 8 10:46 ? 00:00:04 /usr/bin/perl -I/usr/lib/MailSca root 20625 20265 10 10:46 ? 00:00:04 /usr/bin/perl -I/usr/lib/MailSca root 20626 20265 14 10:46 ? 00:00:04 /usr/bin/perl -I/usr/lib/MailSca Thanks, Magda Hewryk -------------------------------- Mid-Range Systems RSP: 905-273-1637 CELL: 416-948-4427 From t.d.lee at DURHAM.AC.UK Tue Jan 7 15:34:11 2003 From: t.d.lee at DURHAM.AC.UK (David Lee) Date: Thu Jan 12 21:16:52 2006 Subject: SpamAssassin timeout In-Reply-To: <5.2.0.9.2.20030107143819.03c9c9f0@imap.ecs.soton.ac.uk> Message-ID: On Tue, 7 Jan 2003, Julian Field wrote: > At 12:56 07/01/2003, you wrote: > >[...] > >Around 11:00 GMT/UT yesterday (Mon 6th Jan), I noticed our MailScanner > >inbound queue similarly started piling up and not clearing. Likewise we > >got SpamAssassin timeouts and I ended up inserting "skip_rbl_checks 1" > >into "spam.assassin.prefs.conf" which seemed to avoid the immediate > >problem. > > > >As far as I know there were no local changes coincident with this (it had > >been running happily since well before the Christmas holiday). > > > > Have a look in your maillog for > SpamAssassin timed out and was killed > This should be followed by the failure number, which will hopefully slowly > count up from 1. What log entries have you got of this type? Yes, I saw those, and the numbers (e.g "failure 272 of 20"(!)) supported the conviction that something was wrong deep within the bowels of SpamAssassin. Jan 6 14:24:38 mailrelay1 MailScanner[8198]: SpamAssassin timed out and was killed, consecutive failure 270 of 20 Jan 6 14:24:41 mailrelay1 MailScanner[8162]: SpamAssassin timed out and was killed, consecutive failure 271 of 20 Jan 6 14:24:46 mailrelay1 MailScanner[8129]: SpamAssassin timed out and was killed, consecutive failure 272 of 20 Jan 6 14:25:01 mailrelay1 MailScanner[8185]: SpamAssassin timed out and was killed, consecutive failure 270 of 20 Jan 6 14:25:03 mailrelay1 MailScanner[8211]: SpamAssassin timed out and was killed, consecutive failure 271 of 20 Jan 6 14:25:09 mailrelay1 MailScanner[8198]: SpamAssassin timed out and was killed, consecutive failure 271 of 20 Jan 6 14:25:12 mailrelay1 MailScanner[8162]: SpamAssassin timed out and was killed, consecutive failure 272 of 20 Hence my earlier question: > >Is there someone on this list who knows the murky depths of SpamAssassin > >and their interaction with MailScanner? (I don't!) My suspicion is that > >some RBL check, called from SpamAssassin, is in trouble, and that > >SpamAssassin's timeouts (either internally or as guided somehow by > >MailScanner) are not behaving properly. Hope that helps. -- : David Lee I.T. Service : : Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham : : Phone: +44 191 374 2882 U.K. : From RHerban at GRAMTEL.NET Tue Jan 7 16:21:34 2003 From: RHerban at GRAMTEL.NET (Randy Herban) Date: Thu Jan 12 21:16:52 2006 Subject: SpamAssassin timeout Message-ID: Unfortunately something that I noticed yesterday when the RBL's were offline was that MailScanner was not ceasing to use spamassassin even though I was up to 75 consecutive failures out of 20. I just upgraded to the newest MS-4.11-1 yesterday as well. RedHat 8.0 if it helps. -randy -----Original Message----- From: David Sullivan [mailto:David.Sullivan@BARNET.AC.UK] Sent: Tuesday, January 07, 2003 10:38 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: SpamAssassin timeout On 7 Jan 2003 at 15:28, Spicer, Kevin wrote: > > >Is it possible to test if the RBL-server answer and if not just > > >skip it and do the rest? > > > > SpamAssassin can't do that. If you do the RBL checking with > > MailScanner, it will do what you want. SpamAssassin isn't very > > robust when services it is > > using fail. > > > > My understanding (read assumption!) was that if you use MailScanner to > do the RBL checks, and then pass to SpamAssassin for further checks > that any message from a host found in the RBL will be marked as SPAM, > even if the spamassassin score would have been lower than the spam > threshold. In other words the mailscanner RBL checks and the > spamassassin checks are completely seperate(?). I think you're misunderstanding the comment slightly. If MailScanner doing RBL checks notices that they've timed out a number of times in a row it will stop using the RBL checks till the next MailScanner restart. If you do the RBL checks within SpamAssassin this means that SpamAssasin as a whole will time out and cannot "disable the RBL checks" itself (as MailScanner does). In turn MailScanner should see that SpamAssassin is timing out and disable it till the next MailScanner restart. David. ============================================================== This communication may contain privileged or confidential information which is for the exclusive use of the intended recipient. If you are not the intended recipient, please note that you may not distribute or use this communication or the information it contains. If this e-mail has reached you in error, please delete it and any attachment. Internet communications are not secure and Barnet College does not accept legal responsibility for the content of this message. Any views or opinions expressed are those of the author and not necessarily those of Barnet College. Please note that Barnet College reserves the right to monitor the source/destinations of all incoming or outgoing e-mail communications. ============================================================== From mike at CAMAROSS.NET Tue Jan 7 16:40:35 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:16:52 2006 Subject: SpamAssassin timeout In-Reply-To: Message-ID: <007401c2b66b$885e42f0$6901a8c0@home.middlefinger.net> I had a similar problem yesterday...I think Osirusoft was down. Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of InvictaNet Customer Support Sent: Tuesday, January 07, 2003 5:46 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: SpamAssassin timeout Hi Since mid afternoon yesterday, spamassassin has timed out every time. I have tried increasing the timeout period to 30 seconds but that didn't help. Where can I find information on what is causing the timeout? - Mailscanner itself doesn't seem to have a problem and viruses are being detected ok. Martyn Routley From dwinkler at ALGORITHMICS.COM Tue Jan 7 16:50:08 2003 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:16:52 2006 Subject: Whitelisting problem Message-ID: <06EE2C86D3DAD5119A6C0060943F3C970402C0B3@tormail1.algorithmics.com> IBM is a partner of ours so I have whitelisted ibm.com But now some spammer is forging both the envelope and header to look like it cam from ibm.com The spammer appears to be creating random addresses ending in @ibm.com Is my only choice to remove ibm.com from the whitelist? Thanks, Derek Winkler Security Administrator Algorithmics Inc., Toronto Tel: (416) 217-4107 Fax: (416) 971-6263 www.algorithmics.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030107/6d8477d3/attachment.html From mailscanner at ecs.soton.ac.uk Tue Jan 7 16:37:05 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:52 2006 Subject: SpamAssassin timeout - can't disable RBL check In-Reply-To: Message-ID: <5.2.0.9.2.20030107163648.03bb6008@imap.ecs.soton.ac.uk> At 15:38 07/01/2003, you wrote: >For some reason even if I disabled RBL checks I'm still timeout out from >SpamAssassin. Yes, I stop/start MailScanner. > >Jan 7 10:28:28 tonka MailScanner[15526]: RBL Check no timed out and was >killed, consecutive failure 1 of 7 You created an RBL list of "no". What you want is an empty list. >Any hints why RBL is still active? > > >I'm running : >Redhat 7.3 >MailScanner: 4.10 >SpamAssassin 2.43 > >1)I've changes RBL check in spam.assassin.prefs.conf file: > ># By default, SpamAssassin will run RBL checks. If your ISP already ># does this, set this to 1. ># ># skip_rbl_checks 1 - mnh this is by default commented out >skip_rbl_checks 1 > >2) I've disabled RBLs from MailScanner.conf file ># This is the list of spam blacklists (RBLs) which you are using. ># See the "Spam List Definitions" file for more information about what ># you can put here. ># This can also be the filename of a ruleset. ># mnh Spam List = ORDB-RBL Infinite-Monkeys # MAPS-RBL+ costs money (except >.ac.uk) ># mnh Spam List = ORDB-RBL #MAPS-RBL+ costs money (except .ac.uk) >Spam List = no > > > >Thanks, > >Magda Hewryk >-------------------------------- >Mid-Range Systems >RSP: 905-273-1637 >CELL: 416-948-4427 > > > > InvictaNet > Customer > Support To: MAILSCANNER@JISCMAIL.AC.UK > T.CO.UK> Subject: Re: > SpamAssassin timeout > Sent by: > MailScanner > mailing list > AIL.AC.UK> > > > 01/07/2003 10:14 > AM > Please respond to > MailScanner > mailing list > > > > > > >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >Behalf Of Julian Field >Sent: 07 January 2003 14:40 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: SpamAssassin timeout > > >At 12:56 07/01/2003, you wrote: > >On Tue, 7 Jan 2003, InvictaNet Customer Support wrote: > > > > > Since mid afternoon yesterday, spamassassin has timed out every time. I > > have > > > tried increasing the timeout period to 30 seconds but that didn't help. > > > > > > Where can I find information on what is causing the timeout? - >Mailscanner > > > itself doesn't seem to have a problem and viruses are being detected >ok. > > > >Ah! Interesting. > > > >Around 11:00 GMT/UT yesterday (Mon 6th Jan), I noticed our MailScanner > >inbound queue similarly started piling up and not clearing. Likewise we > >got SpamAssassin timeouts and I ended up inserting "skip_rbl_checks 1" > >into "spam.assassin.prefs.conf" which seemed to avoid the immediate > >problem. > > > >As far as I know there were no local changes coincident with this (it had > >been running happily since well before the Christmas holiday). > > > >We are: > > Redhat 7.3 > > MailScanner: 4.05-3 > > SpamAssassin 2.43 > > configuration policy: as delivered, change as little as possible > > ~25,000 emails per day > > > >Is there someone on this list who knows the murky depths of SpamAssassin > >and their interaction with MailScanner? (I don't!) My suspicion is that > >some RBL check, called from SpamAssassin, is in trouble, and that > >SpamAssassin's timeouts (either internally or as guided somehow by > >MailScanner) are not behaving properly. > >Have a look in your maillog for > SpamAssassin timed out and was killed >This should be followed by the failure number, which will hopefully slowly >count up from 1. What log entries have you got of this type? >-- >Julian Field >www.MailScanner.info >MailScanner thanks transtec Computers for their support > > > >I don't know about slowly....... >Mine went from 1 to 10 quite rapidly. Since I disabled the RBL checks >everything has gone fine. > >Martyn Routley >----------------------------------------------------------------- >InvictaNet - The Internet in Plain English, Guaranteed >http://www.invictanet.co.uk >martyn@support.invictanet.co.uk >phone: 08707 440180 >fax: 08707 440181 >Ask us about our online Antivirus and Junk mail scanning service >----------------------------------------------------------------- -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Tue Jan 7 16:55:33 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:52 2006 Subject: Whitelisting problem In-Reply-To: <06EE2C86D3DAD5119A6C0060943F3C970402C0B3@tormail1.algorith mics.com> Message-ID: <5.2.0.9.2.20030107165515.05051d58@imap.ecs.soton.ac.uk> At 16:50 07/01/2003, you wrote: >IBM is a partner of ours so I have whitelisted ibm.com > >But now some spammer is forging both the envelope and header to look like >it cam from ibm.com > >The spammer appears to be creating random addresses ending in @ibm.com > >Is my only choice to remove ibm.com from the whitelist? If ibm.com only use a few outgoing mail servers, you could whitelist their IP addresses instead. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mkettler at EVI-INC.COM Tue Jan 7 17:05:50 2003 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:16:52 2006 Subject: Whitelisting problem In-Reply-To: <06EE2C86D3DAD5119A6C0060943F3C970402C0B3@tormail1.algorith mics.com> Message-ID: <5.1.1.6.0.20030107120328.00b84410@192.168.50.2> If you're using SpamAssassin 2.40 or higher under MailScanner, you can always use SpamAssassin's "whitelist_from_rcvd" feature. This requires a match of both a from: line and a recieved: line prior to being whitelisted. ie: whitelist_from_rcvd mkettler@evi-inc.com 208-39-141-94.isp.comcastbusiness.net At 11:50 AM 1/7/2003 -0500, Derek Winkler wrote: >IBM is a partner of ours so I have whitelisted ibm.com > >But now some spammer is forging both the envelope and header to look like >it cam from ibm.com > >The spammer appears to be creating random addresses ending in @ibm.com > >Is my only choice to remove ibm.com from the whitelist? > >Thanks, > >Derek Winkler >Security Administrator >Algorithmics Inc., Toronto >Tel: (416) 217-4107 >Fax: (416) 971-6263 >www.algorithmics.com From mbowman at UDCOM.COM Tue Jan 7 17:03:24 2003 From: mbowman at UDCOM.COM (Matthew Bowman) Date: Thu Jan 12 21:16:52 2006 Subject: spam actions query Message-ID: Greetings, This is relating to Derek's recent post. Until now my spam.actions.conf has been behaving well until I added two of our local domains (i'm using example domain names) as follows:- FromTo: *@abcd.efghi.net delete FromTo: *@abcdefg.efghi.net delete Both of these are amongst 2 of our mail servers. The problem is that spammers are forging both domains to send out spam. I thought including the above lines and restarting mailscanner would prevent:- 1. Outbound e-mail from our servers that was tagged as spam from either domain would not get sent but deleted 2. Inbound e-mail to our servers/clients that was tagged as spam from either domain would be recieved but deleted There is nothing one can do to stop ppl forging domains (AFAIK). A penny for your thoughts please! Thanks Matthew Bowman Systems Administrator www.udcom.com From brose at MED.WAYNE.EDU Tue Jan 7 17:17:03 2003 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:16:52 2006 Subject: SpamAssassin timeout Message-ID: I think there is more to it. I've always use skip_rbl for SA because I use the rbls on the MTA side and I've been seeing the mail backing up in queue. This also started happening after I updated to 4.11-1 on Sunday. I think it's Mailscanner and it's mother process not restarting properly. What I've noticed so far is that I only have 3 MS processes running even though my setting is set to 5. Once process has been running for 4 hours 11 mins and the others are the spawned processess. If I kill MS and restart then I get all my processes back. If I look at my logs, it looks like only one MS processes was doing anything. -----Original Message----- From: Randy Herban [mailto:RHerban@GRAMTEL.NET] Sent: Tuesday, January 07, 2003 11:22 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: SpamAssassin timeout Unfortunately something that I noticed yesterday when the RBL's were offline was that MailScanner was not ceasing to use spamassassin even though I was up to 75 consecutive failures out of 20. I just upgraded to the newest MS-4.11-1 yesterday as well. RedHat 8.0 if it helps. -randy -----Original Message----- From: David Sullivan [mailto:David.Sullivan@BARNET.AC.UK] Sent: Tuesday, January 07, 2003 10:38 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: SpamAssassin timeout On 7 Jan 2003 at 15:28, Spicer, Kevin wrote: > > >Is it possible to test if the RBL-server answer and if not just > > >skip it and do the rest? > > > > SpamAssassin can't do that. If you do the RBL checking with > > MailScanner, it will do what you want. SpamAssassin isn't very > > robust when services it is using fail. > > > > My understanding (read assumption!) was that if you use MailScanner to > do the RBL checks, and then pass to SpamAssassin for further checks > that any message from a host found in the RBL will be marked as SPAM, > even if the spamassassin score would have been lower than the spam > threshold. In other words the mailscanner RBL checks and the > spamassassin checks are completely seperate(?). I think you're misunderstanding the comment slightly. If MailScanner doing RBL checks notices that they've timed out a number of times in a row it will stop using the RBL checks till the next MailScanner restart. If you do the RBL checks within SpamAssassin this means that SpamAssasin as a whole will time out and cannot "disable the RBL checks" itself (as MailScanner does). In turn MailScanner should see that SpamAssassin is timing out and disable it till the next MailScanner restart. David. ============================================================== This communication may contain privileged or confidential information which is for the exclusive use of the intended recipient. If you are not the intended recipient, please note that you may not distribute or use this communication or the information it contains. If this e-mail has reached you in error, please delete it and any attachment. Internet communications are not secure and Barnet College does not accept legal responsibility for the content of this message. Any views or opinions expressed are those of the author and not necessarily those of Barnet College. Please note that Barnet College reserves the right to monitor the source/destinations of all incoming or outgoing e-mail communications. ============================================================== From MHewryk at SYMCOR.COM Tue Jan 7 17:33:30 2003 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:16:52 2006 Subject: SpamAssassin timeout - can't disable RBL check Message-ID: I've changed it to Spam List = and still have a problem with RBL check: Jan 7 12:19:21 tonka MailScanner[2890]: RBL Check timed out and was killed, consecutive failure 1 of 7 Julian Field cc: Sent by: Subject: Re: SpamAssassin timeout - can't disable RBL check MailScanner mailing list 01/07/2003 11:37 AM Please respond to MailScanner mailing list At 15:38 07/01/2003, you wrote: >For some reason even if I disabled RBL checks I'm still timeout out from >SpamAssassin. Yes, I stop/start MailScanner. > >Jan 7 10:28:28 tonka MailScanner[15526]: RBL Check no timed out and was >killed, consecutive failure 1 of 7 You created an RBL list of "no". What you want is an empty list. >Any hints why RBL is still active? > > >I'm running : >Redhat 7.3 >MailScanner: 4.10 >SpamAssassin 2.43 > >1)I've changes RBL check in spam.assassin.prefs.conf file: > ># By default, SpamAssassin will run RBL checks. If your ISP already ># does this, set this to 1. ># ># skip_rbl_checks 1 - mnh this is by default commented out >skip_rbl_checks 1 > >2) I've disabled RBLs from MailScanner.conf file ># This is the list of spam blacklists (RBLs) which you are using. ># See the "Spam List Definitions" file for more information about what ># you can put here. ># This can also be the filename of a ruleset. ># mnh Spam List = ORDB-RBL Infinite-Monkeys # MAPS-RBL+ costs money (except >.ac.uk) ># mnh Spam List = ORDB-RBL #MAPS-RBL+ costs money (except .ac.uk) >Spam List = no > > > >Thanks, > >Magda Hewryk >-------------------------------- >Mid-Range Systems >RSP: 905-273-1637 >CELL: 416-948-4427 > > > > InvictaNet > Customer > Support To: MAILSCANNER@JISCMAIL.AC.UK > T.CO.UK> Subject: Re: > SpamAssassin timeout > Sent by: > MailScanner > mailing list > AIL.AC.UK> > > > 01/07/2003 10:14 > AM > Please respond to > MailScanner > mailing list > > > > > > >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >Behalf Of Julian Field >Sent: 07 January 2003 14:40 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: SpamAssassin timeout > > >At 12:56 07/01/2003, you wrote: > >On Tue, 7 Jan 2003, InvictaNet Customer Support wrote: > > > > > Since mid afternoon yesterday, spamassassin has timed out every time. I > > have > > > tried increasing the timeout period to 30 seconds but that didn't help. > > > > > > Where can I find information on what is causing the timeout? - >Mailscanner > > > itself doesn't seem to have a problem and viruses are being detected >ok. > > > >Ah! Interesting. > > > >Around 11:00 GMT/UT yesterday (Mon 6th Jan), I noticed our MailScanner > >inbound queue similarly started piling up and not clearing. Likewise we > >got SpamAssassin timeouts and I ended up inserting "skip_rbl_checks 1" > >into "spam.assassin.prefs.conf" which seemed to avoid the immediate > >problem. > > > >As far as I know there were no local changes coincident with this (it had > >been running happily since well before the Christmas holiday). > > > >We are: > > Redhat 7.3 > > MailScanner: 4.05-3 > > SpamAssassin 2.43 > > configuration policy: as delivered, change as little as possible > > ~25,000 emails per day > > > >Is there someone on this list who knows the murky depths of SpamAssassin > >and their interaction with MailScanner? (I don't!) My suspicion is that > >some RBL check, called from SpamAssassin, is in trouble, and that > >SpamAssassin's timeouts (either internally or as guided somehow by > >MailScanner) are not behaving properly. > >Have a look in your maillog for > SpamAssassin timed out and was killed >This should be followed by the failure number, which will hopefully slowly >count up from 1. What log entries have you got of this type? >-- >Julian Field >www.MailScanner.info >MailScanner thanks transtec Computers for their support > > > >I don't know about slowly....... >Mine went from 1 to 10 quite rapidly. Since I disabled the RBL checks >everything has gone fine. > >Martyn Routley >----------------------------------------------------------------- >InvictaNet - The Internet in Plain English, Guaranteed >http://www.invictanet.co.uk >martyn@support.invictanet.co.uk >phone: 08707 440180 >fax: 08707 440181 >Ask us about our online Antivirus and Junk mail scanning service >----------------------------------------------------------------- -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mdm at INTERNET-TOOLS.COM Tue Jan 7 17:25:31 2003 From: mdm at INTERNET-TOOLS.COM (mark david mcCreary) Date: Thu Jan 12 21:16:53 2006 Subject: MS 4, Exim 4 on Debian 3 Install Notes In-Reply-To: <5.2.0.9.2.20021219224834.0209acd8@imap.ecs.soton.ac.uk> Message-ID: I have not found a Debian package for this combination, and have included my notes on such an install. I'm looking to compare notes with somebody else doing this. I started out basing this on the Debian package for MailScanner 3, although not sure where I am now. The current gotcha is the file permissions error when executing Sophos. I have gotten around this before, but have been unable to duplicate the magic combination. Plus I thought that this 4.11 version was supposed to eliminate this problem. Comments, suggestions and nitpicking welcome, either via the list or private email. Thanks mark Install Debian 3 (Woody) Machine Install Perl Modules Run as shell script CNUM=1.63 echo Downloading CPAN $CNUM ... lynx -source http://www.perl.com/CPAN/authors/id/ANDK/CPAN-$CNUM.tar.gz > CPAN-$CNUM.tar.gz gunzip -f CPAN-$CNUM.tar.gz tar xvf CPAN-$CNUM.tar echo Installing CPAN $CNUM cd CPAN-$CNUM perl Makefile.PL make make test make install Copy following config file to /usr/share/perl/5.6.1/CPAN/Config.pm $CPAN::Config = { 'build_cache' => q[10], 'build_dir' => q[/root/.cpan/build], 'cache_metadata' => q[1], 'cpan_home' => q[/root/.cpan], 'ftp' => q[/usr/bin/ftp], 'ftp_proxy' => q[], 'getcwd' => q[cwd], 'gzip' => q[/bin/gzip], 'http_proxy' => q[], 'inactivity_timeout' => q[0], 'index_expire' => q[1], 'inhibit_startup_message' => q[0], 'keep_source_where' => q[/root/.cpan/sources], 'lynx' => q[/usr/bin/lynx], 'make' => q[/usr/bin/make], 'make_arg' => q[], 'make_install_arg' => q[], 'makepl_arg' => q[], 'ncftpget' => q[/usr/bin/ncftpget], 'no_proxy' => q[], 'pager' => q[/usr/bin/less], 'prerequisites_policy' => q[follow], 'scan_cache' => q[atstart], 'shell' => q[/bin/bash], 'tar' => q[/bin/tar], 'term_is_latin' => q[1], 'unzip' => q[/bin/gunzip], 'urllist' => [], 'wait_list' => [q[wait://ls6.informatik.uni-dortmund.de:1404]], 'wget' => q[/usr/bin/wget], }; 1; __END__ Install Perl Modules via CPAN Run as shell script perl -MCPAN -e "install 'Net::FTP'" perl -MCPAN -e "install 'Digest::MD5'" perl -MCPAN -e "install 'Bundle::CPAN'" perl -MCPAN -e "install 'Convert::TNEF'" perl -MCPAN -e "install 'Data::Dumper'" perl -MCPAN -e "install 'Date::Calc'" perl -MCPAN -e "install 'Date::Format'" perl -MCPAN -e "install 'Date::Manip'" perl -MCPAN -e "install 'Digest::HMAC'" perl -MCPAN -e "install 'Digest::Nilsimsa'" perl -MCPAN -e "install 'Digest::SHA1'" perl -MCPAN -e "install 'Email::Valid'" perl -MCPAN -e "install 'File::Spec'" perl -MCPAN -e "install 'File::Tail'" perl -MCPAN -e "install 'File::Temp'" perl -MCPAN -e "install 'HTML::Parser'" perl -MCPAN -e "install 'HTML::Tagset'" perl -MCPAN -e "install 'IO::Stringy'" perl -MCPAN -e "install 'Mail::Address'" perl -MCPAN -e "install 'Mail::Audit'" perl -MCPAN -e "install 'Mail::Header'" perl -MCPAN -e "install 'Mail::Internet'" perl -MCPAN -e "install 'MIME::Base64'" perl -MCPAN -e "install 'MIME::Tools'" perl -MCPAN -e "install 'Net::DNS'" perl -MCPAN -e "install 'Net::Ping'" perl -MCPAN -e "install 'Pod::Usage'" perl -MCPAN -e "install 'Term::ReadKey'" perl -MCPAN -e "install 'Test::More'" perl -MCPAN -e "install 'Time::HiRes'" perl -MCPAN -e "install 'Mail::SpamAssassin'" echo Done. Apply MIME-tools patches Run as shell script cp /usr/local/share/perl/5.6.1/MIME/Field/ParamVal.pm /usr/local/share/perl/5.6.1/MIME/Field/ParamVal.pm.bak cp /usr/local/share/perl/5.6.1/MIME/Parser.pm /usr/local/share/perl/5.6.1/MIME/Parser.pm.bak cp /usr/local/share/perl/5.6.1/MIME/Words.pm /usr/local/share/perl/5.6.1/MIME/Words.pm.bak perl -pe "s%MIME-tools-5.411-ORIG/lib%/usr/local/share/perl/5.6.1%ig;" \ /usr/local/bin/mime-tools-patch.txt perl -pe "s%MIME-tools-5.411/lib%/usr/local/share/perl/5.6.1%ig;" \ /usr/local/bin/mime-tools-patch2.txt perl -pe "s%MIME-tools-5.411/lib%/usr/local/share/perl/5.6.1%ig;" \ /usr/local/bin/mime-tools-patch3.txt perl -pe "s%MIME-tools-5.411/lib%/usr/local/share/perl/5.6.1%ig;" \ /usr/local/bin/mime-tools-patch4.txt patch -p0 >/etc/sysctl.conf echo "fs.inode-max = 131072" >>/etc/sysctl.conf echo "* soft nofile 8192" >>/etc/security/limits.conf echo "* hard nofile 32768" >>/etc/security/limits.conf perl -i.bak -pe "s#/opt#/usr/local#;" /usr/local/MailScanner/bin/MailScanner Build Exim 4.12 or better Overlay existing Exim 3 setup of Debian 3 Exim Makefile - Use something like this ################################################## # The Exim mail transport agent # ################################################## # This is the template for Exim's main build-time configuration file. It # contains settings that are independent of any operating system. These are # things that are mostly sysadmin choices. The items below are divided into # those you must specify, those you probably want to specify, those you might # often want to specify, and those that you almost never need to mention. # Edit this file and save the result to a file called Local/Makefile within the # Exim distribution directory before running the "make" command. # Things that depend on the operating system have default settings in # OS/Makefile-Default, but these are overridden for some OS by files called # called OS/Makefile-. You can further override these by creating files # called Local/Makefile-, where "" stands for the name of your # operating system - look at the names in the OS directory to see which names # are recognized. # However, if you are building Exim for a single OS only, you don't need to # worry about setting up Local/Makefile-. Any build-time configuration # settings you require can in fact be placed in the one file called # Local/Makefile. It is only if you are building for several OS from the same # source files that you need to worry about splitting off your own OS-dependent # settings into separate files. (There's more explanation about how this all # works in the toplevel README file, under "Modifying the building process", as # well as in the Exim specification.) # One OS-specific thing that may need to be changed is the command for running # the C compiler; the overall default is gcc, but some OS Makefiles specify cc. # You can override anything that is set by putting CC=whatever in your # Local/Makefile. # NOTE: You should never need to edit any of the distributed Makefiles; all # overriding can be done in your Local/Makefile(s). This will make it easier # for you when the next release comes along. # The location of the X11 libraries is something else that is quite variable # even between different versions of the same operating system (and indeed # there are different versions of X11 as well, of course). The four settings # concerned here are X11, XINCLUDE, XLFLAGS (linking flags) and X11_LD_LIB # (dynamic run-time library). You need not worry about X11 unless you want to # compile the Exim monitor utility. Exim itself does not use X11. # Another area of variability between systems is the type and location of the # DBM library package. Exim has support for ndbm, gdbm, tdb, and Berkeley DB. # By default the code assumes ndbm; this often works with gdbm or DB, provided # they are correctly installed, via their compatibility interfaces. However, # Exim can also be configured to use the native calls for Berkeley DB (obsolete # versions 1.85 and 2.x, or the current 3.x version) and also for gdbm. # For some operating systems, a default DBM library (other than ndbm) is # selected by a setting in the OS-specific Makefile. Most modern OS now have # a DBM library installed as standard, and in many cases this will be selected # for you by the OS-specific configuration. If Exim compiles without any # problems, you probably do not have to worry about the DBM library. If you # do want or need to change it, you should first read the discussion in the # file doc/dbm.discuss.txt, which also contains instructions for testing Exim's # interface to the DBM library. # In Local/Makefiles blank lines and lines starting with # are ignored. It is # also permitted to use the # character to add a comment to a setting, for # example # # EXIM_GID=42 # the "mail" group # # However, with some versions of "make" this works only if there is no white # space between the end of the setting and the #, so perhaps it is best # avoided. A consequence of this facility is that it is not possible to have # the # character present in any setting, but I can't think of any cases where # this would be wanted. ############################################################################### ############################################################################### # THESE ARE THINGS YOU MUST SPECIFY # ############################################################################### # Exim will not build unless you specify BIN_DIRECTORY, CONFIGURE_FILE, and # EXIM_USER. You also need EXIM_GROUP if EXIM_USER specifies a uid by number. # If you don't specify SPOOL_DIRECTORY, Exim won't fail to build. However, it # really is a very good idea to specify it here rather than at run time. This # is particularly true if you let the logs go to their default location in the # spool directory, because it means that the location of the logs is known # before Exim has read the run time configuration file. #------------------------------------------------------------------------------ # BIN_DIRECTORY defines where the exim binary will be installed by "make # install". The path is also used internally by Exim when it needs to re-invoke # itself, either to send an error message, or to recover root privilege. Exim's # utility binaries and scripts are also installed in this directory. There is # no "standard" place for the binary directory. Some people like to keep all # the Exim files under one directory such as /usr/exim; others just let the # Exim binaries go into an existing directory such as /usr/sbin or # /usr/local/sbin. The installation script will try to create this directory, # and any superior directories, if they do not exist. BIN_DIRECTORY=/usr/sbin #------------------------------------------------------------------------------ # CONFIGURE_FILE defines where Exim's run time configuration file is to be # found. The location of all other run time files and directories can be # changed in the run time configuration file. There is a lot of variety in the # choice of location in different OS, and in the preferences of different # sysadmins. Some common locations are in /etc or /etc/mail or /usr/local/etc # or /usr/local/etc/mail. Another possibility is to keep all the Exim files # under a single directory such as /usr/exim. Whatever you choose, the # installation script will try to make the directory and any superior # directories if they don't exist. It will also install a default run time # configuration if this file does not exist. CONFIGURE_FILE=/etc/exim/exim.conf #------------------------------------------------------------------------------ # The Exim binary must normally be setuid root, so that it starts executing as # root, but (depending on the options with which it is called) it does not # always need to retain the root privilege. These settings define the user and # group that is used for Exim processes when they no longer need to be root. In # particular, this applies when receiving messages and when doing remote # deliveries. (Local deliveries run as various non-root users, typically as the # owner of a local mailbox.) Specifying these values as root is very strongly # discouraged. These values are compiled into the binary. EXIM_USER=mail # If the setting of EXIM_USER is numeric (e.g. EXIM_USER=42), there must # also be a setting of EXIM_GROUP. If, on the other hand, you use a name # for EXIM_USER (e.g. EXIM_USER=exim), you don't need to set EXIM_GROUP unless # you want to use a group other than the default group for the given user. EXIM_GROUP=adm # Many sites define a user called "exim", with an appropriate default group, # and use # # EXIM_USER=exim # # while leaving EXIM_GROUP unspecified (commented out). #------------------------------------------------------------------------------ # SPOOL_DIRECTORY defines the directory where all the data for messages in # transit is kept. It is strongly recommended that you define it here, though # it is possible to leave this till the run time configuration. # Exim creates the spool directory if it does not exist. The owner and group # will be those defined by EXIM_USER and EXIM_GROUP, and this also applies to # all the files and directories that are created in the spool directory. # Almost all installations choose this: SPOOL_DIRECTORY=/var/spool/exim ############################################################################### # THESE ARE THINGS YOU PROBABLY WANT TO SPECIFY # ############################################################################### # You need to specify some routers and transports if you want the Exim that you # are building to be capable of delivering mail. You almost certainly need at # least one type of lookup. You should consider whether you want to build # the Exim monitor or not. #------------------------------------------------------------------------------ # These settings determine which individual router drivers are included in the # Exim binary. There are no defaults in the code; those routers that are wanted # must be defined here by setting the appropriate variables to the value "yes". # Including a router in the binary does not cause it to be used automatically. # It has also to be configured in the run time configuration file. By # commenting out those you know you don't want to use, you can make the binary # a bit smaller. If you are unsure, leave all of these included for now. ROUTER_ACCEPT=yes ROUTER_DNSLOOKUP=yes ROUTER_IPLITERAL=yes ROUTER_MANUALROUTE=yes ROUTER_QUERYPROGRAM=yes ROUTER_REDIRECT=yes # This one is very special-purpose, so is not included by default. # ROUTER_IPLOOKUP=yes #------------------------------------------------------------------------------ # These settings determine which individual transport drivers are included in # the Exim binary. There are no defaults; those transports that are wanted must # be defined here by setting the appropriate variables to the value "yes". # Including a transport in the binary does not cause it to be used # automatically. It has also to be configured in the run time configuration # file. By commenting out those you know you don't want to use, you can make # the binary a bit smaller. If you are unsure, leave all of these included for # now. TRANSPORT_APPENDFILE=yes #TRANSPORT_AUTOREPLY=yes TRANSPORT_PIPE=yes TRANSPORT_SMTP=yes # This one is special-purpose, and commonly not required, so it is not # included by default. # TRANSPORT_LMTP=yes #------------------------------------------------------------------------------ # The appendfile transport can write messages to local mailboxes in a number # of formats. The code for three specialist formats, maildir, mailstore, and # MBX, is included only when requested. If you do not know what this is about, # leave these settings commented out. # SUPPORT_MAILDIR=yes # SUPPORT_MAILSTORE=yes # SUPPORT_MBX=yes #------------------------------------------------------------------------------ # These settings determine which file and database lookup methods are included # in the binary. See the manual chapter entitled "File and database lookups" # for discussion. DBM and lsearch (linear search) are included by default. If # you are unsure about the others, leave them commented out for now. # LOOKUP_DNSDB does *not* refer to general mail routing using the DNS. It is # for the specialist case of using the DNS as a general database facility (not # common). LOOKUP_DBM=yes LOOKUP_LSEARCH=yes LOOKUP_CDB=yes # LOOKUP_DNSDB=yes # LOOKUP_DSEARCH=yes # LOOKUP_LDAP=yes # LOOKUP_MYSQL=yes # LOOKUP_NIS=yes # LOOKUP_NISPLUS=yes # LOOKUP_ORACLE=yes # LOOKUP_PGSQL=yes # LOOKUP_WHOSON=yes #------------------------------------------------------------------------------ # If you have set LDAP=yes, you should set LDAP_LIB_TYPE to indicate which LDAP # library you have. Unfortunately, though most of their functions are the # same, there are minor differences. Currently Exim knows about four LDAP # libraries: the one from the University of Michigan (also known as OpenLDAP 1), # OpenLDAP 2, the Netscape SDK library, and the library that comes with Solaris # 7 onwards. Uncomment whichever of these you are using. # LDAP_LIB_TYPE=OPENLDAP1 # LDAP_LIB_TYPE=OPENLDAP2 # LDAP_LIB_TYPE=NETSCAPE # LDAP_LIB_TYPE=SOLARIS # If you don't set any of these, Exim assumes the original University of # Michigan (OpenLDAP 1) library. #------------------------------------------------------------------------------ # Additional libraries and include directories may be required for some # lookup styles (e.g. LDAP, MYSQL or PGSQL). LOOKUP_LIBS is included only on # the command for linking Exim itself, not on any auxiliary programs. You # don't need to set LOOKUP_INCLUDE if the relevant directories are already # specified in INCLUDE. # LOOKUP_INCLUDE=-I /usr/local/ldap/include -I /usr/local/mysql/include -I /usr/local/pgsql/include # LOOKUP_LIBS=-L/usr/local/lib -lldap -llber -lmysqlclient -lpq #------------------------------------------------------------------------------ # Compiling the Exim monitor: If you want to compile the Exim monitor, a # program that requires an X11 display, then EXIM_MONITOR should be set to the # value "eximon.bin". Comment out this setting to disable compilation of the # monitor. The locations of various X11 directories for libraries and include # files are defaulted in the OS/Makefile-Default file, but can be overridden in # local OS-specific make files. #EXIM_MONITOR=eximon.bin ############################################################################### # THESE ARE THINGS YOU MIGHT WANT TO SPECIFY # ############################################################################### # The items in this section are those that are commonly changed according to # the sysadmin's preferences, but whose defaults are often acceptable. #------------------------------------------------------------------------------ # Exim has support for the AUTH (authentication) extension of the SMTP # protocol, as defined by RFC 2554. If you don't know what SMTP authentication # is, you probably won't want to include this code, so you should leave these # settings commented out. If you do want to make use of SMTP authentication, # you must uncomment at least one of the following, so that appropriate code is # included in the Exim binary. You will then need to set up the run time # configuration to make use of the mechanism(s) selected. #AUTH_CRAM_MD5=yes #AUTH_PLAINTEXT=yes # AUTH_SPA=yes #------------------------------------------------------------------------------ # Exim can be built to support the SMTP STARTTLS command, which implements # Transport Layer Security using SSL (Secure Sockets Layer). To do this, you # must install the OpenSSL library package. Exim contains no cryptographic # code of its own. Uncomment the following lines if you want to build Exim # with TLS support. If you don't know what this is all about, leave these # settings commented out. # SUPPORT_TLS=yes # TLS_LIBS=-lssl -lcrypto # If you are running Exim as a server, note that just building it with TLS # support is not all you need to do. You also need to set up a suitable # certificate, and tell Exim about it by means of the tls_certificate # and tls_privatekey run time options. You also need to set tls_advertise_hosts # to specify the hosts to which Exim advertises TLS support. On the other hand, # if you are running Exim only as a client, building it with TLS support # is all you need to do. # Additional libraries and include files are required for OpenSSL. The TLS_LIBS # setting above assumes that the libraries are installed with all your other # libraries. If they are in a special directory, you may need something like # TLS_LIBS=-L/usr/local/openssl/lib -lssl -lcrypto # TLS_LIBS is included only on the command for linking Exim itself, not on any # auxiliary programs. If the include files are not in a standard place, you can # set TLS_INCLUDE to specify where they are: # TLS_INCLUDE=-I/usr/local/openssl/include/ # You don't need to set TLS_INCLUDE if the relevant directories are already # specified in INCLUDE. #------------------------------------------------------------------------------ # The default distribution of Exim contains only the plain text form of the # documentation. Other forms are available separately. If you want to install # the documentation in "info" format, first fetch the Texinfo documentation # sources from the ftp directory and unpack them, which should create files # with the extension "texinfo" in the doc directory. You may find that the # version number of the texinfo files is different to your Exim version number, # because the main documentation isn't updated as often as the code. For # example, if you have Exim version 4.03, the source tarball upacks into a # directory called exim-4.03, but the texinfo tarball unpacks into exim-4.00. # In this case, move the contents of exim-4.00/doc into exim-4.03/doc after you # have unpacked them. Then set INFO_DIRECTORY to the location of your info # directory. This varies from system to system, but is often /usr/share/info. # Once you have done this, "make install" will build the info files and # install them in the directory you have defined. # INFO_DIRECTORY=/usr/share/info #------------------------------------------------------------------------------ # Exim log directory and files: Exim creates several log files inside a # single log directory. You can define the directory and the form of the # log file name here. If you do not set anything, Exim creates a directory # called "log" inside its spool directory (see SPOOL_DIRECTORY above) and uses # the filenames "mainlog", "paniclog", and "rejectlog". If you want to change # this, you can set LOG_FILE_PATH to a path name containing one occurrence of # %s. This will be replaced by one of the strings "main", "panic", or "reject" # to form the final file names. Some installations may want something like this: LOG_FILE_PATH=/var/log/exim/%slog # which results in files with names /var/log/exim_mainlog, etc. The directory # in which the log files are placed must exist; Exim does not try to create # it for itself. It is also your responsibility to ensure that Exim is capable # of writing files using this path name. The Exim user (see EXIM_USER above) # must be able to create and update files in the directory you have specified. # You can also configure Exim to use syslog, instead of or as well as log # files, by settings such as these # LOG_FILE_PATH=syslog # LOG_FILE_PATH=syslog:/var/log/exim_%slog # The first of these uses only syslog; the second uses syslog and also writes # to log files. Do not include white space in such a setting as it messes up # the building process. #------------------------------------------------------------------------------ # Cycling log files: this variable specifies the maximum number of old # log files that are kept by the exicyclog log-cycling script. You don't have # to use exicyclog. If your operating system has other ways of cycling log # files, you can use them instead. The exicyclog script isn't run by default; # you have to set up a cron job for it if you want it. EXICYCLOG_MAX=10 #------------------------------------------------------------------------------ # The compress command is used by the exicyclog script to compress old log # files. Both the name of the command and the suffix that it adds to files # need to be defined here. See also the EXICYCLOG_MAX configuration. COMPRESS_COMMAND=/bin/gzip COMPRESS_SUFFIX=gz #------------------------------------------------------------------------------ # If the exigrep utility is fed compressed log files, it tries to uncompress # them using this command. ZCAT_COMMAND=/bin/zcat #------------------------------------------------------------------------------ # Compiling in support for embedded Perl: If you want to be able to # use Perl code in Exim's string manipulation language and you have Perl # (version 5.004 or later) installed, set EXIM_PERL to perl.o. Using embedded # Perl costs quite a lot of resources. Only do this if you really need it. # EXIM_PERL=perl.o #------------------------------------------------------------------------------ # Exim has support for PAM (Pluggable Authentication Modules), a facility # which is available in the latest releases of Solaris and in some GNU/Linux # distributions (see http://ftp.kernel.org/pub/linux/libs/pam/). The Exim # support, which is intended for use in conjunction with the SMTP AUTH # facilities, is included only when requested by the following setting: # SUPPORT_PAM=yes # You probably need to add -lpam to EXTRALIBS, and in some releases of # GNU/Linux -ldl is also needed. #------------------------------------------------------------------------------ # Support for authentication via Radius is also available. The Exim support, # which is intended for use in conjunction with the SMTP AUTH facilities, # is included only when requested by setting the following parameter to the # location of your Radius configuration file: # RADIUS_CONFIG_FILE=/etc/radiusclient/radiusclient.conf #------------------------------------------------------------------------------ # Support for authentication via the Cyrus SASL pwcheck daemon is available. # The Exim support, which is intented for use in conjunction with the SMTP AUTH # facilities, is included only when requested by setting the following # parameter to the location of the pwcheck daemon's socket directory. # # There is no need to install all of SASL on your system. You just need to run # ./configure --with-pwcheck, cd to the pwcheck directory with sources, make # and make install. You must create the socket directory (default /var/pwcheck) # and chown it to exim's user and group. Once you have installed pwcheck, you # should arrange for it to be started by root at boot time. # CYRUS_PWCHECK_SOCKET=/var/pwcheck/pwcheck #------------------------------------------------------------------------------ # TCP wrappers: If you want to use tcpwrappers from within Exim, uncomment # this setting. See the manual section entitled "Use of tcpwrappers" in the # chapter on building and installing Exim. # USE_TCP_WRAPPERS=yes # You may well also have to specify a local "include" file and an additional # library for TCP wrappers, so you probably need something like this: # USE_TCP_WRAPPERS=yes # CFLAGS=-O -I/usr/local/include # EXTRALIBS_EXIM=-L/usr/local/lib -lwrap # but of course there may need to be other things in CFLAGS and EXTRALIBS_EXIM # as well. #------------------------------------------------------------------------------ # The default action of the exim_install script is to install the Exim binary # with a unique name such as exim-4.00-1, and then set up a symbolic link # called "exim" to reference it, moving the symbolic link from any previous # version. If you define NO_SYMLINK (the value doesn't matter), the symbolic # link is not created or moved. You will then have to "turn Exim on" by setting # up the link manually. # NO_SYMLINK=yes ############################################################################### # THINGS YOU ALMOST NEVER NEED TO MENTION # ############################################################################### # The settings in this section are available for use in special circumstances. # In the vast majority of installations you need not change anything below. #------------------------------------------------------------------------------ # The following commands live in different places in some OS. Either the # ultimate default settings, or the OS-specific files should already point to # the right place, but they can be overridden here if necessary. These settings # are used when building various scripts to ensure that the correct paths are # used when the scripts are run. They are not used in the Makefile itself. Perl # is not necessary for running Exim unless you set EXIM_PERL (see above) to get # it embedded, but there are some utilities that are Perl scripts. If you # haven't got Perl, Exim will still build and run; you just won't be able to # use those utilities. CHOWN_COMMAND=/bin/chown CHGRP_COMMAND=/bin/chgrp # MV_COMMAND=/bin/mv # RM_COMMAND=/bin/rm # PERL_COMMAND=/usr/bin/perl #------------------------------------------------------------------------------ # The following macro can be used to change the command for building a library # of functions. By default the "ar" command is used, with options "cq". # Only in rare circumstances should you need to change this. # AR=ar cq #------------------------------------------------------------------------------ # The following macros can be used to change the default modes that are used # by the appendfile transport. In most installations the defaults are just # fine, and in any case, you can change particular instances of the transport # at run time if you want. # APPENDFILE_MODE=0600 # APPENDFILE_DIRECTORY_MODE=0700 # APPENDFILE_LOCKFILE_MODE=0600 #------------------------------------------------------------------------------ # In some installations there may be multiple machines sharing file systems, # where a different configuration file is required for Exim on the different # machines. If CONFIGURE_FILE_USE_NODE is defined, then Exim will first look # for a configuration file whose name is that defined by CONFIGURE_FILE, # with the node name obtained by uname() tacked on the end, separated by a # period (for example, /usr/exim/configure.host.in.some.domain). If this file # does not exist, then the bare configuration file name is tried. # CONFIGURE_FILE_USE_NODE=yes #------------------------------------------------------------------------------ # In some esoteric configurations two different versions of Exim are run, # with different setuid values, and different configuration files are required # to handle the different cases. If CONFIGURE_FILE_USE_EUID is defined, then # Exim will first look for a configuration file whose name is that defined # by CONFIGURE_FILE, with the effective uid tacked on the end, separated by # a period (for eximple, /usr/exim/configure.0). If this file does not exist, # then the bare configuration file name is tried. In the case when both # CONFIGURE_FILE_USE_EUID and CONFIGURE_FILE_USE_NODE are set, four files # are tried: .., ., ., and . # CONFIGURE_FILE_USE_EUID=yes #------------------------------------------------------------------------------ # The size of the delivery buffer: This specifies the size (in bytes) of # the buffer which is used when copying a message from the spool to a # destination. The default value built into the source is 8192 and there is # rarely any need to change this. # DELIVER_BUFFER_SIZE=8192 #------------------------------------------------------------------------------ # The mode of the database directory: Exim creates a directory called "db" # in its spool directory, to hold its databases of hints. This variable # determines the mode of the created directory. The default value in the # source is 0750. # EXIMDB_DIRECTORY_MODE=0750 #------------------------------------------------------------------------------ # Database file mode: The mode of files created in the "db" directory defaults # to 0640 in the source, and can be changed here. # EXIMDB_MODE=0640 #------------------------------------------------------------------------------ # Database lock file mode: The mode of zero-length files created in the "db" # directory to use for locking purposes defaults to 0640 in the source, and # can be changed here. # EXIMDB_LOCKFILE_MODE=0640 #------------------------------------------------------------------------------ # This parameter sets the maximum length of the header portion of a message # that Exim is prepared to process. The default setting is one megabyte. The # limit exists in order to catch rogue mailers that might connect to your SMTP # port, start off a header line, and then just pump junk at it for ever. The # message_size_limit option would also catch this, but it may not be set. # HEADER_MAXSIZE="(1024*1024)" #------------------------------------------------------------------------------ # The mode of the input directory: The input directory is where messages are # kept while awaiting delivery. Exim creates it if necessary, using a mode # which can be defined here (default 0750). # INPUT_DIRECTORY_MODE=0750 #------------------------------------------------------------------------------ # The mode of Exim's log directory, when it is created by Exim inside the spool # directory, defaults to 0750 but can be changed here. # LOG_DIRECTORY_MODE=0750 #------------------------------------------------------------------------------ # The log files themselves are created as required, with a mode that defaults # to 0640, but which can be changed here. # LOG_MODE=0640 #------------------------------------------------------------------------------ # The TESTDB lookup is for performing tests on the handling of lookup results, # and is not useful for general running. It should be included only when # debugging the code of Exim. # LOOKUP_TESTDB=yes #------------------------------------------------------------------------------ # /bin/sh is used by default as the shell in which to run commands that are # defined in the makefiles. This can be changed if necessary, by uncommenting # this line and specifying another shell, but note that a Bourne-compatible # shell is expected. # MAKE_SHELL=/bin/sh #------------------------------------------------------------------------------ # The maximum number of named lists of each type (address, domain, host, and # local part) can be increased by changing this value. It should be set to # a multiple of 16. # MAX_NAMED_LIST=16 #------------------------------------------------------------------------------ # Network interfaces: Unless you set the local_interfaces option in the runtime # configuration file to restrict Exim to certain interfaces only, it will run # code to find all the interfaces there are on your host. Unfortunately, # the call to the OS that does this requires a buffer large enough to hold # data for all the interfaces - it was designed in the days when a host rarely # had more than three or four interfaces. Nowadays hosts can have very many # virtual interfaces running on the same hardware. If you have more than 250 # virtual interfaces, you will need to uncomment this setting and increase the # value. # MAXINTERFACES=250 #------------------------------------------------------------------------------ # Per-message logs: While a message is in the process of being delivered, # comments on its progress are written to a message log, for the benefit of # human administrators. These logs are held in a directory called "msglog" # in the spool directory. Its mode defaults to 0750, but can be changed here. # The message log directory is also used for storing files that are used by # transports for returning data to a message's sender (see the "return_output" # option for transports). # MSGLOG_DIRECTORY_MODE=0750 #------------------------------------------------------------------------------ # There are three options which are used when compiling the Perl interface and # when linking with Perl. The default values for these are placed automatically # at the head of the Makefile by the script which builds it. However, if you # want to override them, you can do so here. # PERL_CC= # PERL_CCOPTS= # PERL_LIBS= #------------------------------------------------------------------------------ # Identifying the daemon: When an Exim daemon starts up, it writes its pid # (process id) to a file so that it can easily be identified. The path of the # file can be specified here. Some installations may want something like this: # PID_FILE_PATH=/var/lock/exim.pid # If PID_FILE_PATH is not defined, Exim writes a file in its spool directory # using the name "exim-daemon.pid". # If you start up a daemon without the -bd option (for example, with just # the -q15m option), a pid file is not written. Also, if you override the # configuration file with the -oX option, no pid file is written. In other # words, the pid file is written only for a "standard" daemon. #------------------------------------------------------------------------------ # If Exim creates the spool directory, it is given this mode, defaulting in the # source to 0750. # SPOOL_DIRECTORY_MODE=0750 #------------------------------------------------------------------------------ # The mode of files on the input spool which hold the contents of messages can # be changed here. The default is 0640 so that information from the spool is # available to anyone who is a member of the Exim group. # SPOOL_MODE=0640 #------------------------------------------------------------------------------ # Moving frozen messages: If the following is uncommented, Exim is compiled # with support for automatically moving frozen messages out of the main spool # directory, a facility that is found useful by some large installations. A # run time option is required to cause the moving actually to occur. Such # messages become "invisible" to the normal management tools. # SUPPORT_MOVE_FROZEN_MESSAGES=yes # End of EDITME for Exim 4. Exim OS Makefile # Exim: OS-specific make file for Linux. This is for modern Linuxes, # which use libc6. BASENAME_COMMAND=look_for_it CFLAGS=-O DBMLIB = -ldb USE_DB = yes LIBS = -lnsl -lcrypt LIBRESOLV = -lresolv X11=/usr/X11R6 XINCLUDE=-I$(X11)/include XLFLAGS=-L$(X11)/lib X11_LD_LIB=$(X11)/lib EXIWHAT_PS_ARG=ax EXIWHAT_EGREP_ARG='/exim( |$$)' EXIWHAT_KILL_ARG=-USR1 # End Use something like this Exim 4 Configuration file to accept incoming email Name file as /etc/exim/exim.conf acl_smtp_rcpt = check_recipient acl_smtp_data = check_message domainlist local_domains = @ : @[] accept_8bitmime allow_domain_literals allow_mx_to_ip auto_thaw = 3h check_log_inodes = 100 check_log_space = 10M check_spool_inodes = 100 check_spool_space = 10M delay_warning = 0s queue_only_load = 4 deliver_queue_load_max = 5 delivery_date_remove host_lookup = * ignore_bounce_errors_after = 0s log_selector = +address_rewrite \ +arguments \ -delay_delivery \ +delivery_size \ +lost_incoming_connection \ -queue_run \ +received_recipients \ +received_sender \ -retry_defer \ +sender_on_delivery \ +size_reject \ -skip_delivery \ +smtp_confirmation \ +smtp_connection \ +smtp_syntax_error \ +subject lookup_open_max = 199 message_body_visible = 2500 message_id_header_text = "${tod_log}" message_size_limit = 16384000 never_users = root prod_requires_admin = false queue_list_requires_admin = false queue_run_max = 15 queue_only queue_run_in_order = true receive_timeout = 60s received_headers_max = 30 remote_max_parallel = 5 retry_interval_max = 12h retry_data_expire = 2d return_path_remove return_size_limit = 2500 smtp_accept_max = 60 smtp_accept_max_per_host = 15 smtp_accept_queue = 15 smtp_accept_queue_per_connection = 15 smtp_accept_reserve = 5 smtp_banner = "ESMTP Exim ${version_number} #${compile_number} ${tod_full}" no_smtp_check_spool_space smtp_connect_backlog = 50 smtp_load_reserve = 5 smtp_receive_timeout = 2m smtp_reserve_hosts = 127.0.0.0/24 spool_directory = /var/spool/exim_incoming strip_excess_angle_brackets strip_trailing_dot trusted_users = "mail" begin acl check_recipient: warn message = X-Spam-RBL: $sender_host_address is listed at $dnslist_domain log_message = found in $dnslist_domain dnslists = rbl-plus.mail-abuse.org accept local_parts = postmaster : hostmaster domains = +local_domains require verify = sender accept domains = +local_domains deny message = relay not permitted check_message: warn !verify = header_syntax warn !verify = header_sender accept begin routers lookuphost: driver = dnslookup ignore_target_hosts = 0.0.0.0 : 10.0.0.0/8 : 127.0.0.0/8 :\ 172.16.0.0/12 : 192.168.0.0/16 verify_only transport = smtp literal: driver = ipliteral verify_only transport = smtp defer_router: driver = manualroute route_list = * 127.0.0.1 byname self = defer begin transports smtp: driver = smtp begin retry * * F,8h,10m; G, 2d,1h,1.5; F,10d,4h # End of Exim 4 configuration Use something like this Exim 4 configuration file to process your mail after MailScanner has run Name file /etc/exim/exim.conf.outgoing # # Email has already been accepted, and moved to this queue by MailScanner # # This version of Exim merely needs to deliver the email # acl_smtp_rcpt = check_recipient domainlist local_domains = @ : @[] accept_8bitmime allow_domain_literals allow_mx_to_ip auto_thaw = 3h bounce_return_message = true check_log_inodes = 100 check_log_space = 10M check_spool_inodes = 100 check_spool_space = 10M delay_warning = 0s queue_only_load = 4 deliver_queue_load_max = 18 delivery_date_remove no_envelope_to_remove host_lookup = * ignore_bounce_errors_after = 0s log_selector = +address_rewrite \ +arguments \ -delay_delivery \ +delivery_size \ +lost_incoming_connection \ -queue_run \ +received_recipients \ +received_sender \ -retry_defer \ +sender_on_delivery \ +size_reject \ -skip_delivery \ +smtp_confirmation \ +smtp_connection \ +smtp_syntax_error \ +subject lookup_open_max = 499 message_body_visible = 1000 message_id_header_text = ${tod_log} message_size_limit = 16384000 never_users = root prod_requires_admin = false queue_list_requires_admin = false queue_only queue_run_in_order queue_run_max = 15 queue_smtp_domains = * receive_timeout = 60s received_headers_max = 30 remote_max_parallel = 1 retry_interval_max = 8h retry_data_expire = 2d return_path_remove return_size_limit = 2000 no_smtp_check_spool_space smtp_accept_max = 80 smtp_accept_max_per_host = 15 smtp_accept_queue = 15 smtp_accept_queue_per_connection = 15 smtp_accept_reserve = 5 smtp_banner = "ESMTP Exim ${version_number} #${compile_number} ${tod_full}" smtp_connect_backlog = 50 smtp_load_reserve = 5 smtp_receive_timeout = 2m smtp_reserve_hosts = 127.0.0.0/24 spool_directory = /var/spool/exim strip_excess_angle_brackets strip_trailing_dot timezone = UTC trusted_users = "mail" begin acl check_recipient: accept hosts = : begin routers localuser: driver = accept domains = +local_domains check_local_user transport = local_delivery lookuphost: driver = dnslookup domains = ! +local_domains ignore_target_hosts = 0.0.0.0 : 10.0.0.0/8 : 127.0.0.0/8 :\ 172.16.0.0/12 : 192.168.0.0/16 self = defer transport = smtp literal: driver = ipliteral domains = ! +local_domains self = defer transport = smtp begin transports address_pipe: driver = pipe envelope_to_add ignore_status address_file: driver = appendfile local_delivery: driver = appendfile envelope_to_add return_path_add group = mail file = /var/mail/${local_part}/Mailbox smtp: driver = smtp connection_max_messages = 500 hosts_max_try = 5 size_addition = -1 max_rcpt = 1 begin retry * * F,8h,10m; G, 2d,1h,1.5; F,10d,4h # End of Exim 4 configuration Get rid of mailq program mv /usr/bin/mailq /usr/bin/orig-mailq Send over special version of mailq to /usr/local/bin/mailq #!/bin/bash # # # Replace Exim mailq with this version that handles the two spool areas # echo "mail queue for incoming email" exim -bpu echo "" echo "" echo "" echo "mail queue for outgoing email" exim -bpu -C /etc/exim/exim.conf.outgoing Send over special startup init of Exim for MailScanner #! /bin/sh # /etc/init.d/exim # # Written by Miquel van Smoorenburg . # Modified for Debian GNU/Linux by Ian Murdock . # Modified for exim by Tim Cutts # set -e # Exit if exim runs from /etc/inetd.conf if grep -q "^ *smtp" /etc/inetd.conf; then exit 0 fi DAEMON=/usr/sbin/exim NAME=exim test -x $DAEMON || exit 0 case "$1" in start) update-inetd --disable smtp echo -n "Starting MTA: " start-stop-daemon --start --exec $DAEMON -- -bd /usr/sbin/exim -C /etc/exim/exim.conf.outgoing -q1m echo "exim." ;; stop) echo -n "Stopping MTA: " start-stop-daemon --stop --oknodo --exec $DAEMON echo "exim." ;; restart) echo "Restarting MTA: " start-stop-daemon --stop --oknodo --exec $DAEMON start-stop-daemon --start --exec $DAEMON -- -bd -q1m echo "exim." ;; reload|force-reload) echo "Reloading $NAME configuration files" start-stop-daemon --stop --signal 1 --exec $DAEMON ;; *) echo "Usage: /etc/init.d/$NAME {start|stop|reload}" exit 1 ;; esac exit 0 Send over special version of sophos-autoupdate to /etc/MailScanner/wrapper/sophos-autoupdate #!/usr/bin/perl use Sys::Syslog; $SophosRoot = "/usr/local/Sophos"; $IDELink = "$SophosRoot/ide"; $VDLDir = "../lib"; #$Lynx = "/usr/local/bin/lynx -dump"; $Lynx = "/usr/bin/wget -q -O-"; # On Linux use this $Unzip = "/bin/gunzip -qq"; $rm = "/bin/rm"; $LockFile = "/tmp/SophosBusy.lock"; $LOCK_SH = 1; $LOCK_EX = 2; $LOCK_NB = 4; $LOCK_UN = 8; Sys::Syslog::openlog("Sophos-autoupdate", 'pid, nowait', 'mail'); # Work out the current VDL (and hence Sophos Sweep) version number chdir "$SophosRoot/bin/$VDLDir"; opendir(LIBDIR, ".") || &BailOut("Cannot open Sophos/lib directory"); foreach $vdlname (sort readdir(LIBDIR)) { next unless $vdlname =~ /^vdl-(\d+)\.(\d+)([a-z]?)\.dat$/; $MajorVer = $1; $MinorVer = $2; $NSVFlag = $3; } closedir(LIBDIR); &BailOut("Could not calculate Sophos version number") unless defined($MajorVer) && defined($MinorVer); $SophosVersion = "$MajorVer$MinorVer"; $VDLVersion = "$MajorVer.$MinorVer"; # Derive other variables, filenames and URLs from the version numbers $ZipName = $SophosVersion . "_ides.zip"; $URL = "http://www.sophos.com/downloads/ide/$ZipName"; ($min,$hour,$date,$month,$year) = (localtime)[1,2,3,4,5]; $month++; $year+=1900; $IDEDir = "$SophosRoot/$SophosVersion." . sprintf("%04d%02d%02d%02d%02d", $year, $month, $date, $hour, $min); # If the directory already exists, then we have already done the update # for today, so quietly exit. Sys::Syslog::syslog('info', "Sophos already up-to-date"),exit 0 if -d $IDEDir; # Create the IDE files directory umask 0022; mkdir $IDEDir, 0755; chdir $IDEDir or &BailOut("Cannot cd $IDEDir, $!"); # Fetch and unpack the IDE zip file from Sophos $result = system("$Lynx $URL > $ZipName"); &BailOut("Lynx failed with error return " . ($result>>8) . "\n") if $result>>8; $result = system("$Unzip $ZipName"); &BailOut("Unzip failed with error return " . ($result>>8) . "\n") if $result>>8; symlink("$VDLDir/vdl-$VDLVersion$NSVFlag.dat", "vdl.dat"); # Add the new vdl*.vdb files if they are there foreach $number (1..99) { $string = "vdl" . sprintf("%02d", $number) . ".vdb"; symlink("$VDLDir/$string", $string) if -f "$VDLDir/$string"; } # Link in this new directory to Sophos chdir $SophosRoot or &BailOut("Cannot cd $SophosRoot, $!"); $OldLinkTarget = readlink $IDELink; &LockSophos(); unlink $IDELink if -l $IDELink; symlink $IDEDir, $IDELink; &UnlockSophos(); system("$rm -rf $OldLinkTarget") if defined $OldLinkTarget && -e $OldLinkTarget; Sys::Syslog::syslog('info', "Sophos successfully updated in $IDEDir"); Sys::Syslog::closelog(); exit 0; sub BailOut { Sys::Syslog::syslog('err', @_); Sys::Syslog::closelog(); warn "@_, $!"; chdir $SophosRoot or die "Cannot cd $SophosRoot, $!"; system("$rm -rf $IDEDir") if -d $IDEDir; exit 1; } sub LockSophos { open(LOCK, ">$LockFile") or return; flock(LOCK, $LOCK_EX); print LOCK "Locked for updating Sophos IDE files by $$\n"; } sub UnlockSophos { print LOCK "Unlocked after updating Sophos IDE files by $$\n"; flock(LOCK, $LOCK_UN); close LOCK; } Send over special version of sophos-wrapper to /etc/MailScanner/wrapper/sophos-wrapper #!/bin/sh # MailScanner - SMTP E-Mail Virus Scanner # Copyright (C) 2001 Julian Field # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # # The author, Julian Field, can be contacted by email at # Jules@JulianField.net # or by paper mail at # Julian Field # Dept of Electronics & Computer Science # University of Southampton # Southampton # SO17 1BJ # United Kingdom # # JKF Wrapper Sophos programs with the correct LD_LIBRARY_PATH # Modified for solaris by CJG # Then tweaked for heron by JKF again PackageDir=/usr/local/Sophos prog=sweep # `basename $0` SAV_IDE=$PackageDir/ide LD_LIBRARY_PATH=$PackageDir/lib export SAV_IDE export LD_LIBRARY_PATH if [ "x$1" = "x-IsItInstalled" ]; then [ -x ${PackageDir}/bin/$prog ] && exit 0 exit 1 fi exec ${PackageDir}/bin/$prog "$@" Get Sophos Anti-Virus Package installed Send over special version of Sophos.Install to /usr/local/src/sav-install/Sophos.Install #!/bin/bash # # $Id: Sophos.install.linux,v 1.1 2002/11/10 14:54:52 jkf Exp $ # # Run this script to install Sophos in the right place, with the right # options for the MailScanner. # Run this script from inside the directory in which you have copied # and unpacked the Sophos distribution. # Tweaked for Solaris. SOPHOS=/usr/local/Sophos SCRIPTS=/etc/MailScanner/wrapper COMPD=linux.intel.libc6.tar.Z DISTRIB=linux.intel.libc6.tar mkdir -p ${SOPHOS} chown -R root ${SOPHOS} chmod -R go+rX ${SOPHOS} # Clear out any old libs from /usr/local/lib which is where # a default SAVI installation will have left them echo Clearing out old default Sophos installation libraries #mdm#rm -f /usr/local/lib/libsavi.so* # Have we got to uncompress the distribution for them? if [ -f $COMPD ]; then echo Uncompressing Sophos distribution uncompress $COMPD fi # Have we got to unpack the distribution for them? if [ -f $DISTRIB ]; then # Is there an old unpacked distribution here too?? if [ -d sav-install ]; then echo Clearing out unpacked distribution rm -rf sav-install fi # Unpack the distribution echo Unpacking distribution tar xBf $DISTRIB fi # JKF 31/08/2001 Remove any existing vdl.dat files if [ -f ${SOPHOS}/lib/vdl.dat ]; then rm -f ${SOPHOS}/lib/vdl* fi if [ -f ${SOPHOS}/lib/vdln.dat ]; then rm -f ${SOPHOS}/lib/vdl* fi if [ -f ${SOPHOS}/lib/vdl01.vdb ]; then rm -f ${SOPHOS}/lib/vdl* fi # Are we in the right directory, or one above it? if [ -d sav-install ]; then cd sav-install fi # Check we have found the install.sh script if [ \! -f install.sh ]; then echo Please cd into the directory containing the Sophos install.sh echo script and run this command again. exit 1 fi echo Installing Sophos for MailScanner ./install.sh -v -d ${SOPHOS} -s lib -ni echo #mdm#echo Fetching latest IDE virus identities from www.sophos.com #mdm#${SCRIPTS}/sophos-autoupdate if [ -f ${SCRIPTS}/sophos-wrapper ]; then chmod a=rx ${SCRIPTS}/sophos-wrapper echo Done. else echo Something has gone wrong. There should be a copy of the echo script sophos-wrapper in the directory ${SCRIPTS}. echo Please re-install the MailScanner or fetch another copy of echo sophoswrapper from the distribution web site. fi exit 0 Run as shell script cd /usr/local/src/sav-install /usr/local/src/sav-install/Sophos.Install /etc/MailScanner/wrapper/sophos-autoupdate chmod 755 /etc/MailScanner/wrapper chown mail.adm -R /etc/MailScanner/wrapper chmod 755 /etc/MailScanner/wrapper/sophos-autoupdate chmod 755 /etc/MailScanner/wrapper/sophos-wrapper chmod 755 /etc/MailScanner/wrapper/update_virus_scanners update-rc.d -f spamassassin remove update-rc.d MailScanner start 22 2 3 4 5 . stop 22 0 1 6 . chmod +x /etc/init.d/MailScanner chmod 666 /etc/MailScanner/* mkdir /var/spool/MailScanner mkdir /var/spool/MailScanner/incoming mkdir /var/spool/MailScanner/quarantine mkdir /var/spool/MailScanner/archive chown -R mail.adm /var/spool/MailScanner mkdir -p /var/lock/subsys/MailScanner chown -R mail.adm /var/lock/subsys Copy following data to /etc/sav.conf SAV virus data directory = /usr/local/Sophos/ide SAV temp directory = /var/tmp Exim and Debian aspects of /etc/MailScanner/MailScanner.conf # User to run as (provided for Exim users) Run As User = mail # Group to run as (provided for Exim users) Run As Group = adm Incoming Queue Dir = /var/spool/exim_incoming/input # Set location of outgoing mail queue. # This can also be the filename of a ruleset. Outgoing Queue Dir = /var/spool/exim/input # Set where to unpack incoming messages before scanning them Incoming Work Dir = /var/spool/MailScanner/incoming # Set where to store infected and message attachments (if they are kept) # This can also be the filename of a ruleset. Quarantine Dir = /var/spool/MailScanner/quarantine # Set where to store all the process id numbers so you can stop MailScanner PID file = /var/run/MailScanner/MailScanner.pid # Set whether to use sendmail or exim MTA = exim # Set how to invoke MTA when sending messages MailScanner has created Sendmail = /usr/sbin/exim Sendmail2 = /usr/sbin/exim -C /etc/exim/exim.conf.outgoing Language Strings = /etc/MailScanner/languages.conf # Set where to find the message text sent to users when one of their # attachments has been deleted from a message. # These can also be the filenames of rulesets. Deleted Bad Filename Message Report = /etc/MailScanner/deleted.filename.message.txt Deleted Virus Message Report = /etc/MailScanner/deleted.virus.message.txt From dwinkler at ALGORITHMICS.COM Tue Jan 7 17:39:17 2003 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:16:53 2006 Subject: Whitelisting problem Message-ID: <06EE2C86D3DAD5119A6C0060943F3C970402C0B4@tormail1.algorithmics.com> Don't think I'd be able to find what servers they send out all their mail from. Possible feature: Whitelisting based on reverse name lookups. If the email was sent from a server that reverse looks up as domain then whitelist. From: *@ibm.com lookup lookup as an additional parameter to yes no. -----Original Message----- From: Julian Field [mailto:mailscanner@ecs.soton.ac.uk] Sent: Tuesday, January 07, 2003 11:56 AM To: MAILSCANNER@jiscmail.ac.uk Subject: Re: Whitelisting problem At 16:50 07/01/2003, you wrote: >IBM is a partner of ours so I have whitelisted ibm.com > >But now some spammer is forging both the envelope and header to look like >it cam from ibm.com > >The spammer appears to be creating random addresses ending in @ibm.com > >Is my only choice to remove ibm.com from the whitelist? If ibm.com only use a few outgoing mail servers, you could whitelist their IP addresses instead. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030107/c82ef97b/attachment.html From mike at CAMAROSS.NET Tue Jan 7 17:21:27 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:16:53 2006 Subject: SpamAssassin timeout In-Reply-To: Message-ID: <008101c2b671$38786850$6901a8c0@home.middlefinger.net> Since MS has nothing to do with mail delivery, I don't think you can point the finger at it. Yesterday, about 2PM CST, I started getting complaints from people not being able to send email...connections were timing out while sendmail attempted to look up via osirusoft. I removed that from my sendmail.cf, and everything started to flow again. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rose, Bobby Sent: Tuesday, January 07, 2003 11:17 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: SpamAssassin timeout I think there is more to it. I've always use skip_rbl for SA because I use the rbls on the MTA side and I've been seeing the mail backing up in queue. This also started happening after I updated to 4.11-1 on Sunday. I think it's Mailscanner and it's mother process not restarting properly. What I've noticed so far is that I only have 3 MS processes running even though my setting is set to 5. Once process has been running for 4 hours 11 mins and the others are the spawned processess. If I kill MS and restart then I get all my processes back. If I look at my logs, it looks like only one MS processes was doing anything. -----Original Message----- From: Randy Herban [mailto:RHerban@GRAMTEL.NET] Sent: Tuesday, January 07, 2003 11:22 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: SpamAssassin timeout Unfortunately something that I noticed yesterday when the RBL's were offline was that MailScanner was not ceasing to use spamassassin even though I was up to 75 consecutive failures out of 20. I just upgraded to the newest MS-4.11-1 yesterday as well. RedHat 8.0 if it helps. -randy -----Original Message----- From: David Sullivan [mailto:David.Sullivan@BARNET.AC.UK] Sent: Tuesday, January 07, 2003 10:38 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: SpamAssassin timeout On 7 Jan 2003 at 15:28, Spicer, Kevin wrote: > > >Is it possible to test if the RBL-server answer and if not just > > >skip it and do the rest? > > > > SpamAssassin can't do that. If you do the RBL checking with > > MailScanner, it will do what you want. SpamAssassin isn't very > > robust when services it is using fail. > > > > My understanding (read assumption!) was that if you use MailScanner to > do the RBL checks, and then pass to SpamAssassin for further checks > that any message from a host found in the RBL will be marked as SPAM, > even if the spamassassin score would have been lower than the spam > threshold. In other words the mailscanner RBL checks and the > spamassassin checks are completely seperate(?). I think you're misunderstanding the comment slightly. If MailScanner doing RBL checks notices that they've timed out a number of times in a row it will stop using the RBL checks till the next MailScanner restart. If you do the RBL checks within SpamAssassin this means that SpamAssasin as a whole will time out and cannot "disable the RBL checks" itself (as MailScanner does). In turn MailScanner should see that SpamAssassin is timing out and disable it till the next MailScanner restart. David. ============================================================== This communication may contain privileged or confidential information which is for the exclusive use of the intended recipient. If you are not the intended recipient, please note that you may not distribute or use this communication or the information it contains. If this e-mail has reached you in error, please delete it and any attachment. Internet communications are not secure and Barnet College does not accept legal responsibility for the content of this message. Any views or opinions expressed are those of the author and not necessarily those of Barnet College. Please note that Barnet College reserves the right to monitor the source/destinations of all incoming or outgoing e-mail communications. ============================================================== From RHerban at GRAMTEL.NET Tue Jan 7 17:44:46 2003 From: RHerban at GRAMTEL.NET (Randy Herban) Date: Thu Jan 12 21:16:53 2006 Subject: SpamAssassin timeout OT: SpamAssassin timeouts Message-ID: The lookups from osirusoft were causing a problem and spamassassin was timing out while doing these checks. What I noticed was that MailScanner was continuing to use spamassassin at 75 consecutive timeouts out of a possible 20. When the number of timeouts hit 20, it should have stopped using spamassassin (I don't think I'm makin this part up, it's in the documentation and has been mentioned several times on the list) until the next restart. At next restart the counters should drop to 0 (assumption on my part) and if it hits 20 again, it will stop using spamassassin again. Instead, spamassassin was continuing to be used even with 75+ consecutive timeouts and kept queueing up the incoming mail because of this. -Randy -----Original Message----- From: Mike Kercher [mailto:mike@CAMAROSS.NET] Sent: Tuesday, January 07, 2003 12:21 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: SpamAssassin timeout Since MS has nothing to do with mail delivery, I don't think you can point the finger at it. Yesterday, about 2PM CST, I started getting complaints from people not being able to send email...connections were timing out while sendmail attempted to look up via osirusoft. I removed that from my sendmail.cf, and everything started to flow again. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rose, Bobby Sent: Tuesday, January 07, 2003 11:17 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: SpamAssassin timeout I think there is more to it. I've always use skip_rbl for SA because I use the rbls on the MTA side and I've been seeing the mail backing up in queue. This also started happening after I updated to 4.11-1 on Sunday. I think it's Mailscanner and it's mother process not restarting properly. What I've noticed so far is that I only have 3 MS processes running even though my setting is set to 5. Once process has been running for 4 hours 11 mins and the others are the spawned processess. If I kill MS and restart then I get all my processes back. If I look at my logs, it looks like only one MS processes was doing anything. -----Original Message----- From: Randy Herban [mailto:RHerban@GRAMTEL.NET] Sent: Tuesday, January 07, 2003 11:22 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: SpamAssassin timeout Unfortunately something that I noticed yesterday when the RBL's were offline was that MailScanner was not ceasing to use spamassassin even though I was up to 75 consecutive failures out of 20. I just upgraded to the newest MS-4.11-1 yesterday as well. RedHat 8.0 if it helps. -randy -----Original Message----- From: David Sullivan [mailto:David.Sullivan@BARNET.AC.UK] Sent: Tuesday, January 07, 2003 10:38 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: SpamAssassin timeout On 7 Jan 2003 at 15:28, Spicer, Kevin wrote: > > >Is it possible to test if the RBL-server answer and if not just > > >skip it and do the rest? > > > > SpamAssassin can't do that. If you do the RBL checking with > > MailScanner, it will do what you want. SpamAssassin isn't very > > robust when services it is using fail. > > > > My understanding (read assumption!) was that if you use MailScanner to > do the RBL checks, and then pass to SpamAssassin for further checks > that any message from a host found in the RBL will be marked as SPAM, > even if the spamassassin score would have been lower than the spam > threshold. In other words the mailscanner RBL checks and the > spamassassin checks are completely seperate(?). I think you're misunderstanding the comment slightly. If MailScanner doing RBL checks notices that they've timed out a number of times in a row it will stop using the RBL checks till the next MailScanner restart. If you do the RBL checks within SpamAssassin this means that SpamAssasin as a whole will time out and cannot "disable the RBL checks" itself (as MailScanner does). In turn MailScanner should see that SpamAssassin is timing out and disable it till the next MailScanner restart. David. ============================================================== This communication may contain privileged or confidential information which is for the exclusive use of the intended recipient. If you are not the intended recipient, please note that you may not distribute or use this communication or the information it contains. If this e-mail has reached you in error, please delete it and any attachment. Internet communications are not secure and Barnet College does not accept legal responsibility for the content of this message. Any views or opinions expressed are those of the author and not necessarily those of Barnet College. Please note that Barnet College reserves the right to monitor the source/destinations of all incoming or outgoing e-mail communications. ============================================================== From dbird at SGHMS.AC.UK Tue Jan 7 18:12:42 2003 From: dbird at SGHMS.AC.UK (Daniel Bird) Date: Thu Jan 12 21:16:53 2006 Subject: deersoft bought by NAI Message-ID: <3E1B189A.7040005@sghms.ac.uk> All, just in case you haven't heard (haven't noticed anything on the list, but then again I haven't finished reading all my mail from the NY holiday ;), Deersoft, the producers of SpamAssain for windows (out look etc) have been bought out by NAI (see: http://www.mcafeeb2b.com/other/jump/deersoft.asp). This has caused quite a stir on the SATalk mailing lists, with it looking likely 3 of the mail developers will be stopping their contributions. Julian, will this have any impact on your development of MailScanner? regards Dan -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mkettler at EVI-INC.COM Tue Jan 7 18:28:24 2003 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:16:53 2006 Subject: Whitelisting problem In-Reply-To: <06EE2C86D3DAD5119A6C0060943F3C970402C0B4@tormail1.algorith mics.com> Message-ID: <5.1.1.6.0.20030107132624.01fc9598@192.168.50.2> hmm why not: whitelist_from_rcvd *@ibm.com ibm.com The second part of the command does not have to be a complete server name. Just a substring of it. So if any of the mailservers are reported as (something).ibm.com in the received headers, this will have the same effect as your "lookup" feature. At 12:39 PM 1/7/2003 -0500, you wrote: >Don't think I'd be able to find what servers they send out all their mail >from. > >Possible feature: > >Whitelisting based on reverse name lookups. > >If the email was sent from a server that reverse looks up as domain then >whitelist. > >From: *@ibm.com lookup > >lookup as an additional parameter to yes no. From dwinkler at ALGORITHMICS.COM Tue Jan 7 18:32:30 2003 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:16:53 2006 Subject: Whitelisting problem Message-ID: <06EE2C86D3DAD5119A6C0060943F3C970402C0B5@tormail1.algorithmics.com> SpamAssassin gets these from the headers and they're easily forged. My feature would be whitelist only if received from a server which reverse looks up as being that domain. Two different mechanisms. -----Original Message----- From: Matt Kettler [mailto:mkettler@EVI-INC.COM] Sent: Tuesday, January 07, 2003 1:28 PM To: MAILSCANNER@jiscmail.ac.uk Subject: Re: Whitelisting problem hmm why not: whitelist_from_rcvd *@ibm.com ibm.com The second part of the command does not have to be a complete server name. Just a substring of it. So if any of the mailservers are reported as (something).ibm.com in the received headers, this will have the same effect as your "lookup" feature. At 12:39 PM 1/7/2003 -0500, you wrote: >Don't think I'd be able to find what servers they send out all their mail >from. > >Possible feature: > >Whitelisting based on reverse name lookups. > >If the email was sent from a server that reverse looks up as domain then >whitelist. > >From: *@ibm.com lookup > >lookup as an additional parameter to yes no. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030107/8abbc998/attachment.html From brose at MED.WAYNE.EDU Tue Jan 7 18:49:11 2003 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:16:53 2006 Subject: SpamAssassin timeout Message-ID: MS does interfer with delivery. Mail comes into the incoming queue and will sit there until MS scans it and drops it into the outgoing queue if you have it set to the queue option. If it's set to batch then it actually fires off a sendmail process to deliver it. So in effect it does have a lot to do with delivery. Regardless of all that, what I've seen with the 4.11-1 code is that there is something going on either with the automatic 4 hr restart or with the starting of new processes after that 4hr restart. This morning I had 700 message in the incoming queue with 3 MS processes and no RBL checks being done by SA so I'm not seeing the SA timeouts. After I killed MS and restarted it, everything cleared up again. So there is something else going on here. -----Original Message----- From: Mike Kercher [mailto:mike@CAMAROSS.NET] Sent: Tuesday, January 07, 2003 12:21 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: SpamAssassin timeout Since MS has nothing to do with mail delivery, I don't think you can point the finger at it. Yesterday, about 2PM CST, I started getting complaints from people not being able to send email...connections were timing out while sendmail attempted to look up via osirusoft. I removed that from my sendmail.cf, and everything started to flow again. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rose, Bobby Sent: Tuesday, January 07, 2003 11:17 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: SpamAssassin timeout I think there is more to it. I've always use skip_rbl for SA because I use the rbls on the MTA side and I've been seeing the mail backing up in queue. This also started happening after I updated to 4.11-1 on Sunday. I think it's Mailscanner and it's mother process not restarting properly. What I've noticed so far is that I only have 3 MS processes running even though my setting is set to 5. Once process has been running for 4 hours 11 mins and the others are the spawned processess. If I kill MS and restart then I get all my processes back. If I look at my logs, it looks like only one MS processes was doing anything. -----Original Message----- From: Randy Herban [mailto:RHerban@GRAMTEL.NET] Sent: Tuesday, January 07, 2003 11:22 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: SpamAssassin timeout Unfortunately something that I noticed yesterday when the RBL's were offline was that MailScanner was not ceasing to use spamassassin even though I was up to 75 consecutive failures out of 20. I just upgraded to the newest MS-4.11-1 yesterday as well. RedHat 8.0 if it helps. -randy -----Original Message----- From: David Sullivan [mailto:David.Sullivan@BARNET.AC.UK] Sent: Tuesday, January 07, 2003 10:38 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: SpamAssassin timeout On 7 Jan 2003 at 15:28, Spicer, Kevin wrote: > > >Is it possible to test if the RBL-server answer and if not just > > >skip it and do the rest? > > > > SpamAssassin can't do that. If you do the RBL checking with > > MailScanner, it will do what you want. SpamAssassin isn't very > > robust when services it is using fail. > > > > My understanding (read assumption!) was that if you use MailScanner to > do the RBL checks, and then pass to SpamAssassin for further checks > that any message from a host found in the RBL will be marked as SPAM, > even if the spamassassin score would have been lower than the spam > threshold. In other words the mailscanner RBL checks and the > spamassassin checks are completely seperate(?). I think you're misunderstanding the comment slightly. If MailScanner doing RBL checks notices that they've timed out a number of times in a row it will stop using the RBL checks till the next MailScanner restart. If you do the RBL checks within SpamAssassin this means that SpamAssasin as a whole will time out and cannot "disable the RBL checks" itself (as MailScanner does). In turn MailScanner should see that SpamAssassin is timing out and disable it till the next MailScanner restart. David. ============================================================== This communication may contain privileged or confidential information which is for the exclusive use of the intended recipient. If you are not the intended recipient, please note that you may not distribute or use this communication or the information it contains. If this e-mail has reached you in error, please delete it and any attachment. Internet communications are not secure and Barnet College does not accept legal responsibility for the content of this message. Any views or opinions expressed are those of the author and not necessarily those of Barnet College. Please note that Barnet College reserves the right to monitor the source/destinations of all incoming or outgoing e-mail communications. ============================================================== From mailscanner at ecs.soton.ac.uk Tue Jan 7 19:01:58 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:53 2006 Subject: deersoft bought by NAI In-Reply-To: <3E1B189A.7040005@sghms.ac.uk> Message-ID: <5.2.0.9.2.20030107190007.0205c0b0@imap.ecs.soton.ac.uk> At 18:12 07/01/2003, you wrote: >All, >just in case you haven't heard (haven't noticed anything on the list, >but then again I haven't finished reading all my mail from the NY >holiday ;), Deersoft, the producers of SpamAssain for windows (out look >etc) have been bought out by NAI (see: >http://www.mcafeeb2b.com/other/jump/deersoft.asp). This has caused quite >a stir on the SATalk mailing lists, I bet it has! > with it looking likely 3 of the mail >developers will be stopping their contributions. Great, just what we need :-( I wonder if MessageLabs will continue Open Source development of it at all, or will they move completely in-house and not release anything. >Julian, will this have any impact on your development of MailScanner? Probably, yes :( Let's give them a few weeks and see how the dust settles. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Tue Jan 7 18:55:54 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:53 2006 Subject: SpamAssassin timeout OT: SpamAssassin timeouts In-Reply-To: Message-ID: <5.2.0.9.2.20030107185527.02ad6ac0@imap.ecs.soton.ac.uk> At 17:44 07/01/2003, you wrote: >The lookups from osirusoft were causing a problem and spamassassin was >timing out while doing these checks. What I noticed was that MailScanner >was continuing to use spamassassin at 75 consecutive timeouts out of a >possible 20. >When the number of timeouts hit 20, it should have stopped using >spamassassin (I don't think I'm makin this part up, it's in the >documentation and has been mentioned several times on the list) until the >next restart. At next restart the counters should drop to 0 (assumption on >my part) and if it hits 20 again, it will stop using spamassassin again. >Instead, spamassassin was continuing to be used even with 75+ consecutive >timeouts and kept queueing up the incoming mail because of this. This fix is noted in the 4.11 ChangeLog. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Tue Jan 7 18:59:58 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:53 2006 Subject: SpamAssassin timeout -- suggested fix? In-Reply-To: <008101c2b671$38786850$6901a8c0@home.middlefinger.net> References: Message-ID: <5.2.0.9.2.20030107185704.01fdd900@imap.ecs.soton.ac.uk> For the adventurous among you, I've come up with an idea to improve the RBL timeout in SpamAssassin problem. What I wanted to be able to do was disable the RBL checking that SpamAssassin does, without disabling SpamAssassin completely. It's in SA.pm. There is a line that says "sub Checks {" which is the start of the "Checks" subroutine. About 10 lines down there is a chunk of code that says return (0,0, sprintf(MailScanner::Config::LanguageValue($message,'sadisabled'), $maxfailures), 0) if $maxfailures>0 && $safailures>=$maxfailures; Please change that to $MailScanner::SA::SAspamtest->{conf}->{skip_rbl_checks} = 1 if $maxfailures>0 && $safailures>=$maxfailures; Then hopefully instead of disabling SpamAssassin altogether, it will just disable the RBL checking in it. The bit I haven't done yet is a way of still disabling SA altogether if it continues to fail even after stopping its RBL checks. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Tue Jan 7 19:03:46 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:53 2006 Subject: MS 4, Exim 4 on Debian 3 Install Notes In-Reply-To: References: <5.2.0.9.2.20021219224834.0209acd8@imap.ecs.soton.ac.uk> Message-ID: <5.2.0.9.2.20030107190302.02bd6c70@imap.ecs.soton.ac.uk> At 17:25 07/01/2003, you wrote: >I have not found a Debian package for this combination, and have >included my notes on such an install. I believe Nick is intending to start on this very soon. Drop him a line at nick@mailscanner.info. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From MHewryk at SYMCOR.COM Tue Jan 7 19:45:09 2003 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:16:53 2006 Subject: ruleset=check_rcpt Message-ID: Hi, >I'm running : >Redhat 7.3 >MailScanner: 4.10 >SpamAssassin 2.43 I've disabled all rulesets in my /etc/MailScanner.conf file and for some reason I'm getting ruleset=check_rcpt message in my maillog file. Why am I getting this error? Jan 7 14:36:01 tonka sendmail[27109]: h07Ja1cc027109: ruleset=check_rcpt, arg1=, relay=ns.xxx.com [xxx.xxx.12.xx] (may be forged), reject=550 5.7.1 ... Relaying denied. IP name possibly forged [xxx.xxx.12.xx] Thanks, Magda From dwinkler at ALGORITHMICS.COM Tue Jan 7 19:48:22 2003 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:16:53 2006 Subject: ruleset=check_rcpt Message-ID: <06EE2C86D3DAD5119A6C0060943F3C970402C0B8@tormail1.algorithmics.com> That's a sendmail message not MailScanner -----Original Message----- From: Magda Hewryk [mailto:MHewryk@symcor.com] Sent: Tuesday, January 07, 2003 2:45 PM To: MAILSCANNER@jiscmail.ac.uk Subject: ruleset=check_rcpt Hi, >I'm running : >Redhat 7.3 >MailScanner: 4.10 >SpamAssassin 2.43 I've disabled all rulesets in my /etc/MailScanner.conf file and for some reason I'm getting ruleset=check_rcpt message in my maillog file. Why am I getting this error? Jan 7 14:36:01 tonka sendmail[27109]: h07Ja1cc027109: ruleset=check_rcpt, arg1=, relay=ns.xxx.com [xxx.xxx.12.xx] (may be forged), reject=550 5.7.1 ... Relaying denied. IP name possibly forged [xxx.xxx.12.xx] Thanks, Magda -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030107/d507089b/attachment.html From lbergman at wtxs.net Tue Jan 7 19:49:25 2003 From: lbergman at wtxs.net (Lewis Bergman) Date: Thu Jan 12 21:16:53 2006 Subject: ruleset=check_rcpt In-Reply-To: References: Message-ID: <200301071349.25481.lbergman@wtxs.net> > Jan 7 14:36:01 tonka sendmail[27109]: h07Ja1cc027109: ruleset=check_rcpt, > arg1=, relay=ns.xxx.com [xxx.xxx.12.xx] (may be forged), > reject=550 5.7.1 ... Relaying denied. IP name possibly > forged [xxx.xxx.12.xx] That is a sendmial error (550). Mailscanner doesn't have anything to do with it. If you control dns for all those x's you put in there then fix that. -- Lewis Bergman Texas Communications 4309 Maple St. Abilene, TX 79602-8044 915-695-6962 ext 115 From Kevin.Spicer at BMRB.CO.UK Tue Jan 7 19:51:07 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:16:53 2006 Subject: ruleset=check_rcpt Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0A4ACF8@pascal.priv.bmrb.co.uk> > I've disabled all rulesets in my /etc/MailScanner.conf file > and for some > reason I'm getting ruleset=check_rcpt message in my maillog file. > Why am I getting this error? > > Jan 7 14:36:01 tonka sendmail[27109]: h07Ja1cc027109: > ruleset=check_rcpt, > arg1=, relay=ns.xxx.com [xxx.xxx.12.xx] (may > be forged), > reject=550 5.7.1 ... Relaying denied. IP name possibly > forged [xxx.xxx.12.xx] > Thats a sendmail error, nothing to do with MailScanner. Its not clear from your obfuscated headers why, or whether this is a genuine message or some unauthorised person trying to relay through your server. From MHewryk at SYMCOR.COM Tue Jan 7 20:30:00 2003 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:16:53 2006 Subject: Spam Checks: Starting Message-ID: Hi, It is unclear to me why MailScanner still reads rules even though I disabled them through MailScanner.conf file? Example: ========== I've changed ../rules/deliver.clean.rules file to look like (added "To"): FromTo: default yes (I've always had " Log Spam = yes" turned on) and FINALLY I started getting detailed logs from SpamAssassin but rules are turned off in MailScanner.conf file !!!!!!!!!!!!!!!!!!! Jan 7 15:20:18 tonka MailScanner[32537]: New Batch: Scanning 1 messages, 885 bytes Jan 7 15:20:18 tonka MailScanner[32537]: Spam Checks: Starting Jan 7 15:20:53 tonka MailScanner[32537]: Message h07KKEH7032751 from 127.0.0.1 (tonka.aberfoyle.com) is spam, SpamAssassin (score=7.9, required 5, FREE_MONEY, NO_MX_FOR_FROM, PLING_PLING, SPAM_PHRASE_00_01, SUBJ_ALL_CAPS, SUBJ_FREE_CAP, SUB_FREE_OFFER, UPPERCASE_75_100) Jan 7 15:20:54 tonka MailScanner[32537]: Spam Checks: Found 1 spam messages Jan 7 15:20:54 tonka MailScanner[32537]: Spam Actions: message h07KKEH7032751 actions are deliver Question: ========= Why the change done above will take effect if my rules are disabled in MailScanner.conf file: Deliver Cleaned Messages = yes # mnh Deliver Cleaned Messages = /etc/MailScanner/rules/deliver.clean.rules Spam Checks = yes # mnh Spam Checks = /etc/MailScanner/rules/deliver.clean.rules Any tips? Thanks, Magda Hewryk -------------------------------- Mid-Range Systems RSP: 905-273-1637 CELL: 416-948-4427 From mailscanner at ecs.soton.ac.uk Tue Jan 7 20:41:41 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:53 2006 Subject: Spam Checks: Starting In-Reply-To: Message-ID: <5.2.0.9.2.20030107204024.02e083e0@imap.ecs.soton.ac.uk> Have you done a reload or a restart of MailScanner since you edited the conf files? At 20:30 07/01/2003, you wrote: >Hi, > >It is unclear to me why MailScanner still reads rules even though I >disabled them through MailScanner.conf file? > >Example: >========== >I've changed ../rules/deliver.clean.rules file to look like (added "To"): >FromTo: default yes > >(I've always had " Log Spam = yes" turned on) > >and FINALLY I started getting detailed logs from SpamAssassin but rules are >turned off in MailScanner.conf file !!!!!!!!!!!!!!!!!!! > >Jan 7 15:20:18 tonka MailScanner[32537]: New Batch: Scanning 1 messages, >885 bytes >Jan 7 15:20:18 tonka MailScanner[32537]: Spam Checks: Starting >Jan 7 15:20:53 tonka MailScanner[32537]: Message h07KKEH7032751 from >127.0.0.1 (tonka.aberfoyle.com) is spam, SpamAssassin (score=7.9, required >5, FREE_MONEY, NO_MX_FOR_FROM, PLING_PLING, SPAM_PHRASE_00_01, >SUBJ_ALL_CAPS, SUBJ_FREE_CAP, SUB_FREE_OFFER, UPPERCASE_75_100) >Jan 7 15:20:54 tonka MailScanner[32537]: Spam Checks: Found 1 spam >messages >Jan 7 15:20:54 tonka MailScanner[32537]: Spam Actions: message >h07KKEH7032751 actions are deliver > >Question: >========= >Why the change done above will take effect if my rules are disabled in >MailScanner.conf file: >Deliver Cleaned Messages = yes ># mnh Deliver Cleaned Messages = /etc/MailScanner/rules/deliver.clean.rules >Spam Checks = yes ># mnh Spam Checks = /etc/MailScanner/rules/deliver.clean.rules > >Any tips? > >Thanks, > >Magda Hewryk >-------------------------------- >Mid-Range Systems >RSP: 905-273-1637 >CELL: 416-948-4427 -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From combs at magnet.fsu.edu Tue Jan 7 20:58:15 2003 From: combs at magnet.fsu.edu (Tom Combs) Date: Thu Jan 12 21:16:53 2006 Subject: ok to link /opt/ms to /usr/local/ms ??? Message-ID: <200301072058.h07KwFOK001983@osprey.magnet.fsu.edu> Hello All, I prefer to run mailscanner out of /usr/local/mailscanner instead of /opt/mailscanner. Is there any reason I should not just ln -s /usr/local/mailscanner /opt/mailscanner instead of changing all the directory entries in the code? TIA! -- Tom Combs E-mail: combs@magnet.fsu.edu National High Magnetic Field Laboratory Phone: (850) 644-1657 1800 E. Paul Dirac Drive Tallahassee, FL 32310 From MHewryk at SYMCOR.COM Tue Jan 7 21:12:07 2003 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:16:53 2006 Subject: Spam Checks: Starting Message-ID: I've done stop/start of MailScanner. Thanks, Magda Hewryk -------------------------------- Mid-Range Systems RSP: 905-273-1637 CELL: 416-948-4427 Julian Field cc: Sent by: Subject: Re: Spam Checks: Starting MailScanner mailing list 01/07/2003 03:41 PM Please respond to MailScanner mailing list Have you done a reload or a restart of MailScanner since you edited the conf files? At 20:30 07/01/2003, you wrote: >Hi, > >It is unclear to me why MailScanner still reads rules even though I >disabled them through MailScanner.conf file? > >Example: >========== >I've changed ../rules/deliver.clean.rules file to look like (added "To"): >FromTo: default yes > >(I've always had " Log Spam = yes" turned on) > >and FINALLY I started getting detailed logs from SpamAssassin but rules are >turned off in MailScanner.conf file !!!!!!!!!!!!!!!!!!! > >Jan 7 15:20:18 tonka MailScanner[32537]: New Batch: Scanning 1 messages, >885 bytes >Jan 7 15:20:18 tonka MailScanner[32537]: Spam Checks: Starting >Jan 7 15:20:53 tonka MailScanner[32537]: Message h07KKEH7032751 from >127.0.0.1 (tonka.aberfoyle.com) is spam, SpamAssassin (score=7.9, required >5, FREE_MONEY, NO_MX_FOR_FROM, PLING_PLING, SPAM_PHRASE_00_01, >SUBJ_ALL_CAPS, SUBJ_FREE_CAP, SUB_FREE_OFFER, UPPERCASE_75_100) >Jan 7 15:20:54 tonka MailScanner[32537]: Spam Checks: Found 1 spam >messages >Jan 7 15:20:54 tonka MailScanner[32537]: Spam Actions: message >h07KKEH7032751 actions are deliver > >Question: >========= >Why the change done above will take effect if my rules are disabled in >MailScanner.conf file: >Deliver Cleaned Messages = yes ># mnh Deliver Cleaned Messages = /etc/MailScanner/rules/deliver.clean.rules >Spam Checks = yes ># mnh Spam Checks = /etc/MailScanner/rules/deliver.clean.rules > >Any tips? > >Thanks, > >Magda Hewryk >-------------------------------- >Mid-Range Systems >RSP: 905-273-1637 >CELL: 416-948-4427 -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From gerben at BREKELMANS.COM Tue Jan 7 21:29:02 2003 From: gerben at BREKELMANS.COM (Gerben Welter) Date: Thu Jan 12 21:16:53 2006 Subject: MailScanner causing server to crash In-Reply-To: <1041801959.1004.32.camel@bill> Message-ID: <5.2.0.9.2.20030107221831.02c39ad0@brekelmans.com> Hi. A few months ago I had a similar problem. Our Linux proxy server which had been up for over 7 months started to reset spontaneously . At first it would happen only once in a few days. At the end the box wouldn't last longer than a few hours. I knew I didn't change anything to the software that would explain the change in stability. I began to suspect hardware failure due to heat problems (bad cpufan e.g.) Once the server was opened I saw the problem: the capacitors surrounding the cpu looked like they were going to burst or were already leaking. That probably made the powersupply to the cpu unstable. The motherboard was replaced and the server has been rock solid again. Once I saw the capacitors I remembered reading somewhere that lots of motherboard manufacturers had bought batches of bad capacitors and a lot of motherboards starting to get returned. So my advice is to check your server hardware for obvious signs of degradation. Gerben. At 15:25 1/5/2003 -0600, you wrote: >I'm having a major problem with MailScanner (indirectly) and I am hoping >that someone here may be able to help me with it. It seems that when >MailScanner (4.10) is running, the server tends to reboot. However I >don't believe that it is a problem with MailScanner. I say this because >the server is running on a RAID5 setup with a Mylex DAC960 controller >with Barracuda SCSI drives. > >I suspect that the machine is rebooting due to the slowness of the RAID >array. I'm not exactly sure though, but I do feel that it is directly >related. > >I'm currently running sendmail with spamass-milter with procmail to >filter out and delete spam, but I would like to be able to filter >viruses again. I have tried disabling Virus Scanning and Spam Checks, >with both disabled the machine still crashes. > >The crashes are random, sometimes the server will stay up and work >correctly for a few days, sometimes it can't last an hour. The machine >its self is a quad Xeon 500MHz setup with a gig and a half of ram, >running RedHat 8.0. There is nothing in the log files to point anywhere >since the machine is rebooting before it can write to syslog. > >Could anyone offer any insight on this problem? > >Regards, >Bill Omer From mailscanner at ecs.soton.ac.uk Tue Jan 7 21:54:27 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:53 2006 Subject: MailScanner causing server to crash In-Reply-To: <5.2.0.9.2.20030107221831.02c39ad0@brekelmans.com> References: <1041801959.1004.32.camel@bill> Message-ID: <5.2.0.9.2.20030107215011.02c0ae78@imap.ecs.soton.ac.uk> At 21:29 07/01/2003, you wrote: >Once I saw the capacitors I remembered reading somewhere that lots of >motherboard manufacturers had bought batches of bad capacitors and a lot of >motherboards starting to get returned. We have recently had many motherboards 2 or 3 years old (P3/800 era) die from exactly this problem. One of the main component manufacturers produced several months worth bad capacitors. The other one that came to a conclusion is the Fujitsu hard disk problem. Caused by a bad batch of ceramic used by Cirrus Logic to package one of their IC's on the controller boards of Fujitsu disks. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Tue Jan 7 21:59:32 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:53 2006 Subject: ok to link /opt/ms to /usr/local/ms ??? In-Reply-To: <200301072058.h07KwFOK001983@osprey.magnet.fsu.edu> Message-ID: <5.2.0.9.2.20030107215444.02955008@imap.ecs.soton.ac.uk> At 20:58 07/01/2003, you wrote: > I prefer to run mailscanner out of /usr/local/mailscanner instead of > /opt/mailscanner. Is there any reason I should not just > ln -s /usr/local/mailscanner /opt/mailscanner Not that I can think of. If you do ln -s /usr/local/MailScanner-4.11-1 /opt/mailscanner then you will find upgrading to a new version much easier. > instead of changing > all the directory entries in the code? TIA! You don't need to touch the code, just all the config files and the shell scripts. The one exception to that is the very first line of /opt/MailScanner/bin/MailScanner. >National High Magnetic Field Laboratory Phone: (850) 644-1657 >1800 E. Paul Dirac Drive Tallahassee, FL 32310 Can I add you to my "list of users" web page please? Your lab would look good on the list :-) -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From jase at SENSIS.COM Tue Jan 7 21:56:48 2003 From: jase at SENSIS.COM (Desai, Jason) Date: Thu Jan 12 21:16:53 2006 Subject: Exim and MS 4.11-1 Message-ID: Hello. I am trying to upgrade MS from version 3 to 4.11-1. I have shut down the old version and renamed its directory, and I am treating this as a new install. But when I run the new version, the spawned processes seem to scan the mail for spam, then for viruses, and then partially move one message from the in queue to the out queue before crashing. Then another process does the same thing. I set Debug = yes in the config file and ran MS again, and this is what I get: # /usr/local/MailScanner/bin/MailScanner /usr/local/MailScanner/etc/MailScanner.conf In Debugging mode, not forking... Not an ARRAY reference at /usr/local/MailScanner/lib/MailScanner/Exim.pm line 1082. Stopping now as you are debugging me. # Not an ARRAY reference at /usr/local/MailScanner/lib/MailScanner/Exim.pm line 1082. After this run, the -D file from one of my messages in the in queue has been moved to the out queue, and the -H file is nowhere to be found. I know a little bit of perl, and took a look at Exim.pm, but I don't know what it is supposed to be doing. It must be something I've configured wrong, as nobody else seems to be having this problem. Any ideas? I am using Exim 3.35. Here are some lines from my config file - I can post the whole thing if needed: Run As User = mail Incoming Queue Dir = /var/spool/exim_incoming/input Outgoing Queue Dir = /var/spool/exim/input MTA = exim Sendmail = /usr/sbin/exim Sendmail2 = /usr/sbin/exim -C /etc/exim_outgoing.conf Deliver In Background = yes Delivery Method = batch Thanks for any thoughts. Jason Desai From paul at ESPMAIL.CO.UK Tue Jan 7 21:58:47 2003 From: paul at ESPMAIL.CO.UK (Paul Welsh) Date: Thu Jan 12 21:16:53 2006 Subject: deersoft bought by NAI References: <3E1B189A.7040005@sghms.ac.uk> Message-ID: <006f01c2b698$7d45b600$9ce230d5@espmail> ----- Original Message ----- From: "Daniel Bird" To: Sent: 07 January 2003 18:12 Subject: deersoft bought by NAI > Deersoft, the producers of SpamAssain for windows (out look > etc) have been bought out by NAI (see: > http://www.mcafeeb2b.com/other/jump/deersoft.asp). This has caused quite > a stir on the SATalk mailing lists, with it looking likely 3 of the mail > developers will be stopping their contributions. > Doesn't look promising, does it? To quote from http://www.mcafeeb2b.com/other/jump/deersoft-faq.asp: "The SpamAssassin open source project will continue and will be maintained by its current authors including Justin Mason and Craig Hughes." Sounds good. However, it goes on to say in the next sentence: "Mason and Hughes will be employees of Network Associates and will devote their energies to the development of the proprietary McAfee product." Er, so if Mason and Hughes will put all their energies into the McAfee product how on earth are they going to maintain the open source project? What double speak! The icing on the cake? Network Associates now own the SpamAssassin name. From mailscanner at ecs.soton.ac.uk Tue Jan 7 22:06:56 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:53 2006 Subject: Exim and MS 4.11-1 In-Reply-To: Message-ID: <5.2.0.9.2.20030107220532.02bf7f80@imap.ecs.soton.ac.uk> At 21:56 07/01/2003, you wrote: >I am trying to upgrade MS from version 3 to 4.11-1. I have shut down the >old version and renamed its directory, and I am treating this as a new >install. But when I run the new version, the spawned processes seem to scan >the mail for spam, then for viruses, and then partially move one message >from the in queue to the out queue before crashing. Then another process >does the same thing. You probably still have the cron job which regularly restarts version 3. Check /etc/cron*/*. >I set Debug = yes in the config file and ran MS again, and this is what I >get: > ># /usr/local/MailScanner/bin/MailScanner >/usr/local/MailScanner/etc/MailScanner.conf >In Debugging mode, not forking... >Not an ARRAY reference at /usr/local/MailScanner/lib/MailScanner/Exim.pm >line 1082. >Stopping now as you are debugging me. ># Not an ARRAY reference at /usr/local/MailScanner/lib/MailScanner/Exim.pm >line 1082. > >After this run, the -D file from one of my messages in the in queue has been >moved to the out queue, and the -H file is nowhere to be found. > >I know a little bit of perl, and took a look at Exim.pm, but I don't know >what it is supposed to be doing. It must be something I've configured >wrong, as nobody else seems to be having this problem. Any ideas? > >I am using Exim 3.35. Here are some lines from my config file - I can post >the whole thing if needed: > >Run As User = mail >Incoming Queue Dir = /var/spool/exim_incoming/input >Outgoing Queue Dir = /var/spool/exim/input >MTA = exim >Sendmail = /usr/sbin/exim >Sendmail2 = /usr/sbin/exim -C /etc/exim_outgoing.conf >Deliver In Background = yes >Delivery Method = batch > >Thanks for any thoughts. > >Jason Desai -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From jase at SENSIS.COM Tue Jan 7 22:15:17 2003 From: jase at SENSIS.COM (Desai, Jason) Date: Thu Jan 12 21:16:53 2006 Subject: Exim and MS 4.11-1 Message-ID: > -----Original Message----- > From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > Sent: Tuesday, January 07, 2003 5:07 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] Exim and MS 4.11-1 > > > At 21:56 07/01/2003, you wrote: > >I am trying to upgrade MS from version 3 to 4.11-1. I have > shut down the > >old version and renamed its directory, and I am treating > this as a new > >install. But when I run the new version, the spawned > processes seem to scan > >the mail for spam, then for viruses, and then partially move > one message > >from the in queue to the out queue before crashing. Then > another process > >does the same thing. > > You probably still have the cron job which regularly restarts > version 3. > Check /etc/cron*/*. > I was running check_mailscanner from root's crontab, and taking that out was the first thing I did. I also checked for any processes hanging around: # ps auxw |grep -i mailscanner root 18499 0.0 0.6 1332 436 pts/5 S 17:13 0:00 grep -i mailscanner Any other thoughts? Thanks. Jason Desai From mailscanner at ecs.soton.ac.uk Tue Jan 7 22:27:01 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:53 2006 Subject: Exim and MS 4.11-1 In-Reply-To: Message-ID: <5.2.0.9.2.20030107222556.02cc9a90@imap.ecs.soton.ac.uk> At 22:15 07/01/2003, you wrote: > > -----Original Message----- > > From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > > Sent: Tuesday, January 07, 2003 5:07 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: [MAILSCANNER] Exim and MS 4.11-1 > > > > > > At 21:56 07/01/2003, you wrote: > > >I am trying to upgrade MS from version 3 to 4.11-1. I have > > shut down the > > >old version and renamed its directory, and I am treating > > this as a new > > >install. But when I run the new version, the spawned > > processes seem to scan > > >the mail for spam, then for viruses, and then partially move > > one message > > >from the in queue to the out queue before crashing. Then > > another process > > >does the same thing. > > > > You probably still have the cron job which regularly restarts > > version 3. > > Check /etc/cron*/*. > > > >I was running check_mailscanner from root's crontab, and taking that out was >the first thing I did. I also checked for any processes hanging around: > ># ps auxw |grep -i mailscanner >root 18499 0.0 0.6 1332 436 pts/5 S 17:13 0:00 grep -i >mailscanner Also check the permissions and ownership on the "incoming" and "quarantine" directories. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From support at INVICTANET.CO.UK Tue Jan 7 22:50:22 2003 From: support at INVICTANET.CO.UK (InvictaNet Customer Support) Date: Thu Jan 12 21:16:53 2006 Subject: deersoft bought by NAI In-Reply-To: <006f01c2b698$7d45b600$9ce230d5@espmail> Message-ID: Wasn't it NAI that bought that other fine product, PGP, for a vast amount of money. Then, when they realised that nobody was buying it, dumped it quietly?................ Martyn Routley ----------------------------------------------------------------- InvictaNet - The Internet in Plain English, Guaranteed http://www.invictanet.co.uk martyn@support.invictanet.co.uk phone: 08707 440180 fax: 08707 440181 Ask us about our online Antivirus and Junk mail scanning service ----------------------------------------------------------------- -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Paul Welsh Sent: 07 January 2003 21:59 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: deersoft bought by NAI ----- Original Message ----- From: "Daniel Bird" To: Sent: 07 January 2003 18:12 Subject: deersoft bought by NAI > Deersoft, the producers of SpamAssain for windows (out look > etc) have been bought out by NAI (see: > http://www.mcafeeb2b.com/other/jump/deersoft.asp). This has caused quite > a stir on the SATalk mailing lists, with it looking likely 3 of the mail > developers will be stopping their contributions. > Doesn't look promising, does it? To quote from http://www.mcafeeb2b.com/other/jump/deersoft-faq.asp: "The SpamAssassin open source project will continue and will be maintained by its current authors including Justin Mason and Craig Hughes." Sounds good. However, it goes on to say in the next sentence: "Mason and Hughes will be employees of Network Associates and will devote their energies to the development of the proprietary McAfee product." Er, so if Mason and Hughes will put all their energies into the McAfee product how on earth are they going to maintain the open source project? What double speak! The icing on the cake? Network Associates now own the SpamAssassin name. ---------------------------------------------- This message has been scanned for viruses and dangerous content by the http://www.anti84787.com MailScanner, and is believed to be clean. From mailscanner-sub at WIREHUB.NET Tue Jan 7 23:03:20 2003 From: mailscanner-sub at WIREHUB.NET (Ben C. O. Grimm) Date: Thu Jan 12 21:16:53 2006 Subject: OT: Dynamically updating /etc/mail/access In-Reply-To: References: <8A6DFB0865502242A29E25BDAEFBB9451ABE7B@d2sexchtest.cqg.com> Message-ID: On 7 Jan 2003 00:50:03 +0100, Stewart Lawler wrote: > this looks like a great solution - but what is the performance impact? > The relay machine i'm running mailscanner on at the moment is rather old > and might not cope with being given much more to do. :-) The only performance impact will be hashing the database when using the full list. Shouldn't be too much work though. You don't have to worry about the size of the resulting db; hash lookups are blazingly fast. Our access.db is >20 MB in size (we put a lot of extra information in it), and it gets called at least 2 times per second. I sleep well. -- - Ben C. O. Grimm ----------------- Ben.Grimm@wirehub.net - - Wirehub! Internet Engineering - http://www.wirehub.net/ - - Private Ponderings ----------- http://www.bengrimm.net/ - - Wirehub! Internet ----------- part of easynet Group plc - From jase at SENSIS.COM Tue Jan 7 23:04:22 2003 From: jase at SENSIS.COM (Desai, Jason) Date: Thu Jan 12 21:16:53 2006 Subject: Exim and MS 4.11-1 Message-ID: > -----Original Message----- > From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > Sent: Tuesday, January 07, 2003 5:27 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] Exim and MS 4.11-1 > > > At 22:15 07/01/2003, you wrote: > > > -----Original Message----- > > > From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > > > Sent: Tuesday, January 07, 2003 5:07 PM > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Subject: Re: [MAILSCANNER] Exim and MS 4.11-1 > > > > > > > > > At 21:56 07/01/2003, you wrote: > > > >I am trying to upgrade MS from version 3 to 4.11-1. I have > > > shut down the > > > >old version and renamed its directory, and I am treating > > > this as a new > > > >install. But when I run the new version, the spawned > > > processes seem to scan > > > >the mail for spam, then for viruses, and then partially move > > > one message > > > >from the in queue to the out queue before crashing. Then > > > another process > > > >does the same thing. > > > > > > You probably still have the cron job which regularly restarts > > > version 3. > > > Check /etc/cron*/*. > > > > > > >I was running check_mailscanner from root's crontab, and > taking that out was > >the first thing I did. I also checked for any processes > hanging around: > > > ># ps auxw |grep -i mailscanner > >root 18499 0.0 0.6 1332 436 pts/5 S 17:13 > 0:00 grep -i > >mailscanner > > Also check the permissions and ownership on the "incoming" > and "quarantine" > directories. They look ok to me: # ls -ald /var/spool/MailScanner/incoming drwxrwxr-x 9 root mail 3072 Jan 7 16:48 /var/spool/MailScanner/incoming # ls -ald /var/spool/MailScanner/quarantine/ drwxrwxr-x 349 root mail 6144 Jan 7 00:14 /var/spool/MailScanner/quarantine/ # ls -ald /var/spool/exim/input/ drwxrwx--- 2 mail mail 3072 Jan 7 17:06 /var/spool/exim/input/ # ls -ald /var/spool/exim_incoming/input/ drwxrwx--- 2 mail mail 3072 Jan 7 18:00 /var/spool/exim_incoming/input/ The user mail is in the group mail, so he should have full access to these directories. These are the same directories that I used for version 3. I'm open to any other suggestions. Thanks! Jason Desai From LSMailScanner at infopackaging.com Tue Jan 7 23:47:25 2003 From: LSMailScanner at infopackaging.com (Troy Sorzano) Date: Thu Jan 12 21:16:53 2006 Subject: Centralized aliases In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0A32BF5@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB0A32BF5@pascal.priv.bmrb.co.uk> Message-ID: >>I use mailscanner in front of an exchange box and my mailscanner box >>doesn't know any of my users names. Kevin, How are you managing users preferences for whitelists and blacklists? I have the same configuration as you but need to figgure out how to use difference preferences for each email account. Thanks, Troy Sorzano From nwp at LEMON-COMPUTING.COM Wed Jan 8 00:26:06 2003 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:16:53 2006 Subject: Exim and MS 4.11-1 In-Reply-To: Message-ID: On Wednesday, January 8, 2003, at 10:56 am, Desai, Jason wrote: > # /usr/local/MailScanner/bin/MailScanner > /usr/local/MailScanner/etc/MailScanner.conf > In Debugging mode, not forking... > Not an ARRAY reference at > /usr/local/MailScanner/lib/MailScanner/Exim.pm > line 1082. > Stopping now as you are debugging me. > # Not an ARRAY reference at > /usr/local/MailScanner/lib/MailScanner/Exim.pm > line 1082. > > After this run, the -D file from one of my messages in the in queue > has been > moved to the out queue, and the -H file is nowhere to be found. Odd. It may be something particular about the files you're trying to process that's tickling a bug; does it happen no matter what is in the queue when you start it up, or does it only happen for particular messages? Cheers, Nick From jase at SENSIS.COM Wed Jan 8 00:48:07 2003 From: jase at SENSIS.COM (Desai, Jason) Date: Thu Jan 12 21:16:53 2006 Subject: Exim and MS 4.11-1 Message-ID: > -----Original Message----- > From: Nick Phillips [mailto:nwp@LEMON-COMPUTING.COM] > Sent: Tuesday, January 07, 2003 7:26 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] Exim and MS 4.11-1 > > > On Wednesday, January 8, 2003, at 10:56 am, Desai, Jason wrote: > > > # /usr/local/MailScanner/bin/MailScanner > > /usr/local/MailScanner/etc/MailScanner.conf > > In Debugging mode, not forking... > > Not an ARRAY reference at > > /usr/local/MailScanner/lib/MailScanner/Exim.pm > > line 1082. > > Stopping now as you are debugging me. > > # Not an ARRAY reference at > > /usr/local/MailScanner/lib/MailScanner/Exim.pm > > line 1082. > > > > After this run, the -D file from one of my messages in the in queue > > has been > > moved to the out queue, and the -H file is nowhere to be found. > > Odd. It may be something particular about the files you're trying to > process that's > tickling a bug; does it happen no matter what is in the queue when you > start it up, or > does it only happen for particular messages? It seems to be very consistent. With each run, there is one less message in the first batch. I have run it with as little as 4 messages in the in queue, with the same result. It almost seems like there were multiple instances of MailScanner running. Notice that I got my prompt back and then got another error message about the Exim.pm file. Is there anything I can do to help you debug this? Thanks! Jason Desai From jase at SENSIS.COM Wed Jan 8 00:54:54 2003 From: jase at SENSIS.COM (Desai, Jason) Date: Thu Jan 12 21:16:53 2006 Subject: Exim and MS 4.11-1 Message-ID: > It almost seems like there were multiple instances of > MailScanner running. > Notice that I got my prompt back and then got another error > message about > the Exim.pm file. Is there anything I can do to help you debug this? > Well, I think I figured out why there were multiple instances of MailScanner running - I had Max Children = 2. I would have thought that if Debug = yes, that it would not start multiple children. Anyways, even with Max Children = 1, I'm still getting the error about Exim.pm. Jason Desai From mdm at INTERNET-TOOLS.COM Wed Jan 8 02:17:10 2003 From: mdm at INTERNET-TOOLS.COM (mark david mcCreary) Date: Thu Jan 12 21:16:53 2006 Subject: MS 4, Exim 4 on Debian 3 Install Notes In-Reply-To: <843C3BF8-227F-11D7-948E-000393D6F5B0@lemon-computing.com> References: Message-ID: > >Eeeek! > >It's generally a really bad idea to install Perl modules from CPAN on a >Debian system. >If there is no package containing the CPAN module you need, then there >is a helper >somewhere (sorry, I can't remember what it's called) which will create >a Debian package >from a CPAN module with very little if any manual intervention. > >Anyway, you should find Debian has packages of all the modules relevant >to MailScanner. > Nick Thanks for that tip. It never occured to me that straight CPAN modules might not work, and to date, I have not had any problems using this method. However, I will re-work this part to call in lots of debian packages. Looks like there might be 30 or more packages. > >> Exim and Debian aspects of /etc/MailScanner/MailScanner.conf >> >> # User to run as (provided for Exim users) >> Run As User = mail >> >> # Group to run as (provided for Exim users) >> Run As Group = adm >> > >Why run as group adm? What's wrong with mail? > I'm trying to model existing Debian packages, and I think that's how it's done in the Debian 3 Exim 3.36 series. > > >So, after all that, what was the problem again? > Thanks for the multitude of tips. I will rework things and try again. I have things screwed up with regard to file permissions, and get this error message. Jan 6 18:26:15 wire MailScanner[5638]: Commercial virus checker failed with real error: Can't run commercial checker sophos ("/etc/MailScanner/wrapper/sophos-wrapper"): Permission denied at /usr/local/MailScanner/lib/MailScanner/SweepViruses.pm line 454. It could be the mail.adm ownership, or a few other areas like that. I'll see if it still happens after I re-work it. Also, is there a Debian way for the SpamAssassin package. The Woody package is SA 2.20. Thanks again mark From nwp at LEMON-COMPUTING.COM Wed Jan 8 04:04:01 2003 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:16:53 2006 Subject: MS 4, Exim 4 on Debian 3 Install Notes In-Reply-To: Message-ID: <3838AA90-22BE-11D7-948E-000393D6F5B0@lemon-computing.com> On Wednesday, January 8, 2003, at 03:17 pm, mark david mcCreary wrote: >> Anyway, you should find Debian has packages of all the modules >> relevant >> to MailScanner. > Thanks for that tip. It never occured to me that straight CPAN modules > might not work, and to date, I have not had any problems using this > method. They'll work, so long as they don't get confused. But when it comes to managing updates, you'll be asking for trouble. > However, I will re-work this part to call in lots of debian packages. > Looks like there might be 30 or more packages. I don't recall that many, but it's likely quite a few. >> Why run as group adm? What's wrong with mail? > I'm trying to model existing Debian packages, and I think that's how > it's > done in the Debian 3 Exim 3.36 series. Is it? I've never noticed if it is... >> So, after all that, what was the problem again? > I have things screwed up with regard to file permissions, and get this > error message. > I'll see if it still happens after I re-work it. OK... Cheers, Nick From jase at SENSIS.COM Wed Jan 8 04:39:14 2003 From: jase at SENSIS.COM (Desai, Jason) Date: Thu Jan 12 21:16:53 2006 Subject: Exim and MS 4.11-1 Message-ID: I've been able to get MailScanner to run without crashing if I comment out line 955 of Exim.pm # $Qfile .= BTreeString($metadata->{nonrcpts}); But it looks like the header file that gets created is not valid. Exim complains with delivering message 18W7ra-0000UY-00 (queue run pid 1985 fd 5) Format error in spool file 18W7ra-0000UY-00-H LOG: 0 MAIN Format error in spool file 18W7ra-0000UY-00-H: size=2351 I don't know if this information helps at all. I'm calling it a night for now. If anyone has any ideas please let me know. Thanks! Jason Desai > -----Original Message----- > From: Nick Phillips [mailto:nwp@LEMON-COMPUTING.COM] > Sent: Tuesday, January 07, 2003 7:26 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] Exim and MS 4.11-1 > > > On Wednesday, January 8, 2003, at 10:56 am, Desai, Jason wrote: > > > # /usr/local/MailScanner/bin/MailScanner > > /usr/local/MailScanner/etc/MailScanner.conf > > In Debugging mode, not forking... > > Not an ARRAY reference at > > /usr/local/MailScanner/lib/MailScanner/Exim.pm > > line 1082. > > Stopping now as you are debugging me. > > # Not an ARRAY reference at > > /usr/local/MailScanner/lib/MailScanner/Exim.pm > > line 1082. > > > > After this run, the -D file from one of my messages in the in queue > > has been > > moved to the out queue, and the -H file is nowhere to be found. > > Odd. It may be something particular about the files you're trying to > process that's > tickling a bug; does it happen no matter what is in the queue when you > start it up, or > does it only happen for particular messages? > > > Cheers, > > > Nick > From nwp at LEMON-COMPUTING.COM Wed Jan 8 05:43:55 2003 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:16:53 2006 Subject: Exim and MS 4.11-1 In-Reply-To: References: Message-ID: <20030108054355.GB1323@hoiho.nz.lemon-computing.com> On Tue, Jan 07, 2003 at 11:39:14PM -0500, Desai, Jason wrote: > I've been able to get MailScanner to run without crashing if I comment out > line 955 of Exim.pm > > # $Qfile .= BTreeString($metadata->{nonrcpts}); OK, thought it might be something to do with that (a largish chunk of code that had appeared to work first time)... > But it looks like the header file that gets created is not valid. It wouldn't be... > I don't know if this information helps at all. I'm calling it a night for > now. If anyone has any ideas please let me know. Thanks! It has; thanks. I'll have a look at it now. It would probably still be helpful if you could send me over a -D and -H file pair that will cause this. Cheers, Nick -- Nick Phillips -- nwp@lemon-computing.com You are not dead yet. But watch for further reports. From support at INVICTANET.CO.UK Wed Jan 8 07:59:40 2003 From: support at INVICTANET.CO.UK (InvictaNet Customer Support) Date: Thu Jan 12 21:16:53 2006 Subject: MS 4, Exim 4 on Debian 3 Install Notes In-Reply-To: Message-ID: Debian won't use CPAN modules? Why not call it Microsoft Linux then everyone would know it's non standards based. Martyn Routley ----------------------------------------------------------------- InvictaNet - The Internet in Plain English, Guaranteed http://www.invictanet.co.uk martyn@support.invictanet.co.uk phone: 08707 440180 fax: 08707 440181 Ask us about our online Antivirus and Junk mail scanning service ----------------------------------------------------------------- -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of mark david mcCreary Sent: 08 January 2003 02:17 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MS 4, Exim 4 on Debian 3 Install Notes > >Eeeek! > >It's generally a really bad idea to install Perl modules from CPAN on a >Debian system. >If there is no package containing the CPAN module you need, then there >is a helper >somewhere (sorry, I can't remember what it's called) which will create >a Debian package >from a CPAN module with very little if any manual intervention. > >Anyway, you should find Debian has packages of all the modules relevant >to MailScanner. > Nick Thanks for that tip. It never occured to me that straight CPAN modules might not work, and to date, I have not had any problems using this method. However, I will re-work this part to call in lots of debian packages. Looks like there might be 30 or more packages. > >> Exim and Debian aspects of /etc/MailScanner/MailScanner.conf >> >> # User to run as (provided for Exim users) >> Run As User = mail >> >> # Group to run as (provided for Exim users) >> Run As Group = adm >> > >Why run as group adm? What's wrong with mail? > I'm trying to model existing Debian packages, and I think that's how it's done in the Debian 3 Exim 3.36 series. > > >So, after all that, what was the problem again? > Thanks for the multitude of tips. I will rework things and try again. I have things screwed up with regard to file permissions, and get this error message. Jan 6 18:26:15 wire MailScanner[5638]: Commercial virus checker failed with real error: Can't run commercial checker sophos ("/etc/MailScanner/wrapper/sophos-wrapper"): Permission denied at /usr/local/MailScanner/lib/MailScanner/SweepViruses.pm line 454. It could be the mail.adm ownership, or a few other areas like that. I'll see if it still happens after I re-work it. Also, is there a Debian way for the SpamAssassin package. The Woody package is SA 2.20. Thanks again mark ---------------------------------------------- This message has been scanned for viruses and dangerous content by the http://www.anti84787.com MailScanner, and is believed to be clean. From Kevin.Spicer at BMRB.CO.UK Wed Jan 8 08:18:13 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:16:53 2006 Subject: FW: Centralized aliases Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0A32C07@pascal.priv.bmrb.co.uk> mailscanner@ > How are you managing users preferences for whitelists and > blacklists? > I have the same configuration as you but need to figgure out > how to use > difference preferences for each email account. To be honest I'm not, I haven't had any requests from users for this (partly because I haven't publicised the ability to do this). We only intercept virus email (& blocked attachments) - for SPAM we only modify the subject & inculde the spamcheck header (we strip HTML on high score spams, to reduce the amount of pornographic spam) - spam doesn't seem to be a huge problem for us right now, I expect this will change as we increase the level of internet access within the company. For users who want special processing of 'SPAM' messages we have a document prepared which explains to them how to set up rules in Outlook. I suppose you could write a webmin/usermin module - this would probably not be too hard if your IT staff were updating the lists, but could be more tricky if you want to let users do it themselves (maybe set up winbind- from samba - to authenticate them against your domain?) From mailscanner at BARENDSE.TO Wed Jan 8 09:11:59 2003 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:16:53 2006 Subject: Whitelisting problem In-Reply-To: <5.2.0.9.2.20030107165515.05051d58@imap.ecs.soton.ac.uk> Message-ID: How does whitelisting on IP work? Do we need to use the same file and format as we do with domain names?? From: 194.109.9.99 yes On Tue, 7 Jan 2003, Julian Field wrote: > At 16:50 07/01/2003, you wrote: > > >IBM is a partner of ours so I have whitelisted ibm.com > > > >But now some spammer is forging both the envelope and header to look like > >it cam from ibm.com > > > >The spammer appears to be creating random addresses ending in @ibm.com > > > >Is my only choice to remove ibm.com from the whitelist? > > If ibm.com only use a few outgoing mail servers, you could whitelist their > IP addresses instead. > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From nwp at LEMON-COMPUTING.COM Wed Jan 8 09:07:08 2003 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:16:53 2006 Subject: Exim and MS 4.11-1 In-Reply-To: <20030108054355.GB1323@hoiho.nz.lemon-computing.com> References: <20030108054355.GB1323@hoiho.nz.lemon-computing.com> Message-ID: <20030108090708.GC1323@hoiho.nz.lemon-computing.com> On Wed, Jan 08, 2003 at 06:43:55PM +1300, Nick Phillips wrote: > > I don't know if this information helps at all. I'm calling it a night for > > now. If anyone has any ideas please let me know. Thanks! > > It has; thanks. I'll have a look at it now. It would probably still be helpful > if you could send me over a -D and -H file pair that will cause this. OK, I see what's happening. I think the problem will only appear when there are messages in mailscanner's incoming queue which have delivered recipients; if you can clear the queue of all partially-delivered messages, that should do the trick until and unless you create a message using the -bm and -t options with nonrecipients listed. In other words, in normal use, it ain't gonna happen. I'll test the fix now, too. Out of interest, what version of Perl are you using? Cheers, Nick -- Nick Phillips -- nwp@lemon-computing.com Be different: conform. From j.cormie at ABERTAY.AC.UK Wed Jan 8 09:27:54 2003 From: j.cormie at ABERTAY.AC.UK (Jason Cormie) Date: Thu Jan 12 21:16:53 2006 Subject: Exim Weirdness Message-ID: Just mailing to say that since I setup and ran the tidydb their have been no more errors :) -----Original Message----- From: Nick Phillips [mailto:nwp@LEMON-COMPUTING.COM] Sent: 07, January, 2003 10:53 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Exim Weirdness On Tue, Jan 07, 2003 at 08:46:51AM -0000, Jason Cormie wrote: > Thanks Nick, > Somehow I lost that section of my own docs between pilot 1, pilot 2 > and > production :-( > > Will implement and see what happens. > Just out of curiosity, what exactly does it do and what would have happened > without it? The problem is that Exim really isn't designed to not deliver anything. It's difficult to make the "incoming" Exim make no delivery attempts on any messages ever (pretty much impossible, in fact), and when it does make an attempt, it's difficult to get it to do nothing in a harmless way. The solution I've been recommending chooses to try to prevent delivery attempts by setting queue_only and not running cron jobs/queue runners with that configuration anyway. This should prevent delivery attempts being made for messages received by SMTP (as the queue_only setting should cause them to be just dumped into the queue), but some locally generated messages will still cause delivery attempts to be made (e.g. cron using the "-odi" option when it invokes what it thinks is sendmail). When delivery attempts are made for these (locally generated) messages, the director described in the docs should cause the messages to be deferred. The problem with this is that Exim counts a deferral as a failure as far as the retry database for the destination host is concerned. If one delivery attempt is made, then that causes an entry to be made in the retry database. This would be cleared if a successful delivery was ever made (but since we don't want any deliveries to be made, that won't happen). So, at that point the clock starts ticking. After your maximum configured retry time has passed, Exim may bounce new messages for that host without even making a delivery attempt (this depends a little on configuration). So, to sort it out, we just clear the retry database well within the maximum retry timeout. The maximum timeout is then never reached and Exim never gets to do its extra clever special efficient tricks. I'm a little worried to see so many addresses listed in your original mail (I wouldn't usually expect that many deliveries to be attempted), so would like to know what turns out to be the reason. Cheers, Nick -- Nick Phillips -- nwp@lemon-computing.com If you sow your wild oats, hope for a crop failure. From nwp at LEMON-COMPUTING.COM Wed Jan 8 09:27:07 2003 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:16:53 2006 Subject: MS 4, Exim 4 on Debian 3 Install Notes In-Reply-To: References: Message-ID: <20030108092707.GE1323@hoiho.nz.lemon-computing.com> On Wed, Jan 08, 2003 at 07:59:40AM -0000, InvictaNet Customer Support wrote: > Debian won't use CPAN modules? Of course you *can* use modules direct from CPAN on a Debian system, just like you *can* choose to build sendmail from source on a Debian system (or any other linux system). It's just that in most cases you'd be mad to do that rather than using the packages that are available. > Why not call it Microsoft Linux then everyone would know it's non standards > based. Oh *do* behave... Debian generally takes standards compliance *at least* as seriously as any other Linux distribution out there. -- Nick Phillips -- nwp@lemon-computing.com Try to relax and enjoy the crisis. From nwp at LEMON-COMPUTING.COM Wed Jan 8 09:35:07 2003 From: nwp at LEMON-COMPUTING.COM (Nick Phillips) Date: Thu Jan 12 21:16:53 2006 Subject: Exim and MS 4.11-1 In-Reply-To: <20030108090708.GC1323@hoiho.nz.lemon-computing.com> References: <20030108054355.GB1323@hoiho.nz.lemon-computing.com> <20030108090708.GC1323@hoiho.nz.lemon-computing.com> Message-ID: <20030108093507.GF1323@hoiho.nz.lemon-computing.com> On Wed, Jan 08, 2003 at 10:07:08PM +1300, Nick Phillips wrote: > I'll test the fix now, too. Fix follows (will be in next release): Index: mailscanner/bin/MailScanner/Exim.pm =================================================================== RCS file: /var/cvs/mailscanner/mailscanner/bin/MailScanner/Exim.pm,v retrieving revision 1.21 retrieving revision 1.22 diff -r1.21 -r1.22 5c5 < # $Id: Exim.pm,v 1.21 2002/12/20 15:33:00 jkf Exp $ --- > # $Id: Exim.pm,v 1.22 2003/01/08 09:31:22 nwp Exp $ 44c44 < $VERSION = substr q$Revision: 1.21 $, 10; --- > $VERSION = substr q$Revision: 1.22 $, 10; 1082,1083c1082,1083 < $string .= (@{$treeref->{left}}?"Y":"N"); < $string .= (@{$treeref->{right}}?"Y":"N"); --- > $string .= (exists $treeref->{left}{data}?"Y":"N"); > $string .= (exists $treeref->{right}{data}?"Y":"N"); Cheers, Nick -- Nick Phillips -- nwp@lemon-computing.com Beware of a tall blond man with one black shoe. From a.phillips at DNMI.NO Wed Jan 8 09:42:31 2003 From: a.phillips at DNMI.NO (Adrian Phillips) Date: Thu Jan 12 21:16:53 2006 Subject: MS 4, Exim 4 on Debian 3 Install Notes In-Reply-To: References: Message-ID: <878yxw7zaw.fsf@freeze.oslo.dnmi.no> >>>>> "Mark" == mark david mcCreary writes: >> Eeeek! >> >> It's generally a really bad idea to install Perl modules from >> CPAN on a Debian system. If there is no package containing the >> CPAN module you need, then there is a helper somewhere (sorry, >> I can't remember what it's called) which will create a Debian >> package from a CPAN module with very little if any manual >> intervention. Its called dh-make-perl and yes CPAN modules do work nicely on Debian and other Linux systems BUT be careful. If you later install a Debian (or other Linux dist.) package after installing a CPAN module in /usr/local then the system will continue to use the old CPAN module Sincerely, Adrian Phillips -- Your mouse has moved. Windows NT must be restarted for the change to take effect. Reboot now? [OK] From David.While at UCE.AC.UK Wed Jan 8 10:06:42 2003 From: David.While at UCE.AC.UK (David While) Date: Thu Jan 12 21:16:53 2006 Subject: spamassassin timeout Message-ID: I seem to recall a discussion on this in the past where MS was not giving SA enough time - having searched the archives I think the relevant post is: http://www.jiscmail.ac.uk/cgi-bin/wa.exe?A2=ind0210&L=mailscanner&P=R73136&I=-3&m=3466 The main issue is that MS gives SA 30 seconds before timing out. Unfortunately SA gives DNSBL lookups 30 seconds before it gives up so MS kills SA before its timed out and returned. My solution which seems to work was to increase the MS timeout of SA to 40. The post above gives a fuller solution which reduces the timeout that SA uses on the RBLs. ----------------------------------------------------------------- David While Technical Development Manager Faculty of Computing, Information & English University of Central England Tel: 0121 331 6211 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030108/043f300f/attachment.html From mailscanner at BARENDSE.TO Wed Jan 8 10:24:30 2003 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:16:53 2006 Subject: Spam blacklist? Message-ID: I have a rule list that will mark certain messages as spam even though there is no other reason to mark them as spam. This is working perfectly. I have noticed however that MailScanner will treat messages that are marked by a blacklist rule as low scoring spam? Would it be possible to change this to high scoring spam? After all you want to blacklist them. I allow low scoring spam messages to go through but high scoring stuff is forwarded to an alternate address. I would like to do the same for the blacklisted stuff. :) Remco -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From butler at GLOBESERVER.COM Wed Jan 8 13:04:25 2003 From: butler at GLOBESERVER.COM (Philip Butler) Date: Thu Jan 12 21:16:53 2006 Subject: Upgrade from 4.10-1 to 4.11-1... Message-ID: Hi all, I upgraded from 4.10-1 to 4.11-1 yesterday and ran into a problem that others may have seen also. First off, the bin/mailscanner file seems to have been renamed to bin/MailScanner. This was easy to fix since I had my own check_mailscanner script that kicks things off with my own paths. Secondly, I had to modify the bin/MailScanner file (first line only) to have: -I/usr/local/mailscanner/lib instead of -I/opt/MailScanner/lib I install Mail Scanner in the /usr/local/mailscanner directory instead of the /opt/MailScanner path. QUESTION: Is there a way that MailScanner can be started with a custom -I directive without modifying Julian's distribution ?? I tried adding the -I... to the check_mailscanner script but that didn't seem to work. It's not a big deal to make this change, however, it makes for one more thing to do when Julian updates. I like seeing the frequent updates and just want to make it easier to get them going. Thanks, Phil Butler From jase at SENSIS.COM Wed Jan 8 14:25:58 2003 From: jase at SENSIS.COM (Desai, Jason) Date: Thu Jan 12 21:16:53 2006 Subject: Exim and MS 4.11-1 Message-ID: I did see directories in mailscanner's incoming queue while doing these tests. But I did clear it out and still saw the problem. I also cleared out Exim's incoming queue, and dropped a test message in there, and still saw the problem. Although a message did make it through once or twice, most of the time mailscanner crashed. Could this have anything to do with the fact that I am using fetchmail to retrieve mail, which delivers it to exim? I am using perl 5.6.1 (Debian Woody). Thanks! Jason Desai > -----Original Message----- > From: Nick Phillips [mailto:nwp@LEMON-COMPUTING.COM] > Sent: Wednesday, January 08, 2003 4:07 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] Exim and MS 4.11-1 > > > On Wed, Jan 08, 2003 at 06:43:55PM +1300, Nick Phillips wrote: > > > > I don't know if this information helps at all. I'm > calling it a night for > > > now. If anyone has any ideas please let me know. Thanks! > > > > It has; thanks. I'll have a look at it now. It would > probably still be helpful > > if you could send me over a -D and -H file pair that will > cause this. > > > OK, I see what's happening. > > I think the problem will only appear when there are messages > in mailscanner's > incoming queue which have delivered recipients; if you can clear the > queue of all partially-delivered messages, that should do the > trick until > and unless you create a message using the -bm and -t options > with nonrecipients > listed. In other words, in normal use, it ain't gonna happen. > > I'll test the fix now, too. > > Out of interest, what version of Perl are you using? > > > Cheers, > > > Nick > > -- > Nick Phillips -- nwp@lemon-computing.com > Be different: conform. > From mailscanner at BARENDSE.TO Wed Jan 8 14:42:52 2003 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:16:53 2006 Subject: Archiving e-mail ruleset Message-ID: I'm a bit lost here, I want to archive e-mail that certain users send so I created a ruleset. Now I'm not sure what the below means, where do I put the ruleset and where do I put the directory to archive mail? Is this the comma separated list or did I overlook something? # Space-separated list of email address and directory names where you want # a copy of all mail to be forwarded or stored. # # If you give this option a ruleset, you can control exactly whose mail # is archived or forwarded. If you do this, beware of the legal implications # as this could be deemed to be illegal interception unless the police have # asked you to do this. Archive Mail = /var/spool/MailScanner/archive -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From lbergman at wtxs.net Wed Jan 8 14:49:47 2003 From: lbergman at wtxs.net (Lewis Bergman) Date: Thu Jan 12 21:16:53 2006 Subject: Spam blacklist? In-Reply-To: References: Message-ID: <200301080849.47027.lbergman@wtxs.net> On Wednesday 08 January 2003 04:24 am, Remco Barendse wrote: > I have a rule list that will mark certain messages as spam even though > there is no other reason to mark them as spam. This is working perfectly. > > I have noticed however that MailScanner will treat messages that are > marked by a blacklist rule as low scoring spam? > > Would it be possible to change this to high scoring spam? After all you > want to blacklist them. I allow low scoring spam messages to go through > but high scoring stuff is forwarded to an alternate address. I would like > to do the same for the blacklisted stuff. Why not use SA to do the RBL checks and then assign them a score which will force them into the high score category using the spam.assassin.prefs.conf file? -- Lewis Bergman Texas Communications 4309 Maple St. Abilene, TX 79602-8044 915-695-6962 ext 115 From lbergman at wtxs.net Wed Jan 8 14:52:31 2003 From: lbergman at wtxs.net (Lewis Bergman) Date: Thu Jan 12 21:16:53 2006 Subject: Upgrade from 4.10-1 to 4.11-1... In-Reply-To: References: Message-ID: <200301080852.31877.lbergman@wtxs.net> On Wednesday 08 January 2003 07:04 am, Philip Butler wrote: > Hi all, > > I upgraded from 4.10-1 to 4.11-1 yesterday and ran into a problem that > others may have seen also. > > First off, the bin/mailscanner file seems to have been renamed to > bin/MailScanner. This was easy to fix since I had my own > check_mailscanner script that kicks things off with my own paths. > > Secondly, I had to modify the bin/MailScanner file (first line only) to > have: > > -I/usr/local/mailscanner/lib > > instead of > > -I/opt/MailScanner/lib > > I install Mail Scanner in the /usr/local/mailscanner directory instead > of the /opt/MailScanner path. > > QUESTION: Is there a way that MailScanner can be started with a custom > -I directive without modifying Julian's distribution ?? I tried adding > the -I... to the check_mailscanner script but that didn't seem to work. > > It's not a big deal to make this change, however, it makes for one more > thing to do when Julian updates. I like seeing the frequent updates > and just want to make it easier to get them going. What is wrong with the location and naming of Julian's stuff? Why not use it as it is designed rather than asking him to change it to fit your file layout? I can understand a feature request but file location is a pretty arbitrary thing. -- Lewis Bergman Texas Communications 4309 Maple St. Abilene, TX 79602-8044 915-695-6962 ext 115 From jase at SENSIS.COM Wed Jan 8 14:50:47 2003 From: jase at SENSIS.COM (Desai, Jason) Date: Thu Jan 12 21:16:53 2006 Subject: Exim and MS 4.11-1 Message-ID: This patch seems to fix the problem. Thank you very much! > -----Original Message----- > From: Nick Phillips [mailto:nwp@LEMON-COMPUTING.COM] > Sent: Wednesday, January 08, 2003 4:35 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] Exim and MS 4.11-1 > > > On Wed, Jan 08, 2003 at 10:07:08PM +1300, Nick Phillips wrote: > > > I'll test the fix now, too. > > Fix follows (will be in next release): > > Index: mailscanner/bin/MailScanner/Exim.pm > =================================================================== > RCS file: /var/cvs/mailscanner/mailscanner/bin/MailScanner/Exim.pm,v > retrieving revision 1.21 > retrieving revision 1.22 > diff -r1.21 -r1.22 > 5c5 > < # $Id: Exim.pm,v 1.21 2002/12/20 15:33:00 jkf Exp $ > --- > > # $Id: Exim.pm,v 1.22 2003/01/08 09:31:22 nwp Exp $ > 44c44 > < $VERSION = substr q$Revision: 1.21 $, 10; > --- > > $VERSION = substr q$Revision: 1.22 $, 10; > 1082,1083c1082,1083 > < $string .= (@{$treeref->{left}}?"Y":"N"); > < $string .= (@{$treeref->{right}}?"Y":"N"); > --- > > $string .= (exists $treeref->{left}{data}?"Y":"N"); > > $string .= (exists $treeref->{right}{data}?"Y":"N"); > > > > Cheers, > > > Nick > -- > Nick Phillips -- nwp@lemon-computing.com > Beware of a tall blond man with one black shoe. > From andrewh at CQG.COM Wed Jan 8 16:01:50 2003 From: andrewh at CQG.COM (Andrew M. Hoying) Date: Thu Jan 12 21:16:53 2006 Subject: OT: Dynamically updating /etc/mail/access Message-ID: <8A6DFB0865502242A29E25BDAEFBB9451ABE87@d2sexchtest.cqg.com> I implemented this and a few other things in a script and now we are blocking 80% of incoming spam without having to bother MailScanner or SpamAssassin with processing it. Spam Caught / Total Incoming E-mail: 444 / 3103 High Scoring Spam:177 Spam blocked by sendmail:1748 > -----Original Message----- > From: Ben C. O. Grimm [mailto:mailscanner-sub@WIREHUB.NET] > Sent: Tuesday, January 07, 2003 4:03 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: OT: Dynamically updating /etc/mail/access > > > On 7 Jan 2003 00:50:03 +0100, Stewart Lawler > > wrote: > > > this looks like a great solution - but what is the > performance impact? > > The relay machine i'm running mailscanner on at the moment > is rather old > > and might not cope with being given much more to do. :-) > > The only performance impact will be hashing the database when > using the > full list. Shouldn't be too much work though. You don't have > to worry about > the size of the resulting db; hash lookups are blazingly fast. Our > access.db is >20 MB in size (we put a lot of extra > information in it), and > it gets called at least 2 times per second. I sleep well. > > -- > - Ben C. O. Grimm ----------------- Ben.Grimm@wirehub.net - > - Wirehub! Internet Engineering - http://www.wirehub.net/ - > - Private Ponderings ----------- http://www.bengrimm.net/ - > - Wirehub! Internet ----------- part of easynet Group plc - > From thomas_duvally at BROWN.EDU Wed Jan 8 16:11:35 2003 From: thomas_duvally at BROWN.EDU (Thomas DuVally) Date: Thu Jan 12 21:16:53 2006 Subject: Upgrade from 4.10-1 to 4.11-1... In-Reply-To: <200301080852.31877.lbergman@wtxs.net> References: <200301080852.31877.lbergman@wtxs.net> Message-ID: <1042042294.4610.10.camel@croithine> On Wed, 2003-01-08 at 09:52, Lewis Bergman wrote: > What is wrong with the location and naming of Julian's stuff? > Why not use it as it is designed rather than asking him to change it to fit > your file layout? I can understand a feature request but file location is a > pretty arbitrary thing. While Julian has done a great job of setting up the directory tree, every site will have it's own quirks. We use /usr/local as a mounted filesystem via NFS so we don't have to install stuff everywhere. I could put MS there, but it has problems with NFS and I wouldn't use NFS for ANYTHING critical. Also, we put MS on our SAN for the speed and for failover between two machine. For this we need them to have different paths then each other if we wanted to process any stuck mail from one system on the other. For every reason you can think of to keep something standard, someone else can think up one for allowing the choice. I for one never had any problem changing the scripts. That's what's great about OSS, you can! I always thought it was such a minor issue. I'm sure he has plenty of other things to work on. I'm sure someone out there could easily change it and submit a patch. > -- > Lewis Bergman > Texas Communications > 4309 Maple St. > Abilene, TX 79602-8044 > 915-695-6962 ext 115 -- Thomas J. DuVally Lead Systems Prog. CIS, Brown Univ. From Declan.Grady at NUVOTEM.COM Wed Jan 8 16:58:55 2003 From: Declan.Grady at NUVOTEM.COM (Declan Grady) Date: Thu Jan 12 21:16:53 2006 Subject: [OT] Laptop virus protection ? Message-ID: <20030108165854.GB4993@nuvotem.com> Hi, Sorry for the Off Topic, but I cant think of a better place to ask this... Being a happy mailscanner user, I was surprised to find the W32.Opaserv.Worm doing the rounds of the win98 lan machines until I tracked it down to one of the few laptops in use here. I can only assume this laptop was used to dial an isp, and was infected while online, then when it physically got 0connected to the lan, it had bypassed all the security measures. If this is the case, which is my only explanation, what do you folks use to avoid this situation happening ? Is its as simple as individual anti-virus on each of the 5 laptops, and assume the user will keep it up to date ? Thanks, Declan From Kevin.Spicer at BMRB.CO.UK Wed Jan 8 17:03:17 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:16:53 2006 Subject: [OT] Laptop virus protection ? Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0A32C10@pascal.priv.bmrb.co.uk> We have virus protection on all machines which is updated automatically when connected to the network (Sophos). Simply scanning mail for viruses isn't enough to prevent them entering via other means... (web / floppy disks / CDR's etc.) > -----Original Message----- > From: Declan Grady [mailto:Declan.Grady@NUVOTEM.COM] > Sent: 08 January 2003 16:59 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [OT] Laptop virus protection ? > > > Hi, > Sorry for the Off Topic, but I cant think of a better place > to ask this... > > Being a happy mailscanner user, I was surprised to find the > W32.Opaserv.Worm > doing the rounds of the win98 lan machines until I tracked it > down to one of > the few laptops in use here. > > I can only assume this laptop was used to dial an isp, and > was infected while > online, then when it physically got 0connected to the lan, > it had bypassed all the security measures. > > If this is the case, which is my only explanation, what do > you folks use to > avoid this situation happening ? > > Is its as simple as individual anti-virus on each of the 5 > laptops, and > assume the user will keep it up to date ? > > Thanks, > Declan > From MHewryk at SYMCOR.COM Wed Jan 8 18:12:46 2003 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:16:53 2006 Subject: Attachments are not scanned Message-ID: Hi, I'm trying to send the binary with the extension "exe" but for some reason MailScanner doesn't report it as a spam or an infected email. Nothing is put is the quarantine queue and I'm not getting any report.... My filename.rules.conf file is set up properly, it denies .exe and it is activated in MailScanner.conf. What is wrong here? Some configurations from my MailScanner.conf ===================================== Virus Scanning = no Filename Rules = /etc/MailScanner/filename.rules.conf Quarantine Infections = yes Deleted Bad Filename Message Report = /etc/MailScanner/reports/en/deleted.filename.message.txt Stored Bad Filename Message Report = /etc/MailScanner/reports/en/stored.filename.message.txt Some logs: ========== # mail -v mhewryk < f-prot.exe 1.) binary sent with .exe extension Jan 8 12:58:43 tonka MailScanner[11670]: New Batch: Forwarding 1 unscanned messages, 28449 bytes Jan 8 12:58:43 tonka MailScanner[11670]: Spam Checks: Starting Jan 8 12:58:43 tonka sendmail[11924]: h08Hwg39011924: to=mhewryk, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30029, relay=localdomain.localhost. [127.0.0.1], dsn=2.0.0, stat=Sent (h08Hwg32011930 Message accepted for delivery) 2.) binary sent with .exe extension and SPAM subject line Jan 8 13:01:18 tonka MailScanner[11756]: New Batch: Forwarding 1 unscanned messages, 28488 bytes Jan 8 13:01:18 tonka MailScanner[11756]: Spam Checks: Starting Jan 8 13:01:58 tonka MailScanner[11756]: Message h08I1F32012337 from 127.0.0.1 (tonka.aberfoyle.com) is spam, SpamAssassin (score=5.6, required 5, BALANCE_FOR_LONG_20K, FREE_MONEY, NO_MX_FOR_FROM, SPAM_PHRASE_00_01, SUBJ_ALL_CAPS, SUBJ_FREE_CAP, SUB_FREE_OFFER, SUPERLONG_LINE, UPPERCASE_25_50) Jan 8 13:01:58 tonka MailScanner[11756]: Spam Checks: Found 1 spam messages Jan 8 13:01:58 tonka MailScanner[11756]: Spam Actions: message h08I1F32012337 actions are deliver Jan 8 13:01:58 tonka MailScanner[11756]: Unscanned: Delivered 1 messages Jan 8 13:01:59 tonka MailScanner[11756]: Virus and Content Scanning: Starting Jan 8 13:02:00 tonka sendmail[12502]: h08I1F32012337: to =, ctladdr= (0/0), delay=00:00:44, xdelay=00:00:00, mailer=local, pri=120367, dsn=2.0.0, stat=Sent Thanks, Magda Hewryk -------------------------------- Mid-Range Systems RSP: 905-273-1637 CELL: 416-948-4427 From mailscanner at ecs.soton.ac.uk Wed Jan 8 18:18:35 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:53 2006 Subject: MailScanner Online Store Message-ID: <5.2.0.9.2.20030108180249.06b0a890@imap.ecs.soton.ac.uk> I have just opened up an online store selling all sorts of MailScanner goodies. I am not making any huge profits or anything, it's there if you want it... Check it out at http://www.mailscanner.info/store -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From sevans at FOUNDATION.SDSU.EDU Wed Jan 8 19:13:53 2003 From: sevans at FOUNDATION.SDSU.EDU (Steve Evans) Date: Thu Jan 12 21:16:53 2006 Subject: MailScanner Online Store Message-ID: <6214C3F9233D764C9E7029396C355015682872@mail.foundation.sdsu.edu> What? No baby clothes? Steve Evans SDSU Foundation (619) 594-0653 -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: Wednesday, January 08, 2003 10:19 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: MailScanner Online Store I have just opened up an online store selling all sorts of MailScanner goodies. I am not making any huge profits or anything, it's there if you want it... Check it out at http://www.mailscanner.info/store -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mbowman at UDCOM.COM Wed Jan 8 19:12:48 2003 From: mbowman at UDCOM.COM (Matthew Bowman) Date: Thu Jan 12 21:16:53 2006 Subject: MailScanner Online Store In-Reply-To: <6214C3F9233D764C9E7029396C355015682872@mail.foundation.sdsu.edu> Message-ID: What? No Beer Mat? lol Matthew K Bowman Systems Administrator, UDCom Steve Evans cc: Sent by: Subject: Re: MailScanner Online Store MailScanner mailing list 01/08/2003 02:13 PM Please respond to MailScanner mailing list What? No baby clothes? Steve Evans SDSU Foundation (619) 594-0653 -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: Wednesday, January 08, 2003 10:19 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: MailScanner Online Store I have just opened up an online store selling all sorts of MailScanner goodies. I am not making any huge profits or anything, it's there if you want it... Check it out at http://www.mailscanner.info/store -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From chicks at CHICKS.NET Wed Jan 8 19:29:51 2003 From: chicks at CHICKS.NET (Christopher Hicks) Date: Thu Jan 12 21:16:53 2006 Subject: MailScanner Online Store In-Reply-To: <6214C3F9233D764C9E7029396C355015682872@mail.foundation.sdsu.edu> Message-ID: On Wed, 8 Jan 2003, Steve Evans wrote: > What? No baby clothes? MailScanner prevents babies from spamming or spreading viruses. What will Julian think of next? -- "The first rule of Perl club is you do not talk about Perl club." -- Chip Salzenberg From MHewryk at SYMCOR.COM Wed Jan 8 20:01:36 2003 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:16:54 2006 Subject: Attachments are not scanned - no help from anybody? Message-ID: Magda Hewryk cc: Sent by: Subject: Attachments are not scanned MailScanner mailing list 01/08/2003 01:12 PM Please respond to MailScanner mailing list Hi, I'm trying to send the binary with the extension "exe" but for some reason MailScanner doesn't report it as a spam or an infected email. Nothing is put is the quarantine queue and I'm not getting any report.... My filename.rules.conf file is set up properly, it denies .exe and it is activated in MailScanner.conf. What is wrong here? Some configurations from my MailScanner.conf ===================================== Virus Scanning = no Filename Rules = /etc/MailScanner/filename.rules.conf Quarantine Infections = yes Deleted Bad Filename Message Report = /etc/MailScanner/reports/en/deleted.filename.message.txt Stored Bad Filename Message Report = /etc/MailScanner/reports/en/stored.filename.message.txt Some logs: ========== # mail -v mhewryk < f-prot.exe 1.) binary sent with .exe extension Jan 8 12:58:43 tonka MailScanner[11670]: New Batch: Forwarding 1 unscanned messages, 28449 bytes Jan 8 12:58:43 tonka MailScanner[11670]: Spam Checks: Starting Jan 8 12:58:43 tonka sendmail[11924]: h08Hwg39011924: to=mhewryk, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30029, relay=localdomain.localhost. [127.0.0.1], dsn=2.0.0, stat=Sent (h08Hwg32011930 Message accepted for delivery) 2.) binary sent with .exe extension and SPAM subject line Jan 8 13:01:18 tonka MailScanner[11756]: New Batch: Forwarding 1 unscanned messages, 28488 bytes Jan 8 13:01:18 tonka MailScanner[11756]: Spam Checks: Starting Jan 8 13:01:58 tonka MailScanner[11756]: Message h08I1F32012337 from 127.0.0.1 (tonka.aberfoyle.com) is spam, SpamAssassin (score=5.6, required 5, BALANCE_FOR_LONG_20K, FREE_MONEY, NO_MX_FOR_FROM, SPAM_PHRASE_00_01, SUBJ_ALL_CAPS, SUBJ_FREE_CAP, SUB_FREE_OFFER, SUPERLONG_LINE, UPPERCASE_25_50) Jan 8 13:01:58 tonka MailScanner[11756]: Spam Checks: Found 1 spam messages Jan 8 13:01:58 tonka MailScanner[11756]: Spam Actions: message h08I1F32012337 actions are deliver Jan 8 13:01:58 tonka MailScanner[11756]: Unscanned: Delivered 1 messages Jan 8 13:01:59 tonka MailScanner[11756]: Virus and Content Scanning: Starting Jan 8 13:02:00 tonka sendmail[12502]: h08I1F32012337: to =, ctladdr= (0/0), delay=00:00:44, xdelay=00:00:00, mailer=local, pri=120367, dsn=2.0.0, stat=Sent Thanks, Magda Hewryk -------------------------------- Mid-Range Systems RSP: 905-273-1637 CELL: 416-948-4427 From Kevin.Spicer at BMRB.CO.UK Wed Jan 8 20:10:47 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:16:54 2006 Subject: Attachments are not scanned - no help from anybody? Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0A32C11@pascal.priv.bmrb.co.uk> > Some configurations from my MailScanner.conf > ===================================== > Virus Scanning = no > Filename Rules = /etc/MailScanner/filename.rules.conf > Quarantine Infections = yes > Deleted Bad Filename Message Report = > /etc/MailScanner/reports/en/deleted.filename.message.txt > Stored Bad Filename Message Report = > /etc/MailScanner/reports/en/stored.filename.message.txt > Virus Scanning = no turns off all processing of the messages. I think you want Virus Scanning = yes Virus Scanners = none [The config files suggest you can turn off virus scanning by Virus Scanners = sophos - but I suspect that's an error, maybe its fixed in 4.11?] From MHewryk at SYMCOR.COM Wed Jan 8 20:54:44 2003 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:16:54 2006 Subject: Attachments are not scanned - still is not rejecting denied extensions like .exe Message-ID: Hi, I've changed config file for Scanning and Scanner's but still MailScanner doesn't flag the email as "wrong attachment" Virus Scanning = yes Virus Scanners = none # mail -v mhewryk -s "report No. 5" < f-prot.exe Jan 8 15:48:46 tonka MailScanner[6561]: New Batch: Scanning 1 messages, 28455 bytes Jan 8 15:48:48 tonka MailScanner[6561]: Spam Checks: Starting Jan 8 15:49:02 tonka MailScanner[6561]: RBL Check timed out and was killed, consecutive failure 1 of 7 Jan 8 15:51:07 tonka MailScanner[6561]: Virus and Content Scanning: Starting Jan 8 15:51:07 tonka MailScanner[6561]: Uninfected: Delivered 1 messages Thanks, Magda Hewryk -------------------------------- Mid-Range Systems RSP: 905-273-1637 CELL: 416-948-4427 "Spicer, Kevin" cc: Sent by: Subject: Re: Attachments are not scanned - no help from MailScanner anybody? mailing list 01/08/2003 03:10 PM Please respond to MailScanner mailing list > Some configurations from my MailScanner.conf > ===================================== > Virus Scanning = no > Filename Rules = /etc/MailScanner/filename.rules.conf > Quarantine Infections = yes > Deleted Bad Filename Message Report = > /etc/MailScanner/reports/en/deleted.filename.message.txt > Stored Bad Filename Message Report = > /etc/MailScanner/reports/en/stored.filename.message.txt > Virus Scanning = no turns off all processing of the messages. I think you want Virus Scanning = yes Virus Scanners = none [The config files suggest you can turn off virus scanning by Virus Scanners = sophos - but I suspect that's an error, maybe its fixed in 4.11?] From mbowman at UDCOM.COM Wed Jan 8 21:06:28 2003 From: mbowman at UDCOM.COM (Matthew Bowman) Date: Thu Jan 12 21:16:54 2006 Subject: Attachments are not scanned - still is not rejecting denied extensions like .exe In-Reply-To: Message-ID: Hello Magda The server that you are running mail -v on - does that run MailScanner? I ran a similiar command to yours on my server running MailScanner and it sent it through embedded into the e-mail not as an attachment. I then sent an e-mail from a domain thats filtered through MailScanner with an attachment .exe and it removed the file from the e-mail ok. Regards, Matthew K Bowman Systems Administrator; Hostmaster; Miva Administrator Universal Digital Communications, Mansfield Ohio. Magda Hewryk cc: Sent by: Subject: Re: Attachments are not scanned - still is not rejecting denied extensions like MailScanner .exe mailing list 01/08/2003 03:54 PM Please respond to MailScanner mailing list Hi, I've changed config file for Scanning and Scanner's but still MailScanner doesn't flag the email as "wrong attachment" Virus Scanning = yes Virus Scanners = none # mail -v mhewryk -s "report No. 5" < f-prot.exe Jan 8 15:48:46 tonka MailScanner[6561]: New Batch: Scanning 1 messages, 28455 bytes Jan 8 15:48:48 tonka MailScanner[6561]: Spam Checks: Starting Jan 8 15:49:02 tonka MailScanner[6561]: RBL Check timed out and was killed, consecutive failure 1 of 7 Jan 8 15:51:07 tonka MailScanner[6561]: Virus and Content Scanning: Starting Jan 8 15:51:07 tonka MailScanner[6561]: Uninfected: Delivered 1 messages Thanks, Magda Hewryk -------------------------------- Mid-Range Systems RSP: 905-273-1637 CELL: 416-948-4427 "Spicer, Kevin" cc: Sent by: Subject: Re: Attachments are not scanned - no help from MailScanner anybody? mailing list 01/08/2003 03:10 PM Please respond to MailScanner mailing list > Some configurations from my MailScanner.conf > ===================================== > Virus Scanning = no > Filename Rules = /etc/MailScanner/filename.rules.conf > Quarantine Infections = yes > Deleted Bad Filename Message Report = > /etc/MailScanner/reports/en/deleted.filename.message.txt > Stored Bad Filename Message Report = > /etc/MailScanner/reports/en/stored.filename.message.txt > Virus Scanning = no turns off all processing of the messages. I think you want Virus Scanning = yes Virus Scanners = none [The config files suggest you can turn off virus scanning by Virus Scanners = sophos - but I suspect that's an error, maybe its fixed in 4.11?] From Kevin.Spicer at BMRB.CO.UK Wed Jan 8 21:13:22 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:16:54 2006 Subject: Attachments are not scanned - still is not rejecting denied extensions like .exe Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0A4ACFB@pascal.priv.bmrb.co.uk> > # mail -v mhewryk -s "report No. 5" < f-prot.exe I don't know what you get on your system, but I would guess you get what I do - an email full of binary junk in the body. Since this puts the contents of the exe file in the body of the mail, not encoded as an attachment mailscanner will not block it - because no attachment is present for it to block. I'm not sure how/if you can send non-text attachements using the mail command - you can with pine (which I use when I'm not at the console) or flip to a GUI and use just about any GUI mail client. From MHewryk at SYMCOR.COM Wed Jan 8 21:18:06 2003 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:16:54 2006 Subject: Attachments are not scanned - still is not rejecting denied extensions like .exe Message-ID: It makes sense, this file is not an attachment. Thank you! Magda Hewryk -------------------------------- Mid-Range Systems RSP: 905-273-1637 CELL: 416-948-4427 "Spicer, Kevin" cc: Sent by: Subject: Re: Attachments are not scanned - still is not MailScanner rejecting denied extensions like .exe mailing list 01/08/2003 04:13 PM Please respond to MailScanner mailing list > # mail -v mhewryk -s "report No. 5" < f-prot.exe I don't know what you get on your system, but I would guess you get what I do - an email full of binary junk in the body. Since this puts the contents of the exe file in the body of the mail, not encoded as an attachment mailscanner will not block it - because no attachment is present for it to block. I'm not sure how/if you can send non-text attachements using the mail command - you can with pine (which I use when I'm not at the console) or flip to a GUI and use just about any GUI mail client. From dwinkler at ALGORITHMICS.COM Wed Jan 8 21:21:49 2003 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:16:54 2006 Subject: Attachments are not scanned - still is not rejecting denied extensions like .exe Message-ID: <06EE2C86D3DAD5119A6C0060943F3C970402C0CE@tormail1.algorithmics.com> What you're doing doesn't attach the .exe file, it make the .exe file the contents of the email. uuencode is a pretty easy way of attaching files from the command line. uuencode whatever.exe < whatever.exe | mail -s "Whatever" whoever@wherever.com -----Original Message----- From: Matthew Bowman [mailto:mbowman@udcom.com] Sent: Wednesday, January 08, 2003 4:06 PM To: MAILSCANNER@jiscmail.ac.uk Subject: Re: Attachments are not scanned - still is not rejecting denied extensions like .exe Hello Magda The server that you are running mail -v on - does that run MailScanner? I ran a similiar command to yours on my server running MailScanner and it sent it through embedded into the e-mail not as an attachment. I then sent an e-mail from a domain thats filtered through MailScanner with an attachment .exe and it removed the file from the e-mail ok. Regards, Matthew K Bowman Systems Administrator; Hostmaster; Miva Administrator Universal Digital Communications, Mansfield Ohio. Magda Hewryk cc: Sent by: Subject: Re: Attachments are not scanned - still is not rejecting denied extensions like MailScanner .exe mailing list 01/08/2003 03:54 PM Please respond to MailScanner mailing list Hi, I've changed config file for Scanning and Scanner's but still MailScanner doesn't flag the email as "wrong attachment" Virus Scanning = yes Virus Scanners = none # mail -v mhewryk -s "report No. 5" < f-prot.exe Jan 8 15:48:46 tonka MailScanner[6561]: New Batch: Scanning 1 messages, 28455 bytes Jan 8 15:48:48 tonka MailScanner[6561]: Spam Checks: Starting Jan 8 15:49:02 tonka MailScanner[6561]: RBL Check timed out and was killed, consecutive failure 1 of 7 Jan 8 15:51:07 tonka MailScanner[6561]: Virus and Content Scanning: Starting Jan 8 15:51:07 tonka MailScanner[6561]: Uninfected: Delivered 1 messages Thanks, Magda Hewryk -------------------------------- Mid-Range Systems RSP: 905-273-1637 CELL: 416-948-4427 "Spicer, Kevin" cc: Sent by: Subject: Re: Attachments are not scanned - no help from MailScanner anybody? mailing list 01/08/2003 03:10 PM Please respond to MailScanner mailing list > Some configurations from my MailScanner.conf > ===================================== > Virus Scanning = no > Filename Rules = /etc/MailScanner/filename.rules.conf > Quarantine Infections = yes > Deleted Bad Filename Message Report = > /etc/MailScanner/reports/en/deleted.filename.message.txt > Stored Bad Filename Message Report = > /etc/MailScanner/reports/en/stored.filename.message.txt > Virus Scanning = no turns off all processing of the messages. I think you want Virus Scanning = yes Virus Scanners = none [The config files suggest you can turn off virus scanning by Virus Scanners = sophos - but I suspect that's an error, maybe its fixed in 4.11?] -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030108/f1ca05d5/attachment.html From mailscanner at BARENDSE.TO Wed Jan 8 21:24:17 2003 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:16:54 2006 Subject: Spam blacklist? In-Reply-To: <200301080849.47027.lbergman@wtxs.net> Message-ID: Indeed, that is one possible solution. But not all of my boxes run spamassassin, particularly RedHat 6.2 is very difficult to get SA properly installed. Lots of things to upgrade and 90% of the spam problem is from or to a limited set of e-mail adresses on my boxes. But one would think that a blacklisted mail adress would be processed according to high scoring rules, otherwise there isn't much use in blacklisting them :) On Wed, 8 Jan 2003, Lewis Bergman wrote: > On Wednesday 08 January 2003 04:24 am, Remco Barendse wrote: > > I have a rule list that will mark certain messages as spam even though > > there is no other reason to mark them as spam. This is working perfectly. > > > > I have noticed however that MailScanner will treat messages that are > > marked by a blacklist rule as low scoring spam? > > > > Would it be possible to change this to high scoring spam? After all you > > want to blacklist them. I allow low scoring spam messages to go through > > but high scoring stuff is forwarded to an alternate address. I would like > > to do the same for the blacklisted stuff. > Why not use SA to do the RBL checks and then assign them a score which will > force them into the high score category using the spam.assassin.prefs.conf > file? > -- > Lewis Bergman > Texas Communications > 4309 Maple St. > Abilene, TX 79602-8044 > 915-695-6962 ext 115 > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dwinkler at ALGORITHMICS.COM Wed Jan 8 21:28:04 2003 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:16:54 2006 Subject: MailScanner Online Store Message-ID: <06EE2C86D3DAD5119A6C0060943F3C970402C0CF@tormail1.algorithmics.com> I betcha Julian is wearing the boxers right now. -----Original Message----- From: Julian Field [mailto:mailscanner@ecs.soton.ac.uk] Sent: Wednesday, January 08, 2003 1:19 PM To: MAILSCANNER@jiscmail.ac.uk Subject: MailScanner Online Store I have just opened up an online store selling all sorts of MailScanner goodies. I am not making any huge profits or anything, it's there if you want it... Check it out at http://www.mailscanner.info/store -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030108/f7e1aa8b/attachment.html From MHewryk at SYMCOR.COM Wed Jan 8 21:31:08 2003 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:16:54 2006 Subject: Attachments are not scanned - still is not rejecting denied extensions like .exe Message-ID: Thank you, I'll do the same! Magda Hewryk -------------------------------- Mid-Range Systems RSP: 905-273-1637 CELL: 416-948-4427 Matthew Bowman cc: Sent by: Subject: Re: Attachments are not scanned - still is not MailScanner rejecting denied extensions like .exe mailing list 01/08/2003 04:06 PM Please respond to MailScanner mailing list Hello Magda The server that you are running mail -v on - does that run MailScanner? I ran a similiar command to yours on my server running MailScanner and it sent it through embedded into the e-mail not as an attachment. I then sent an e-mail from a domain thats filtered through MailScanner with an attachment .exe and it removed the file from the e-mail ok. Regards, Matthew K Bowman Systems Administrator; Hostmaster; Miva Administrator Universal Digital Communications, Mansfield Ohio. Magda Hewryk cc: Sent by: Subject: Re: Attachments are not scanned - still is not rejecting denied extensions like MailScanner .exe mailing list 01/08/2003 03:54 PM Please respond to MailScanner mailing list Hi, I've changed config file for Scanning and Scanner's but still MailScanner doesn't flag the email as "wrong attachment" Virus Scanning = yes Virus Scanners = none # mail -v mhewryk -s "report No. 5" < f-prot.exe Jan 8 15:48:46 tonka MailScanner[6561]: New Batch: Scanning 1 messages, 28455 bytes Jan 8 15:48:48 tonka MailScanner[6561]: Spam Checks: Starting Jan 8 15:49:02 tonka MailScanner[6561]: RBL Check timed out and was killed, consecutive failure 1 of 7 Jan 8 15:51:07 tonka MailScanner[6561]: Virus and Content Scanning: Starting Jan 8 15:51:07 tonka MailScanner[6561]: Uninfected: Delivered 1 messages Thanks, Magda Hewryk -------------------------------- Mid-Range Systems RSP: 905-273-1637 CELL: 416-948-4427 "Spicer, Kevin" cc: Sent by: Subject: Re: Attachments are not scanned - no help from MailScanner anybody? mailing list 01/08/2003 03:10 PM Please respond to MailScanner mailing list > Some configurations from my MailScanner.conf > ===================================== > Virus Scanning = no > Filename Rules = /etc/MailScanner/filename.rules.conf > Quarantine Infections = yes > Deleted Bad Filename Message Report = > /etc/MailScanner/reports/en/deleted.filename.message.txt > Stored Bad Filename Message Report = > /etc/MailScanner/reports/en/stored.filename.message.txt > Virus Scanning = no turns off all processing of the messages. I think you want Virus Scanning = yes Virus Scanners = none [The config files suggest you can turn off virus scanning by Virus Scanners = sophos - but I suspect that's an error, maybe its fixed in 4.11?] From mbowman at UDCOM.COM Wed Jan 8 21:35:11 2003 From: mbowman at UDCOM.COM (Matthew Bowman) Date: Thu Jan 12 21:16:54 2006 Subject: clamav Message-ID: Hi Is anyone using clamav with their MailScanner installation - if so, how good is it? Is there any reason why I should not get it. I'm running:- Redhat 7.3 sendmail 8.11.6-3 MailScanner 4.10-1 SpamAssassin 2.43 Matthew K Bowman Systems Administrator; Hostmaster; Miva Administrator Universal Digital Communications, Mansfield Ohio. From jase at SENSIS.COM Wed Jan 8 21:51:13 2003 From: jase at SENSIS.COM (Desai, Jason) Date: Thu Jan 12 21:16:54 2006 Subject: Exim and MS 4.11-1 Message-ID: > -----Original Message----- > From: Nick Phillips [mailto:nwp@LEMON-COMPUTING.COM] > Sent: Wednesday, January 08, 2003 4:15 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] Exim and MS 4.11-1 > > > On Thursday, January 9, 2003, at 03:25 am, Desai, Jason wrote: > > > I did see directories in mailscanner's incoming queue while > doing these > > tests. But I did clear it out and still saw the problem. I also > > cleared > > out Exim's incoming queue, and dropped a test message in there, and > > still > > saw the problem. Although a message did make it through once or > > twice, most > > of the time mailscanner crashed. > > > > Could this have anything to do with the fact that I am > using fetchmail > > to > > retrieve mail, which delivers it to exim? > > > > OK, something else which I wasn't expecting also causes nonrecipients > to be set in > the queue file; use of the system-wide message filter on the incoming > Exim. > > I'm not yet sure of exactly when this happens (i.e. does it > only happen > when a delivery > attempt is made?), but will be looking into it. > > > The diff I posted before should fix the crashing problem, but there is > another potential > problem with the system message filter causing messages to bypass > mailscanner. > > I *hope* that Exim does not run the message through the filter until a > delivery attempt is > made, in which case the solution is to avoid injecting messages with > the "-odi" or equivalent options (note that some crons do this as, it > appears, may netsaint/nagios). > > If this bothers you, you can simply remove the "message > filter" setting > from your "incoming" exim config. > > > > Cheers, > > > Nick My system filter is very simple. It just logs the email for me into a directory with the current date. The filter is: ###### if not first_delivery then finish endif unseen save /var/log/mail-save/${substr_0_10:${tod_log}}/ ###### So is the save what is causing the nonrecipients? The filter is not delivering any other email, so I don't think this will be a problem. This was set up this way before MailScanner had the ability to archive email. Maybe I'll have MailScanner do it now. The Nagios test message I gave you was sent from another server to my pop account. Then I used fetchmail to retrieve it, which I think is supposed to talk to the smtp server using tcp port 25 not calling sendmail or exim directly. With your fix, MailScanner has been running fine. Thanks for your help! Jason Desai From daniel at ZAJD.COM Wed Jan 8 22:31:00 2003 From: daniel at ZAJD.COM (Daniel Zajd) Date: Thu Jan 12 21:16:54 2006 Subject: OT: Dynamically updating /etc/mail/access In-Reply-To: <8A6DFB0865502242A29E25BDAEFBB9451ABE87@d2sexchtest.cqg.com> Message-ID: Is it possible to get a copy of your script to have as a base? > I implemented this and a few other things in a script and now we are > blocking 80% of incoming spam without having to bother MailScanner or > SpamAssassin with processing it. > > Spam Caught / Total Incoming E-mail: > 444 / 3103 > High Scoring Spam:177 > Spam blocked by sendmail:1748 > >> -----Original Message----- >> From: Ben C. O. Grimm [mailto:mailscanner-sub@WIREHUB.NET] >> Sent: Tuesday, January 07, 2003 4:03 PM >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: OT: Dynamically updating /etc/mail/access >> >> >> On 7 Jan 2003 00:50:03 +0100, Stewart Lawler >> >> wrote: >> >>> this looks like a great solution - but what is the >> performance impact? >>> The relay machine i'm running mailscanner on at the moment >> is rather old >>> and might not cope with being given much more to do. :-) >> >> The only performance impact will be hashing the database when >> using the >> full list. Shouldn't be too much work though. You don't have >> to worry about >> the size of the resulting db; hash lookups are blazingly fast. Our >> access.db is >20 MB in size (we put a lot of extra >> information in it), and >> it gets called at least 2 times per second. I sleep well. >> >> -- >> - Ben C. O. Grimm ----------------- Ben.Grimm@wirehub.net - >> - Wirehub! Internet Engineering - http://www.wirehub.net/ - >> - Private Ponderings ----------- http://www.bengrimm.net/ - >> - Wirehub! Internet ----------- part of easynet Group plc - >> > > From gavin at NETERGY.COM Wed Jan 8 22:32:18 2003 From: gavin at NETERGY.COM (Gavin Nelmes-Crocker) Date: Thu Jan 12 21:16:54 2006 Subject: clamav In-Reply-To: Message-ID: > Is anyone using clamav with their MailScanner installation - if so, how > good is it? Is there any reason why I should not get it. > > I'm running:- > > Redhat 7.3 > sendmail 8.11.6-3 > MailScanner 4.10-1 > SpamAssassin 2.43 > No reason not to use it except for the caveat that it still has an unsupported status with MailScanner code but saying that its running very well on our live system along with Sophos and F-prot so far it hasn't missed anything that the others have found - it was a bit flaky a while ago when we were running a test suite but we joined the clamav mailing list and soon saw others having similar problems and the virus database got cleaned up. I have an rpm for it for a Cobalt box should work on plain Red Hat as well but no promises. Regards Gavin -- This message has been scanned for viruses and dangerous content by the Netergy Virus Spam Defence, and is believed to be clean. For details on having your email scanned email nvsd@netergy.com From mailscanner at BARENDSE.TO Wed Jan 8 22:32:53 2003 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:16:54 2006 Subject: Bug when using rulesets for sender error reports? Message-ID: I tried a rule file to localize the error report according to the senders domain. I put the name of the rule file in MailScanner.conf but it doesn't work. When an error needs to be sent there are errors appearing in the maillog complaining about the last line of this ruleset. From: *@*.de /etc/MailScanner/reports/de/sender.error.report.txt From: *@*.dk /etc/MailScanner/reports/dk/sender.error.report.txt From: *@*.uk /etc/MailScanner/reports/en/sender.error.report.txt From: *@*.es /etc/MailScanner/reports/es/sender.error.report.txt From: *@*.fr /etc/MailScanner/reports/fr/sender.error.report.txt From: *@*.it /etc/MailScanner/reports/it/sender.error.report.txt From: *@*.nl /etc/MailScanner/reports/nl/sender.error.report.txt From: *@*.br /etc/MailScanner/reports/pt_br/sender.error.report.txt From: *@*.ro /etc/MailScanner/reports/ro/sender.error.report.txt From: *@*.sk /etc/MailScanner/reports/sk/sender.error.report.txt FromTo: default I tried using default and the name of the english file, but still the errors in the maillog appear and no report is being sent. Could it be that there is no default value set here?? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dwinkler at ALGORITHMICS.COM Wed Jan 8 22:36:37 2003 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:16:54 2006 Subject: Bug when using rulesets for sender error reports? Message-ID: <06EE2C86D3DAD5119A6C0060943F3C970402C0D1@tormail1.algorithmics.com> Your last line should be: FromTo: default /etc/MailScanner/reports/en/sender.error.report.txt or whatever report you want. -----Original Message----- From: Remco Barendse [mailto:mailscanner@barendse.to] Sent: Wednesday, January 08, 2003 5:33 PM To: MAILSCANNER@jiscmail.ac.uk Subject: Bug when using rulesets for sender error reports? I tried a rule file to localize the error report according to the senders domain. I put the name of the rule file in MailScanner.conf but it doesn't work. When an error needs to be sent there are errors appearing in the maillog complaining about the last line of this ruleset. From: *@*.de /etc/MailScanner/reports/de/sender.error.report.txt From: *@*.dk /etc/MailScanner/reports/dk/sender.error.report.txt From: *@*.uk /etc/MailScanner/reports/en/sender.error.report.txt From: *@*.es /etc/MailScanner/reports/es/sender.error.report.txt From: *@*.fr /etc/MailScanner/reports/fr/sender.error.report.txt From: *@*.it /etc/MailScanner/reports/it/sender.error.report.txt From: *@*.nl /etc/MailScanner/reports/nl/sender.error.report.txt From: *@*.br /etc/MailScanner/reports/pt_br/sender.error.report.txt From: *@*.ro /etc/MailScanner/reports/ro/sender.error.report.txt From: *@*.sk /etc/MailScanner/reports/sk/sender.error.report.txt FromTo: default I tried using default and the name of the english file, but still the errors in the maillog appear and no report is being sent. Could it be that there is no default value set here?? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030108/fdf9760e/attachment.html From andrewh at CQG.COM Wed Jan 8 22:40:32 2003 From: andrewh at CQG.COM (Andrew M. Hoying) Date: Thu Jan 12 21:16:54 2006 Subject: OT: Dynamically updating /etc/mail/access Message-ID: <8A6DFB0865502242A29E25BDAEFBB9451ABE93@d2sexchtest.cqg.com> Here is what I'm using basically, I run this hourly: #!/bin/bash # Should probably use mktemp here cd /tmp rm -rf accessdb mkdir accessdb cd accessdb # access.manual contains entries that are maintained locally cp /etc/mail/access.manual /tmp/accessdb # download the latest spamlist update wget -q http://basic.wirehub.nl/spamlist-extended.txt # combine into temp access file cat /tmp/accessdb/spamlist-extended.txt /tmp/accessdb/access.manual > /tmp/accessdb/access.tmp # Hash new access file and add duplicate lines to a sed script /usr/bin/makemap hash access < access.tmp 2>&1 |awk '{print $4}'|sort -n -r|sed 's/:/d/g' > /tmp/accessdb/script.sed # Run sed script to remove dups and remove the lines # which are in spamlist that you don't want cat /tmp/accessdb/access.tmp|sed -f /tmp/accessdb/script.sed| \ grep -v -i zmail.ru > /tmp/accessdb/access # Rerun hash, output errors /usr/bin/makemap hash access < access 2>&1 > /tmp/accessdb/errors.txt # Verify that there were no errors. If there are, mail them. x=$? if [ $x -ne 0 ] then echo "Makemap of new access.db failed with an exit code of "$x". Errors are `/bin/cat /tmp/accessdb/errors.txt`"| \ mail -s "Makemap failed on `/bin/hostname`" youremail@domain.com > /dev/null exit $x # If there aren't update the master access.db else cp /tmp/accessdb/access /etc/mail/access cp /tmp/accessdb/access.db /etc/mail/access.db fi exit 0 > -----Original Message----- > From: Daniel Zajd [mailto:daniel@ZAJD.COM] > Sent: Wednesday, January 08, 2003 3:31 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: OT: Dynamically updating /etc/mail/access > > > Is it possible to get a copy of your script to have as a base? > > > I implemented this and a few other things in a script and now we are > > blocking 80% of incoming spam without having to bother > MailScanner or > > SpamAssassin with processing it. > > > > Spam Caught / Total Incoming E-mail: > > 444 / 3103 > > High Scoring Spam:177 > > Spam blocked by sendmail:1748 > > > >> -----Original Message----- > >> From: Ben C. O. Grimm [mailto:mailscanner-sub@WIREHUB.NET] > >> Sent: Tuesday, January 07, 2003 4:03 PM > >> To: MAILSCANNER@JISCMAIL.AC.UK > >> Subject: Re: OT: Dynamically updating /etc/mail/access > >> > >> > >> On 7 Jan 2003 00:50:03 +0100, Stewart Lawler > >> > >> wrote: > >> > >>> this looks like a great solution - but what is the > >> performance impact? > >>> The relay machine i'm running mailscanner on at the moment > >> is rather old > >>> and might not cope with being given much more to do. :-) > >> > >> The only performance impact will be hashing the database when > >> using the > >> full list. Shouldn't be too much work though. You don't have > >> to worry about > >> the size of the resulting db; hash lookups are blazingly fast. Our > >> access.db is >20 MB in size (we put a lot of extra > >> information in it), and > >> it gets called at least 2 times per second. I sleep well. > >> > >> -- > >> - Ben C. O. Grimm ----------------- Ben.Grimm@wirehub.net - > >> - Wirehub! Internet Engineering - http://www.wirehub.net/ - > >> - Private Ponderings ----------- http://www.bengrimm.net/ - > >> - Wirehub! Internet ----------- part of easynet Group plc - > >> > > > > > From nerijus at USERS.SOURCEFORGE.NET Wed Jan 8 23:49:55 2003 From: nerijus at USERS.SOURCEFORGE.NET (Nerijus Baliunas) Date: Thu Jan 12 21:16:54 2006 Subject: OT: Dynamically updating /etc/mail/access In-Reply-To: <8A6DFB0865502242A29E25BDAEFBB9451ABE93@d2sexchtest.cqg.com> References: <8A6DFB0865502242A29E25BDAEFBB9451ABE93@d2sexchtest.cqg.com> Message-ID: <200301082353.h08NrF8F005429@mx.ktv.lt> On Wed, 8 Jan 2003 15:40:32 -0700 "Andrew M. Hoying" wrote: > Here is what I'm using basically, I run this hourly: > > #!/bin/bash > > # Should probably use mktemp here > cd /tmp > rm -rf accessdb > mkdir accessdb > cd accessdb > > # access.manual contains entries that are maintained locally > cp /etc/mail/access.manual /tmp/accessdb > > # download the latest spamlist update > wget -q http://basic.wirehub.nl/spamlist-extended.txt They ask to switch to rsync btw: ### 4. All files are now available using rsync; please switch to rsync whenever possible; see http://basic.wirehub.nl/spamstats.html. Regards, Nerijus From dlovelace at HOTELS.COM Wed Jan 8 20:31:43 2003 From: dlovelace at HOTELS.COM (Dale Lovelace) Date: Thu Jan 12 21:16:54 2006 Subject: MailScanner Online Store Message-ID: <95DD6F026D9C5C459E262B9C385C478E5981F4@h-file04.180096hotel.com> One request... Could we get a golf shirt with the logo only on the front? Thanks, Dale -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: Wed 1/8/2003 12:18 PM To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: MailScanner Online Store I have just opened up an online store selling all sorts of MailScanner goodies. I am not making any huge profits or anything, it's there if you want it... Check it out at http://www.mailscanner.info/store -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Wed Jan 8 23:29:40 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:54 2006 Subject: Upgrade from 4.10-1 to 4.11-1... In-Reply-To: <1042042294.4610.10.camel@croithine> References: <200301080852.31877.lbergman@wtxs.net> <200301080852.31877.lbergman@wtxs.net> Message-ID: <5.2.0.9.2.20030108232838.02a4c788@imap.ecs.soton.ac.uk> Once the autoconf stuff works on lots of OS's, MailScanner will ship with that so you can use a "configure" script to apply all these path changes to everywhere they are needed. At 16:11 08/01/2003, you wrote: >On Wed, 2003-01-08 at 09:52, Lewis Bergman wrote: > > What is wrong with the location and naming of Julian's stuff? > > Why not use it as it is designed rather than asking him to change it to fit > > your file layout? I can understand a feature request but file location is a > > pretty arbitrary thing. > >While Julian has done a great job of setting up the directory tree, >every site will have it's own quirks. > >We use /usr/local as a mounted filesystem via NFS so we don't have to >install stuff everywhere. I could put MS there, but it has problems >with NFS and I wouldn't use NFS for ANYTHING critical. > >Also, we put MS on our SAN for the speed and for failover between two >machine. For this we need them to have different paths then each other >if we wanted to process any stuck mail from one system on the other. > >For every reason you can think of to keep something standard, someone >else can think up one for allowing the choice. > >I for one never had any problem changing the scripts. That's what's >great about OSS, you can! I always thought it was such a minor issue. >I'm sure he has plenty of other things to work on. I'm sure someone out >there could easily change it and submit a patch. > > > > -- > > Lewis Bergman > > Texas Communications > > 4309 Maple St. > > Abilene, TX 79602-8044 > > 915-695-6962 ext 115 >-- >Thomas J. DuVally >Lead Systems Prog. >CIS, Brown Univ. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Wed Jan 8 23:36:43 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:54 2006 Subject: Attachments are not scanned In-Reply-To: Message-ID: <5.2.0.9.2.20030108233550.02cd8c98@imap.ecs.soton.ac.uk> At 18:12 08/01/2003, you wrote: >Hi, > >I'm trying to send the binary with the extension "exe" but for some reason >MailScanner doesn't report it as a spam or an infected email. >Nothing is put is the quarantine queue and I'm not getting any report.... > >My filename.rules.conf file is set up properly, it denies .exe and it is >activated in MailScanner.conf. >What is wrong here? > >Some configurations from my MailScanner.conf >===================================== >Virus Scanning = no Due to nasty historical reasons, "Virus Scanning = no" switches off the virus scanning *and* the attachment filename checking. Sorry about that. What you need is Virus Scanning = yes Virus Scanners = none >Filename Rules = /etc/MailScanner/filename.rules.conf >Quarantine Infections = yes >Deleted Bad Filename Message Report = >/etc/MailScanner/reports/en/deleted.filename.message.txt >Stored Bad Filename Message Report = >/etc/MailScanner/reports/en/stored.filename.message.txt > >Some logs: >========== > ># mail -v mhewryk < f-prot.exe > >1.) binary sent with .exe extension >Jan 8 12:58:43 tonka MailScanner[11670]: New Batch: Forwarding 1 unscanned >messages, 28449 bytes >Jan 8 12:58:43 tonka MailScanner[11670]: Spam Checks: Starting >Jan 8 12:58:43 tonka sendmail[11924]: h08Hwg39011924: to=mhewryk, >ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01, mailer=relay, >pri=30029, relay=localdomain.localhost. [127.0.0.1], dsn=2.0.0, stat=Sent >(h08Hwg32011930 Message accepted for delivery) > >2.) binary sent with .exe extension and SPAM subject line >Jan 8 13:01:18 tonka MailScanner[11756]: New Batch: Forwarding 1 unscanned >messages, 28488 bytes >Jan 8 13:01:18 tonka MailScanner[11756]: Spam Checks: Starting >Jan 8 13:01:58 tonka MailScanner[11756]: Message h08I1F32012337 from >127.0.0.1 (tonka.aberfoyle.com) is spam, SpamAssassin (score=5.6, required >5, BALANCE_FOR_LONG_20K, FREE_MONEY, NO_MX_FOR_FROM, SPAM_PHRASE_00_01, >SUBJ_ALL_CAPS, SUBJ_FREE_CAP, SUB_FREE_OFFER, SUPERLONG_LINE, >UPPERCASE_25_50) >Jan 8 13:01:58 tonka MailScanner[11756]: Spam Checks: Found 1 spam >messages >Jan 8 13:01:58 tonka MailScanner[11756]: Spam Actions: message >h08I1F32012337 actions are deliver >Jan 8 13:01:58 tonka MailScanner[11756]: Unscanned: Delivered 1 messages >Jan 8 13:01:59 tonka MailScanner[11756]: Virus and Content Scanning: >Starting >Jan 8 13:02:00 tonka sendmail[12502]: h08I1F32012337: to >=, ctladdr= (0/0), >delay=00:00:44, xdelay=00:00:00, mailer=local, pri=120367, dsn=2.0.0, >stat=Sent > > >Thanks, > >Magda Hewryk >-------------------------------- >Mid-Range Systems >RSP: 905-273-1637 >CELL: 416-948-4427 -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Wed Jan 8 23:33:32 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:54 2006 Subject: Archiving e-mail ruleset In-Reply-To: Message-ID: <5.2.0.9.2.20030108233051.02028d78@imap.ecs.soton.ac.uk> At 14:42 08/01/2003, you wrote: >I'm a bit lost here, I want to archive e-mail that certain users send so I >created a ruleset. > >Now I'm not sure what the below means, where do I put the ruleset and >where do I put the directory to archive mail? Is this the comma separated >list or did I overlook something? > ># Space-separated list of email address and directory names where you want ># a copy of all mail to be forwarded or stored. ># ># If you give this option a ruleset, you can control exactly whose mail ># is archived or forwarded. If you do this, beware of the legal >implications ># as this could be deemed to be illegal interception unless the police >have ># asked you to do this. >Archive Mail = /var/spool/MailScanner/archive Set Archive Mail = /etc/MailScanner/rules/archive.mail.rules And then in that file put things like From: user1@yourdomain.com /var/spool/MailScanner/archive/user1 From: user2@yourdomain.com /var/spool/MailScanner/archive/user2 From: *@yourdomain.com /var/spool/MailScanner/archive/otherusers FromOrTo: default So mail from user1 gets put in the user1 archive (ditto for user2). Mail from any other address in your domain gets put in the "otherusers" archive. No other mail is archived (which is why the default is blank). -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Wed Jan 8 23:53:00 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:54 2006 Subject: MailScanner Online Store In-Reply-To: <6214C3F9233D764C9E7029396C355015682872@mail.foundation.sds u.edu> Message-ID: <5.2.0.9.2.20030108235234.01fe0750@imap.ecs.soton.ac.uk> At 19:13 08/01/2003, you wrote: >What? No baby clothes? There's now a toddler hooded jacket :-) >Steve Evans >SDSU Foundation >(619) 594-0653 > >-----Original Message----- >From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] >Sent: Wednesday, January 08, 2003 10:19 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: MailScanner Online Store > > >I have just opened up an online store selling all sorts of MailScanner >goodies. I am not making any huge profits or anything, it's there if you >want it... > >Check it out at http://www.mailscanner.info/store >-- >Julian Field >www.MailScanner.info >MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Wed Jan 8 23:11:41 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:54 2006 Subject: spamassassin timeout In-Reply-To: Message-ID: <5.2.0.9.2.20030108230955.02cee468@imap.ecs.soton.ac.uk> At 10:06 08/01/2003, you wrote: >I seem to recall a discussion on this in the past where MS was not giving >SA enough time - having searched the archives I think the relevant post is: > >http://www.jiscmail.ac.uk/cgi-bin/wa.exe?A2=ind0210&L=mailscanner&P=R73136&I=-3&m=3466 > > >The main issue is that MS gives SA 30 seconds before timing out. >Unfortunately SA gives DNSBL lookups 30 seconds before it gives up so MS >kills SA before its timed out and returned. > >My solution which seems to work was to increase the MS timeout of SA to >40. The post above gives a fuller solution which reduces the timeout that >SA uses on the RBLs. What I will endeavour to add to the next version is an improvement to the SA timeout code. So if SA times out lots of times in a row it will remove SA's ability to do RBL lookups. If that fixes the timeouts then it will carry on like that. If SA still times out after some more attempts, then it will kill SA completely. All this state is reset when MailScanner next does its auto restart in a few hours time. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Thu Jan 9 00:10:03 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:54 2006 Subject: Spam blacklist? In-Reply-To: References: <200301080849.47027.lbergman@wtxs.net> Message-ID: <5.2.0.9.2.20030109000924.02cf5068@imap.ecs.soton.ac.uk> At 21:24 08/01/2003, you wrote: >Indeed, that is one possible solution. > >But not all of my boxes run spamassassin, particularly RedHat 6.2 is very >difficult to get SA properly installed. Lots of things to upgrade and 90% >of the spam problem is from or to a limited set of e-mail adresses on my >boxes. > >But one would think that a blacklisted mail adress would be processed >according to high scoring rules, otherwise there isn't much use in >blacklisting them :) My black/white-listing isn't really connected to the SpamAssassin scoring code. Maybe it should be. >On Wed, 8 Jan 2003, Lewis Bergman wrote: > > > On Wednesday 08 January 2003 04:24 am, Remco Barendse wrote: > > > I have a rule list that will mark certain messages as spam even though > > > there is no other reason to mark them as spam. This is working perfectly. > > > > > > I have noticed however that MailScanner will treat messages that are > > > marked by a blacklist rule as low scoring spam? > > > > > > Would it be possible to change this to high scoring spam? After all you > > > want to blacklist them. I allow low scoring spam messages to go through > > > but high scoring stuff is forwarded to an alternate address. I would like > > > to do the same for the blacklisted stuff. > > Why not use SA to do the RBL checks and then assign them a score which will > > force them into the high score category using the spam.assassin.prefs.conf > > file? > > -- > > Lewis Bergman > > Texas Communications > > 4309 Maple St. > > Abilene, TX 79602-8044 > > 915-695-6962 ext 115 > > > > > > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Thu Jan 9 00:10:35 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:54 2006 Subject: MailScanner Online Store In-Reply-To: <06EE2C86D3DAD5119A6C0060943F3C970402C0CF@tormail1.algorith mics.com> Message-ID: <5.2.0.9.2.20030109001014.02cf9dd8@imap.ecs.soton.ac.uk> At 21:28 08/01/2003, you wrote: >I betcha Julian is wearing the boxers right now. Not yet... (shipping from the US always takes ages :-) >-----Original Message----- >From: Julian Field >[mailto:mailscanner@ecs.soton.ac.uk] >Sent: Wednesday, January 08, 2003 1:19 PM >To: MAILSCANNER@jiscmail.ac.uk >Subject: MailScanner Online Store > >I have just opened up an online store selling all sorts of MailScanner >goodies. >I am not making any huge profits or anything, it's there if you want it... > >Check it out at >http://www.mailscanner.info/store >-- >Julian Field >www.MailScanner.info >MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030109/428eeab5/attachment.html From mailscanner at ecs.soton.ac.uk Wed Jan 8 23:05:23 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:54 2006 Subject: Whitelisting problem In-Reply-To: References: <5.2.0.9.2.20030107165515.05051d58@imap.ecs.soton.ac.uk> Message-ID: <5.2.0.9.2.20030108225714.02cf9ff0@imap.ecs.soton.ac.uk> At 09:11 08/01/2003, you wrote: >How does whitelisting on IP work? It spots the fact the pattern you are matching only contains digits and no letters. If so, it matches against the IP address where the SMTP connection is coming from. > Do we need to use the same file and >format as we do with domain names?? Yes. You can use patterns such as 1. Full IP addresses 194.109.9.99 2. IP address prefixes 194.109. would match 194.109.*.* 3. Regular expressions using IP addresses /194.109.(9|10|11|12)./ would match 194.109.9.* - 194.109.12.* If you don't know much about regular expressions then type "man perlre" for a very detailed explanation. >From: 194.109.9.99 yes > > >On Tue, 7 Jan 2003, Julian Field wrote: > > > At 16:50 07/01/2003, you wrote: > > > > >IBM is a partner of ours so I have whitelisted ibm.com > > > > > >But now some spammer is forging both the envelope and header to look like > > >it cam from ibm.com > > > > > >The spammer appears to be creating random addresses ending in @ibm.com > > > > > >Is my only choice to remove ibm.com from the whitelist? > > > > If ibm.com only use a few outgoing mail servers, you could whitelist their > > IP addresses instead. > > -- > > Julian Field > > www.MailScanner.info > > MailScanner thanks transtec Computers for their support > > > > > > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Thu Jan 9 00:02:46 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:54 2006 Subject: MailScanner Online Store In-Reply-To: References: <6214C3F9233D764C9E7029396C355015682872@mail.foundation.sdsu.edu> Message-ID: <5.2.0.9.2.20030109000233.02d0beb0@imap.ecs.soton.ac.uk> At 19:12 08/01/2003, you wrote: >What? No Beer Mat? Consider it done... >lol > >Matthew K Bowman >Systems Administrator, UDCom > > > > > Steve Evans > MAILSCANNER@JISCMAIL.AC.UK > .SDSU.EDU> cc: > Sent by: Subject: Re: MailScanner > Online Store > MailScanner > mailing list > AIL.AC.UK> > > > 01/08/2003 02:13 > PM > Please respond to > MailScanner > mailing list > > > > > >What? No baby clothes? > >Steve Evans >SDSU Foundation >(619) 594-0653 > >-----Original Message----- >From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] >Sent: Wednesday, January 08, 2003 10:19 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: MailScanner Online Store > > >I have just opened up an online store selling all sorts of MailScanner >goodies. I am not making any huge profits or anything, it's there if you >want it... > >Check it out at http://www.mailscanner.info/store >-- >Julian Field >www.MailScanner.info >MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From gerry at DORFAM.CA Thu Jan 9 00:44:21 2003 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:16:54 2006 Subject: MailScanner Online Store In-Reply-To: <06EE2C86D3DAD5119A6C0060943F3C970402C0CF@tormail1.algorithmics.com> Message-ID: On Wed, 8 Jan 2003, Derek Winkler wrote: > I betcha Julian is wearing the boxers right now. > I suspect that his entire wardrobe has been selected from the new store. He's probably a walking advertisement for MailScanner...kind like those guys wearing sandwich boards only better. -- Gerry "The lyfe so short, the craft so long to learne" Chaucer From dlovelace at HOTELS.COM Thu Jan 9 00:53:52 2003 From: dlovelace at HOTELS.COM (Dale Lovelace) Date: Thu Jan 12 21:16:54 2006 Subject: clamav Message-ID: <95DD6F026D9C5C459E262B9C385C478E5981F6@h-file04.180096hotel.com> I am running it at hotels.com scanning about 40,000 mails per day (is everyone's mail volume down since Christmas?). I haven't seen any problems with it, but it definitely doesn't catch everything. Our Exchange administrators run Anti-Gen on the Exchange servers which still catch as many virii as I do with Clamav, after going through the MailScanner server. I am simply using it to offload some of the work the Exchange servers do... -----Original Message----- From: Matthew Bowman [mailto:mbowman@UDCOM.COM] Sent: Wed 1/8/2003 3:35 PM To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: clamav Hi Is anyone using clamav with their MailScanner installation - if so, how good is it? Is there any reason why I should not get it. I'm running:- Redhat 7.3 sendmail 8.11.6-3 MailScanner 4.10-1 SpamAssassin 2.43 Matthew K Bowman Systems Administrator; Hostmaster; Miva Administrator Universal Digital Communications, Mansfield Ohio. From paul.hamilton at sme-ecom.co.uk Thu Jan 9 07:31:26 2003 From: paul.hamilton at sme-ecom.co.uk (Paul Hamilton) Date: Thu Jan 12 21:16:54 2006 Subject: 'System Administrators' report. Message-ID: <000501c2b7b1$1ebea460$fc32000a@4> Hi All, Has anybody experienced the same? We have recently set up a ruleset so that specific users receive a copy of the 'System Administrators' report. Within the 'Notices To' ruleset we have set the following: FromTo: default infection@sent-to-me.xxx FromTo: *@users-domain.xxx user@users-domain.xxx infection@sent-to-me.xxx This in theory sends a copy on 'default' users to me and on the specified user, one to the them and one to me. This is working fine but where we specify *@users-domain.xxx user@users-domain.xxx infection@sent-to-me.xxx the reports are being duplicated so in effect we are generating 4 copies of the 'System Administrators' report, two to the specified user and two to me. If we set the specified user to: FromTo: *@users-domain.xxx user@users-domain.xxx only one copy is generated (the specified users copy) but infection@sent-to-me.xxx does not get a copy. We obviously would like to eliminate the duplication. Any suggestions? Many thanks in advance Paul H -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030109/86b931c7/attachment.html From Q.G.Campbell at NEWCASTLE.AC.UK Thu Jan 9 09:41:42 2003 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:16:54 2006 Subject: Archiving e-mail ruleset Message-ID: > -----Original Message----- > From: Julian Field [mailto:mailscanner@ecs.soton.ac.uk] > Sent: 08 January 2003 23:34 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Archiving e-mail ruleset > > > At 14:42 08/01/2003, you wrote: > >I'm a bit lost here, I want to archive e-mail that certain > users send > >so I created a ruleset. > > > >Now I'm not sure what the below means, where do I put the > ruleset and > >where do I put the directory to archive mail? Is this the comma > >separated list or did I overlook something? > > > ># Space-separated list of email address and directory names > where you > >want # a copy of all mail to be forwarded or stored. # > ># If you give this option a ruleset, you can control exactly > whose mail > ># is archived or forwarded. If you do this, beware of the legal > >implications > ># as this could be deemed to be illegal interception unless > the police > >have > ># asked you to do this. > >Archive Mail = /var/spool/MailScanner/archive > > Set > Archive Mail = /etc/MailScanner/rules/archive.mail.rules > And then in that file put things like > From: user1@yourdomain.com /var/spool/MailScanner/archive/user1 > From: user2@yourdomain.com /var/spool/MailScanner/archive/user2 > From: *@yourdomain.com > /var/spool/MailScanner/archive/otherusers > FromOrTo: default > > So mail from user1 gets put in the user1 archive (ditto for > user2). Mail from any other address in your domain gets put > in the "otherusers" archive. No other mail is archived (which > is why the default is blank). > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > Directories specified in the Archive rules file must be created _before_ they are first used. The Archive facility does not create them for you. MailScanner will object if it tries to archive a message and the specified directory is not there. Quentin --- PHONE: +44 191 222 8209 Computing Service, University of Newcastle FAX: +44 191 222 8765 Newcastle upon Tyne, United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." From mailscanner at ecs.soton.ac.uk Thu Jan 9 09:46:01 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:54 2006 Subject: 'System Administrators' report. In-Reply-To: <000501c2b7b1$1ebea460$fc32000a@4> Message-ID: <5.2.0.9.2.20030109094419.029d2010@imap.ecs.soton.ac.uk> At 07:31 09/01/2003, you wrote: >Has anybody experienced the same? > >We have recently set up a ruleset so that specific users receive a copy of the >'System Administrators' report. >Within the 'Notices To' ruleset we have set the following: >FromTo: default >infection@sent-to-me.xxx >FromTo: >*@users-domain.xxx >user@users-domain.xxx >infection@sent-to-me.xxx > >This in theory sends a copy on 'default' users to me and on the specified >user, one to >the them and one to me. This is working fine but where we specify >*@users-domain.xxx >user@users-domain.xxx >infection@sent-to-me.xxx the reports are >being duplicated so >in effect we are generating 4 copies of the 'System Administrators' >report, two to the >specified user and two to me. I'll have to take a look at this one. >If we set the specified user to: > >FromTo: >*@users-domain.xxx user@users-domain.xxx > >only one copy is generated (the specified users copy) but >infection@sent-to-me.xxx does not >get a copy. Which is correct. It adds together all the lists in all the matching rules, but only uses the "default" list if none of the rules matched. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Thu Jan 9 09:42:58 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:54 2006 Subject: clamav In-Reply-To: <95DD6F026D9C5C459E262B9C385C478E5981F6@h-file04.180096hote l.com> Message-ID: <5.2.0.9.2.20030109094223.01eedd20@imap.ecs.soton.ac.uk> Have you tried it with, perhaps, F-Prot or Sophos with a 30-day trial licence? At 00:53 09/01/2003, you wrote: > I am running it at hotels.com scanning about 40,000 mails per day (is > everyone's mail volume down since Christmas?). I haven't seen any > problems with it, but it definitely doesn't catch everything. Our > Exchange administrators run Anti-Gen on the Exchange servers which still > catch as many virii as I do with Clamav, after going through the > MailScanner server. I am simply using it to offload some of the work the > Exchange servers do... > > >-----Original Message----- >From: Matthew Bowman [mailto:mbowman@UDCOM.COM] >Sent: Wed 1/8/2003 3:35 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Cc: >Subject: clamav >Hi > >Is anyone using clamav with their MailScanner installation - if so, how >good is it? Is there any reason why I should not get it. > >I'm running:- > >Redhat 7.3 >sendmail 8.11.6-3 >MailScanner 4.10-1 >SpamAssassin 2.43 > >Matthew K Bowman >Systems Administrator; Hostmaster; Miva Administrator >Universal Digital Communications, Mansfield Ohio. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Thu Jan 9 09:41:46 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:54 2006 Subject: MailScanner Online Store In-Reply-To: <95DD6F026D9C5C459E262B9C385C478E5981F4@h-file04.180096hote l.com> Message-ID: <5.2.0.9.2.20030109094105.02857398@imap.ecs.soton.ac.uk> At 20:31 08/01/2003, you wrote: > One request... Could we get a golf shirt with the logo only on the front? Done. With or without the back logo, it's your choice :) >-----Original Message----- >From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] >Sent: Wed 1/8/2003 12:18 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Cc: >Subject: MailScanner Online Store >I have just opened up an online store selling all sorts of MailScanner >goodies. >I am not making any huge profits or anything, it's there if you want it... > >Check it out at http://www.mailscanner.info/store >-- >Julian Field >www.MailScanner.info >MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From francis at CROSSEN.ORG Thu Jan 9 10:30:47 2003 From: francis at CROSSEN.ORG (Francis Crossen) Date: Thu Jan 12 21:16:54 2006 Subject: How about an announcement list...? Message-ID: <3E1D4F57.25996.12BFD4@localhost> What about it? This list is a bit too high volume for me to catch important announcements. Francis. From mailscanner at ecs.soton.ac.uk Thu Jan 9 10:51:08 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:54 2006 Subject: How about an announcement list...? In-Reply-To: <3E1D4F57.25996.12BFD4@localhost> Message-ID: <5.2.0.9.2.20030109105015.0286a9a0@imap.ecs.soton.ac.uk> At 10:30 09/01/2003, you wrote: >What about it? > >This list is a bit too high volume for me to catch important announcements. That's why I suggest you subscribe to the project page on www.freshmeat.net. To quote from the MailScanner home page: >"If you only want to hear announcements of new versions, then I suggest >you subscribe to the project at >FreshMeat." -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030109/80112e7d/attachment.html From andersan at LTKALMAR.SE Thu Jan 9 12:45:30 2003 From: andersan at LTKALMAR.SE (Anders Andersson, IT) Date: Thu Jan 12 21:16:54 2006 Subject: SV: [OT] Laptop virus protection ? Message-ID: <7B475DC5E9502B4D91EA73C283AE48D70263ED9C@lkl22.ltkalmar.se> > -----Ursprungligt meddelande----- > Fr?n: Declan Grady [mailto:Declan.Grady@NUVOTEM.COM] > Skickat: den 8 januari 2003 17:59 > Till: MAILSCANNER@JISCMAIL.AC.UK > ?mne: [OT] Laptop virus protection ? > > > Hi, > Sorry for the Off Topic, but I cant think of a better place > to ask this... > > Being a happy mailscanner user, I was surprised to find the > W32.Opaserv.Worm > doing the rounds of the win98 lan machines until I tracked it > down to one of > the few laptops in use here. > > I can only assume this laptop was used to dial an isp, and > was infected while > online, then when it physically got 0connected to the lan, > it had bypassed all the security measures. > > If this is the case, which is my only explanation, what do > you folks use to > avoid this situation happening ? > > Is its as simple as individual anti-virus on each of the 5 > laptops, and > assume the user will keep it up to date ? Never trust a single protection... users are to clever or stupid and catch get viruses from all places ie webb, floppy, cd's. I think especially with laptops you should aim to have a good client based AV-prog as well. Norton, NAI or something you like and consider safe. /Anders > > Thanks, > Declan > From dlovelace at HOTELS.COM Thu Jan 9 14:34:58 2003 From: dlovelace at HOTELS.COM (Dale Lovelace) Date: Thu Jan 12 21:16:54 2006 Subject: clamav Message-ID: <95DD6F026D9C5C459E262B9C385C478E5981F7@h-file04.180096hotel.com> No, I'm not particularly worried about catching virus, the Exchange guys are not getting rid of Anti-Gen, since it keeps users inside the office from sending virus to each other as well... I installed Clamav at first just to have the virus log messages for mailscanner-mrtg :-) I think I will keep it around now that I have it though, unless it breaks something... Dale -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: Thu 1/9/2003 3:42 AM To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Re: clamav Have you tried it with, perhaps, F-Prot or Sophos with a 30-day trial licence? At 00:53 09/01/2003, you wrote: > I am running it at hotels.com scanning about 40,000 mails per day (is > everyone's mail volume down since Christmas?). I haven't seen any > problems with it, but it definitely doesn't catch everything. Our > Exchange administrators run Anti-Gen on the Exchange servers which still > catch as many virii as I do with Clamav, after going through the > MailScanner server. I am simply using it to offload some of the work the > Exchange servers do... > > >-----Original Message----- >From: Matthew Bowman [mailto:mbowman@UDCOM.COM] >Sent: Wed 1/8/2003 3:35 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Cc: >Subject: clamav >Hi > >Is anyone using clamav with their MailScanner installation - if so, how >good is it? Is there any reason why I should not get it. > >I'm running:- > >Redhat 7.3 >sendmail 8.11.6-3 >MailScanner 4.10-1 >SpamAssassin 2.43 > >Matthew K Bowman >Systems Administrator; Hostmaster; Miva Administrator >Universal Digital Communications, Mansfield Ohio. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Thu Jan 9 14:29:41 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:54 2006 Subject: mailscanner enhancement (patch) In-Reply-To: <3E1D77AD.2E3D19C5@hkust.se> Message-ID: <5.2.0.9.2.20030109142818.047412a0@imap.ecs.soton.ac.uk> At 13:22 09/01/2003, you wrote: >I've been searching *a lot* for a nice *nix mail scanning program >that does not require mailer brain surgery, or is sensitive >to heavy load, and MailScanner seems to fit the bill... Nice program! :-) >I'm currently running it on 2 production sites, and it probably >will be included in my standard toolbox if it behaves... :-) > >one tweak I made: > >I wanted to be able to adjust the queue scan frequency in order >to batch process slightly less often than every 5 sec per daemon, > >(mail arrive maybe every 5-10 seconds at peak time, so basically > every incoming mail spawned a new sendmail+anti-vir process, > generating unnecessary load. ) > >[that's about 2000 messages/day, for your stats] > >I also didn't want to decrease the sendmail queue (-q) frequency and >use "queue" mode since that would cause it to process the outgoing >mail queue too often. > > >So I added a QueueScanInterval variable to get what I wanted. Good idea. This will definitely help reduce overall load on quiet mail servers. >Include it into the program if you want. It will be in the next release. Many thanks for the contribution. The entry to go into the MailScanner.conf file is this: # How often (in seconds) should each process check the incoming mail # queue for new messages? If you have a quiet mail server, you might # want to increase this value so it causes less load on your server, at # the cost of slightly increasing the time taken for an average message # to be processed. Queue Scan Interval = 5 -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From sean at NISD.NET Thu Jan 9 14:40:06 2003 From: sean at NISD.NET (Sean Embry) Date: Thu Jan 12 21:16:54 2006 Subject: SV: [OT] Laptop virus protection ? Message-ID: We've found that we still get e-mail borne viruses. The cause? People using POP accounts at work from unprotected servers. Why doesn't the desktop AV stop it? Because the users turn them off. *SIGH* At least we aren't getting nearly so many now. Thanks Julian! >>> andersan@LTKALMAR.SE 01/09/03 06:45AM >>> > -----Ursprungligt meddelande----- > Fr?n: Declan Grady [mailto:Declan.Grady@NUVOTEM.COM] > Skickat: den 8 januari 2003 17:59 > Till: MAILSCANNER@JISCMAIL.AC.UK > ?mne: [OT] Laptop virus protection ? > > > Hi, > Sorry for the Off Topic, but I cant think of a better place > to ask this... > > Being a happy mailscanner user, I was surprised to find the > W32.Opaserv.Worm > doing the rounds of the win98 lan machines until I tracked it > down to one of > the few laptops in use here. > > I can only assume this laptop was used to dial an isp, and > was infected while > online, then when it physically got 0connected to the lan, > it had bypassed all the security measures. > > If this is the case, which is my only explanation, what do > you folks use to > avoid this situation happening ? > > Is its as simple as individual anti-virus on each of the 5 > laptops, and > assume the user will keep it up to date ? Never trust a single protection... users are to clever or stupid and catch get viruses from all places ie webb, floppy, cd's. I think especially with laptops you should aim to have a good client based AV-prog as well. Norton, NAI or something you like and consider safe. /Anders > > Thanks, > Declan > From Denis.Beauchemin at USHERBROOKE.CA Thu Jan 9 14:47:36 2003 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:16:54 2006 Subject: 4.11 related error? Message-ID: <1042123655.11190.20.camel@dbeauchemin.si.usherbrooke.ca> Hello, I installed MS 4.11 on one of my mail gateways and since then sendmail is quite verbose about unknown users: Jan 8 08:14:40 smtp2 sendmail[3642]: h08DEaU03241: SYSERR: putoutmsg (hermes-s.usherbrooke.ca.): error on output channel sending "550 5.1.1 ... User unknown": Bad file descriptor Jan 8 08:18:27 smtp2 sendmail[4102]: h08DIQU04090: SYSERR: putoutmsg (mx.videotron.ca.): error on output channel sending "550 5.1.1 ... User unknown": Bad file descriptor I get plenty of these errors on the console and in my logs. My other server running 4.10 isn't that verbose. Both are RH 7.3 systems with the same patch levels. Any ideas what is causing this? I tried to remove the -OPrivacyOptions=noetrn option in the startup file but it didn't stop the messages. Thanks again! Denis -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x2252 F: 819.821.8045 From lele at PROFIM.FLORIDA.IT Thu Jan 9 15:49:54 2003 From: lele at PROFIM.FLORIDA.IT (Emanuele Salvador) Date: Thu Jan 12 21:16:54 2006 Subject: Remember to separate fields... Message-ID: I'm currently on MS 4.11-1. After adding some lines to filenames.rules.conf (deny \.exe.$some text, I see on my maillog the messages: Possible syntax error on line <> of /etc/mailscanner/filename.rules.conf Remeber to separate fields with tab characters! That's exactly what I do! any help appreciated. Regards, Emanuele I think that man has the most highly developed intelligence. I think men get so intelligent that they're stupid. - Don Van Vliet - From mailscanner at BARENDSE.TO Thu Jan 9 16:08:06 2003 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:16:54 2006 Subject: Orphaned, undelivered files in mqueue.in Message-ID: Ever since I upgraded to MailScanner 4.11-1 yesterday I have several orphaned files that are piling up in mqueue.in The only files sitting there are the df files, without any other files. Also these messages have never been delivered to the intended recipient. Any ideas?? Can I still get these df files delivered or extract them to make them readable? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailscanner at ecs.soton.ac.uk Thu Jan 9 16:20:16 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:54 2006 Subject: Remember to separate fields... In-Reply-To: Message-ID: <5.2.0.9.2.20030109161926.02b91fd8@imap.ecs.soton.ac.uk> At 15:49 09/01/2003, you wrote: >I'm currently on MS 4.11-1. After adding some lines to >filenames.rules.conf (deny \.exe.$some >text, I see on my maillog the messages: > >Possible syntax error on line <> of >/etc/mailscanner/filename.rules.conf >Remeber to separate fields with tab characters! You have missed off the last field, which is the message that the users get. You can't just leave that blank, it has to exist. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Thu Jan 9 16:21:33 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:54 2006 Subject: Orphaned, undelivered files in mqueue.in In-Reply-To: Message-ID: <5.2.0.9.2.20030109162030.02a82cd0@imap.ecs.soton.ac.uk> At 16:08 09/01/2003, you wrote: >Ever since I upgraded to MailScanner 4.11-1 yesterday I have several >orphaned files that are piling up in mqueue.in > >The only files sitting there are the df files, without any other files. >Also these messages have never been delivered to the intended recipient. > >Any ideas?? > >Can I still get these df files delivered or extract them to make them >readable? Check both your /var/spool/mqueue and your maillog to see if the message ids have already been delivered (or at least placed in the outgoing queue). I thought I had fixed this in 4.11, but obviously not well enough. Do the times on the files correspond to times when you have done a MailScanner "reload" or "restart"? -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From Denis.Beauchemin at USHERBROOKE.CA Thu Jan 9 16:31:19 2003 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:16:54 2006 Subject: MailScanner-MRTG problem In-Reply-To: <1041946016.15742.5747.camel@dbeauchemin.si.usherbrooke.ca> References: <1041946016.15742.5747.camel@dbeauchemin.si.usherbrooke.ca> Message-ID: <1042129879.11187.33.camel@dbeauchemin.si.usherbrooke.ca> I found my problem: mailscanner-mrtg was returning a number greater than what would fit in a 32bit counter and MRTG uses 32bit counters (except for some quite recent releases). To correct it I changed from bytes to MBytes: /etc/mrtg/mailscanner-mrtg.cfg: Target[mailbytes]: `/usr/sbin/mailscanner-mrtg mailbytes` Title[mailbytes]: Bytes of Mail Processed Background[mailbytes]: #ffffff PageTop[mailbytes]:

MBytes of Mail Processed

WithPeak[mailbytes]: wmy Directory[mailbytes]: mailbytes MaxBytes[mailbytes]: 4096 AbsMax[mailbytes]: 8192 YLegend[mailbytes]: MBytes ShortLegend[mailbytes]:  Mbytes     Legend1[mailbytes]: Average MBytes Legend2[mailbytes]: Legend3[mailbytes]: Maximum MBytes Legend4[mailbytes]: LegendI[mailbytes]: : LegendO[mailbytes]: I also modified /usr/sbin/mailscanner-mrtg at the end of the MailBytes function: close LOG; # Mod to convert in MB $Total /= 1024 * 1024; if ($debug) { Debug("Total", $Total); Debug("Leaving sub Mail"); } } and deleted all my data in the mailbytes directory where MRTG puts its logs and graphs. Denis Le mar 07/01/2003 ? 08:26, Denis Beauchemin a ?crit : > Hello, > > One of my graphs maxes out and I can't seem to do what is right to > correct it: > > The text below the graph is: > Max : 2146.1 M bytes Average : 801.5 M bytes Current : 112.7 M > bytes > > The definition for it is: > # grep mailbytes /etc/mrtg/mailscanner-mrtg.cfg > Target[mailbytes]: `/usr/sbin/mailscanner-mrtg mailbytes` > Title[mailbytes]: Bytes of Mail Processed > Background[mailbytes]: #ffffff > PageTop[mailbytes]:

Bytes of Mail Processed

> WithPeak[mailbytes]: wmy > Directory[mailbytes]: mailbytes > MaxBytes[mailbytes]: 5000000000000 > AbsMax[mailbytes]: 100000000000000 > YLegend[mailbytes]: Bytes > ShortLegend[mailbytes]:  bytes     > Legend1[mailbytes]: Average Bytes > Legend2[mailbytes]: > Legend3[mailbytes]: Maximum Bytes > Legend4[mailbytes]: > LegendI[mailbytes]: : > LegendO[mailbytes]: > > I'm using mailscanner-mrtg-0.04-2.noarch.rpm. > > Any ideas? > > THanks! > > Denis -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x2252 F: 819.821.8045 From j.cormie at ABERTAY.AC.UK Thu Jan 9 16:55:40 2003 From: j.cormie at ABERTAY.AC.UK (Jason Cormie) Date: Thu Jan 12 21:16:54 2006 Subject: Spamassasin timing Out Message-ID: Debian 3 Mailscanner 3.26 Exim 3.35 Spamassassin 2.43 Yes, I know this has been covered, but this afternoon my incoming queue started growing without transfering anything to outgoing... My RBLs are done by exim, so It can't be anything to do with that 'spamassasin timeout' is set to 60 'skip_rbl_checks' is set to 1 If I set 'Use Spamassassin' to no and restart mailscanner my mail gets processed... Any ideas? Jason the Troubled From mailscanner at BARENDSE.TO Thu Jan 9 17:17:30 2003 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:16:54 2006 Subject: Orphaned, undelivered files in mqueue.in In-Reply-To: <5.2.0.9.2.20030109162030.02a82cd0@imap.ecs.soton.ac.uk> Message-ID: This was the first thing I have checked. I took different parts of the numbers of these df files and grepped the maillog for it. Strangely enough I cannot find them. Also when browsing through the maillog and looking around the same date/time as these orphaned files in some cases there isn't any message whatsoever of mail being delivered / received. I have about 10 orphaned files in the mqueue.in, none in the outdir and they are all from yesterday and this morning. I know for sure that I didn't restart MailScanner last night or this morning. It's hardly possible that MailScanner would restart itself at exactly the same time as these 10 e-mails in 1,5 day? (This is a very low volume home server). On Thu, 9 Jan 2003, Julian Field wrote: > At 16:08 09/01/2003, you wrote: > >Ever since I upgraded to MailScanner 4.11-1 yesterday I have several > >orphaned files that are piling up in mqueue.in > > > >The only files sitting there are the df files, without any other files. > >Also these messages have never been delivered to the intended recipient. > > > >Any ideas?? > > > >Can I still get these df files delivered or extract them to make them > >readable? > > Check both your /var/spool/mqueue and your maillog to see if the message > ids have already been delivered (or at least placed in the outgoing queue). > > I thought I had fixed this in 4.11, but obviously not well enough. > > Do the times on the files correspond to times when you have done a > MailScanner "reload" or "restart"? > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Kevin.Spicer at BMRB.CO.UK Thu Jan 9 17:17:00 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:16:54 2006 Subject: Spamassasin timing Out Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0A32C1A@pascal.priv.bmrb.co.uk> I had almost what seems like the same problem over the Xmas holidays. I turned off spamassassin's auto-whitelist functionality and it cleared the problem. I really don't know whether that was source of the problem or not - but you might like to try it! > -----Original Message----- > From: Jason Cormie [mailto:j.cormie@ABERTAY.AC.UK] > Sent: 09 January 2003 16:56 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] Spamassasin timing Out > > > Debian 3 > Mailscanner 3.26 > Exim 3.35 > Spamassassin 2.43 > > > Yes, I know this has been covered, but this afternoon my > incoming queue > started growing without transfering anything to outgoing... > > My RBLs are done by exim, so It can't be anything to do with that > 'spamassasin timeout' is set to 60 > 'skip_rbl_checks' is set to 1 > > If I set 'Use Spamassassin' to no and restart mailscanner my mail gets > processed... > > Any ideas? > > Jason the Troubled > From j.cormie at ABERTAY.AC.UK Thu Jan 9 17:24:15 2003 From: j.cormie at ABERTAY.AC.UK (Jason Cormie) Date: Thu Jan 12 21:16:54 2006 Subject: Spamassasin timing Out Message-ID: Sorry, auto whitelist is off already, I do have razor 1.20 installed as well, don't know if that could be causing a problem -----Original Message----- From: Spicer, Kevin [mailto:Kevin.Spicer@BMRB.CO.UK] Sent: 09, January, 2003 17:17 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Spamassasin timing Out I had almost what seems like the same problem over the Xmas holidays. I turned off spamassassin's auto-whitelist functionality and it cleared the problem. I really don't know whether that was source of the problem or not - but you might like to try it! > -----Original Message----- > From: Jason Cormie [mailto:j.cormie@ABERTAY.AC.UK] > Sent: 09 January 2003 16:56 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] Spamassasin timing Out > > > Debian 3 > Mailscanner 3.26 > Exim 3.35 > Spamassassin 2.43 > > > Yes, I know this has been covered, but this afternoon my > incoming queue > started growing without transfering anything to outgoing... > > My RBLs are done by exim, so It can't be anything to do with that > 'spamassasin timeout' is set to 60 > 'skip_rbl_checks' is set to 1 > > If I set 'Use Spamassassin' to no and restart mailscanner my mail gets > processed... > > Any ideas? > > Jason the Troubled > From andrewh at CQG.COM Thu Jan 9 17:29:07 2003 From: andrewh at CQG.COM (Andrew M. Hoying) Date: Thu Jan 12 21:16:54 2006 Subject: OT: Dynamically updating /etc/mail/access Message-ID: <8A6DFB0865502242A29E25BDAEFBB9451ABE9C@d2sexchtest.cqg.com> I'm including the spamassassin list in this because I think it is relevant there as well. Has anyone thought about starting some kind of distributed (like razor and dcc) or community (like spamassassin) based effort to build a near real time access list like this? Obviously this list doesn't catch everything. If there was a way to submit new items for the list to be reviewed and added by a large group of users, or automatically tested and added in some cases, I think it could be even more effective. Not that I'm unhappy with 70-80% of spam getting blocked by the current access list at my site, but more is always better. -- > http://basic.wirehub.nl/spamlist-usage.html > The spamlist (http://basic.wirehub.nl/spamlist-extended.txt, 3,5 MB) is > updated every hour. If you like, you can just use the domain names by > grepping "JUNK$" from http://basic.wirehub.nl/spamlist.txt. > -- > - Ben C. O. Grimm ----------------- Ben.Grimm@wirehub.net - > - Wirehub! Internet Engineering - http://www.wirehub.net/ - > - Private Ponderings ----------- http://www.bengrimm.net/ - > - Wirehub! Internet ----------- part of easynet Group plc - From mailscanner at ecs.soton.ac.uk Thu Jan 9 17:31:01 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:54 2006 Subject: Orphaned, undelivered files in mqueue.in In-Reply-To: References: <5.2.0.9.2.20030109162030.02a82cd0@imap.ecs.soton.ac.uk> Message-ID: <5.2.0.9.2.20030109172953.02a9c0d0@imap.ecs.soton.ac.uk> It is possible that you merely got them for non-MailScanner related problems, such as an SMTP client getting cut off half way through sending a message. Sorry if that sounds like I'm passing the buck... At 17:17 09/01/2003, you wrote: >This was the first thing I have checked. I took different parts of the >numbers of these df files and grepped the maillog for it. Strangely enough >I cannot find them. Also when browsing through the maillog and looking >around the same date/time as these orphaned files in some cases there >isn't any message whatsoever of mail being delivered / received. > >I have about 10 orphaned files in the mqueue.in, none in the outdir and >they are all from yesterday and this morning. I know for sure that I >didn't restart MailScanner last night or this morning. It's hardly >possible that MailScanner would restart itself at exactly the same time as >these 10 e-mails in 1,5 day? (This is a very low volume home server). > >On Thu, 9 Jan 2003, Julian Field wrote: > > > At 16:08 09/01/2003, you wrote: > > >Ever since I upgraded to MailScanner 4.11-1 yesterday I have several > > >orphaned files that are piling up in mqueue.in > > > > > >The only files sitting there are the df files, without any other files. > > >Also these messages have never been delivered to the intended recipient. > > > > > >Any ideas?? > > > > > >Can I still get these df files delivered or extract them to make them > > >readable? > > > > Check both your /var/spool/mqueue and your maillog to see if the message > > ids have already been delivered (or at least placed in the outgoing queue). > > > > I thought I had fixed this in 4.11, but obviously not well enough. > > > > Do the times on the files correspond to times when you have done a > > MailScanner "reload" or "restart"? > > -- > > Julian Field > > www.MailScanner.info > > MailScanner thanks transtec Computers for their support > > > > > > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Thu Jan 9 17:31:38 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:54 2006 Subject: Spamassasin timing Out In-Reply-To: Message-ID: <5.2.0.9.2.20030109173119.02e2a590@imap.ecs.soton.ac.uk> At 16:55 09/01/2003, you wrote: >Debian 3 >Mailscanner 3.26 >Exim 3.35 >Spamassassin 2.43 > > >Yes, I know this has been covered, but this afternoon my incoming queue >started growing without transfering anything to outgoing... > >My RBLs are done by exim, so It can't be anything to do with that >'spamassasin timeout' is set to 60 >'skip_rbl_checks' is set to 1 > >If I set 'Use Spamassassin' to no and restart mailscanner my mail gets >processed... What does your maillog say about it? -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From j.cormie at ABERTAY.AC.UK Thu Jan 9 18:08:57 2003 From: j.cormie at ABERTAY.AC.UK (Jason Cormie) Date: Thu Jan 12 21:16:54 2006 Subject: Spamassasin timing Out Message-ID: > What does your maillog say about it? When I restart mailscanner it comes up, sits at scanning first 100 messages then spamassassin times out mailscanner continues to run and eat processor and memory below is a segment of todays logs at 15:38 I started mailscanner up with spamassassin enabled at 16:35 I stopped it, waited a bit, started it without spamassassin Jan 9 15:38:21 uadspa01 mailscanner[13733]: MailScanner E-Mail Virus Scanner version 3.26-1 starting. Jan 9 15:38:21 uadspa01 mailscanner[13733]: Configuring mailscanner for Exim mailer... Jan 9 15:38:21 uadspa01 mailscanner[13733]: Using locktype = posix Jan 9 15:38:21 uadspa01 mailscanner[13733]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Jan 9 15:38:21 uadspa01 mailscanner[13734]: ECS MailScanner setting GID to mail (8) Jan 9 15:38:21 uadspa01 mailscanner[13734]: ECS MailScanner setting UID to mail (8) Jan 9 15:38:31 uadspa01 mailscanner[13734]: Startup: found 3 messages waiting Jan 9 15:38:31 uadspa01 mailscanner[13734]: Scanning 3 messages, 15079 bytes Jan 9 15:39:12 uadspa01 mailscanner[13734]: Scanned 3 messages, 15079 bytes in 0 seconds Jan 9 15:39:12 uadspa01 mailscanner[13734]: Scanning 8 messages, 88547 bytes Jan 9 15:41:45 uadspa01 mailscanner[13734]: Scanned 8 messages, 88547 bytes in 0 seconds Jan 9 15:41:45 uadspa01 mailscanner[13734]: Scanning 28 messages, 395670 bytes Jan 9 15:48:54 uadspa01 mailscanner[13734]: Scanned 28 messages, 395670 bytes in 1 seconds Jan 9 15:48:55 uadspa01 mailscanner[13734]: Scanning 86 messages, 813639 bytes Jan 9 15:51:19 uadspa01 mailscanner[13734]: SpamAssassin timed out and was killed, consecutive failure 1 of 10 Jan 9 16:10:11 uadspa01 mailscanner[13734]: Scanned 86 messages, 813639 bytes in 5 seconds Jan 9 16:10:15 uadspa01 mailscanner[13734]: Scanning 100 messages, 830555 bytes Jan 9 16:13:55 uadspa01 mailscanner[13734]: SpamAssassin timed out and was killed, consecutive failure 1 of 10 Jan 9 16:30:00 uadspa01 mailscanner[13734]: Scanned 100 messages, 830555 bytes in 7 seconds Jan 9 16:30:07 uadspa01 mailscanner[13734]: Scanning 100 messages, 1024265 bytes Jan 9 16:35:00 uadspa01 mailscanner[18520]: MailScanner E-Mail Virus Scanner version 3.26-1 starting. Jan 9 16:35:00 uadspa01 mailscanner[18520]: Configuring mailscanner for Exim mailer... Jan 9 16:35:00 uadspa01 mailscanner[18520]: Using locktype = posix Jan 9 16:35:00 uadspa01 mailscanner[18520]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Jan 9 16:35:00 uadspa01 mailscanner[18521]: ECS MailScanner setting GID to mail (8) Jan 9 16:35:00 uadspa01 mailscanner[18521]: ECS MailScanner setting UID to mail (8) Jan 9 16:35:00 uadspa01 mailscanner[18521]: Startup: found 516 messages waiting Jan 9 16:35:00 uadspa01 mailscanner[18521]: Scanning 100 messages, 1024265 bytes Jan 9 16:35:07 uadspa01 mailscanner[18521]: Scanned 100 messages, 1024265 bytes in 7 seconds Jan 9 16:35:14 uadspa01 mailscanner[18521]: Scanning 100 messages, 1611938 bytes Jan 9 16:35:21 uadspa01 mailscanner[18521]: Scanned 100 messages, 1611938 bytes in 7 seconds Jan 9 16:35:25 uadspa01 mailscanner[18521]: Scanning 100 messages, 689528 bytes Jan 9 16:35:36 uadspa01 mailscanner[18521]: Detected Microsoft-specific exploits in 18WfHz-0004Et-00 Jan 9 16:35:37 uadspa01 mailscanner[18521]: Found 1 viruses in messages 18WfHz-0004Et-00 Jan 9 16:35:37 uadspa01 mailscanner[18521]: Scanned 100 messages, 689528 bytes in 11 seconds Jan 9 16:35:37 uadspa01 mailscanner[18521]: Saved entire message to /var/spool/mailscanner/quarantine/20030109/18WfHz-0004Et-00 Jan 9 16:35:38 uadspa01 mailscanner[18521]: Notified uadspa01@abertay.ac.uk about 1 infections Jan 9 16:35:42 uadspa01 mailscanner[18521]: Scanning 100 messages, 1291793 bytes Jan 9 16:35:53 uadspa01 mailscanner[18521]: Scanned 100 messages, 1291793 bytes in 11 seconds Jan 9 16:35:57 uadspa01 mailscanner[18521]: Scanning 100 messages, 3287604 bytes Jan 9 16:36:05 uadspa01 mailscanner[18521]: Scanned 100 messages, 3287604 bytes in 8 seconds Jan 9 16:36:07 uadspa01 mailscanner[18521]: Scanning 33 messages, 772701 bytes Jan 9 16:36:08 uadspa01 mailscanner[18521]: Scanned 33 messages, 772701 bytes in 1 seconds Jan 9 16:36:19 uadspa01 mailscanner[18521]: Scanning 1 messages, 5277 bytes Jan 9 16:36:21 uadspa01 mailscanner[18521]: Scanned 1 messages, 5277 bytes in 2 seconds Jan 9 16:36:27 uadspa01 mailscanner[18521]: Scanning 1 messages, 4327 bytes Jan 9 16:36:27 uadspa01 mailscanner[18521]: Scanned 1 messages, 4327 bytes in 0 seconds Jan 9 16:36:32 uadspa01 mailscanner[18521]: Scanning 1 messages, 11562 bytes Jan 9 16:36:32 uadspa01 mailscanner[18521]: Scanned 1 messages, 11562 bytes in 0 seconds Jan 9 16:36:53 uadspa01 mailscanner[18521]: Scanning 1 messages, 2713 bytes Jan 9 16:36:55 uadspa01 mailscanner[18521]: Scanned 1 messages, 2713 bytes in 2 seconds Jan 9 16:37:10 uadspa01 mailscanner[18521]: Scanning 1 messages, 9386 bytes Jan 9 16:37:10 uadspa01 mailscanner[18521]: Scanned 1 messages, 9386 bytes in 0 seconds Jan 9 16:37:15 uadspa01 mailscanner[18521]: Scanning 1 messages, 3332 bytes Jan 9 16:37:15 uadspa01 mailscanner[18521]: Scanned 1 messages, 3332 bytes in 0 seconds Jan 9 16:37:20 uadspa01 mailscanner[18521]: Scanning 2 messages, 6956 bytes Jan 9 16:37:20 uadspa01 mailscanner[18521]: Scanned 2 messages, 6956 bytes in 0 seconds Jan 9 16:37:25 uadspa01 mailscanner[18521]: Scanning 4 messages, 16826 bytes Jan 9 16:37:26 uadspa01 mailscanner[18521]: Scanned 4 messages, 16826 bytes in 1 seconds Jan 9 16:37:31 uadspa01 mailscanner[18521]: Scanning 2 messages, 8660 bytes Jan 9 16:37:31 uadspa01 mailscanner[18521]: Scanned 2 messages, 8660 bytes in 0 seconds Jan 9 16:37:36 uadspa01 mailscanner[18521]: Scanning 4 messages, 35121 bytes Jan 9 16:37:36 uadspa01 mailscanner[18521]: Scanned 4 messages, 35121 bytes in 0 seconds Jan 9 16:37:42 uadspa01 mailscanner[18521]: Scanning 3 messages, 14442 bytes Jan 9 16:37:42 uadspa01 mailscanner[18521]: Scanned 3 messages, 14442 bytes in 0 seconds Jan 9 16:37:47 uadspa01 mailscanner[18521]: Scanning 5 messages, 22115 bytes Jan 9 16:37:47 uadspa01 mailscanner[18521]: Scanned 5 messages, 22115 bytes in 0 seconds Jan 9 16:37:52 uadspa01 mailscanner[18521]: Scanning 1 messages, 3397 bytes Jan 9 16:37:52 uadspa01 mailscanner[18521]: Scanned 1 messages, 3397 bytes in 0 seconds Jan 9 16:37:57 uadspa01 mailscanner[18521]: Scanning 2 messages, 23587 bytes Jan 9 16:37:58 uadspa01 mailscanner[18521]: Scanned 2 messages, 23587 bytes in 1 seconds Jan 9 16:37:58 uadspa01 mailscanner[18521]: Scanning 1 messages, 2942 bytes Jan 9 16:37:58 uadspa01 mailscanner[18521]: Scanned 1 messages, 2942 bytes in 0 seconds Jan 9 16:38:03 uadspa01 mailscanner[18521]: Scanning 2 messages, 6947 bytes Jan 9 16:38:03 uadspa01 mailscanner[18521]: Scanned 2 messages, 6947 bytes in 0 seconds Jan 9 16:38:08 uadspa01 mailscanner[18521]: Scanning 3 messages, 12991 bytes Jan 9 16:38:09 uadspa01 mailscanner[18521]: Scanned 3 messages, 12991 bytes in 1 seconds Jan 9 16:38:14 uadspa01 mailscanner[18521]: Scanning 3 messages, 13782 bytes Jan 9 16:38:14 uadspa01 mailscanner[18521]: Scanned 3 messages, 13782 bytes in 0 seconds Jan 9 16:38:19 uadspa01 mailscanner[18521]: Scanning 3 messages, 15573 bytes Jan 9 16:38:20 uadspa01 mailscanner[18521]: Scanned 3 messages, 15573 bytes in 1 seconds Jan 9 16:38:25 uadspa01 mailscanner[18521]: Scanning 6 messages, 69217 bytes Jan 9 16:38:25 uadspa01 mailscanner[18521]: Scanned 6 messages, 69217 bytes in 0 seconds Jan 9 16:38:35 uadspa01 mailscanner[18521]: Scanning 5 messages, 20344 bytes Jan 9 16:38:35 uadspa01 mailscanner[18521]: Scanned 5 messages, 20344 bytes in 0 seconds Jan 9 16:38:35 uadspa01 mailscanner[18521]: Scanning 1 messages, 2157 bytes Jan 9 16:38:36 uadspa01 mailscanner[18521]: Scanned 1 messages, 2157 bytes in 0 seconds Jan 9 16:38:41 uadspa01 mailscanner[18521]: Scanning 1 messages, 2157 bytes Jan 9 16:38:41 uadspa01 mailscanner[18521]: Scanned 1 messages, 2157 bytes in 0 seconds Jan 9 16:38:46 uadspa01 mailscanner[18521]: Scanning 4 messages, 17190 bytes Jan 9 16:38:46 uadspa01 mailscanner[18521]: Scanned 4 messages, 17190 bytes in 0 seconds Jan 9 16:38:46 uadspa01 mailscanner[18521]: Scanning 1 messages, 4451 bytes From andrewh at CQG.COM Thu Jan 9 18:13:44 2003 From: andrewh at CQG.COM (Andrew M. Hoying) Date: Thu Jan 12 21:16:54 2006 Subject: [SAtalk] RE: OT: Dynamically updating /etc/mail/access Message-ID: <8A6DFB0865502242A29E25BDAEFBB9451ABE9D@d2sexchtest.cqg.com> They don't get individual email addresses like this list does. And you can't tailor them for your environment. They are too bold, often, or not bold enough, in their blocking. Andrew > -----Original Message----- > From: Steve Thomas [mailto:sthomas@apexvoice.com] > Sent: Thursday, January 09, 2003 11:02 AM > To: Andrew M. Hoying; MailScanner mailing list > Cc: SpamAssassin Users' list > Subject: RE: [SAtalk] RE: OT: Dynamically updating /etc/mail/access > > > Isn't that the point of DNS RBLs? > > | -----Original Message----- > | From: spamassassin-talk-admin@lists.sourceforge.net > | [mailto:spamassassin-talk-admin@lists.sourceforge.net]On Behalf Of > | Andrew M. Hoying > | Sent: Thursday, January 09, 2003 9:29 AM > | To: MailScanner mailing list > | Cc: SpamAssassin Users' list > | Subject: [SAtalk] RE: OT: Dynamically updating /etc/mail/access > | > | > | I'm including the spamassassin list in this because I think it is > | relevant there as well. Has anyone thought about starting > some kind of > | distributed (like razor and dcc) or community (like > spamassassin) based > | effort to build a near real time access list like this? > Obviously this > | list doesn't catch everything. If there was a way to submit > new items > | for the list to be reviewed and added by a large group of users, or > | automatically tested and added in some cases, I think it > could be even > | more effective. Not that I'm unhappy with 70-80% of spam > getting blocked > | by the current access list at my site, but more is always better. > > From Kevin.Spicer at BMRB.CO.UK Thu Jan 9 18:36:05 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:16:55 2006 Subject: Spamassasin timing Out Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0A4ACFC@pascal.priv.bmrb.co.uk> Thats not like the logs I was getting, so I imagine this is a different problem (mine was a sequence like the following... MailScanner starts, detects 1400 messages, says 'scanning 100 messages', 'Found 16 spam messages'- and just did this every 2 minutes!). It looks like your mailscanner is scanning messages(?) Have you checked the headers of the stuck messages to see if mailscanner has altered them? > -----Original Message----- > From: Jason Cormie [mailto:j.cormie@ABERTAY.AC.UK] > Sent: 09 January 2003 18:09 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Spamassasin timing Out > > > > What does your maillog say about it? > > When I restart mailscanner it comes up, sits at scanning > first 100 messages > then spamassassin times out > > mailscanner continues to run and eat processor and memory > > below is a segment of todays logs > at 15:38 I started mailscanner up with spamassassin enabled > at 16:35 I stopped it, waited a bit, started it without spamassassin > > Jan 9 15:38:21 uadspa01 mailscanner[13733]: MailScanner E-Mail Virus > Scanner version 3.26-1 starting. > Jan 9 15:38:21 uadspa01 mailscanner[13733]: Configuring > mailscanner for > Exim mailer... > Jan 9 15:38:21 uadspa01 mailscanner[13733]: Using locktype = posix > Jan 9 15:38:21 uadspa01 mailscanner[13733]: Creating > hardcoded struct_flock > subroutine for linux (Linux-type) > Jan 9 15:38:21 uadspa01 mailscanner[13734]: ECS MailScanner > setting GID to > mail (8) > Jan 9 15:38:21 uadspa01 mailscanner[13734]: ECS MailScanner > setting UID to > mail (8) > Jan 9 15:38:31 uadspa01 mailscanner[13734]: Startup: found 3 messages > waiting > Jan 9 15:38:31 uadspa01 mailscanner[13734]: Scanning 3 > messages, 15079 > bytes > Jan 9 15:39:12 uadspa01 mailscanner[13734]: Scanned 3 > messages, 15079 bytes > in 0 seconds > Jan 9 15:39:12 uadspa01 mailscanner[13734]: Scanning 8 > messages, 88547 > bytes > Jan 9 15:41:45 uadspa01 mailscanner[13734]: Scanned 8 > messages, 88547 bytes > in 0 seconds > Jan 9 15:41:45 uadspa01 mailscanner[13734]: Scanning 28 > messages, 395670 > bytes > Jan 9 15:48:54 uadspa01 mailscanner[13734]: Scanned 28 > messages, 395670 > bytes in 1 seconds > Jan 9 15:48:55 uadspa01 mailscanner[13734]: Scanning 86 > messages, 813639 > bytes > Jan 9 15:51:19 uadspa01 mailscanner[13734]: SpamAssassin > timed out and was > killed, consecutive failure 1 of 10 > Jan 9 16:10:11 uadspa01 mailscanner[13734]: Scanned 86 > messages, 813639 > bytes in 5 seconds > Jan 9 16:10:15 uadspa01 mailscanner[13734]: Scanning 100 > messages, 830555 > bytes > Jan 9 16:13:55 uadspa01 mailscanner[13734]: SpamAssassin > timed out and was > killed, consecutive failure 1 of 10 > Jan 9 16:30:00 uadspa01 mailscanner[13734]: Scanned 100 > messages, 830555 > bytes in 7 seconds > Jan 9 16:30:07 uadspa01 mailscanner[13734]: Scanning 100 > messages, 1024265 > bytes > Jan 9 16:35:00 uadspa01 mailscanner[18520]: MailScanner E-Mail Virus > Scanner version 3.26-1 starting. > Jan 9 16:35:00 uadspa01 mailscanner[18520]: Configuring > mailscanner for > Exim mailer... > Jan 9 16:35:00 uadspa01 mailscanner[18520]: Using locktype = posix > Jan 9 16:35:00 uadspa01 mailscanner[18520]: Creating > hardcoded struct_flock > subroutine for linux (Linux-type) > Jan 9 16:35:00 uadspa01 mailscanner[18521]: ECS MailScanner > setting GID to > mail (8) > Jan 9 16:35:00 uadspa01 mailscanner[18521]: ECS MailScanner > setting UID to > mail (8) > Jan 9 16:35:00 uadspa01 mailscanner[18521]: Startup: found > 516 messages > waiting > Jan 9 16:35:00 uadspa01 mailscanner[18521]: Scanning 100 > messages, 1024265 > bytes > Jan 9 16:35:07 uadspa01 mailscanner[18521]: Scanned 100 > messages, 1024265 > bytes in 7 seconds > Jan 9 16:35:14 uadspa01 mailscanner[18521]: Scanning 100 > messages, 1611938 > bytes > Jan 9 16:35:21 uadspa01 mailscanner[18521]: Scanned 100 > messages, 1611938 > bytes in 7 seconds > Jan 9 16:35:25 uadspa01 mailscanner[18521]: Scanning 100 > messages, 689528 > bytes > Jan 9 16:35:36 uadspa01 mailscanner[18521]: Detected > Microsoft-specific > exploits in 18WfHz-0004Et-00 > Jan 9 16:35:37 uadspa01 mailscanner[18521]: Found 1 viruses > in messages > 18WfHz-0004Et-00 > Jan 9 16:35:37 uadspa01 mailscanner[18521]: Scanned 100 > messages, 689528 > bytes in 11 seconds > Jan 9 16:35:37 uadspa01 mailscanner[18521]: Saved entire message to > /var/spool/mailscanner/quarantine/20030109/18WfHz-0004Et-00 > Jan 9 16:35:38 uadspa01 mailscanner[18521]: Notified > uadspa01@abertay.ac.uk > about 1 infections > Jan 9 16:35:42 uadspa01 mailscanner[18521]: Scanning 100 > messages, 1291793 > bytes > Jan 9 16:35:53 uadspa01 mailscanner[18521]: Scanned 100 > messages, 1291793 > bytes in 11 seconds > Jan 9 16:35:57 uadspa01 mailscanner[18521]: Scanning 100 > messages, 3287604 > bytes > Jan 9 16:36:05 uadspa01 mailscanner[18521]: Scanned 100 > messages, 3287604 > bytes in 8 seconds > Jan 9 16:36:07 uadspa01 mailscanner[18521]: Scanning 33 > messages, 772701 > bytes > Jan 9 16:36:08 uadspa01 mailscanner[18521]: Scanned 33 > messages, 772701 > bytes in 1 seconds > Jan 9 16:36:19 uadspa01 mailscanner[18521]: Scanning 1 > messages, 5277 bytes > > Jan 9 16:36:21 uadspa01 mailscanner[18521]: Scanned 1 > messages, 5277 bytes > in 2 seconds > Jan 9 16:36:27 uadspa01 mailscanner[18521]: Scanning 1 > messages, 4327 bytes > > Jan 9 16:36:27 uadspa01 mailscanner[18521]: Scanned 1 > messages, 4327 bytes > in 0 seconds > Jan 9 16:36:32 uadspa01 mailscanner[18521]: Scanning 1 > messages, 11562 > bytes > Jan 9 16:36:32 uadspa01 mailscanner[18521]: Scanned 1 > messages, 11562 bytes > in 0 seconds > Jan 9 16:36:53 uadspa01 mailscanner[18521]: Scanning 1 > messages, 2713 bytes > > Jan 9 16:36:55 uadspa01 mailscanner[18521]: Scanned 1 > messages, 2713 bytes > in 2 seconds > Jan 9 16:37:10 uadspa01 mailscanner[18521]: Scanning 1 > messages, 9386 bytes > > Jan 9 16:37:10 uadspa01 mailscanner[18521]: Scanned 1 > messages, 9386 bytes > in 0 seconds > Jan 9 16:37:15 uadspa01 mailscanner[18521]: Scanning 1 > messages, 3332 bytes > > Jan 9 16:37:15 uadspa01 mailscanner[18521]: Scanned 1 > messages, 3332 bytes > in 0 seconds > Jan 9 16:37:20 uadspa01 mailscanner[18521]: Scanning 2 > messages, 6956 bytes > > Jan 9 16:37:20 uadspa01 mailscanner[18521]: Scanned 2 > messages, 6956 bytes > in 0 seconds > Jan 9 16:37:25 uadspa01 mailscanner[18521]: Scanning 4 > messages, 16826 > bytes > Jan 9 16:37:26 uadspa01 mailscanner[18521]: Scanned 4 > messages, 16826 bytes > in 1 seconds > Jan 9 16:37:31 uadspa01 mailscanner[18521]: Scanning 2 > messages, 8660 bytes > > Jan 9 16:37:31 uadspa01 mailscanner[18521]: Scanned 2 > messages, 8660 bytes > in 0 seconds > Jan 9 16:37:36 uadspa01 mailscanner[18521]: Scanning 4 > messages, 35121 > bytes > Jan 9 16:37:36 uadspa01 mailscanner[18521]: Scanned 4 > messages, 35121 bytes > in 0 seconds > Jan 9 16:37:42 uadspa01 mailscanner[18521]: Scanning 3 > messages, 14442 > bytes > Jan 9 16:37:42 uadspa01 mailscanner[18521]: Scanned 3 > messages, 14442 bytes > in 0 seconds > Jan 9 16:37:47 uadspa01 mailscanner[18521]: Scanning 5 > messages, 22115 > bytes > Jan 9 16:37:47 uadspa01 mailscanner[18521]: Scanned 5 > messages, 22115 bytes > in 0 seconds > Jan 9 16:37:52 uadspa01 mailscanner[18521]: Scanning 1 > messages, 3397 bytes > > Jan 9 16:37:52 uadspa01 mailscanner[18521]: Scanned 1 > messages, 3397 bytes > in 0 seconds > Jan 9 16:37:57 uadspa01 mailscanner[18521]: Scanning 2 > messages, 23587 > bytes > Jan 9 16:37:58 uadspa01 mailscanner[18521]: Scanned 2 > messages, 23587 bytes > in 1 seconds > Jan 9 16:37:58 uadspa01 mailscanner[18521]: Scanning 1 > messages, 2942 bytes > > Jan 9 16:37:58 uadspa01 mailscanner[18521]: Scanned 1 > messages, 2942 bytes > in 0 seconds > Jan 9 16:38:03 uadspa01 mailscanner[18521]: Scanning 2 > messages, 6947 bytes > > Jan 9 16:38:03 uadspa01 mailscanner[18521]: Scanned 2 > messages, 6947 bytes > in 0 seconds > Jan 9 16:38:08 uadspa01 mailscanner[18521]: Scanning 3 > messages, 12991 > bytes > Jan 9 16:38:09 uadspa01 mailscanner[18521]: Scanned 3 > messages, 12991 bytes > in 1 seconds > Jan 9 16:38:14 uadspa01 mailscanner[18521]: Scanning 3 > messages, 13782 > bytes > Jan 9 16:38:14 uadspa01 mailscanner[18521]: Scanned 3 > messages, 13782 bytes > in 0 seconds > Jan 9 16:38:19 uadspa01 mailscanner[18521]: Scanning 3 > messages, 15573 > bytes > Jan 9 16:38:20 uadspa01 mailscanner[18521]: Scanned 3 > messages, 15573 bytes > in 1 seconds > Jan 9 16:38:25 uadspa01 mailscanner[18521]: Scanning 6 > messages, 69217 > bytes > Jan 9 16:38:25 uadspa01 mailscanner[18521]: Scanned 6 > messages, 69217 bytes > in 0 seconds > Jan 9 16:38:35 uadspa01 mailscanner[18521]: Scanning 5 > messages, 20344 > bytes > Jan 9 16:38:35 uadspa01 mailscanner[18521]: Scanned 5 > messages, 20344 bytes > in 0 seconds > Jan 9 16:38:35 uadspa01 mailscanner[18521]: Scanning 1 > messages, 2157 bytes > > Jan 9 16:38:36 uadspa01 mailscanner[18521]: Scanned 1 > messages, 2157 bytes > in 0 seconds > Jan 9 16:38:41 uadspa01 mailscanner[18521]: Scanning 1 > messages, 2157 bytes > > Jan 9 16:38:41 uadspa01 mailscanner[18521]: Scanned 1 > messages, 2157 bytes > in 0 seconds > Jan 9 16:38:46 uadspa01 mailscanner[18521]: Scanning 4 > messages, 17190 > bytes > Jan 9 16:38:46 uadspa01 mailscanner[18521]: Scanned 4 > messages, 17190 bytes > in 0 seconds > Jan 9 16:38:46 uadspa01 mailscanner[18521]: Scanning 1 > messages, 4451 bytes > From mailscanner at ecs.soton.ac.uk Thu Jan 9 18:54:59 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:55 2006 Subject: spamassassin timeout - patch In-Reply-To: <5.2.0.9.2.20030108230955.02cee468@imap.ecs.soton.ac.uk> References: Message-ID: <5.2.0.9.2.20030109185119.02042e90@imap.ecs.soton.ac.uk> At 23:11 08/01/2003, you wrote: >What I will endeavour to add to the next version is an improvement to the >SA timeout code. So if SA times out lots of times in a row it will remove >SA's ability to do RBL lookups. If that fixes the timeouts then it will >carry on like that. If SA still times out after some more attempts, then it >will kill SA completely. > >All this state is reset when MailScanner next does its auto restart in a >few hours time. I have attached a patch to implement this. From the comment in the code, which explains it: If we get maxfailures consecutive timeouts, then disable the SpamAssassin RBL checks in an attempt to get it working again. If it continues to time out for another maxfailures consecutive attempts, then disable it completely. The factor of 2 involved in this saves having to have a configuration variable that is very hard to explain unless you have seen it in action, at which point you understand it anyway :-) Please can someone try it out and let me know if it works okay? Hopefully this will make SpamAssassin much robust when an RBL goes down. -------------- next part -------------- A non-text attachment was scrubbed... Name: SA.pm.patch Type: application/octet-stream Size: 2943 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030109/4c3ceecd/SA.pm.obj -------------- next part -------------- -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner-sub at WIREHUB.NET Thu Jan 9 19:54:23 2003 From: mailscanner-sub at WIREHUB.NET (Ben C. O. Grimm) Date: Thu Jan 12 21:16:55 2006 Subject: OT: Dynamically updating /etc/mail/access In-Reply-To: References: Message-ID: On 9 Jan 2003 18:29:40 +0100, "Andrew M. Hoying" wrote: > I'm including the spamassassin list in this because I think it is > relevant there as well. Has anyone thought about starting some kind of > distributed (like razor and dcc) or community (like spamassassin) based > effort to build a near real time access list like this? Obviously this > list doesn't catch everything. If there was a way to submit new items > for the list to be reviewed and added by a large group of users, or > automatically tested and added in some cases, I think it could be even > more effective. Not that I'm unhappy with 70-80% of spam getting blocked > by the current access list at my site, but more is always better. We get about 50-100 spam samples every day (we don't need more, thanks ..) and use them to update our lists. Please note that this list only handles 1/3 of our spam filters. The blackholes.wirehub.net DNSBL is just as important. Both databases have a degree of 'self-learning'. Hits on the address/domain blocks find their way into the IP-based blockers (when a patterns emerges), and new spamming domains from already listed IPs get added to the spamlist. Any of the blockers will get you a nice result; combining them is the way to go. -- - Ben C. O. Grimm ----------------- Ben.Grimm@wirehub.net - - Wirehub! Internet Engineering - http://www.wirehub.net/ - - Private Ponderings ----------- http://www.bengrimm.net/ - - Wirehub! Internet ----------- part of easynet Group plc - From mailscanner-sub at WIREHUB.NET Thu Jan 9 20:13:29 2003 From: mailscanner-sub at WIREHUB.NET (Ben C. O. Grimm) Date: Thu Jan 12 21:16:55 2006 Subject: Reviving an old idea about renaming forbidden extensions In-Reply-To: References: Message-ID: Almost a year ago (Jan 2002), I sent a mail to Julian with the following suggestion: >I would like to make the following suggestion with regards to >'forbidden extensions'. There are currently two options: ban them if >they're on the list, or allow them if they do not contain a virus. >How about a third option: rename the file (if it does not contain a >known virus, of course) to make it not immediately executable, for >instance by replacing .ext with ~ext and adding an explanatory line >like 'MailScanner changed filename.pif to filename~pif to prevent >immediate execution; shortcuts to (&etc) are dangerous, so be very >cautious about renaming the file and executing it.' Or something >like that. Some people actually send virus-free files with .pif and >.reg extension through our servers ... they're not too happy .. I implemented the .exe restriction about three days ago, and the sun doesn't shine anymore over here. I had to let it go, even though I'm fully opposed to sending directly executable content through email. Lots of users (mainly businesses in our case) were severely hindered by this restriction, and even though I'm as BOFH as they come, frustrating clients' mailflow is not on my priority list (well, not in the top 10 at the moment). I do see the need to 'treat' extensions like 'exe' though, and adding the 'rewrite' option (and the proposed functionality) to the filenames.rules.conf would be the best of both worlds. For example, renaming an attachment from file.exe to file.~exe or file.exe~ (the latter sounds easier, you can anchor to $) would a) show the original extension on 'platforms' that have a tendency to hide them (happily exploited by the virus.jpg.scr type virus) b) leave the file untouched, but you have to actively rename and execute it to run it. Of course, MailScanner will include a warning and a short explanation as to why and how. Best of both worlds, it seems. People get their files, and they can't say they weren't informed about the risks. Of course, the primary goal is to intercept new viruses that are not in the DAT files yet (or at least to inform recipients of that possibility), but maintaining the lowest level of impact regarding those who have to send this kind of content using email. I may even start ordering MailScanner goodies. -- - Ben C. O. Grimm ----------------- Ben.Grimm@wirehub.net - - Wirehub! Internet Engineering - http://www.wirehub.net/ - - Private Ponderings ----------- http://www.bengrimm.net/ - - Wirehub! Internet ----------- part of easynet Group plc - From mailscanner at ecs.soton.ac.uk Thu Jan 9 20:20:19 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:55 2006 Subject: Reviving an old idea about renaming forbidden extensions In-Reply-To: References: Message-ID: <5.2.0.9.2.20030109201943.02869090@imap.ecs.soton.ac.uk> Good idea. I'll take a look, but no promises. At 20:13 09/01/2003, you wrote: >Almost a year ago (Jan 2002), I sent a mail to Julian with the following >suggestion: > > >I would like to make the following suggestion with regards to > >'forbidden extensions'. There are currently two options: ban them if > >they're on the list, or allow them if they do not contain a virus. > >How about a third option: rename the file (if it does not contain a > >known virus, of course) to make it not immediately executable, for > >instance by replacing .ext with ~ext and adding an explanatory line > >like 'MailScanner changed filename.pif to filename~pif to prevent > >immediate execution; shortcuts to (&etc) are dangerous, so be very > >cautious about renaming the file and executing it.' Or something > >like that. Some people actually send virus-free files with .pif and > >.reg extension through our servers ... they're not too happy .. > >I implemented the .exe restriction about three days ago, and the sun >doesn't shine anymore over here. I had to let it go, even though I'm fully >opposed to sending directly executable content through email. Lots of users >(mainly businesses in our case) were severely hindered by this restriction, >and even though I'm as BOFH as they come, frustrating clients' mailflow is >not on my priority list (well, not in the top 10 at the moment). > >I do see the need to 'treat' extensions like 'exe' though, and adding the >'rewrite' option (and the proposed functionality) to the >filenames.rules.conf would be the best of both worlds. For example, >renaming an attachment from file.exe to file.~exe or file.exe~ (the latter >sounds easier, you can anchor to $) would a) show the original extension on >'platforms' that have a tendency to hide them (happily exploited by the >virus.jpg.scr type virus) b) leave the file untouched, but you have to >actively rename and execute it to run it. Of course, MailScanner will >include a warning and a short explanation as to why and how. Best of both >worlds, it seems. People get their files, and they can't say they weren't >informed about the risks. > >Of course, the primary goal is to intercept new viruses that are not in the >DAT files yet (or at least to inform recipients of that possibility), but >maintaining the lowest level of impact regarding those who have to send >this kind of content using email. I may even start ordering MailScanner >goodies. > >-- >- Ben C. O. Grimm ----------------- Ben.Grimm@wirehub.net - >- Wirehub! Internet Engineering - http://www.wirehub.net/ - >- Private Ponderings ----------- http://www.bengrimm.net/ - >- Wirehub! Internet ----------- part of easynet Group plc - -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mbowman at UDCOM.COM Thu Jan 9 20:20:27 2003 From: mbowman at UDCOM.COM (Matthew Bowman) Date: Thu Jan 12 21:16:55 2006 Subject: Reviving an old idea about renaming forbidden extensions In-Reply-To: Message-ID: On the same topic What about accepted filenames regardless of extensions. For example if we wanted to receive send and email that has the same filename attachment like projects.exe (archived zip) that contains documents, demos, presentations etc? Would it be possible to cater for that. Or simply if the domain is 'whitelisted', ignore filename.rules altogether? Matthew From mailscanner at BARENDSE.TO Thu Jan 9 20:27:34 2003 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:16:55 2006 Subject: Reviving an old idea about renaming forbidden extensions In-Reply-To: Message-ID: Is whitelisting by domain really a good idea? If you want to whitelist a domain it means you'll regularly receive mail from them. You would need to trust all of the users in the foreign domain to not send/open any viruses to your site! And chances are that viruses come in from people you communicate with, not from strangers. On Thu, 9 Jan 2003, Matthew Bowman wrote: > On the same topic > > What about accepted filenames regardless of extensions. > > For example if we wanted to receive send and email that has the same > filename attachment like projects.exe (archived zip) that contains > documents, demos, presentations etc? Would it be possible to cater for > that. Or simply if the domain is 'whitelisted', ignore filename.rules > altogether? > > Matthew > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailscanner-sub at WIREHUB.NET Thu Jan 9 20:31:33 2003 From: mailscanner-sub at WIREHUB.NET (Ben C. O. Grimm) Date: Thu Jan 12 21:16:55 2006 Subject: OT: Dynamically updating /etc/mail/access In-Reply-To: References: Message-ID: On 8 Jan 2003 17:02:56 +0100, "Andrew M. Hoying" wrote: > I implemented this and a few other things in a script and now we are > blocking 80% of incoming spam without having to bother MailScanner or > SpamAssassin with processing it. By the way: you can add IP checking as well, by adding the LHS of http://basic.wirehub.nl/blockedIPs.txt and a RHS of REJECT (or an error message of your choice) to your access.db. That is how it used to work over here before we moved IP blocking to a DNSBL. Something like fetch -m http://basic.wirehub.nl/blockedIPs.txt awk '{print $1" REJECT"}' < blockedIPs.txt >> access (*) and hashing it to an access.db is all you need, really. (*) of course, '>' or '>>' depends on the order in which you create the access file, and where you start adding stuff to it) The file is not yet available through rsync, but making it available is not too hard, of course. -- - Ben C. O. Grimm ----------------- Ben.Grimm@wirehub.net - - Wirehub! Internet Engineering - http://www.wirehub.net/ - - Private Ponderings ----------- http://www.bengrimm.net/ - - Wirehub! Internet ----------- part of easynet Group plc - From mailscanner at BARENDSE.TO Thu Jan 9 20:36:19 2003 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:16:55 2006 Subject: Orphaned, undelivered files in mqueue.in In-Reply-To: <5.2.0.9.2.20030109172953.02a9c0d0@imap.ecs.soton.ac.uk> Message-ID: The thought crossed my mind, and it may not even be unlikely. I think I found the cause of the problem. The time stamp of the orphaned files is about the same as these messages in the maillog: Jan 9 21:20:15 raveon MailScanner[30971]: MailScanner child caught a SIGHUP Jan 9 21:20:15 raveon MailScanner[30946]: MailScanner child caught a SIGHUP Jan 9 21:20:25 raveon sendmail[31137]: alias database /etc/aliases rebuilt by root Jan 9 21:20:25 raveon sendmail[31137]: /etc/aliases: 66 aliases, longest 10 bytes, 658 bytes total Jan 9 21:20:25 raveon sendmail[31146]: starting daemon (8.12.5): SMTP Jan 9 21:20:25 raveon sendmail[31151]: starting daemon (8.12.5): queueing@00:15:00 Jan 9 21:20:26 raveon MailScanner[31162]: MailScanner Jan 9 21:20:27 raveon MailScanner[31162]: MailScanner E-Mail Virus Scanner version 4.11-1 starting... Jan 9 21:20:28 raveon MailScanner[31162]: Using locktype = flock But.... no reference to receiving any e-mail. I think sendmail is in the process of receiving the e-mail, which is not finished, hence no entry in the maillog and then MailScanner kills and restarts sendmail?? Or does the sighup mean that something has crashed? I seem to have an awful lot of those :( Every 5 minutes!!!! If the sender's connection isn't all that fast it is very well possible that the mail transfer indeed gets killed before transmission is completed. I never had this SIGHUP problem with 4.10? On Thu, 9 Jan 2003, Julian Field wrote: > It is possible that you merely got them for non-MailScanner related > problems, such as an SMTP client getting cut off half way through sending a > message. Sorry if that sounds like I'm passing the buck... > > At 17:17 09/01/2003, you wrote: > >This was the first thing I have checked. I took different parts of the > >numbers of these df files and grepped the maillog for it. Strangely enough > >I cannot find them. Also when browsing through the maillog and looking > >around the same date/time as these orphaned files in some cases there > >isn't any message whatsoever of mail being delivered / received. > > > >I have about 10 orphaned files in the mqueue.in, none in the outdir and > >they are all from yesterday and this morning. I know for sure that I > >didn't restart MailScanner last night or this morning. It's hardly > >possible that MailScanner would restart itself at exactly the same time as > >these 10 e-mails in 1,5 day? (This is a very low volume home server). > > > >On Thu, 9 Jan 2003, Julian Field wrote: > > > > > At 16:08 09/01/2003, you wrote: > > > >Ever since I upgraded to MailScanner 4.11-1 yesterday I have several > > > >orphaned files that are piling up in mqueue.in > > > > > > > >The only files sitting there are the df files, without any other files. > > > >Also these messages have never been delivered to the intended recipient. > > > > > > > >Any ideas?? > > > > > > > >Can I still get these df files delivered or extract them to make them > > > >readable? > > > > > > Check both your /var/spool/mqueue and your maillog to see if the message > > > ids have already been delivered (or at least placed in the outgoing queue). > > > > > > I thought I had fixed this in 4.11, but obviously not well enough. > > > > > > Do the times on the files correspond to times when you have done a > > > MailScanner "reload" or "restart"? > > > -- > > > Julian Field > > > www.MailScanner.info > > > MailScanner thanks transtec Computers for their support > > > > > > > > > > > >-- > >This message has been scanned for viruses and > >dangerous content by MailScanner, and is > >believed to be clean. > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mbowman at UDCOM.COM Thu Jan 9 20:45:43 2003 From: mbowman at UDCOM.COM (Matthew Bowman) Date: Thu Jan 12 21:16:55 2006 Subject: Reviving an old idea about renaming forbidden extensions In-Reply-To: Message-ID: >Is whitelisting by domain really a good idea? If you want to whitelist a >domain it means you'll regularly receive mail from them. Its my preference purely for ease of administration and its less hassle. Our own domains are whitelisted (From:) and a couple of external ones e.g. travelocity.com, weather.com. There is a potential risk but I am keeping on top of all inbound and outbound e-mail to stop potentional chaos. >You would need to trust all of the users in the foreign domain to not >send/open any viruses to your site! And chances are that viruses come in >from people you communicate with, not from strangers. All outbound e-mail is scanned with Symantec AV 8.0 for Lotus Notes since we are all on a Domino Server. Outbound attachments from our local domains with .exe extensions are rare, however from time to time some of our departments need to send out files with .exe extensions. Rather than changing the rule to Allow .exe, restarting MailScanner, having them send out the e-mail, change the rule, restart mailscanner every time I would be interested in having other 'options' within MailScanner to allow .exe's to go to certain email addresses with minimal intervention. Matthew Remco Barendse cc: Sent by: Subject: Re: Reviving an old idea about renaming forbidden extensions MailScanner mailing list 01/09/2003 03:27 PM Please respond to MailScanner mailing list Is whitelisting by domain really a good idea? If you want to whitelist a domain it means you'll regularly receive mail from them. You would need to trust all of the users in the foreign domain to not send/open any viruses to your site! And chances are that viruses come in from people you communicate with, not from strangers. On Thu, 9 Jan 2003, Matthew Bowman wrote: > On the same topic > > What about accepted filenames regardless of extensions. > > For example if we wanted to receive send and email that has the same > filename attachment like projects.exe (archived zip) that contains > documents, demos, presentations etc? Would it be possible to cater for > that. Or simply if the domain is 'whitelisted', ignore filename.rules > altogether? > > Matthew > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ivan at NUCCI.COM.BR Thu Jan 9 20:49:28 2003 From: ivan at NUCCI.COM.BR (Ivan Mirisola) Date: Thu Jan 12 21:16:55 2006 Subject: clamav References: Message-ID: <3E1DE058.7010700@nucci.com.br> Hi List, It's allways good news to hear about people using clamav. I am using it for a while with no problems. I use clamav-0.54-2, an RPM compilation built under the PLD distribution (www.pld.org.pl), on a Red-Hat compatible distribution called Conectiva Linux 8.0 (a brazilian distributor). It should install just fine on any Red Hat System. I had tested clamav with a series o viruses I found on the net and it went pretty well - cought all of them. All except one I don't recall the name. But it was a mistake made on the virus database by the OpenAntiVirus Project people. Since then they fixed the database and clamav started to catch that virus. Anyway, the virus was an old one and it was not really spreading arround. I dont't use any other anti-virus software since its not really an area I am responsible for. I think people should be well prepared not to get their systems infected as new viruses are appear faster than their vacines. I am not really worried about viruses anymore as MailScanner take it to a next level of security. No more EXE ou double extention files go through my system and viruses get stopped before the anti-virus system kicks in action. In fact, I don't see a real reason why this software should be treated as UNSUPPORTED by MailScanner. Anyone has any comments about this? Regards --- Ivan Gavin Nelmes-Crocker wrote: >>Is anyone using clamav with their MailScanner installation - if so, how >>good is it? Is there any reason why I should not get it. >> >>I'm running:- >> >>Redhat 7.3 >>sendmail 8.11.6-3 >>MailScanner 4.10-1 >>SpamAssassin 2.43 >> >> >> >No reason not to use it except for the caveat that it still has an >unsupported status with MailScanner code but saying that its running very >well on our live system along with Sophos and F-prot so far it hasn't missed >anything that the others have found - it was a bit flaky a while ago when we >were running a test suite but we joined the clamav mailing list and soon saw >others having similar problems and the virus database got cleaned up. > >I have an rpm for it for a Cobalt box should work on plain Red Hat as well >but no promises. > >Regards > >Gavin > > >-- >This message has been scanned for viruses and dangerous content >by the Netergy Virus Spam Defence, and is believed to be clean. >For details on having your email scanned email nvsd@netergy.com > > From mailscanner at BARENDSE.TO Thu Jan 9 21:10:06 2003 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:16:55 2006 Subject: Orphaned, undelivered files in mqueue.in In-Reply-To: Message-ID: Oops! Correct that, I have checked my logs and it started on January 4th on 23:59 up untill now. I didn't really change anything in the config/setup, only yesterday I upgraded to 4.11 and started tweaking some rulesets. The strange thing is that these SIGHUPS are logged *exactly* every 5 minutes, usually no more than 2 seconds off! Hmmmm, I haven't seen any SIGHUPS now for more than 15 minutes. Because the log mentions MailScanner *child* I raised my number of Max Children = setting in the MailScanner.conf file. My setting was 2, I changed it back to 5 again (I don't need 5 child processes running on a home server, together with SpamAssassin they are just munching up huge amounts of mem/cpu in case several messages arrive at the same time). Is there an internal check in MailScanner that checks on the child processes that may be bugged or hard coded for 5 child processes and kills the lot off if there's only 2 instances of MS running? On Thu, 9 Jan 2003, Remco Barendse wrote: > The thought crossed my mind, and it may not even be unlikely. I think I > found the cause of the problem. The time stamp of the orphaned files is > about the same as these messages in the maillog: > Jan 9 21:20:15 raveon MailScanner[30971]: MailScanner child caught a > SIGHUP > Jan 9 21:20:15 raveon MailScanner[30946]: MailScanner child caught a > SIGHUP > Jan 9 21:20:25 raveon sendmail[31137]: alias database /etc/aliases > rebuilt by root > Jan 9 21:20:25 raveon sendmail[31137]: /etc/aliases: 66 aliases, longest > 10 bytes, 658 bytes total > Jan 9 21:20:25 raveon sendmail[31146]: starting daemon (8.12.5): SMTP > Jan 9 21:20:25 raveon sendmail[31151]: starting daemon (8.12.5): > queueing@00:15:00 > Jan 9 21:20:26 raveon MailScanner[31162]: MailScanner > Jan 9 21:20:27 raveon MailScanner[31162]: MailScanner E-Mail Virus > Scanner version 4.11-1 starting... > Jan 9 21:20:28 raveon MailScanner[31162]: Using locktype = flock > > But.... no reference to receiving any e-mail. I think sendmail is in the > process of receiving the e-mail, which is not finished, hence no entry in > the maillog and then MailScanner kills and restarts sendmail?? > > Or does the sighup mean that something has crashed? I seem to have an > awful lot of those :( > > Every 5 minutes!!!! > > If the sender's connection isn't all that fast it is very well possible > that the mail transfer indeed gets killed before transmission is > completed. > > I never had this SIGHUP problem with 4.10? > > On Thu, 9 Jan 2003, Julian Field wrote: > > > It is possible that you merely got them for non-MailScanner related > > problems, such as an SMTP client getting cut off half way through sending a > > message. Sorry if that sounds like I'm passing the buck... > > > > At 17:17 09/01/2003, you wrote: > > >This was the first thing I have checked. I took different parts of the > > >numbers of these df files and grepped the maillog for it. Strangely enough > > >I cannot find them. Also when browsing through the maillog and looking > > >around the same date/time as these orphaned files in some cases there > > >isn't any message whatsoever of mail being delivered / received. > > > > > >I have about 10 orphaned files in the mqueue.in, none in the outdir and > > >they are all from yesterday and this morning. I know for sure that I > > >didn't restart MailScanner last night or this morning. It's hardly > > >possible that MailScanner would restart itself at exactly the same time as > > >these 10 e-mails in 1,5 day? (This is a very low volume home server). > > > > > >On Thu, 9 Jan 2003, Julian Field wrote: > > > > > > > At 16:08 09/01/2003, you wrote: > > > > >Ever since I upgraded to MailScanner 4.11-1 yesterday I have several > > > > >orphaned files that are piling up in mqueue.in > > > > > > > > > >The only files sitting there are the df files, without any other files. > > > > >Also these messages have never been delivered to the intended recipient. > > > > > > > > > >Any ideas?? > > > > > > > > > >Can I still get these df files delivered or extract them to make them > > > > >readable? > > > > > > > > Check both your /var/spool/mqueue and your maillog to see if the message > > > > ids have already been delivered (or at least placed in the outgoing queue). > > > > > > > > I thought I had fixed this in 4.11, but obviously not well enough. > > > > > > > > Do the times on the files correspond to times when you have done a > > > > MailScanner "reload" or "restart"? > > > > -- > > > > Julian Field > > > > www.MailScanner.info > > > > MailScanner thanks transtec Computers for their support > > > > > > > > > > > > > > > > >-- > > >This message has been scanned for viruses and > > >dangerous content by MailScanner, and is > > >believed to be clean. > > > > -- > > Julian Field > > www.MailScanner.info > > MailScanner thanks transtec Computers for their support > > > > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailscanner at ecs.soton.ac.uk Thu Jan 9 21:22:40 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:55 2006 Subject: clamav In-Reply-To: <3E1DE058.7010700@nucci.com.br> References: Message-ID: <5.2.0.9.2.20030109212057.02000238@imap.ecs.soton.ac.uk> At 20:49 09/01/2003, you wrote: >In fact, I don't see a real reason why this software should be treated >as UNSUPPORTED by MailScanner. >Anyone has any comments about this? The only reason for that state is that I haven't had a chance to install it and test it thoroughly. I hope to offload a bunch of my current work responsibilities to someone else fairly soon (next month or so) so I will have a bit more time to work on MailScanner. I just don't have the time at the moment :-( -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Thu Jan 9 21:10:48 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:55 2006 Subject: Reviving an old idea about renaming forbidden extensions In-Reply-To: References: Message-ID: <5.2.0.9.2.20030109210635.02020500@imap.ecs.soton.ac.uk> At 20:45 09/01/2003, you wrote: >Rather than changing the rule to Allow .exe, restarting MailScanner, having >them send out the e-mail, change the rule, >restart mailscanner every time I would be interested in having other >'options' within MailScanner to allow .exe's to >go to certain email addresses with minimal intervention. You can do that already with a ruleset. In MailScanner.conf, set Filename Rules = /etc/MailScanner/rules/filename.rules In filename.rules, set From: user1@domain.com /etc/MailScanner/filename.rules.allow.conf To: user2@other.com /etc/MailScanner/filename.rules.allow.conf FromOrTo: default /etc/MailScanner/filename.rules.conf Then make the first line of filename.rules.allow.conf to be allow \.exe$ - - Then *.exe attachments from user1@domain.com or to user2@other.com will be allowed, but not for any other addresses. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Thu Jan 9 21:19:43 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:55 2006 Subject: Orphaned, undelivered files in mqueue.in In-Reply-To: References: <5.2.0.9.2.20030109172953.02a9c0d0@imap.ecs.soton.ac.uk> Message-ID: <5.2.0.9.2.20030109211244.02061460@imap.ecs.soton.ac.uk> At 20:36 09/01/2003, you wrote: >The thought crossed my mind, and it may not even be unlikely. I think I >found the cause of the problem. The time stamp of the orphaned files is >about the same as these messages in the maillog: >Jan 9 21:20:15 raveon MailScanner[30971]: MailScanner child caught a >SIGHUP >Jan 9 21:20:15 raveon MailScanner[30946]: MailScanner child caught a >SIGHUP >Jan 9 21:20:25 raveon sendmail[31137]: alias database /etc/aliases >rebuilt by root >Jan 9 21:20:25 raveon sendmail[31137]: /etc/aliases: 66 aliases, longest >10 bytes, 658 bytes total >Jan 9 21:20:25 raveon sendmail[31146]: starting daemon (8.12.5): SMTP >Jan 9 21:20:25 raveon sendmail[31151]: starting daemon (8.12.5): >queueing@00:15:00 >Jan 9 21:20:26 raveon MailScanner[31162]: MailScanner >Jan 9 21:20:27 raveon MailScanner[31162]: MailScanner E-Mail Virus >Scanner version 4.11-1 starting... >Jan 9 21:20:28 raveon MailScanner[31162]: Using locktype = flock > >But.... no reference to receiving any e-mail. I think sendmail is in the >process of receiving the e-mail, which is not finished, hence no entry in >the maillog and then MailScanner kills and restarts sendmail?? > >Or does the sighup mean that something has crashed? I seem to have an >awful lot of those :( > >Every 5 minutes!!!! There is nothing in the code that would cause a SIGHUP every 5 minutes, something external must be causing that. The only time the parent process sends a SIGHUP to the children is when it is terminated with a "kill" command. I carefully added code to 4.11 so that these orphaned files would not be left behind. Can you just double-check you really have 4.11 and not 4.10 fragments anywhere? 4.11 has a "deletes pending" list which it will execute if the process is HUP-ed during a "delete message" operation. So this really shouldn't happen any more.... >If the sender's connection isn't all that fast it is very well possible >that the mail transfer indeed gets killed before transmission is >completed. > >I never had this SIGHUP problem with 4.10? > >On Thu, 9 Jan 2003, Julian Field wrote: > > > It is possible that you merely got them for non-MailScanner related > > problems, such as an SMTP client getting cut off half way through sending a > > message. Sorry if that sounds like I'm passing the buck... > > > > At 17:17 09/01/2003, you wrote: > > >This was the first thing I have checked. I took different parts of the > > >numbers of these df files and grepped the maillog for it. Strangely enough > > >I cannot find them. Also when browsing through the maillog and looking > > >around the same date/time as these orphaned files in some cases there > > >isn't any message whatsoever of mail being delivered / received. > > > > > >I have about 10 orphaned files in the mqueue.in, none in the outdir and > > >they are all from yesterday and this morning. I know for sure that I > > >didn't restart MailScanner last night or this morning. It's hardly > > >possible that MailScanner would restart itself at exactly the same time as > > >these 10 e-mails in 1,5 day? (This is a very low volume home server). > > > > > >On Thu, 9 Jan 2003, Julian Field wrote: > > > > > > > At 16:08 09/01/2003, you wrote: > > > > >Ever since I upgraded to MailScanner 4.11-1 yesterday I have several > > > > >orphaned files that are piling up in mqueue.in > > > > > > > > > >The only files sitting there are the df files, without any other > files. > > > > >Also these messages have never been delivered to the intended > recipient. > > > > > > > > > >Any ideas?? > > > > > > > > > >Can I still get these df files delivered or extract them to make them > > > > >readable? > > > > > > > > Check both your /var/spool/mqueue and your maillog to see if the > message > > > > ids have already been delivered (or at least placed in the outgoing > queue). > > > > > > > > I thought I had fixed this in 4.11, but obviously not well enough. > > > > > > > > Do the times on the files correspond to times when you have done a > > > > MailScanner "reload" or "restart"? > > > > -- > > > > Julian Field > > > > www.MailScanner.info > > > > MailScanner thanks transtec Computers for their support > > > > > > > > > > > > > > > > >-- > > >This message has been scanned for viruses and > > >dangerous content by MailScanner, and is > > >believed to be clean. > > > > -- > > Julian Field > > www.MailScanner.info > > MailScanner thanks transtec Computers for their support > > > > > > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Thu Jan 9 21:24:46 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:55 2006 Subject: Orphaned, undelivered files in mqueue.in In-Reply-To: References: Message-ID: <5.2.0.9.2.20030109212331.029cfeb8@imap.ecs.soton.ac.uk> At 21:10 09/01/2003, you wrote: >Is there an internal check in MailScanner that checks on the child >processes that may be bugged or hard coded for 5 child processes and kills >the lot off if there's only 2 instances of MS running? No. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From Kevin.Spicer at BMRB.CO.UK Thu Jan 9 22:00:04 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:16:55 2006 Subject: FW: Reviving an old idea about renaming forbidden extensions Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0A32C1C@pascal.priv.bmrb.co.uk> It might be less irritating to users (and easier to understand) to zip the file rather than obfuscate the filename (although obviously more CPU intensive). The option to add text to the message explaining what has been done and how dangerous it is to execute unsolicited files may also prove attractive. (Not for me though I just block 'em!) On Thu, 2003-01-09 at 20:20, Julian Field wrote: Good idea. I'll take a look, but no promises. At 20:13 09/01/2003, you wrote: >Almost a year ago (Jan 2002), I sent a mail to Julian with the following >suggestion: > > >I would like to make the following suggestion with regards to > >'forbidden extensions'. There are currently two options: ban them if > >they're on the list, or allow them if they do not contain a virus. > >How about a third option: rename the file (if it does not contain a > >known virus, of course) to make it not immediately executable, for > >instance by replacing .ext with ~ext and adding an explanatory line > >like 'MailScanner changed filename.pif to filename~pif to prevent > >immediate execution; shortcuts to (&etc) are dangerous, so be very > >cautious about renaming the file and executing it.' Or something > >like that. Some people actually send virus-free files with .pif and > >.reg extension through our servers ... they're not too happy .. > >I implemented the .exe restriction about three days ago, and the sun >doesn't shine anymore over here. I had to let it go, even though I'm fully >opposed to sending directly executable content through email. Lots of users >(mainly businesses in our case) were severely hindered by this restriction, >and even though I'm as BOFH as they come, frustrating clients' mailflow is >not on my priority list (well, not in the top 10 at the moment). > >I do see the need to 'treat' extensions like 'exe' though, and adding the >'rewrite' option (and the proposed functionality) to the >filenames.rules.conf would be the best of both worlds. For example, >renaming an attachment from file.exe to file.~exe or file.exe~ (the latter >sounds easier, you can anchor to $) would a) show the original extension on >'platforms' that have a tendency to hide them (happily exploited by the >virus.jpg.scr type virus) b) leave the file untouched, but you have to >actively rename and execute it to run it. Of course, MailScanner will >include a warning and a short explanation as to why and how. Best of both >worlds, it seems. People get their files, and they can't say they weren't >informed about the risks. > >Of course, the primary goal is to intercept new viruses that are not in the >DAT files yet (or at least to inform recipients of that possibility), but >maintaining the lowest level of impact regarding those who have to send >this kind of content using email. I may even start ordering MailScanner >goodies. > >-- >- Ben C. O. Grimm ----------------- Ben.Grimm@wirehub.net - >- Wirehub! Internet Engineering - http://www.wirehub.net/ - >- Private Ponderings ----------- http://www.bengrimm.net/ - >- Wirehub! Internet ----------- part of easynet Group plc - -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner-sub at WIREHUB.NET Thu Jan 9 22:28:29 2003 From: mailscanner-sub at WIREHUB.NET (Ben C. O. Grimm) Date: Thu Jan 12 21:16:55 2006 Subject: FW: Reviving an old idea about renaming forbidden extensions In-Reply-To: References: Message-ID: On 9 Jan 2003 23:02:04 +0100, "Spicer, Kevin" wrote: > It might be less irritating to users (and easier to understand) to zip > the file rather than obfuscate the filename Suggesting to people to zip those files proved counterproductive. Most people were already sending self-extracting archives and some of these archives are automatically produced and distributed (software updates, patches, stuff like that). The 'zip solution' simply does not apply in all cases. Suggesting it didn't get me anywhere. > The option to add text to the message explaining what has > been done and how dangerous it is to execute unsolicited files may also > prove attractive. That's the solution I'm aiming for. Renaming a file by simply stripping off an added character is probably more acceptable (and not too hard). While on the subject (, Julian): I mailed a file with the name file.exe~ (yes, with a trailing tilde). It still got rejected by the exe rule .. even though the file shouldn't match exe$ in the ruleset .. -- - Ben C. O. Grimm ----------------- Ben.Grimm@wirehub.net - - Wirehub! Internet Engineering - http://www.wirehub.net/ - - Private Ponderings ----------- http://www.bengrimm.net/ - - Wirehub! Internet ----------- part of easynet Group plc - From mailscanner at BARENDSE.TO Thu Jan 9 22:31:53 2003 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:16:55 2006 Subject: Orphaned, undelivered files in mqueue.in In-Reply-To: <5.2.0.9.2.20030109211244.02061460@imap.ecs.soton.ac.uk> Message-ID: Yes, I really have only 4.11-1 running. Strangely enough, immediately after increasing the Max Children = setting back to 5 the problem disappeared and I had not had a single SIGHUP since! That is the only thing I changed and immediately solved the problem. On Thu, 9 Jan 2003, Julian Field wrote: > At 20:36 09/01/2003, you wrote: > >The thought crossed my mind, and it may not even be unlikely. I think I > >found the cause of the problem. The time stamp of the orphaned files is > >about the same as these messages in the maillog: > >Jan 9 21:20:15 raveon MailScanner[30971]: MailScanner child caught a > >SIGHUP > >Jan 9 21:20:15 raveon MailScanner[30946]: MailScanner child caught a > >SIGHUP > >Jan 9 21:20:25 raveon sendmail[31137]: alias database /etc/aliases > >rebuilt by root > >Jan 9 21:20:25 raveon sendmail[31137]: /etc/aliases: 66 aliases, longest > >10 bytes, 658 bytes total > >Jan 9 21:20:25 raveon sendmail[31146]: starting daemon (8.12.5): SMTP > >Jan 9 21:20:25 raveon sendmail[31151]: starting daemon (8.12.5): > >queueing@00:15:00 > >Jan 9 21:20:26 raveon MailScanner[31162]: MailScanner > >Jan 9 21:20:27 raveon MailScanner[31162]: MailScanner E-Mail Virus > >Scanner version 4.11-1 starting... > >Jan 9 21:20:28 raveon MailScanner[31162]: Using locktype = flock > > > >But.... no reference to receiving any e-mail. I think sendmail is in the > >process of receiving the e-mail, which is not finished, hence no entry in > >the maillog and then MailScanner kills and restarts sendmail?? > > > >Or does the sighup mean that something has crashed? I seem to have an > >awful lot of those :( > > > >Every 5 minutes!!!! > > There is nothing in the code that would cause a SIGHUP every 5 minutes, > something external must be causing that. The only time the parent process > sends a SIGHUP to the children is when it is terminated with a "kill" command. > > I carefully added code to 4.11 so that these orphaned files would not be > left behind. Can you just double-check you really have 4.11 and not 4.10 > fragments anywhere? 4.11 has a "deletes pending" list which it will execute > if the process is HUP-ed during a "delete message" operation. So this > really shouldn't happen any more.... > > >If the sender's connection isn't all that fast it is very well possible > >that the mail transfer indeed gets killed before transmission is > >completed. > > > >I never had this SIGHUP problem with 4.10? > > > >On Thu, 9 Jan 2003, Julian Field wrote: > > > > > It is possible that you merely got them for non-MailScanner related > > > problems, such as an SMTP client getting cut off half way through sending a > > > message. Sorry if that sounds like I'm passing the buck... > > > > > > At 17:17 09/01/2003, you wrote: > > > >This was the first thing I have checked. I took different parts of the > > > >numbers of these df files and grepped the maillog for it. Strangely enough > > > >I cannot find them. Also when browsing through the maillog and looking > > > >around the same date/time as these orphaned files in some cases there > > > >isn't any message whatsoever of mail being delivered / received. > > > > > > > >I have about 10 orphaned files in the mqueue.in, none in the outdir and > > > >they are all from yesterday and this morning. I know for sure that I > > > >didn't restart MailScanner last night or this morning. It's hardly > > > >possible that MailScanner would restart itself at exactly the same time as > > > >these 10 e-mails in 1,5 day? (This is a very low volume home server). > > > > > > > >On Thu, 9 Jan 2003, Julian Field wrote: > > > > > > > > > At 16:08 09/01/2003, you wrote: > > > > > >Ever since I upgraded to MailScanner 4.11-1 yesterday I have several > > > > > >orphaned files that are piling up in mqueue.in > > > > > > > > > > > >The only files sitting there are the df files, without any other > > files. > > > > > >Also these messages have never been delivered to the intended > > recipient. > > > > > > > > > > > >Any ideas?? > > > > > > > > > > > >Can I still get these df files delivered or extract them to make them > > > > > >readable? > > > > > > > > > > Check both your /var/spool/mqueue and your maillog to see if the > > message > > > > > ids have already been delivered (or at least placed in the outgoing > > queue). > > > > > > > > > > I thought I had fixed this in 4.11, but obviously not well enough. > > > > > > > > > > Do the times on the files correspond to times when you have done a > > > > > MailScanner "reload" or "restart"? > > > > > -- > > > > > Julian Field > > > > > www.MailScanner.info > > > > > MailScanner thanks transtec Computers for their support > > > > > > > > > > > > > > > > > > > > > >-- > > > >This message has been scanned for viruses and > > > >dangerous content by MailScanner, and is > > > >believed to be clean. > > > > > > -- > > > Julian Field > > > www.MailScanner.info > > > MailScanner thanks transtec Computers for their support > > > > > > > > > > > >-- > >This message has been scanned for viruses and > >dangerous content by MailScanner, and is > >believed to be clean. > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Kevin.Spicer at BMRB.CO.UK Thu Jan 9 22:45:22 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:16:55 2006 Subject: FW: Reviving an old idea about renaming forbidden extensions Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0A4ACFD@pascal.priv.bmrb.co.uk> > > > It might be less irritating to users (and easier to > understand) to zip > > the file rather than obfuscate the filename > > Suggesting to people to zip those files proved counterproductive. Most > people were already sending self-extracting archives and some of these > archives are automatically produced and distributed (software updates, > patches, stuff like that). The 'zip solution' simply does not > apply in all > cases. Suggesting it didn't get me anywhere. Sorry I think you thought I meant users should zip the files. I actually meant maybe MailScanner could have an option to zip offending files. Maybe along the lines of the existing spam actions you could have a series of 'blocked attachement actions' eg. obfuscate-filename, zip, deliver, delete etc. You'd probably want the ability to change this for different extensions so I guess this would be another field in filename.rules.conf? Sorry if I wasn't clear enough. > From Kevin.Spicer at BMRB.CO.UK Thu Jan 9 23:05:26 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:16:55 2006 Subject: clamav Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0A32C1E@pascal.priv.bmrb.co.uk> > At 20:49 09/01/2003, you wrote: > >In fact, I don't see a real reason why this software should > be treated > >as UNSUPPORTED by MailScanner. > >Anyone has any comments about this? I've just added it to my home MailScanner (using fprot and clam now) using the Mandrake rpms (from Cooker). Seems to work fine, except I had to edit clamav-autoupdate and clamav-wrapper because it was installed in /usr rather than /usr/local by the rpm's. I'm heisitating to put it on my work box because I'd like to know if there are any other potential risks from changing the minimum code status on a production server. Frankly I'd be suprised if it caught anything Sophos didn't but you never know! It would be nice if the virus reports indicated which virus scanner had identified the virus. From mailscanner-sub at WIREHUB.NET Thu Jan 9 23:30:15 2003 From: mailscanner-sub at WIREHUB.NET (Ben C. O. Grimm) Date: Thu Jan 12 21:16:55 2006 Subject: FW: Reviving an old idea about renaming forbidden extensions In-Reply-To: References: Message-ID: On 9 Jan 2003 23:47:13 +0100, "Spicer, Kevin" wrote: > > > It might be less irritating to users (and easier to > > > understand) to zip > > > the file rather than obfuscate the filename > > Suggesting to people to zip those files proved counterproductive.[..] > Sorry I think you thought I meant users should zip the files. Um, yes, I did .. > I actually meant maybe MailScanner could have an option to zip offending files. Maybe along the lines of the existing spam actions you could have a series of 'blocked attachement actions' eg. obfuscate-filename, zip, deliver, delete etc. You'd probably want the ability to change this for different extensions so I guess this would be another field in filename.rules.conf? Some people don't have any (de)compression software at all or don't understand the file format at all ... some companies may not want to buy 50 WinZip licenses .... So this may prove to be just as arbitary as downright refusing the file. Just passing the file along with a small change to the filename and a short explanation may save cpu cycles (in the server and in the recipient's wetware). -- - Ben C. O. Grimm ----------------- Ben.Grimm@wirehub.net - - Wirehub! Internet Engineering - http://www.wirehub.net/ - - Private Ponderings ----------- http://www.bengrimm.net/ - - Wirehub! Internet ----------- part of easynet Group plc - From adkinss at OHIO.EDU Fri Jan 10 07:26:04 2003 From: adkinss at OHIO.EDU (Scott Adkins) Date: Thu Jan 12 21:16:55 2006 Subject: Attempted delivery BATCH vs QUEUE Message-ID: <13370015.1042165564@IO> Okay, maybe I am a bit confused about how this works... But I changed our queues a bit tonight on the system and decided to change MailScanner back to "batch" mode. Basically, the configuration is as follows: Incoming Queue Dir = /var_spool/cyrus-fast Outgoing Queue Dir = /var_spool/cyrus-slow Incoming Work Dir = /var_spool/MailScanner/incoming Quarantine Dir = /var_spool/MailScanner/quarantine Sendmail = /usr/sbin/sendmail Deliver In Background = yes Delivery Method = batch When I had the Delivery Method set to "queue", it worked as I expected in that MailScanner would deposit the email into the "cyrus-slow" queue after the messages had been scanned, and my cron jobs would eventually come through and do the delivery themselves. Now, what I want instead is for MailScanner to try and deliver the message first and if it couldn't, then and only then deposit the message in the "cyrus-slow" queue. I still have the cron jobs, so the email will get delivered eventually. However, from what I can see in the logs and the behavior, MailScanner isn't doing any kind of delivery. All of the messages after being scanned are put into the "cyrus-slow" queue. I have sendmail configured to deliver to LMTP, and checking my cyrus logs shows that the lmtp server isn't even being contacted, meaning that sendmail isn't getting ran to do the delivery. The MailScanner logs show the following: Spam Checks: Found 38 spam messages Spam Actions: message h0A7PmYV932698 actions are deliver Spam Actions: message h0A7PVYV960562 actions are deliver Spam Actions: message h0A7P1YV544776 actions are deliver .... Spam Actions: message h0A7PqYV947802 actions are deliver Spam Actions: message h0A7PpYV963580 actions are deliver Spam Actions: message h0A7PnYV958534 actions are deliver Unscanned: Delivered 60 messages Virus and Content Scanning: Starting New Batch: Found 129 messages waiting New Batch: Forwarding 100 unscanned messages, 782674 bytes Spam Checks: Starting I am wondering about the "Unscanned: Delivered 60 messages" entry, and not sure what the "Forwarding 100 unscanned messages" is all about. Am I just confused about what "batch" mode is all about? Scott -- +-----------------------------------------------------------------------+ Scott W. Adkins http://www.cns.ohiou.edu/~sadkins/ UNIX Systems Engineer mailto:adkinss@ohio.edu ICQ 7626282 Work (740)593-9478 Fax (740)593-1944 +-----------------------------------------------------------------------+ PGP Public Key available at http://www.cns.ohiou.edu/~sadkins/pgp/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 231 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030110/b47f442d/attachment.bin From adkinss at OHIO.EDU Fri Jan 10 07:40:39 2003 From: adkinss at OHIO.EDU (Scott Adkins) Date: Thu Jan 12 21:16:55 2006 Subject: Performance Enhancements Message-ID: <14245584.1042166439@IO> Okay, since we turned on MailScanner with Spam Assassin and Sophos, we have definitely seen high load come out of the server... It looks like the culprit is Spam Assassin. SA seems to take about 5 times as much CPU to process mail as what Sophos does (which is backwards from what I was expecting, actually). The system we are running this on is a pretty decent system. It is a two member Compaq Alpha Tru64 5.1a cluster. One member is an ES40 with 4 EV6.7 667Mhz CPU's, 4GB CPU cache and 8GB memory. The other member is an Alpha 4100 with 4 EV5.6 600Mhz CPU's, 4GB CPU cache and 6GB memory. The first member is more than twice as powerful as the second member is. This is our primary email system, and we regularly see 400-500k worth of emails go through the system on a daily basis. We support well over 60k users and typically have 1500+ concurrent IMAP/POP users logged onto the system. The system performs great under these conditions... The idea was to run MailScanner and mail queue processing on one machine, and our Cyrus IMAP and IMSP servers, as well as everything else on the other machine. We still saw high loads coming from the MailScanner stuff. In fact, MailScanner literally drover our second member into the ground (poor thing). I am interested in what other large sites have done to optimize the processing of spam and virus scanning. I currently run with 20 MailScanner processes, since we have 4 CPU's. From what I can tell, it pulls in 100 messages at a time to process in a large batch and then sends them on their way. Doing it this way shows that disk IO gets slammed, and when it does recover, the CPU gets slammed, and then it starts all over again. I am thinking that maybe processing smaller chunks of emails might even out the load a little and maybe make things run a bit better. Another thought is with Spam Assassin. I know it has the capability to run in daemon mode (spamd). Does MailScanner even support this? Does running spamd in daemon mode give you any performance advantage at all? Anyways, I thought I would check to see what other people are doing... Thanks! Scott -- +-----------------------------------------------------------------------+ Scott W. Adkins http://www.cns.ohiou.edu/~sadkins/ UNIX Systems Engineer mailto:adkinss@ohio.edu ICQ 7626282 Work (740)593-9478 Fax (740)593-1944 +-----------------------------------------------------------------------+ PGP Public Key available at http://www.cns.ohiou.edu/~sadkins/pgp/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 231 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030110/1929bb26/attachment.bin From mailscanner at BARENDSE.TO Fri Jan 10 08:17:50 2003 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:16:55 2006 Subject: Performance Enhancements In-Reply-To: <14245584.1042166439@IO> Message-ID: You are right in your suspicions about SpamAssassin. I have encountered the exact same problem on several boxes, when I disable SA there is almost no load on the server, when I enable SA to load goes through the roof! A friend of mine only wanted spam scanning and not virusscanning and first tried MS/SA but backed away due to extremely high load figures. He is now using SA with sendmail's milter option with much better load figures. They have a relatively large volume server (hosting provider). I suspect that this load is cause because milter runs the mail through SA as it arrives and rejects is before it even enters the server and MS runs SA on mail in batches. Maybe it is just too much for any server to have multiple instances of SA running at the same time? On Fri, 10 Jan 2003, Scott Adkins wrote: > Okay, since we turned on MailScanner with Spam Assassin and Sophos, we > have definitely seen high load come out of the server... It looks like > the culprit is Spam Assassin. SA seems to take about 5 times as much > CPU to process mail as what Sophos does (which is backwards from what > I was expecting, actually). > > The system we are running this on is a pretty decent system. It is a > two member Compaq Alpha Tru64 5.1a cluster. One member is an ES40 with > 4 EV6.7 667Mhz CPU's, 4GB CPU cache and 8GB memory. The other member > is an Alpha 4100 with 4 EV5.6 600Mhz CPU's, 4GB CPU cache and 6GB memory. > The first member is more than twice as powerful as the second member is. > > This is our primary email system, and we regularly see 400-500k worth of > emails go through the system on a daily basis. We support well over 60k > users and typically have 1500+ concurrent IMAP/POP users logged onto the > system. The system performs great under these conditions... > > The idea was to run MailScanner and mail queue processing on one machine, > and our Cyrus IMAP and IMSP servers, as well as everything else on the > other machine. We still saw high loads coming from the MailScanner stuff. > In fact, MailScanner literally drover our second member into the ground > (poor thing). > > I am interested in what other large sites have done to optimize the > processing of spam and virus scanning. I currently run with 20 MailScanner > processes, since we have 4 CPU's. From what I can tell, it pulls in 100 > messages at a time to process in a large batch and then sends them on their > way. Doing it this way shows that disk IO gets slammed, and when it does > recover, the CPU gets slammed, and then it starts all over again. I am > thinking that maybe processing smaller chunks of emails might even out the > load a little and maybe make things run a bit better. > > Another thought is with Spam Assassin. I know it has the capability to run > in daemon mode (spamd). Does MailScanner even support this? Does running > spamd in daemon mode give you any performance advantage at all? > > Anyways, I thought I would check to see what other people are doing... > > Thanks! > Scott > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From P.G.M.Peters at civ.utwente.nl Fri Jan 10 09:29:23 2003 From: P.G.M.Peters at civ.utwente.nl (Peter Peters) Date: Thu Jan 12 21:16:55 2006 Subject: Orphaned, undelivered files in mqueue.in In-Reply-To: References: <5.2.0.9.2.20030109211244.02061460@imap.ecs.soton.ac.uk> Message-ID: <6i4t1vcmfl5pja96m582gqpadsj96mlaqg@4ax.com> On Thu, 9 Jan 2003 23:31:53 +0100, you wrote: >Strangely enough, immediately after increasing the Max Children = setting >back to 5 the problem disappeared and I had not had a single SIGHUP since! > >That is the only thing I changed and immediately solved the problem. Try changing it back to 2 and check whether the SIGHUP's start reappearing again. -- Peter Peters senior netwerkbeheerder, Centrum voor Informatievoorziening, Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: +31 53 489 2301, fax:+31 53 489 2383, http://www.utwente.nl/civ From P.G.M.Peters at civ.utwente.nl Fri Jan 10 09:36:00 2003 From: P.G.M.Peters at civ.utwente.nl (Peter Peters) Date: Thu Jan 12 21:16:55 2006 Subject: FW: Reviving an old idea about renaming forbidden extensions In-Reply-To: <1C94995A-242A-11D7-948E-000393D6F5B0@lemon-computing.com> References: <5C0296D26910694BB9A9BBFC577E7AB0A4ACFD@pascal.priv.bmrb.co.uk> <1C94995A-242A-11D7-948E-000393D6F5B0@lemon-computing.com> Message-ID: On Fri, 10 Jan 2003 12:28:51 +1300, you wrote: >If you were feeling particularly BOFH-like, you could zip them with a >unique password, and provide a message id as a reference. >Helpdesk/BOFH/whoever could then provide suitably clueful users with >the password on request... You could also use part of excisting information (QueueID perhaps) as a password. That way you also teach users there is more information than just "Aan", "Van", "Onderwerp". And they now how to get to that information (Some clients tend to change the way to do that every release). -- Peter Peters senior netwerkbeheerder, Centrum voor Informatievoorziening, Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: +31 53 489 2301, fax:+31 53 489 2383, http://www.utwente.nl/civ From j.cormie at ABERTAY.AC.UK Fri Jan 10 09:55:07 2003 From: j.cormie at ABERTAY.AC.UK (Jason Cormie) Date: Thu Jan 12 21:16:55 2006 Subject: Spamassasin timing Out Message-ID: Strange but True... Started up mailscanner this morning using Spamassassin... And now it works... -----Original Message----- From: Spicer, Kevin [mailto:Kevin.Spicer@BMRB.CO.UK] Sent: 09, January, 2003 18:36 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Spamassasin timing Out Thats not like the logs I was getting, so I imagine this is a different problem (mine was a sequence like the following... MailScanner starts, detects 1400 messages, says 'scanning 100 messages', 'Found 16 spam messages'- and just did this every 2 minutes!). It looks like your mailscanner is scanning messages(?) Have you checked the headers of the stuck messages to see if mailscanner has altered them? > -----Original Message----- > From: Jason Cormie [mailto:j.cormie@ABERTAY.AC.UK] > Sent: 09 January 2003 18:09 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Spamassasin timing Out > > > > What does your maillog say about it? > > When I restart mailscanner it comes up, sits at scanning > first 100 messages > then spamassassin times out > > mailscanner continues to run and eat processor and memory > > below is a segment of todays logs > at 15:38 I started mailscanner up with spamassassin enabled > at 16:35 I stopped it, waited a bit, started it without spamassassin > > Jan 9 15:38:21 uadspa01 mailscanner[13733]: MailScanner E-Mail Virus > Scanner version 3.26-1 starting. > Jan 9 15:38:21 uadspa01 mailscanner[13733]: Configuring > mailscanner for > Exim mailer... > Jan 9 15:38:21 uadspa01 mailscanner[13733]: Using locktype = posix > Jan 9 15:38:21 uadspa01 mailscanner[13733]: Creating > hardcoded struct_flock > subroutine for linux (Linux-type) > Jan 9 15:38:21 uadspa01 mailscanner[13734]: ECS MailScanner > setting GID to > mail (8) > Jan 9 15:38:21 uadspa01 mailscanner[13734]: ECS MailScanner > setting UID to > mail (8) > Jan 9 15:38:31 uadspa01 mailscanner[13734]: Startup: found 3 messages > waiting > Jan 9 15:38:31 uadspa01 mailscanner[13734]: Scanning 3 > messages, 15079 > bytes > Jan 9 15:39:12 uadspa01 mailscanner[13734]: Scanned 3 > messages, 15079 bytes > in 0 seconds > Jan 9 15:39:12 uadspa01 mailscanner[13734]: Scanning 8 > messages, 88547 > bytes > Jan 9 15:41:45 uadspa01 mailscanner[13734]: Scanned 8 > messages, 88547 bytes > in 0 seconds > Jan 9 15:41:45 uadspa01 mailscanner[13734]: Scanning 28 > messages, 395670 > bytes > Jan 9 15:48:54 uadspa01 mailscanner[13734]: Scanned 28 > messages, 395670 > bytes in 1 seconds > Jan 9 15:48:55 uadspa01 mailscanner[13734]: Scanning 86 > messages, 813639 > bytes > Jan 9 15:51:19 uadspa01 mailscanner[13734]: SpamAssassin > timed out and was > killed, consecutive failure 1 of 10 > Jan 9 16:10:11 uadspa01 mailscanner[13734]: Scanned 86 > messages, 813639 > bytes in 5 seconds > Jan 9 16:10:15 uadspa01 mailscanner[13734]: Scanning 100 > messages, 830555 > bytes > Jan 9 16:13:55 uadspa01 mailscanner[13734]: SpamAssassin > timed out and was > killed, consecutive failure 1 of 10 > Jan 9 16:30:00 uadspa01 mailscanner[13734]: Scanned 100 > messages, 830555 > bytes in 7 seconds > Jan 9 16:30:07 uadspa01 mailscanner[13734]: Scanning 100 > messages, 1024265 > bytes > Jan 9 16:35:00 uadspa01 mailscanner[18520]: MailScanner E-Mail Virus > Scanner version 3.26-1 starting. > Jan 9 16:35:00 uadspa01 mailscanner[18520]: Configuring > mailscanner for > Exim mailer... > Jan 9 16:35:00 uadspa01 mailscanner[18520]: Using locktype = posix > Jan 9 16:35:00 uadspa01 mailscanner[18520]: Creating > hardcoded struct_flock > subroutine for linux (Linux-type) > Jan 9 16:35:00 uadspa01 mailscanner[18521]: ECS MailScanner > setting GID to > mail (8) > Jan 9 16:35:00 uadspa01 mailscanner[18521]: ECS MailScanner > setting UID to > mail (8) > Jan 9 16:35:00 uadspa01 mailscanner[18521]: Startup: found > 516 messages > waiting > Jan 9 16:35:00 uadspa01 mailscanner[18521]: Scanning 100 > messages, 1024265 > bytes > Jan 9 16:35:07 uadspa01 mailscanner[18521]: Scanned 100 > messages, 1024265 > bytes in 7 seconds > Jan 9 16:35:14 uadspa01 mailscanner[18521]: Scanning 100 > messages, 1611938 > bytes > Jan 9 16:35:21 uadspa01 mailscanner[18521]: Scanned 100 > messages, 1611938 > bytes in 7 seconds > Jan 9 16:35:25 uadspa01 mailscanner[18521]: Scanning 100 > messages, 689528 > bytes > Jan 9 16:35:36 uadspa01 mailscanner[18521]: Detected > Microsoft-specific > exploits in 18WfHz-0004Et-00 > Jan 9 16:35:37 uadspa01 mailscanner[18521]: Found 1 viruses > in messages > 18WfHz-0004Et-00 > Jan 9 16:35:37 uadspa01 mailscanner[18521]: Scanned 100 > messages, 689528 > bytes in 11 seconds > Jan 9 16:35:37 uadspa01 mailscanner[18521]: Saved entire message to > /var/spool/mailscanner/quarantine/20030109/18WfHz-0004Et-00 > Jan 9 16:35:38 uadspa01 mailscanner[18521]: Notified > uadspa01@abertay.ac.uk > about 1 infections > Jan 9 16:35:42 uadspa01 mailscanner[18521]: Scanning 100 > messages, 1291793 > bytes > Jan 9 16:35:53 uadspa01 mailscanner[18521]: Scanned 100 > messages, 1291793 > bytes in 11 seconds > Jan 9 16:35:57 uadspa01 mailscanner[18521]: Scanning 100 > messages, 3287604 > bytes > Jan 9 16:36:05 uadspa01 mailscanner[18521]: Scanned 100 > messages, 3287604 > bytes in 8 seconds > Jan 9 16:36:07 uadspa01 mailscanner[18521]: Scanning 33 > messages, 772701 > bytes > Jan 9 16:36:08 uadspa01 mailscanner[18521]: Scanned 33 > messages, 772701 > bytes in 1 seconds > Jan 9 16:36:19 uadspa01 mailscanner[18521]: Scanning 1 > messages, 5277 bytes > > Jan 9 16:36:21 uadspa01 mailscanner[18521]: Scanned 1 > messages, 5277 bytes > in 2 seconds > Jan 9 16:36:27 uadspa01 mailscanner[18521]: Scanning 1 > messages, 4327 bytes > > Jan 9 16:36:27 uadspa01 mailscanner[18521]: Scanned 1 > messages, 4327 bytes > in 0 seconds > Jan 9 16:36:32 uadspa01 mailscanner[18521]: Scanning 1 > messages, 11562 > bytes > Jan 9 16:36:32 uadspa01 mailscanner[18521]: Scanned 1 > messages, 11562 bytes > in 0 seconds > Jan 9 16:36:53 uadspa01 mailscanner[18521]: Scanning 1 > messages, 2713 bytes > > Jan 9 16:36:55 uadspa01 mailscanner[18521]: Scanned 1 > messages, 2713 bytes > in 2 seconds > Jan 9 16:37:10 uadspa01 mailscanner[18521]: Scanning 1 > messages, 9386 bytes > > Jan 9 16:37:10 uadspa01 mailscanner[18521]: Scanned 1 > messages, 9386 bytes > in 0 seconds > Jan 9 16:37:15 uadspa01 mailscanner[18521]: Scanning 1 > messages, 3332 bytes > > Jan 9 16:37:15 uadspa01 mailscanner[18521]: Scanned 1 > messages, 3332 bytes > in 0 seconds > Jan 9 16:37:20 uadspa01 mailscanner[18521]: Scanning 2 > messages, 6956 bytes > > Jan 9 16:37:20 uadspa01 mailscanner[18521]: Scanned 2 > messages, 6956 bytes > in 0 seconds > Jan 9 16:37:25 uadspa01 mailscanner[18521]: Scanning 4 > messages, 16826 > bytes > Jan 9 16:37:26 uadspa01 mailscanner[18521]: Scanned 4 > messages, 16826 bytes > in 1 seconds > Jan 9 16:37:31 uadspa01 mailscanner[18521]: Scanning 2 > messages, 8660 bytes > > Jan 9 16:37:31 uadspa01 mailscanner[18521]: Scanned 2 > messages, 8660 bytes > in 0 seconds > Jan 9 16:37:36 uadspa01 mailscanner[18521]: Scanning 4 > messages, 35121 > bytes > Jan 9 16:37:36 uadspa01 mailscanner[18521]: Scanned 4 > messages, 35121 bytes > in 0 seconds > Jan 9 16:37:42 uadspa01 mailscanner[18521]: Scanning 3 > messages, 14442 > bytes > Jan 9 16:37:42 uadspa01 mailscanner[18521]: Scanned 3 > messages, 14442 bytes > in 0 seconds > Jan 9 16:37:47 uadspa01 mailscanner[18521]: Scanning 5 > messages, 22115 > bytes > Jan 9 16:37:47 uadspa01 mailscanner[18521]: Scanned 5 > messages, 22115 bytes > in 0 seconds > Jan 9 16:37:52 uadspa01 mailscanner[18521]: Scanning 1 > messages, 3397 bytes > > Jan 9 16:37:52 uadspa01 mailscanner[18521]: Scanned 1 > messages, 3397 bytes > in 0 seconds > Jan 9 16:37:57 uadspa01 mailscanner[18521]: Scanning 2 > messages, 23587 > bytes > Jan 9 16:37:58 uadspa01 mailscanner[18521]: Scanned 2 > messages, 23587 bytes > in 1 seconds > Jan 9 16:37:58 uadspa01 mailscanner[18521]: Scanning 1 > messages, 2942 bytes > > Jan 9 16:37:58 uadspa01 mailscanner[18521]: Scanned 1 > messages, 2942 bytes > in 0 seconds > Jan 9 16:38:03 uadspa01 mailscanner[18521]: Scanning 2 > messages, 6947 bytes > > Jan 9 16:38:03 uadspa01 mailscanner[18521]: Scanned 2 > messages, 6947 bytes > in 0 seconds > Jan 9 16:38:08 uadspa01 mailscanner[18521]: Scanning 3 > messages, 12991 > bytes > Jan 9 16:38:09 uadspa01 mailscanner[18521]: Scanned 3 > messages, 12991 bytes > in 1 seconds > Jan 9 16:38:14 uadspa01 mailscanner[18521]: Scanning 3 > messages, 13782 > bytes > Jan 9 16:38:14 uadspa01 mailscanner[18521]: Scanned 3 > messages, 13782 bytes > in 0 seconds > Jan 9 16:38:19 uadspa01 mailscanner[18521]: Scanning 3 > messages, 15573 > bytes > Jan 9 16:38:20 uadspa01 mailscanner[18521]: Scanned 3 > messages, 15573 bytes > in 1 seconds > Jan 9 16:38:25 uadspa01 mailscanner[18521]: Scanning 6 > messages, 69217 > bytes > Jan 9 16:38:25 uadspa01 mailscanner[18521]: Scanned 6 > messages, 69217 bytes > in 0 seconds > Jan 9 16:38:35 uadspa01 mailscanner[18521]: Scanning 5 > messages, 20344 > bytes > Jan 9 16:38:35 uadspa01 mailscanner[18521]: Scanned 5 > messages, 20344 bytes > in 0 seconds > Jan 9 16:38:35 uadspa01 mailscanner[18521]: Scanning 1 > messages, 2157 bytes > > Jan 9 16:38:36 uadspa01 mailscanner[18521]: Scanned 1 > messages, 2157 bytes > in 0 seconds > Jan 9 16:38:41 uadspa01 mailscanner[18521]: Scanning 1 > messages, 2157 bytes > > Jan 9 16:38:41 uadspa01 mailscanner[18521]: Scanned 1 > messages, 2157 bytes > in 0 seconds > Jan 9 16:38:46 uadspa01 mailscanner[18521]: Scanning 4 > messages, 17190 > bytes > Jan 9 16:38:46 uadspa01 mailscanner[18521]: Scanned 4 > messages, 17190 bytes > in 0 seconds > Jan 9 16:38:46 uadspa01 mailscanner[18521]: Scanning 1 > messages, 4451 bytes > From mailscanner at ecs.soton.ac.uk Fri Jan 10 09:21:10 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:55 2006 Subject: Performance Enhancements In-Reply-To: <14245584.1042166439@IO> Message-ID: <5.2.0.9.2.20030110085438.04976de8@imap.ecs.soton.ac.uk> At 07:40 10/01/2003, you wrote: >I am interested in what other large sites have done to optimize the >processing of spam and virus scanning. I currently run with 20 MailScanner >processes, since we have 4 CPU's. From what I can tell, it pulls in 100 >messages at a time to process in a large batch and then sends them on their >way. Doing it this way shows that disk IO gets slammed, and when it does >recover, the CPU gets slammed, and then it starts all over again. I am >thinking that maybe processing smaller chunks of emails might even out the >load a little and maybe make things run a bit better. The idea was that the processes all start at different times, and should therefore be out of phase with each other. So while 1 process is doing lots of disk IO, another is doing lots of CPU, another is doing lots of network access. If you find them all running doing the same thing at the same time (so lots of processes are collecting new batches, then they all do SA together, then they all virus scan together, etc) then you are seeing a very strange symptom that I have seen on my dual-Xeon box here. I haven't the foggiest idea how it happens, there's nothing wrong with the code (I've had some computer science experts stare at it). But, I did find a way around it. If you put the incoming directory ("incoming", not "mqueue.in") in RAM using tmpfs, the problem disappears. >Another thought is with Spam Assassin. I know it has the capability to run >in daemon mode (spamd). Does MailScanner even support this? Does running >spamd in daemon mode give you any performance advantage at all? The spamd daemon merely provides a (narrow) route to the SpamAssassin code, which is all written in perl. MailScanner talks to the perl code directly, which is considerably faster than having to poke all the files down a socket to it. Using spamd would be slower. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Fri Jan 10 08:51:56 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:55 2006 Subject: Attempted delivery BATCH vs QUEUE In-Reply-To: <13370015.1042165564@IO> Message-ID: <5.2.0.9.2.20030110084906.02a07de0@imap.ecs.soton.ac.uk> The only difference between "queue" and "batch" is that, after putting the messages in the outgoing queue, "batch" tells sendmail to do a delivery attempt. "queue" just leaves them there for the sendmail queue runner process to find later. If you want to do something like put internal email into 1 queue and outgoing email into another queue, you can make the "Outgoing Queue Dir" a ruleset. You can also make "delivery method" a ruleset too, so you can do different actions on mail to/from different addresses. That *should* be enough for you to do what you want. I hope it is anyway :-) At 07:26 10/01/2003, you wrote: >Okay, maybe I am a bit confused about how this works... But I changed >our queues a bit tonight on the system and decided to change MailScanner >back to "batch" mode. Basically, the configuration is as follows: > > Incoming Queue Dir = /var_spool/cyrus-fast > Outgoing Queue Dir = /var_spool/cyrus-slow > Incoming Work Dir = /var_spool/MailScanner/incoming > Quarantine Dir = /var_spool/MailScanner/quarantine > Sendmail = /usr/sbin/sendmail > Deliver In Background = yes > Delivery Method = batch > >When I had the Delivery Method set to "queue", it worked as I expected in >that MailScanner would deposit the email into the "cyrus-slow" queue after >the messages had been scanned, and my cron jobs would eventually come through >and do the delivery themselves. > >Now, what I want instead is for MailScanner to try and deliver the message >first and if it couldn't, then and only then deposit the message in the >"cyrus-slow" queue. I still have the cron jobs, so the email will get >delivered eventually. > >However, from what I can see in the logs and the behavior, MailScanner isn't >doing any kind of delivery. All of the messages after being scanned are put >into the "cyrus-slow" queue. I have sendmail configured to deliver to LMTP, >and checking my cyrus logs shows that the lmtp server isn't even being >contacted, meaning that sendmail isn't getting ran to do the delivery. The >MailScanner logs show the following: > > Spam Checks: Found 38 spam messages > Spam Actions: message h0A7PmYV932698 actions are deliver > Spam Actions: message h0A7PVYV960562 actions are deliver > Spam Actions: message h0A7P1YV544776 actions are deliver > .... > Spam Actions: message h0A7PqYV947802 actions are deliver > Spam Actions: message h0A7PpYV963580 actions are deliver > Spam Actions: message h0A7PnYV958534 actions are deliver > Unscanned: Delivered 60 messages > Virus and Content Scanning: Starting > New Batch: Found 129 messages waiting > New Batch: Forwarding 100 unscanned messages, 782674 bytes > Spam Checks: Starting > >I am wondering about the "Unscanned: Delivered 60 messages" entry, and not >sure what the "Forwarding 100 unscanned messages" is all about. Am I just >confused about what "batch" mode is all about? > >Scott >-- >+-----------------------------------------------------------------------+ > Scott W. Adkins http://www.cns.ohiou.edu/~sadkins/ > UNIX Systems Engineer mailto:adkinss@ohio.edu > ICQ 7626282 Work (740)593-9478 Fax (740)593-1944 >+-----------------------------------------------------------------------+ > PGP Public Key available at > http://www.cns.ohiou.edu/~sadkins/pgp/ -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Fri Jan 10 09:24:42 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:55 2006 Subject: Performance Enhancements In-Reply-To: References: <14245584.1042166439@IO> Message-ID: <5.2.0.9.2.20030110092133.02d1b170@imap.ecs.soton.ac.uk> At 08:17 10/01/2003, you wrote: >I suspect that this load is cause because milter runs the mail through >SA as it arrives and rejects is before it even enters the server and MS >runs SA on mail in batches. Maybe it is just too much for any server to >have multiple instances of SA running at the same time? SA is quite memory-hungry. You can always try reducing the number of child processes to, say, 2 and see if that actually performs better than 5. My guess at 5 was made on the basis of using all the RAM in a 512MB machine with some sample test messages. I would not be at all surprised if it wasn't the right figure for other systems. Keep an eye on the overall load, as some systems (SPARC systems come to mind) have a very high context-switching overhead, so the more CPU-intensive jobs it is switching between, the slower it goes. >On Fri, 10 Jan 2003, Scott Adkins wrote: > > Okay, since we turned on MailScanner with Spam Assassin and Sophos, we > > have definitely seen high load come out of the server... It looks like > > the culprit is Spam Assassin. SA seems to take about 5 times as much > > CPU to process mail as what Sophos does (which is backwards from what > > I was expecting, actually). > > > > The system we are running this on is a pretty decent system. It is a > > two member Compaq Alpha Tru64 5.1a cluster. One member is an ES40 with > > 4 EV6.7 667Mhz CPU's, 4GB CPU cache and 8GB memory. The other member > > is an Alpha 4100 with 4 EV5.6 600Mhz CPU's, 4GB CPU cache and 6GB memory. > > The first member is more than twice as powerful as the second member is. > > > > This is our primary email system, and we regularly see 400-500k worth of > > emails go through the system on a daily basis. We support well over 60k > > users and typically have 1500+ concurrent IMAP/POP users logged onto the > > system. The system performs great under these conditions... > > > > The idea was to run MailScanner and mail queue processing on one machine, > > and our Cyrus IMAP and IMSP servers, as well as everything else on the > > other machine. We still saw high loads coming from the MailScanner stuff. > > In fact, MailScanner literally drover our second member into the ground > > (poor thing). > > > > I am interested in what other large sites have done to optimize the > > processing of spam and virus scanning. I currently run with 20 MailScanner > > processes, since we have 4 CPU's. From what I can tell, it pulls in 100 > > messages at a time to process in a large batch and then sends them on their > > way. Doing it this way shows that disk IO gets slammed, and when it does > > recover, the CPU gets slammed, and then it starts all over again. I am > > thinking that maybe processing smaller chunks of emails might even out the > > load a little and maybe make things run a bit better. > > > > Another thought is with Spam Assassin. I know it has the capability to run > > in daemon mode (spamd). Does MailScanner even support this? Does running > > spamd in daemon mode give you any performance advantage at all? > > > > Anyways, I thought I would check to see what other people are doing... > > > > Thanks! > > Scott > > > > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Fri Jan 10 10:04:49 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:55 2006 Subject: Spamassasin timing Out In-Reply-To: Message-ID: <5.2.0.9.2.20030110100423.02adab68@imap.ecs.soton.ac.uk> At 09:55 10/01/2003, you wrote: >Strange but True... > >Started up mailscanner this morning using Spamassassin... > >And now it works... Dodgy RBL's being used by SpamAssassin? >-----Original Message----- >From: Spicer, Kevin [mailto:Kevin.Spicer@BMRB.CO.UK] >Sent: 09, January, 2003 18:36 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Spamassasin timing Out > > >Thats not like the logs I was getting, so I imagine this is a different >problem (mine was a sequence like the following... MailScanner starts, >detects 1400 messages, says 'scanning 100 messages', 'Found 16 spam >messages'- and just did this every 2 minutes!). It looks like your >mailscanner is scanning messages(?) Have you checked the headers of the >stuck messages to see if mailscanner has altered them? > > > -----Original Message----- > > From: Jason Cormie [mailto:j.cormie@ABERTAY.AC.UK] > > Sent: 09 January 2003 18:09 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Spamassasin timing Out > > > > > > > What does your maillog say about it? > > > > When I restart mailscanner it comes up, sits at scanning > > first 100 messages > > then spamassassin times out > > > > mailscanner continues to run and eat processor and memory > > > > below is a segment of todays logs > > at 15:38 I started mailscanner up with spamassassin enabled > > at 16:35 I stopped it, waited a bit, started it without spamassassin > > > > Jan 9 15:38:21 uadspa01 mailscanner[13733]: MailScanner E-Mail Virus > > Scanner version 3.26-1 starting. > > Jan 9 15:38:21 uadspa01 mailscanner[13733]: Configuring > > mailscanner for > > Exim mailer... > > Jan 9 15:38:21 uadspa01 mailscanner[13733]: Using locktype = posix > > Jan 9 15:38:21 uadspa01 mailscanner[13733]: Creating > > hardcoded struct_flock > > subroutine for linux (Linux-type) > > Jan 9 15:38:21 uadspa01 mailscanner[13734]: ECS MailScanner > > setting GID to > > mail (8) > > Jan 9 15:38:21 uadspa01 mailscanner[13734]: ECS MailScanner > > setting UID to > > mail (8) > > Jan 9 15:38:31 uadspa01 mailscanner[13734]: Startup: found 3 messages > > waiting > > Jan 9 15:38:31 uadspa01 mailscanner[13734]: Scanning 3 > > messages, 15079 > > bytes > > Jan 9 15:39:12 uadspa01 mailscanner[13734]: Scanned 3 > > messages, 15079 bytes > > in 0 seconds > > Jan 9 15:39:12 uadspa01 mailscanner[13734]: Scanning 8 > > messages, 88547 > > bytes > > Jan 9 15:41:45 uadspa01 mailscanner[13734]: Scanned 8 > > messages, 88547 bytes > > in 0 seconds > > Jan 9 15:41:45 uadspa01 mailscanner[13734]: Scanning 28 > > messages, 395670 > > bytes > > Jan 9 15:48:54 uadspa01 mailscanner[13734]: Scanned 28 > > messages, 395670 > > bytes in 1 seconds > > Jan 9 15:48:55 uadspa01 mailscanner[13734]: Scanning 86 > > messages, 813639 > > bytes > > Jan 9 15:51:19 uadspa01 mailscanner[13734]: SpamAssassin > > timed out and was > > killed, consecutive failure 1 of 10 > > Jan 9 16:10:11 uadspa01 mailscanner[13734]: Scanned 86 > > messages, 813639 > > bytes in 5 seconds > > Jan 9 16:10:15 uadspa01 mailscanner[13734]: Scanning 100 > > messages, 830555 > > bytes > > Jan 9 16:13:55 uadspa01 mailscanner[13734]: SpamAssassin > > timed out and was > > killed, consecutive failure 1 of 10 > > Jan 9 16:30:00 uadspa01 mailscanner[13734]: Scanned 100 > > messages, 830555 > > bytes in 7 seconds > > Jan 9 16:30:07 uadspa01 mailscanner[13734]: Scanning 100 > > messages, 1024265 > > bytes > > Jan 9 16:35:00 uadspa01 mailscanner[18520]: MailScanner E-Mail Virus > > Scanner version 3.26-1 starting. > > Jan 9 16:35:00 uadspa01 mailscanner[18520]: Configuring > > mailscanner for > > Exim mailer... > > Jan 9 16:35:00 uadspa01 mailscanner[18520]: Using locktype = posix > > Jan 9 16:35:00 uadspa01 mailscanner[18520]: Creating > > hardcoded struct_flock > > subroutine for linux (Linux-type) > > Jan 9 16:35:00 uadspa01 mailscanner[18521]: ECS MailScanner > > setting GID to > > mail (8) > > Jan 9 16:35:00 uadspa01 mailscanner[18521]: ECS MailScanner > > setting UID to > > mail (8) > > Jan 9 16:35:00 uadspa01 mailscanner[18521]: Startup: found > > 516 messages > > waiting > > Jan 9 16:35:00 uadspa01 mailscanner[18521]: Scanning 100 > > messages, 1024265 > > bytes > > Jan 9 16:35:07 uadspa01 mailscanner[18521]: Scanned 100 > > messages, 1024265 > > bytes in 7 seconds > > Jan 9 16:35:14 uadspa01 mailscanner[18521]: Scanning 100 > > messages, 1611938 > > bytes > > Jan 9 16:35:21 uadspa01 mailscanner[18521]: Scanned 100 > > messages, 1611938 > > bytes in 7 seconds > > Jan 9 16:35:25 uadspa01 mailscanner[18521]: Scanning 100 > > messages, 689528 > > bytes > > Jan 9 16:35:36 uadspa01 mailscanner[18521]: Detected > > Microsoft-specific > > exploits in 18WfHz-0004Et-00 > > Jan 9 16:35:37 uadspa01 mailscanner[18521]: Found 1 viruses > > in messages > > 18WfHz-0004Et-00 > > Jan 9 16:35:37 uadspa01 mailscanner[18521]: Scanned 100 > > messages, 689528 > > bytes in 11 seconds > > Jan 9 16:35:37 uadspa01 mailscanner[18521]: Saved entire message to > > /var/spool/mailscanner/quarantine/20030109/18WfHz-0004Et-00 > > Jan 9 16:35:38 uadspa01 mailscanner[18521]: Notified > > uadspa01@abertay.ac.uk > > about 1 infections > > Jan 9 16:35:42 uadspa01 mailscanner[18521]: Scanning 100 > > messages, 1291793 > > bytes > > Jan 9 16:35:53 uadspa01 mailscanner[18521]: Scanned 100 > > messages, 1291793 > > bytes in 11 seconds > > Jan 9 16:35:57 uadspa01 mailscanner[18521]: Scanning 100 > > messages, 3287604 > > bytes > > Jan 9 16:36:05 uadspa01 mailscanner[18521]: Scanned 100 > > messages, 3287604 > > bytes in 8 seconds > > Jan 9 16:36:07 uadspa01 mailscanner[18521]: Scanning 33 > > messages, 772701 > > bytes > > Jan 9 16:36:08 uadspa01 mailscanner[18521]: Scanned 33 > > messages, 772701 > > bytes in 1 seconds > > Jan 9 16:36:19 uadspa01 mailscanner[18521]: Scanning 1 > > messages, 5277 bytes > > > > Jan 9 16:36:21 uadspa01 mailscanner[18521]: Scanned 1 > > messages, 5277 bytes > > in 2 seconds > > Jan 9 16:36:27 uadspa01 mailscanner[18521]: Scanning 1 > > messages, 4327 bytes > > > > Jan 9 16:36:27 uadspa01 mailscanner[18521]: Scanned 1 > > messages, 4327 bytes > > in 0 seconds > > Jan 9 16:36:32 uadspa01 mailscanner[18521]: Scanning 1 > > messages, 11562 > > bytes > > Jan 9 16:36:32 uadspa01 mailscanner[18521]: Scanned 1 > > messages, 11562 bytes > > in 0 seconds > > Jan 9 16:36:53 uadspa01 mailscanner[18521]: Scanning 1 > > messages, 2713 bytes > > > > Jan 9 16:36:55 uadspa01 mailscanner[18521]: Scanned 1 > > messages, 2713 bytes > > in 2 seconds > > Jan 9 16:37:10 uadspa01 mailscanner[18521]: Scanning 1 > > messages, 9386 bytes > > > > Jan 9 16:37:10 uadspa01 mailscanner[18521]: Scanned 1 > > messages, 9386 bytes > > in 0 seconds > > Jan 9 16:37:15 uadspa01 mailscanner[18521]: Scanning 1 > > messages, 3332 bytes > > > > Jan 9 16:37:15 uadspa01 mailscanner[18521]: Scanned 1 > > messages, 3332 bytes > > in 0 seconds > > Jan 9 16:37:20 uadspa01 mailscanner[18521]: Scanning 2 > > messages, 6956 bytes > > > > Jan 9 16:37:20 uadspa01 mailscanner[18521]: Scanned 2 > > messages, 6956 bytes > > in 0 seconds > > Jan 9 16:37:25 uadspa01 mailscanner[18521]: Scanning 4 > > messages, 16826 > > bytes > > Jan 9 16:37:26 uadspa01 mailscanner[18521]: Scanned 4 > > messages, 16826 bytes > > in 1 seconds > > Jan 9 16:37:31 uadspa01 mailscanner[18521]: Scanning 2 > > messages, 8660 bytes > > > > Jan 9 16:37:31 uadspa01 mailscanner[18521]: Scanned 2 > > messages, 8660 bytes > > in 0 seconds > > Jan 9 16:37:36 uadspa01 mailscanner[18521]: Scanning 4 > > messages, 35121 > > bytes > > Jan 9 16:37:36 uadspa01 mailscanner[18521]: Scanned 4 > > messages, 35121 bytes > > in 0 seconds > > Jan 9 16:37:42 uadspa01 mailscanner[18521]: Scanning 3 > > messages, 14442 > > bytes > > Jan 9 16:37:42 uadspa01 mailscanner[18521]: Scanned 3 > > messages, 14442 bytes > > in 0 seconds > > Jan 9 16:37:47 uadspa01 mailscanner[18521]: Scanning 5 > > messages, 22115 > > bytes > > Jan 9 16:37:47 uadspa01 mailscanner[18521]: Scanned 5 > > messages, 22115 bytes > > in 0 seconds > > Jan 9 16:37:52 uadspa01 mailscanner[18521]: Scanning 1 > > messages, 3397 bytes > > > > Jan 9 16:37:52 uadspa01 mailscanner[18521]: Scanned 1 > > messages, 3397 bytes > > in 0 seconds > > Jan 9 16:37:57 uadspa01 mailscanner[18521]: Scanning 2 > > messages, 23587 > > bytes > > Jan 9 16:37:58 uadspa01 mailscanner[18521]: Scanned 2 > > messages, 23587 bytes > > in 1 seconds > > Jan 9 16:37:58 uadspa01 mailscanner[18521]: Scanning 1 > > messages, 2942 bytes > > > > Jan 9 16:37:58 uadspa01 mailscanner[18521]: Scanned 1 > > messages, 2942 bytes > > in 0 seconds > > Jan 9 16:38:03 uadspa01 mailscanner[18521]: Scanning 2 > > messages, 6947 bytes > > > > Jan 9 16:38:03 uadspa01 mailscanner[18521]: Scanned 2 > > messages, 6947 bytes > > in 0 seconds > > Jan 9 16:38:08 uadspa01 mailscanner[18521]: Scanning 3 > > messages, 12991 > > bytes > > Jan 9 16:38:09 uadspa01 mailscanner[18521]: Scanned 3 > > messages, 12991 bytes > > in 1 seconds > > Jan 9 16:38:14 uadspa01 mailscanner[18521]: Scanning 3 > > messages, 13782 > > bytes > > Jan 9 16:38:14 uadspa01 mailscanner[18521]: Scanned 3 > > messages, 13782 bytes > > in 0 seconds > > Jan 9 16:38:19 uadspa01 mailscanner[18521]: Scanning 3 > > messages, 15573 > > bytes > > Jan 9 16:38:20 uadspa01 mailscanner[18521]: Scanned 3 > > messages, 15573 bytes > > in 1 seconds > > Jan 9 16:38:25 uadspa01 mailscanner[18521]: Scanning 6 > > messages, 69217 > > bytes > > Jan 9 16:38:25 uadspa01 mailscanner[18521]: Scanned 6 > > messages, 69217 bytes > > in 0 seconds > > Jan 9 16:38:35 uadspa01 mailscanner[18521]: Scanning 5 > > messages, 20344 > > bytes > > Jan 9 16:38:35 uadspa01 mailscanner[18521]: Scanned 5 > > messages, 20344 bytes > > in 0 seconds > > Jan 9 16:38:35 uadspa01 mailscanner[18521]: Scanning 1 > > messages, 2157 bytes > > > > Jan 9 16:38:36 uadspa01 mailscanner[18521]: Scanned 1 > > messages, 2157 bytes > > in 0 seconds > > Jan 9 16:38:41 uadspa01 mailscanner[18521]: Scanning 1 > > messages, 2157 bytes > > > > Jan 9 16:38:41 uadspa01 mailscanner[18521]: Scanned 1 > > messages, 2157 bytes > > in 0 seconds > > Jan 9 16:38:46 uadspa01 mailscanner[18521]: Scanning 4 > > messages, 17190 > > bytes > > Jan 9 16:38:46 uadspa01 mailscanner[18521]: Scanned 4 > > messages, 17190 bytes > > in 0 seconds > > Jan 9 16:38:46 uadspa01 mailscanner[18521]: Scanning 1 > > messages, 4451 bytes > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From tony.johansson at SVENSKAKYRKAN.SE Fri Jan 10 10:19:08 2003 From: tony.johansson at SVENSKAKYRKAN.SE (Tony Johansson) Date: Thu Jan 12 21:16:55 2006 Subject: SV: Performance Enhancements Message-ID: <3C4F5084EF16D4119CE700508B6B8B10058D0921@nt.svenskakyrkan.se> >>Another thought is with Spam Assassin. I know it has the capability to run >>in daemon mode (spamd). Does MailScanner even support this? Does running >>spamd in daemon mode give you any performance advantage at all? >The spamd daemon merely provides a (narrow) route to the SpamAssassin code, >which is all written in perl. MailScanner talks to the perl code directly, >which is considerably faster than having to poke all the files down a >socket to it. Using spamd would be slower. I see spamd running on my MailScanner boxes (default rpm install of spamassassin) I guess I could just "chkconfig spamassassin off" and MailScanner would run just as well as before then? regards, Tony From mailscanner at ecs.soton.ac.uk Fri Jan 10 10:19:42 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:55 2006 Subject: SV: Performance Enhancements In-Reply-To: <3C4F5084EF16D4119CE700508B6B8B10058D0921@nt.svenskakyrkan. se> Message-ID: <5.2.0.9.2.20030110101911.02da5e50@imap.ecs.soton.ac.uk> At 10:19 10/01/2003, you wrote: > >>Another thought is with Spam Assassin. I know it has the capability to >run > >>in daemon mode (spamd). Does MailScanner even support this? Does running > >>spamd in daemon mode give you any performance advantage at all? > > >The spamd daemon merely provides a (narrow) route to the SpamAssassin code, > >which is all written in perl. MailScanner talks to the perl code directly, > >which is considerably faster than having to poke all the files down a > >socket to it. Using spamd would be slower. > >I see spamd running on my MailScanner boxes (default rpm install of >spamassassin) >I guess I could just "chkconfig spamassassin off" and MailScanner would run >just as well as before then? Indeed. You don't need spamd running. You might want to do service spamassassin stop as well. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From j.cormie at ABERTAY.AC.UK Fri Jan 10 10:30:53 2003 From: j.cormie at ABERTAY.AC.UK (Jason Cormie) Date: Thu Jan 12 21:16:55 2006 Subject: Spamassasin timing Out Message-ID: Only RBL I use is janets and thats on Exim I see if I can dig up my installation notes... vim /etc/mailscanner/mailscanner.conf Host Name = Abertay Mailscanner 1 Virus Scanner = mcafee Sweep = /etc/mailscanner/wrapper/mcafeewrapper Attachment Warning Filename = alert.txt Expand TNEF = no Notify Senders = no Local Postmaster = uadspa01@abertay.ac.uk Still Deliver Quietly Deleted Viruses = no Allow Iframe Tags = yes SpamAssassin Auto Whitelist = no Always Include SpamAssassin Report = yes High SpamAssassin Score = 15 High Scoring Spam Action = delete add a # in front of Spam List = ORDB-RBL, relays.ordb.org vim /etc/mailscanner/spamassassin.prefs.conf required_hits 10 skip_rbl_checks 1 -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: 10, January, 2003 10:05 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Spamassasin timing Out At 09:55 10/01/2003, you wrote: >Strange but True... > >Started up mailscanner this morning using Spamassassin... > >And now it works... Dodgy RBL's being used by SpamAssassin? From paul at ESPMAIL.CO.UK Fri Jan 10 11:16:46 2003 From: paul at ESPMAIL.CO.UK (Paul Welsh) Date: Thu Jan 12 21:16:55 2006 Subject: SpamCop vs Osirusoft References: <5.2.0.9.2.20030110100423.02adab68@imap.ecs.soton.ac.uk> Message-ID: <00e601c2b899$c3661730$6a0110ac@sbsplc.com> I've been monitoring the hit rate of SpamCop and Osirusoft for the last month. There were very few false hits. The trigger value I've used is 9 (Julian's recommendation) but I've given spamcop and osirusoft values of 7. Here are the results for anyone who wants an idea of whether it's worth paying for SpamCop. Naturally, there is overlap; some messages will appear in both spamcop and osirusoft: TOTAL 2843 RCVD_IN_BL_SPAMCOP_NET 2247 RCVD_IN_OSIRUSOFT_COM 1595 I appreciate that Osirusoft's RBL seems to having problems responding to demand at the moment. That to me is another reason to go the SpamCop route. From j.cormie at ABERTAY.AC.UK Fri Jan 10 11:17:38 2003 From: j.cormie at ABERTAY.AC.UK (Jason Cormie) Date: Thu Jan 12 21:16:55 2006 Subject: Spamassasin timing Out Message-ID: Spoke to soon, mailq now lists 300 messages that have been sitting their some for 40 minutes... It looks like it just keeps scanning and scanning the same messages It was working, honest :( -----Original Message----- From: Jason Cormie [mailto:j.cormie@ABERTAY.AC.UK] Sent: 10, January, 2003 10:31 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Spamassasin timing Out Only RBL I use is janets and thats on Exim I see if I can dig up my installation notes... vim /etc/mailscanner/mailscanner.conf Host Name = Abertay Mailscanner 1 Virus Scanner = mcafee Sweep = /etc/mailscanner/wrapper/mcafeewrapper Attachment Warning Filename = alert.txt Expand TNEF = no Notify Senders = no Local Postmaster = uadspa01@abertay.ac.uk Still Deliver Quietly Deleted Viruses = no Allow Iframe Tags = yes SpamAssassin Auto Whitelist = no Always Include SpamAssassin Report = yes High SpamAssassin Score = 15 High Scoring Spam Action = delete add a # in front of Spam List = ORDB-RBL, relays.ordb.org vim /etc/mailscanner/spamassassin.prefs.conf required_hits 10 skip_rbl_checks 1 -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: 10, January, 2003 10:05 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Spamassasin timing Out At 09:55 10/01/2003, you wrote: >Strange but True... > >Started up mailscanner this morning using Spamassassin... > >And now it works... Dodgy RBL's being used by SpamAssassin? From mailscanner at ecs.soton.ac.uk Fri Jan 10 11:23:00 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:55 2006 Subject: Spamassasin timing Out In-Reply-To: Message-ID: <5.2.0.9.2.20030110112237.04c90860@imap.ecs.soton.ac.uk> At 11:17 10/01/2003, you wrote: >Spoke to soon, mailq now lists 300 messages that have been sitting their >some for 40 minutes... >It looks like it just keeps scanning and scanning the same messages Anything in the logs? If not, we'll have to do a bit of off-list debugging. >It was working, honest :( > >-----Original Message----- >From: Jason Cormie [mailto:j.cormie@ABERTAY.AC.UK] >Sent: 10, January, 2003 10:31 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Spamassasin timing Out > > >Only RBL I use is janets and thats on Exim >I see if I can dig up my installation notes... > >vim /etc/mailscanner/mailscanner.conf >Host Name = Abertay Mailscanner 1 >Virus Scanner = mcafee >Sweep = /etc/mailscanner/wrapper/mcafeewrapper >Attachment Warning Filename = alert.txt >Expand TNEF = no >Notify Senders = no >Local Postmaster = uadspa01@abertay.ac.uk >Still Deliver Quietly Deleted Viruses = no >Allow Iframe Tags = yes >SpamAssassin Auto Whitelist = no >Always Include SpamAssassin Report = yes >High SpamAssassin Score = 15 >High Scoring Spam Action = delete >add a # in front of Spam List = ORDB-RBL, relays.ordb.org > > >vim /etc/mailscanner/spamassassin.prefs.conf >required_hits 10 >skip_rbl_checks 1 > > > >-----Original Message----- >From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] >Sent: 10, January, 2003 10:05 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Spamassasin timing Out > > >At 09:55 10/01/2003, you wrote: > >Strange but True... > > > >Started up mailscanner this morning using Spamassassin... > > > >And now it works... > >Dodgy RBL's being used by SpamAssassin? -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From j.cormie at ABERTAY.AC.UK Fri Jan 10 11:41:40 2003 From: j.cormie at ABERTAY.AC.UK (Jason Cormie) Date: Thu Jan 12 21:16:55 2006 Subject: Spamassasin timing Out Message-ID: syslog below, nowt interesting Just though yesterday I ran these home-made command to wipe out frozen and bounces stuck in outgoing queue exim -C/etc/exim/exim_outgoing.conf -Mrm $(mailq -C/etc/exim/exim_outgoing.conf | grep '<>' | cut -c11-27) exim -C/etc/exim/exim_outgoing.conf -Mrm $(mailq -C/etc/exim/exim_outgoing.conf | grep '*** frozen' | cut -c11-27) perhaps this may have had an effect? Jan 10 10:12:49 uadspa01 mailscanner[4527]: Scanning 1 messages, 72747 bytes Jan 10 10:12:49 uadspa01 mailscanner[4527]: Scanned 1 messages, 72747 bytes in 0 seconds Jan 10 10:12:54 uadspa01 mailscanner[4527]: Scanning 2 messages, 10462 bytes Jan 10 10:12:56 uadspa01 mailscanner[4527]: Scanned 2 messages, 10462 bytes in 1 seconds Jan 10 10:13:11 uadspa01 mailscanner[4527]: Scanning 2 messages, 7242 bytes Jan 10 10:13:31 uadspa01 mailscanner[4527]: Scanned 2 messages, 7242 bytes in 0 seconds Jan 10 10:13:31 uadspa01 mailscanner[4527]: Scanning 1 messages, 4900 bytes Jan 10 10:13:42 uadspa01 mailscanner[4527]: Scanned 1 messages, 4900 bytes in 1 seconds Jan 10 10:13:42 uadspa01 mailscanner[4527]: Scanning 3 messages, 7407 bytes Jan 10 10:14:12 uadspa01 mailscanner[4527]: Scanned 3 messages, 7407 bytes in 0 seconds Jan 10 10:14:12 uadspa01 mailscanner[4527]: Scanning 5 messages, 62119 bytes Jan 10 10:15:04 uadspa01 mailscanner[4527]: Scanned 5 messages, 62119 bytes in 0 seconds Jan 10 10:15:04 uadspa01 mailscanner[4527]: Scanning 12 messages, 458227 bytes Jan 10 10:16:57 uadspa01 mailscanner[4527]: Scanned 12 messages, 458227 bytes in 1 seconds Jan 10 10:16:58 uadspa01 mailscanner[4527]: Scanning 24 messages, 185383 bytes Jan 10 10:21:03 uadspa01 mailscanner[4527]: Scanned 24 messages, 185383 bytes in 2 seconds Jan 10 10:21:03 uadspa01 mailscanner[4527]: Scanning 53 messages, 454720 bytes Jan 10 10:23:01 uadspa01 /USR/SBIN/CRON[13362]: (mail) CMD ( if [ -x /usr/sbin/exim -a -f /etc/exim/exim.conf ]; then /usr/sbin/exim -q ; fi) Jan 10 10:30:01 uadspa01 mailscanner[4527]: Scanned 53 messages, 454720 bytes in 3 seconds Jan 10 10:30:03 uadspa01 mailscanner[4527]: Scanning 100 messages, 1769779 bytes Jan 10 10:38:01 uadspa01 /USR/SBIN/CRON[14378]: (mail) CMD ( if [ -x /usr/sbin/exim -a -f /etc/exim/exim.conf ]; then /usr/sbin/exim -q ; fi) Jan 10 10:46:26 uadspa01 mailscanner[4527]: Scanned 100 messages, 1769779 bytes in 7 seconds Jan 10 10:46:33 uadspa01 mailscanner[4527]: Scanning 100 messages, 1097136 bytes Jan 10 10:53:01 uadspa01 /USR/SBIN/CRON[15834]: (mail) CMD ( if [ -x /usr/sbin/exim -a -f /etc/exim/exim.conf ]; then /usr/sbin/exim -q ; fi) Jan 10 11:00:01 uadspa01 /USR/SBIN/CRON[16467]: (root) CMD ([ -f $LOCKFILE ] && exit 0; run_mailscanner=0; if [ -f /etc/default/mailscanner ]; then . /etc/default/mailscanner; fi; [ $run_mailscanner = 0 ] && exit 0; trap "rm -f $LOCKFILE" EXIT; touch $LOCKFILE; /usr/sbin/check_mailscanner >/dev/null 2>&1; exit 0) Jan 10 11:02:44 uadspa01 mailscanner[4527]: Scanned 100 messages, 1097136 bytes in 7 seconds Jan 10 11:02:52 uadspa01 mailscanner[4527]: Scanning 100 messages, 814068 bytes Jan 10 11:08:01 uadspa01 /USR/SBIN/CRON[17450]: (mail) CMD ( if [ -x /usr/sbin/exim -a -f /etc/exim/exim.conf ]; then /usr/sbin/exim -q ; fi) Jan 10 11:19:34 uadspa01 mailscanner[4527]: Scanned 100 messages, 814068 bytes in 6 seconds Jan 10 11:19:41 uadspa01 mailscanner[4527]: Scanning 100 messages, 2725204 bytes Jan 10 11:23:01 uadspa01 /USR/SBIN/CRON[19029]: (mail) CMD ( if [ -x /usr/sbin/exim -a -f /etc/exim/exim.conf ]; then /usr/sbin/exim -q ; fi) -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: 10, January, 2003 11:23 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Spamassasin timing Out At 11:17 10/01/2003, you wrote: >Spoke to soon, mailq now lists 300 messages that have been sitting their >some for 40 minutes... >It looks like it just keeps scanning and scanning the same messages Anything in the logs? If not, we'll have to do a bit of off-list debugging. >It was working, honest :( > >-----Original Message----- >From: Jason Cormie [mailto:j.cormie@ABERTAY.AC.UK] >Sent: 10, January, 2003 10:31 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Spamassasin timing Out > > >Only RBL I use is janets and thats on Exim >I see if I can dig up my installation notes... > >vim /etc/mailscanner/mailscanner.conf >Host Name = Abertay Mailscanner 1 >Virus Scanner = mcafee >Sweep = /etc/mailscanner/wrapper/mcafeewrapper >Attachment Warning Filename = alert.txt >Expand TNEF = no >Notify Senders = no >Local Postmaster = uadspa01@abertay.ac.uk >Still Deliver Quietly Deleted Viruses = no >Allow Iframe Tags = yes >SpamAssassin Auto Whitelist = no >Always Include SpamAssassin Report = yes >High SpamAssassin Score = 15 >High Scoring Spam Action = delete >add a # in front of Spam List = ORDB-RBL, relays.ordb.org > > >vim /etc/mailscanner/spamassassin.prefs.conf >required_hits 10 >skip_rbl_checks 1 > > > >-----Original Message----- >From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] >Sent: 10, January, 2003 10:05 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Spamassasin timing Out > > >At 09:55 10/01/2003, you wrote: > >Strange but True... > > > >Started up mailscanner this morning using Spamassassin... > > > >And now it works... > >Dodgy RBL's being used by SpamAssassin? -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From tony.johansson at SVENSKAKYRKAN.SE Fri Jan 10 12:25:12 2003 From: tony.johansson at SVENSKAKYRKAN.SE (Tony Johansson) Date: Thu Jan 12 21:16:55 2006 Subject: Silent viruses rule file Message-ID: <3C4F5084EF16D4119CE700508B6B8B10058D0922@nt.svenskakyrkan.se> Hello, I'm in the process of upgrading a MailScanner 3.25 system to 4.11 3.25 has a "viruses.to.delete.conf" file which is pretty straight forward, one unique identifier per line. I have problems converting this to a 4.11 rule file as I dont want to list them all in MailScanner.conf Has someone done this and is willing to share the rule file? (or rather the correct syntax for the file) regards, Tony From mailscanner at BARENDSE.TO Fri Jan 10 12:32:28 2003 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:16:55 2006 Subject: Spam blacklist? In-Reply-To: <5.2.0.9.2.20030109000924.02cf5068@imap.ecs.soton.ac.uk> Message-ID: Maybe it's possible to just give blacklisted mail the same treatment as high scoring spam although some ppl do filtering at the client and may be undesirable for them? The high scoring stuff isn't delivered at all here, it's deleted. Also we are seeing lots of Chinese spam. Complete rubbish mails without even 1 legible character in it, only chinese. Most of these aren't rated by SpamAssassin, probably Chinese rules aren't implemented yet :) Is there any other clever way to get rid of these mails? I can't filter out all e-mails that contain some chinese characters of some sort because we do have some mail flow with china and their header when replying on our e-mails will contain some chinese characters. I was thinking of a solution where all the characters in the body of an e-mail are counted and if the number of chinese characters exceeds a certain percentage the mail would be marked as spam. Anybody else bothered by this chinese rubbish? On Thu, 9 Jan 2003, Julian Field wrote: > At 21:24 08/01/2003, you wrote: > >Indeed, that is one possible solution. > > > >But not all of my boxes run spamassassin, particularly RedHat 6.2 is very > >difficult to get SA properly installed. Lots of things to upgrade and 90% > >of the spam problem is from or to a limited set of e-mail adresses on my > >boxes. > > > >But one would think that a blacklisted mail adress would be processed > >according to high scoring rules, otherwise there isn't much use in > >blacklisting them :) > > My black/white-listing isn't really connected to the SpamAssassin scoring > code. Maybe it should be. > > > > >On Wed, 8 Jan 2003, Lewis Bergman wrote: > > > > > On Wednesday 08 January 2003 04:24 am, Remco Barendse wrote: > > > > I have a rule list that will mark certain messages as spam even though > > > > there is no other reason to mark them as spam. This is working perfectly. > > > > > > > > I have noticed however that MailScanner will treat messages that are > > > > marked by a blacklist rule as low scoring spam? > > > > > > > > Would it be possible to change this to high scoring spam? After all you > > > > want to blacklist them. I allow low scoring spam messages to go through > > > > but high scoring stuff is forwarded to an alternate address. I would like > > > > to do the same for the blacklisted stuff. > > > Why not use SA to do the RBL checks and then assign them a score which will > > > force them into the high score category using the spam.assassin.prefs.conf > > > file? > > > -- > > > Lewis Bergman > > > Texas Communications > > > 4309 Maple St. > > > Abilene, TX 79602-8044 > > > 915-695-6962 ext 115 > > > > > > > > > > > >-- > >This message has been scanned for viruses and > >dangerous content by MailScanner, and is > >believed to be clean. > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Kevin.Spicer at BMRB.CO.UK Fri Jan 10 13:52:07 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:16:55 2006 Subject: Spam blacklist? Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0A32C1F@pascal.priv.bmrb.co.uk> Spamassassin does have a rule for detecting spam in a foreign language (haven't looked to see how it works!) - I've had some Asian spam recently & I'm fairly sure the ones I looked at were tagged by this rule. Maybe this rule is being triggered but there aren't enough other indicators to produce a score above the threshold? -----Original Message----- From: Remco Barendse [mailto:mailscanner@BARENDSE.TO] Sent: Friday, January 10, 2003 12:32 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Spam blacklist? Maybe it's possible to just give blacklisted mail the same treatment as high scoring spam although some ppl do filtering at the client and may be undesirable for them? The high scoring stuff isn't delivered at all here, it's deleted. Also we are seeing lots of Chinese spam. Complete rubbish mails without even 1 legible character in it, only chinese. Most of these aren't rated by SpamAssassin, probably Chinese rules aren't implemented yet :) Is there any other clever way to get rid of these mails? I can't filter out all e-mails that contain some chinese characters of some sort because we do have some mail flow with china and their header when replying on our e-mails will contain some chinese characters. I was thinking of a solution where all the characters in the body of an e-mail are counted and if the number of chinese characters exceeds a certain percentage the mail would be marked as spam. Anybody else bothered by this chinese rubbish? On Thu, 9 Jan 2003, Julian Field wrote: > At 21:24 08/01/2003, you wrote: > >Indeed, that is one possible solution. > > > >But not all of my boxes run spamassassin, particularly RedHat 6.2 is very > >difficult to get SA properly installed. Lots of things to upgrade and 90% > >of the spam problem is from or to a limited set of e-mail adresses on my > >boxes. > > > >But one would think that a blacklisted mail adress would be processed > >according to high scoring rules, otherwise there isn't much use in > >blacklisting them :) > > My black/white-listing isn't really connected to the SpamAssassin scoring > code. Maybe it should be. > > > > >On Wed, 8 Jan 2003, Lewis Bergman wrote: > > > > > On Wednesday 08 January 2003 04:24 am, Remco Barendse wrote: > > > > I have a rule list that will mark certain messages as spam even though > > > > there is no other reason to mark them as spam. This is working perfectly. > > > > > > > > I have noticed however that MailScanner will treat messages that are > > > > marked by a blacklist rule as low scoring spam? > > > > > > > > Would it be possible to change this to high scoring spam? After all you > > > > want to blacklist them. I allow low scoring spam messages to go through > > > > but high scoring stuff is forwarded to an alternate address. I would like > > > > to do the same for the blacklisted stuff. > > > Why not use SA to do the RBL checks and then assign them a score which will > > > force them into the high score category using the spam.assassin.prefs.conf > > > file? > > > -- > > > Lewis Bergman > > > Texas Communications > > > 4309 Maple St. > > > Abilene, TX 79602-8044 > > > 915-695-6962 ext 115 > > > > > > > > > > > >-- > >This message has been scanned for viruses and > >dangerous content by MailScanner, and is > >believed to be clean. > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailscanner at ecs.soton.ac.uk Fri Jan 10 13:57:47 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:55 2006 Subject: Spam blacklist? In-Reply-To: References: <5.2.0.9.2.20030109000924.02cf5068@imap.ecs.soton.ac.uk> Message-ID: <5.2.0.9.2.20030110135617.02b1d670@imap.ecs.soton.ac.uk> At 12:32 10/01/2003, you wrote: >I was thinking of a solution where all the characters in the body of an >e-mail are counted and if the number of chinese characters exceeds a >certain percentage the mail would be marked as spam. How about a SpamAssassin rule that looks for several 8-bit (ie bit 7 is 1) characters in a row? But you say you don't want to remove all chinese mail, only some of it. Difficult... -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Fri Jan 10 13:51:37 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:55 2006 Subject: Spamassasin timing Out In-Reply-To: Message-ID: <5.2.0.9.2.20030110134828.02b25e88@imap.ecs.soton.ac.uk> At 11:41 10/01/2003, you wrote: >syslog below, nowt interesting >Just though yesterday I ran these home-made command to wipe out frozen and >bounces stuck in outgoing queue >exim -C/etc/exim/exim_outgoing.conf -Mrm $(mailq >-C/etc/exim/exim_outgoing.conf | grep '<>' | cut -c11-27) >exim -C/etc/exim/exim_outgoing.conf -Mrm $(mailq >-C/etc/exim/exim_outgoing.conf | grep '*** frozen' | cut -c11-27) >perhaps this may have had an effect? > >Jan 10 10:23:01 uadspa01 /USR/SBIN/CRON[13362]: (mail) CMD ( if [ -x >/usr/sbin/exim -a -f /etc/exim/exim.conf ]; then /usr/sbin/exim -q ; fi) That looks wrong. Surely you are trying to run the outgoing queue, not the mqueue.in? In that case you presumably need the "-C/etc/exim/exim_outgoing.conf" option in your cron job. It may well also be the cause of the number of messages in your incoming queue to go shooting upwards. From the fact that the PID is the same on all of these log entries, MailScanner is not crashing and restarting or anything like that. It really does think there are over 100 messages in the incoming queue. The number of bytes in each batch changes as well, so it is not rescanning exactly the same 100 messages over and over again. >Jan 10 10:30:01 uadspa01 mailscanner[4527]: Scanned 53 messages, 454720 >bytes in 3 seconds >Jan 10 10:30:03 uadspa01 mailscanner[4527]: Scanning 100 messages, 1769779 >bytes >Jan 10 10:38:01 uadspa01 /USR/SBIN/CRON[14378]: (mail) CMD ( if [ -x >/usr/sbin/exim -a -f /etc/exim/exim.conf ]; then /usr/sbin/exim -q ; fi) >Jan 10 10:46:26 uadspa01 mailscanner[4527]: Scanned 100 messages, 1769779 >bytes in 7 seconds >Jan 10 10:46:33 uadspa01 mailscanner[4527]: Scanning 100 messages, 1097136 >bytes >Jan 10 10:53:01 uadspa01 /USR/SBIN/CRON[15834]: (mail) CMD ( if [ -x >/usr/sbin/exim -a -f /etc/exim/exim.conf ]; then /usr/sbin/exim -q ; fi) >Jan 10 11:00:01 uadspa01 /USR/SBIN/CRON[16467]: (root) CMD ([ -f $LOCKFILE ] >&& exit 0; run_mailscanner=0; if [ -f /etc/default/mailscanner ]; then . >/etc/default/mailscanner; fi; [ $run_mailscanner = 0 ] && exit 0; trap "rm >-f $LOCKFILE" EXIT; touch $LOCKFILE; /usr/sbin/check_mailscanner >/dev/null >2>&1; exit 0) >Jan 10 11:02:44 uadspa01 mailscanner[4527]: Scanned 100 messages, 1097136 >bytes in 7 seconds >Jan 10 11:02:52 uadspa01 mailscanner[4527]: Scanning 100 messages, 814068 >bytes >Jan 10 11:08:01 uadspa01 /USR/SBIN/CRON[17450]: (mail) CMD ( if [ -x >/usr/sbin/exim -a -f /etc/exim/exim.conf ]; then /usr/sbin/exim -q ; fi) >Jan 10 11:19:34 uadspa01 mailscanner[4527]: Scanned 100 messages, 814068 >bytes in 6 seconds >Jan 10 11:19:41 uadspa01 mailscanner[4527]: Scanning 100 messages, 2725204 >bytes >Jan 10 11:23:01 uadspa01 /USR/SBIN/CRON[19029]: (mail) CMD ( if [ -x >/usr/sbin/exim -a -f /etc/exim/exim.conf ]; then /usr/sbin/exim -q ; fi) > >-----Original Message----- >From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] >Sent: 10, January, 2003 11:23 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Spamassasin timing Out > > >At 11:17 10/01/2003, you wrote: > >Spoke to soon, mailq now lists 300 messages that have been sitting their > >some for 40 minutes... > >It looks like it just keeps scanning and scanning the same messages > >Anything in the logs? >If not, we'll have to do a bit of off-list debugging. > > >It was working, honest :( > > > >-----Original Message----- > >From: Jason Cormie [mailto:j.cormie@ABERTAY.AC.UK] > >Sent: 10, January, 2003 10:31 > >To: MAILSCANNER@JISCMAIL.AC.UK > >Subject: Re: Spamassasin timing Out > > > > > >Only RBL I use is janets and thats on Exim > >I see if I can dig up my installation notes... > > > >vim /etc/mailscanner/mailscanner.conf > >Host Name = Abertay Mailscanner 1 > >Virus Scanner = mcafee > >Sweep = /etc/mailscanner/wrapper/mcafeewrapper > >Attachment Warning Filename = alert.txt > >Expand TNEF = no > >Notify Senders = no > >Local Postmaster = uadspa01@abertay.ac.uk > >Still Deliver Quietly Deleted Viruses = no > >Allow Iframe Tags = yes > >SpamAssassin Auto Whitelist = no > >Always Include SpamAssassin Report = yes > >High SpamAssassin Score = 15 > >High Scoring Spam Action = delete > >add a # in front of Spam List = ORDB-RBL, relays.ordb.org > > > > > >vim /etc/mailscanner/spamassassin.prefs.conf > >required_hits 10 > >skip_rbl_checks 1 > > > > > > > >-----Original Message----- > >From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > >Sent: 10, January, 2003 10:05 > >To: MAILSCANNER@JISCMAIL.AC.UK > >Subject: Re: Spamassasin timing Out > > > > > >At 09:55 10/01/2003, you wrote: > > >Strange but True... > > > > > >Started up mailscanner this morning using Spamassassin... > > > > > >And now it works... > > > >Dodgy RBL's being used by SpamAssassin? > >-- >Julian Field >www.MailScanner.info >MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Fri Jan 10 13:54:55 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:55 2006 Subject: Silent viruses rule file In-Reply-To: <3C4F5084EF16D4119CE700508B6B8B10058D0922@nt.svenskakyrkan. se> Message-ID: <5.2.0.9.2.20030110135202.02ba8a58@imap.ecs.soton.ac.uk> At 12:25 10/01/2003, you wrote: >Hello, > >I'm in the process of upgrading a MailScanner 3.25 system to 4.11 > >3.25 has a "viruses.to.delete.conf" file which is pretty straight forward, >one unique identifier per line. >I have problems converting this to a 4.11 rule file as I dont want to list >them all in MailScanner.conf > >Has someone done this and is willing to share the rule file? (or rather the >correct syntax for the file) It would just contain FromOrTo: default Yaha BugBear Klez or else FromOrTo: *@* Yaha FromOrTo: *@* BugBear FromOrTo: *@* Klez etc... or else even FromOrTo: *@* Yaha BugBear FromOrTo: *@* Klez But the first form will be slightly quicker as it can look them all up at once. There is no limit to the length of each line, so you can list dozens of viruses on each line if you want to. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mike at ZANKER.ORG Fri Jan 10 14:09:07 2003 From: mike at ZANKER.ORG (Mike Zanker) Date: Thu Jan 12 21:16:55 2006 Subject: IFrame and Object Codebase silent? Message-ID: <78375890.1042207747@mallard.open.ac.uk> Is it possible to "silence" these? I don't really want warnings sent to senders of spam which is where I see most of these. Thanks, Mike. From mailscanner at ecs.soton.ac.uk Fri Jan 10 14:33:40 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:55 2006 Subject: IFrame and Object Codebase silent? In-Reply-To: <78375890.1042207747@mallard.open.ac.uk> Message-ID: <5.2.0.9.2.20030110143058.04a4f1d0@imap.ecs.soton.ac.uk> At 14:09 10/01/2003, you wrote: >Is it possible to "silence" these? I don't really want warnings sent to >senders of spam which is where I see most of these. Try this: --- SweepContent.pm Sat Dec 28 22:49:56 2002 +++ /tmp/SweepContent.pm Fri Jan 10 15:47:54 2003 @@ -301,6 +301,7 @@ MailScanner::Config::LanguageValue($message, 'foundiframe') . "\n"; $message->{othertypes}{"$attach"} .= "v"; $message->{otherinfected}++; + $message->{silent} = 1; $counter++; } } @@ -317,6 +318,7 @@ MailScanner::Config::LanguageValue($message, 'foundobject') . "\n"; $message->{othertypes}{"$attach"} .= "v"; $message->{otherinfected}++; + $message->{silent} = 1; $counter++; } } -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mike at ZANKER.ORG Fri Jan 10 14:54:56 2003 From: mike at ZANKER.ORG (Mike Zanker) Date: Thu Jan 12 21:16:55 2006 Subject: IFrame and Object Codebase silent? In-Reply-To: <5.2.0.9.2.20030110143058.04a4f1d0@imap.ecs.soton.ac.uk> References: <5.2.0.9.2.20030110143058.04a4f1d0@imap.ecs.soton.ac.uk> Message-ID: <81125125.1042210496@mallard.open.ac.uk> On 10 January 2003 14:33 +0000 Julian Field wrote: > Try this: > > --- SweepContent.pm Sat Dec 28 22:49:56 2002 [snip] Thanks - excellent service :) Mike. From j.cormie at ABERTAY.AC.UK Fri Jan 10 15:07:22 2003 From: j.cormie at ABERTAY.AC.UK (Jason Cormie) Date: Thu Jan 12 21:16:55 2006 Subject: Spamassasin timing Out Message-ID: The strange thing is that it had been working without a hitch since before Xmas :-( I have a duplicate box, built identically, which is still running fine, so I know I've messed up the other box somehow, just not sure how. -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: 10, January, 2003 13:52 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Spamassasin timing Out At 11:41 10/01/2003, you wrote: >syslog below, nowt interesting >Just though yesterday I ran these home-made command to wipe out frozen and >bounces stuck in outgoing queue >exim -C/etc/exim/exim_outgoing.conf -Mrm $(mailq >-C/etc/exim/exim_outgoing.conf | grep '<>' | cut -c11-27) >exim -C/etc/exim/exim_outgoing.conf -Mrm $(mailq >-C/etc/exim/exim_outgoing.conf | grep '*** frozen' | cut -c11-27) >perhaps this may have had an effect? > >Jan 10 10:23:01 uadspa01 /USR/SBIN/CRON[13362]: (mail) CMD ( if [ -x >/usr/sbin/exim -a -f /etc/exim/exim.conf ]; then /usr/sbin/exim -q ; fi) That looks wrong. Surely you are trying to run the outgoing queue, not the mqueue.in? In that case you presumably need the "-C/etc/exim/exim_outgoing.conf" option in your cron job. It may well also be the cause of the number of messages in your incoming queue to go shooting upwards. From the fact that the PID is the same on all of these log entries, MailScanner is not crashing and restarting or anything like that. It really does think there are over 100 messages in the incoming queue. The number of bytes in each batch changes as well, so it is not rescanning exactly the same 100 messages over and over again. >Jan 10 10:30:01 uadspa01 mailscanner[4527]: Scanned 53 messages, 454720 >bytes in 3 seconds >Jan 10 10:30:03 uadspa01 mailscanner[4527]: Scanning 100 messages, 1769779 >bytes >Jan 10 10:38:01 uadspa01 /USR/SBIN/CRON[14378]: (mail) CMD ( if [ -x >/usr/sbin/exim -a -f /etc/exim/exim.conf ]; then /usr/sbin/exim -q ; fi) >Jan 10 10:46:26 uadspa01 mailscanner[4527]: Scanned 100 messages, 1769779 >bytes in 7 seconds >Jan 10 10:46:33 uadspa01 mailscanner[4527]: Scanning 100 messages, 1097136 >bytes >Jan 10 10:53:01 uadspa01 /USR/SBIN/CRON[15834]: (mail) CMD ( if [ -x >/usr/sbin/exim -a -f /etc/exim/exim.conf ]; then /usr/sbin/exim -q ; fi) >Jan 10 11:00:01 uadspa01 /USR/SBIN/CRON[16467]: (root) CMD ([ -f $LOCKFILE ] >&& exit 0; run_mailscanner=0; if [ -f /etc/default/mailscanner ]; then . >/etc/default/mailscanner; fi; [ $run_mailscanner = 0 ] && exit 0; trap "rm >-f $LOCKFILE" EXIT; touch $LOCKFILE; /usr/sbin/check_mailscanner >/dev/null >2>&1; exit 0) >Jan 10 11:02:44 uadspa01 mailscanner[4527]: Scanned 100 messages, 1097136 >bytes in 7 seconds >Jan 10 11:02:52 uadspa01 mailscanner[4527]: Scanning 100 messages, 814068 >bytes >Jan 10 11:08:01 uadspa01 /USR/SBIN/CRON[17450]: (mail) CMD ( if [ -x >/usr/sbin/exim -a -f /etc/exim/exim.conf ]; then /usr/sbin/exim -q ; fi) >Jan 10 11:19:34 uadspa01 mailscanner[4527]: Scanned 100 messages, 814068 >bytes in 6 seconds >Jan 10 11:19:41 uadspa01 mailscanner[4527]: Scanning 100 messages, 2725204 >bytes >Jan 10 11:23:01 uadspa01 /USR/SBIN/CRON[19029]: (mail) CMD ( if [ -x >/usr/sbin/exim -a -f /etc/exim/exim.conf ]; then /usr/sbin/exim -q ; fi) > >-----Original Message----- >From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] >Sent: 10, January, 2003 11:23 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Spamassasin timing Out > > >At 11:17 10/01/2003, you wrote: > >Spoke to soon, mailq now lists 300 messages that have been sitting their > >some for 40 minutes... > >It looks like it just keeps scanning and scanning the same messages > >Anything in the logs? >If not, we'll have to do a bit of off-list debugging. > > >It was working, honest :( > > > >-----Original Message----- > >From: Jason Cormie [mailto:j.cormie@ABERTAY.AC.UK] > >Sent: 10, January, 2003 10:31 > >To: MAILSCANNER@JISCMAIL.AC.UK > >Subject: Re: Spamassasin timing Out > > > > > >Only RBL I use is janets and thats on Exim > >I see if I can dig up my installation notes... > > > >vim /etc/mailscanner/mailscanner.conf > >Host Name = Abertay Mailscanner 1 > >Virus Scanner = mcafee > >Sweep = /etc/mailscanner/wrapper/mcafeewrapper > >Attachment Warning Filename = alert.txt > >Expand TNEF = no > >Notify Senders = no > >Local Postmaster = uadspa01@abertay.ac.uk > >Still Deliver Quietly Deleted Viruses = no > >Allow Iframe Tags = yes > >SpamAssassin Auto Whitelist = no > >Always Include SpamAssassin Report = yes > >High SpamAssassin Score = 15 > >High Scoring Spam Action = delete > >add a # in front of Spam List = ORDB-RBL, relays.ordb.org > > > > > >vim /etc/mailscanner/spamassassin.prefs.conf > >required_hits 10 > >skip_rbl_checks 1 > > > > > > > >-----Original Message----- > >From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > >Sent: 10, January, 2003 10:05 > >To: MAILSCANNER@JISCMAIL.AC.UK > >Subject: Re: Spamassasin timing Out > > > > > >At 09:55 10/01/2003, you wrote: > > >Strange but True... > > > > > >Started up mailscanner this morning using Spamassassin... > > > > > >And now it works... > > > >Dodgy RBL's being used by SpamAssassin? > >-- >Julian Field >www.MailScanner.info >MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at BARENDSE.TO Fri Jan 10 16:26:17 2003 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:16:55 2006 Subject: running html2text but still the e-mails are not completely clean? Message-ID: I am trying out the html2text feature. When I look through a mail box I can see that not all html crap is removed. The filtered e-mails are about half the size before they went through th2 html2text filter but still there are loads of crap visible when looking at these mails in pine. This problem mostly seems to occur when the sender is using M$ Word as their e-mail editor for Outlook, the rest is filtered out pretty nicely. In pine loads of this chatter is visible: @font-face { font-family: MS Mincho; } @font-face { font-family: @MS Mincho; } @page Section1 {size: 595.35pt 842.0pt; margin: 26.95pt 70.9pt 1.0in 70.9pt; mso-header-margin: .5in; mso-footer-margin: .5in; mso-paper-source: 0; } P.MsoNormal { FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: Arial; mso-style-parent: ""; mso-pagination: widow-orphan; mso-fareast-font-family: "MS Mincho"; mso-bidi-font-family: "Times New Roman"; mso-ansi-language: NL; mso-fareast-language: JA; mso-bidi-font-weight: bold } LI.MsoNormal { FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: Arial; mso-style-parent: ""; mso-pagination: widow-orphan; mso-fareast-font-family: "MS Mincho"; mso-bidi-font-family: "Times New Roman"; mso-ansi-language: NL; mso-fareast-language: JA; Is this a bug in the filter? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailscanner at ecs.soton.ac.uk Fri Jan 10 16:38:15 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:55 2006 Subject: running html2text but still the e-mails are not completely clean? In-Reply-To: Message-ID: <5.2.0.9.2.20030110162817.04c40b28@imap.ecs.soton.ac.uk> At 16:26 10/01/2003, you wrote: >I am trying out the html2text feature. > >When I look through a mail box I can see that not all html crap is >removed. The filtered e-mails are about half the size before they went >through th2 html2text filter but still there are loads of crap visible >when looking at these mails in pine. > >This problem mostly seems to occur when the sender is using M$ Word as >their e-mail editor for Outlook, the rest is filtered out pretty nicely. > >In pine loads of this chatter is visible: >@font-face { font-family: MS Mincho; } @font-face { font-family: @MS >Mincho; } @page Section1 >{size: 595.35pt 842.0pt; margin: 26.95pt 70.9pt 1.0in 70.9pt; >mso-header-margin: .5in; >mso-footer-margin: .5in; mso-paper-source: 0; } P.MsoNormal { FONT-SIZE: >12pt; MARGIN: 0in 0in 0pt; >FONT-FAMILY: Arial; mso-style-parent: ""; mso-pagination: widow-orphan; >mso-fareast-font-family: >"MS Mincho"; mso-bidi-font-family: "Times New Roman"; mso-ansi-language: >NL; mso-fareast-language: >JA; mso-bidi-font-weight: bold } LI.MsoNormal { FONT-SIZE: 12pt; MARGIN: >0in 0in 0pt; FONT-FAMILY: >Arial; mso-style-parent: ""; mso-pagination: widow-orphan; >mso-fareast-font-family: "MS Mincho"; >mso-bidi-font-family: "Times New Roman"; mso-ansi-language: NL; >mso-fareast-language: JA; > >Is this a bug in the filter? It appears to be a problem with HTML-Parser not liking some versions of MSWord HTML. 3.26 is the latest version, which is what I distribute. I'm not sure there is very much I can immediately do about this unfortunately. I have just tried it with Office XP and the chatter you give above doesn't appear in the HTML file at all. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at BARENDSE.TO Fri Jan 10 18:47:59 2003 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:16:55 2006 Subject: Orphaned, undelivered files in mqueue.in In-Reply-To: <6i4t1vcmfl5pja96m582gqpadsj96mlaqg@4ax.com> Message-ID: Ever since I changed the setting back to 5 child processes I haven't had 1 single SIGHUP since. I changed it back just 5 minutes ago to test it out and immediately after 5 minutes I saw a SIGHUP again in the maillog :( Will switch back to 5 cp's but there must be a bug somewhere related to this number. On Fri, 10 Jan 2003, Peter Peters wrote: > On Thu, 9 Jan 2003 23:31:53 +0100, you wrote: > > >Strangely enough, immediately after increasing the Max Children = setting > >back to 5 the problem disappeared and I had not had a single SIGHUP since! > > > >That is the only thing I changed and immediately solved the problem. > > Try changing it back to 2 and check whether the SIGHUP's start > reappearing again. > > -- > Peter Peters > senior netwerkbeheerder, Centrum voor Informatievoorziening, > Universiteit Twente, Postbus 217, 7500 AE Enschede > telefoon: +31 53 489 2301, fax:+31 53 489 2383, http://www.utwente.nl/civ > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailscanner at ecs.soton.ac.uk Fri Jan 10 18:54:39 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:55 2006 Subject: Orphaned, undelivered files in mqueue.in In-Reply-To: References: <6i4t1vcmfl5pja96m582gqpadsj96mlaqg@4ax.com> Message-ID: <5.2.0.9.2.20030110185333.02ab1770@imap.ecs.soton.ac.uk> The odd thing is that there are other people out there happily running with 2 or 3 processes, without any problem at all. Any chance of remote access to your server so I can take a look and try to find the problem for you? At 18:47 10/01/2003, you wrote: >Ever since I changed the setting back to 5 child processes I haven't had 1 >single SIGHUP since. I changed it back just 5 minutes ago to test it out >and immediately after 5 minutes I saw a SIGHUP again in the maillog :( > >Will switch back to 5 cp's but there must be a bug somewhere related to >this number. > >On Fri, 10 Jan 2003, Peter Peters wrote: > > > On Thu, 9 Jan 2003 23:31:53 +0100, you wrote: > > > > >Strangely enough, immediately after increasing the Max Children = setting > > >back to 5 the problem disappeared and I had not had a single SIGHUP since! > > > > > >That is the only thing I changed and immediately solved the problem. > > > > Try changing it back to 2 and check whether the SIGHUP's start > > reappearing again. > > > > -- > > Peter Peters > > senior netwerkbeheerder, Centrum voor Informatievoorziening, > > Universiteit Twente, Postbus 217, 7500 AE Enschede > > telefoon: +31 53 489 2301, fax:+31 53 489 2383, http://www.utwente.nl/civ > > > > > > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From dlovelace at HOTELS.COM Fri Jan 10 18:58:17 2003 From: dlovelace at HOTELS.COM (Dale Lovelace) Date: Thu Jan 12 21:16:55 2006 Subject: Orphaned, undelivered files in mqueue.in In-Reply-To: References: Message-ID: <1042225097.1722.1.camel@weatherwax.linux.hotels.com> Are you running mailscanner-mrtg? Check the "Restart Threshhold" in /etc/MailScanner/mailscanner-mrtg.conf if so.... Dale On Fri, 2003-01-10 at 12:47, Remco Barendse wrote: > Ever since I changed the setting back to 5 child processes I haven't had 1 > single SIGHUP since. I changed it back just 5 minutes ago to test it out > and immediately after 5 minutes I saw a SIGHUP again in the maillog :( > > Will switch back to 5 cp's but there must be a bug somewhere related to > this number. > > On Fri, 10 Jan 2003, Peter Peters wrote: > > > On Thu, 9 Jan 2003 23:31:53 +0100, you wrote: > > > > >Strangely enough, immediately after increasing the Max Children = setting > > >back to 5 the problem disappeared and I had not had a single SIGHUP since! > > > > > >That is the only thing I changed and immediately solved the problem. > > > > Try changing it back to 2 and check whether the SIGHUP's start > > reappearing again. > > > > -- > > Peter Peters > > senior netwerkbeheerder, Centrum voor Informatievoorziening, > > Universiteit Twente, Postbus 217, 7500 AE Enschede > > telefoon: +31 53 489 2301, fax:+31 53 489 2383, http://www.utwente.nl/civ > > > > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. From mailscanner at BARENDSE.TO Fri Jan 10 19:03:26 2003 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:16:55 2006 Subject: Orphaned, undelivered files in mqueue.in In-Reply-To: <1042225097.1722.1.camel@weatherwax.linux.hotels.com> Message-ID: Indeed, I am running MailScanner-mrtg. That indeed looks like the problem! Would it be possible to fetch that number from the MailScanner.conf file instead of a separate file? On Fri, 10 Jan 2003, Dale Lovelace wrote: > Are you running mailscanner-mrtg? Check the "Restart Threshhold" in > /etc/MailScanner/mailscanner-mrtg.conf if so.... > > Dale > > On Fri, 2003-01-10 at 12:47, Remco Barendse wrote: > > Ever since I changed the setting back to 5 child processes I haven't had 1 > > single SIGHUP since. I changed it back just 5 minutes ago to test it out > > and immediately after 5 minutes I saw a SIGHUP again in the maillog :( > > > > Will switch back to 5 cp's but there must be a bug somewhere related to > > this number. > > > > On Fri, 10 Jan 2003, Peter Peters wrote: > > > > > On Thu, 9 Jan 2003 23:31:53 +0100, you wrote: > > > > > > >Strangely enough, immediately after increasing the Max Children = setting > > > >back to 5 the problem disappeared and I had not had a single SIGHUP since! > > > > > > > >That is the only thing I changed and immediately solved the problem. > > > > > > Try changing it back to 2 and check whether the SIGHUP's start > > > reappearing again. > > > > > > -- > > > Peter Peters > > > senior netwerkbeheerder, Centrum voor Informatievoorziening, > > > Universiteit Twente, Postbus 217, 7500 AE Enschede > > > telefoon: +31 53 489 2301, fax:+31 53 489 2383, http://www.utwente.nl/civ > > > > > > > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gerry at DORFAM.CA Fri Jan 10 20:03:04 2003 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:16:55 2006 Subject: SV: Performance Enhancements In-Reply-To: <5.2.0.9.2.20030110101911.02da5e50@imap.ecs.soton.ac.uk> Message-ID: On Fri, 10 Jan 2003, Julian Field wrote: > >I see spamd running on my MailScanner boxes (default rpm install of > >spamassassin) > >I guess I could just "chkconfig spamassassin off" and MailScanner would run > >just as well as before then? > > Indeed. You don't need spamd running. You might want to do > service spamassassin stop > as well. > -- > Julian Field Are you sure about this? Won't running service spamassassin stop turn off spamassassin not just spamd. I think you just want to make sure that you've stopped spamd not all of spamassassin...right? -- Gerry "The lyfe so short, the craft so long to learne" Chaucer From mailscanner at ecs.soton.ac.uk Fri Jan 10 20:06:46 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:55 2006 Subject: SV: Performance Enhancements In-Reply-To: References: <5.2.0.9.2.20030110101911.02da5e50@imap.ecs.soton.ac.uk> Message-ID: <5.2.0.9.2.20030110200453.02dadc48@imap.ecs.soton.ac.uk> At 20:03 10/01/2003, you wrote: >On Fri, 10 Jan 2003, Julian Field wrote: > > > >I see spamd running on my MailScanner boxes (default rpm install of > > >spamassassin) > > >I guess I could just "chkconfig spamassassin off" and MailScanner > would run > > >just as well as before then? > > > > Indeed. You don't need spamd running. You might want to do > > service spamassassin stop > > as well. > > -- > > Julian Field > >Are you sure about this? Yes. > Won't running > >service spamassassin stop > >turn off spamassassin not just spamd. I think you just want to make sure >that you've stopped spamd not all of spamassassin...right? The core of SpamAssassin is just a function library, which MailScanner calls directly. All service spamassassin stop can do is stop spamd. There is no way of "turning off" SpamAssassin completely, because it is a function library which my code calls, not a background service provided by another process. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From jjohanns at sewanee.edu Fri Jan 10 21:52:41 2003 From: jjohanns at sewanee.edu (jj) Date: Thu Jan 12 21:16:55 2006 Subject: MailScanner_found_Cyrus_boundary_substring_problem_ In-Reply-To: Message-ID: Hello, We are running version 4.11-1 of mailscanner on HP-UX 11.0 with sendmail 8.12.7, Qpopper and majordomo as our mailing list manager. When a Word file was sent as an attachemnt to a majordomo list it resulted in the following error: _MailScanner_found_Cyrus_boundary_substring_problem__ and the attachment was included in the message. When the same attachment is sent to individual users it is deliverd normally. The sender uses Eudora on Windows 2000. Does anyone know what the problem might be? >--=====================_366438080==_.ALT-- > --__MailScanner_found_Cyrus_boundary_substring_problem__ Content-Type: application/msword; name="serials survey 1-03.doc"; x-mac-type="42494E41"; x-mac-creator="4D535744" Content-Transfer-Encoding: base64>Content-Disposition: attachment; filename="serials survey 1-03.doc" 0M8R4KGxGuEAAAAAAAAAAAAAAAAAAAAAPgADAP7/CQAGAAAAAAAAAAAAAAAB AAAAQwAAAAAAAAAAEAAARQAAAAEAAAD+////AAAAAEIAAAD///////////// etc. Thanks Johannes Johannsson From mailscanner at BARENDSE.TO Fri Jan 10 16:26:17 2003 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:16:56 2006 Subject: running html2text but still the e-mails are not completely clean? Message-ID: I am trying out the html2text feature. When I look through a mail box I can see that not all html crap is removed. The filtered e-mails are about half the size before they went through th2 html2text filter but still there are loads of crap visible when looking at these mails in pine. This problem mostly seems to occur when the sender is using M$ Word as their e-mail editor for Outlook, the rest is filtered out pretty nicely. In pine loads of this chatter is visible: @font-face { font-family: MS Mincho; } @font-face { font-family: @MS Mincho; } @page Section1 {size: 595.35pt 842.0pt; margin: 26.95pt 70.9pt 1.0in 70.9pt; mso-header-margin: .5in; mso-footer-margin: .5in; mso-paper-source: 0; } P.MsoNormal { FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: Arial; mso-style-parent: ""; mso-pagination: widow-orphan; mso-fareast-font-family: "MS Mincho"; mso-bidi-font-family: "Times New Roman"; mso-ansi-language: NL; mso-fareast-language: JA; mso-bidi-font-weight: bold } LI.MsoNormal { FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: Arial; mso-style-parent: ""; mso-pagination: widow-orphan; mso-fareast-font-family: "MS Mincho"; mso-bidi-font-family: "Times New Roman"; mso-ansi-language: NL; mso-fareast-language: JA; Is this a bug in the filter? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. . This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses *********************************************************************************** . This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses *********************************************************************************** From mailscanner at ecs.soton.ac.uk Fri Jan 10 16:38:15 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:56 2006 Subject: running html2text but still the e-mails are not completely clean? In-Reply-To: Message-ID: <5.2.0.9.2.20030110162817.04c40b28@imap.ecs.soton.ac.uk> At 16:26 10/01/2003, you wrote: >I am trying out the html2text feature. > >When I look through a mail box I can see that not all html crap is >removed. The filtered e-mails are about half the size before they went >through th2 html2text filter but still there are loads of crap visible >when looking at these mails in pine. > >This problem mostly seems to occur when the sender is using M$ Word as >their e-mail editor for Outlook, the rest is filtered out pretty nicely. > >In pine loads of this chatter is visible: >@font-face { font-family: MS Mincho; } @font-face { font-family: @MS >Mincho; } @page Section1 >{size: 595.35pt 842.0pt; margin: 26.95pt 70.9pt 1.0in 70.9pt; >mso-header-margin: .5in; >mso-footer-margin: .5in; mso-paper-source: 0; } P.MsoNormal { FONT-SIZE: >12pt; MARGIN: 0in 0in 0pt; >FONT-FAMILY: Arial; mso-style-parent: ""; mso-pagination: widow-orphan; >mso-fareast-font-family: >"MS Mincho"; mso-bidi-font-family: "Times New Roman"; mso-ansi-language: >NL; mso-fareast-language: >JA; mso-bidi-font-weight: bold } LI.MsoNormal { FONT-SIZE: 12pt; MARGIN: >0in 0in 0pt; FONT-FAMILY: >Arial; mso-style-parent: ""; mso-pagination: widow-orphan; >mso-fareast-font-family: "MS Mincho"; >mso-bidi-font-family: "Times New Roman"; mso-ansi-language: NL; >mso-fareast-language: JA; > >Is this a bug in the filter? It appears to be a problem with HTML-Parser not liking some versions of MSWord HTML. 3.26 is the latest version, which is what I distribute. I'm not sure there is very much I can immediately do about this unfortunately. I have just tried it with Office XP and the chatter you give above doesn't appear in the HTML file at all. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support . This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses *********************************************************************************** . This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses *********************************************************************************** From dlovelace at HOTELS.COM Fri Jan 10 18:58:17 2003 From: dlovelace at HOTELS.COM (Dale Lovelace) Date: Thu Jan 12 21:16:56 2006 Subject: Orphaned, undelivered files in mqueue.in In-Reply-To: References: Message-ID: <1042225097.1722.1.camel@weatherwax.linux.hotels.com> Are you running mailscanner-mrtg? Check the "Restart Threshhold" in /etc/MailScanner/mailscanner-mrtg.conf if so.... Dale On Fri, 2003-01-10 at 12:47, Remco Barendse wrote: > Ever since I changed the setting back to 5 child processes I haven't had 1 > single SIGHUP since. I changed it back just 5 minutes ago to test it out > and immediately after 5 minutes I saw a SIGHUP again in the maillog :( > > Will switch back to 5 cp's but there must be a bug somewhere related to > this number. > > On Fri, 10 Jan 2003, Peter Peters wrote: > > > On Thu, 9 Jan 2003 23:31:53 +0100, you wrote: > > > > >Strangely enough, immediately after increasing the Max Children = setting > > >back to 5 the problem disappeared and I had not had a single SIGHUP since! > > > > > >That is the only thing I changed and immediately solved the problem. > > > > Try changing it back to 2 and check whether the SIGHUP's start > > reappearing again. > > > > -- > > Peter Peters > > senior netwerkbeheerder, Centrum voor Informatievoorziening, > > Universiteit Twente, Postbus 217, 7500 AE Enschede > > telefoon: +31 53 489 2301, fax:+31 53 489 2383, http://www.utwente.nl/civ > > > > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. . This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses *********************************************************************************** . This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses *********************************************************************************** From mailscanner at BARENDSE.TO Fri Jan 10 18:47:59 2003 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:16:56 2006 Subject: Orphaned, undelivered files in mqueue.in In-Reply-To: <6i4t1vcmfl5pja96m582gqpadsj96mlaqg@4ax.com> Message-ID: Ever since I changed the setting back to 5 child processes I haven't had 1 single SIGHUP since. I changed it back just 5 minutes ago to test it out and immediately after 5 minutes I saw a SIGHUP again in the maillog :( Will switch back to 5 cp's but there must be a bug somewhere related to this number. On Fri, 10 Jan 2003, Peter Peters wrote: > On Thu, 9 Jan 2003 23:31:53 +0100, you wrote: > > >Strangely enough, immediately after increasing the Max Children = setting > >back to 5 the problem disappeared and I had not had a single SIGHUP since! > > > >That is the only thing I changed and immediately solved the problem. > > Try changing it back to 2 and check whether the SIGHUP's start > reappearing again. > > -- > Peter Peters > senior netwerkbeheerder, Centrum voor Informatievoorziening, > Universiteit Twente, Postbus 217, 7500 AE Enschede > telefoon: +31 53 489 2301, fax:+31 53 489 2383, http://www.utwente.nl/civ > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. . This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses *********************************************************************************** . This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses *********************************************************************************** From mailscanner at BARENDSE.TO Fri Jan 10 19:03:26 2003 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:16:56 2006 Subject: Orphaned, undelivered files in mqueue.in In-Reply-To: <1042225097.1722.1.camel@weatherwax.linux.hotels.com> Message-ID: Indeed, I am running MailScanner-mrtg. That indeed looks like the problem! Would it be possible to fetch that number from the MailScanner.conf file instead of a separate file? On Fri, 10 Jan 2003, Dale Lovelace wrote: > Are you running mailscanner-mrtg? Check the "Restart Threshhold" in > /etc/MailScanner/mailscanner-mrtg.conf if so.... > > Dale > > On Fri, 2003-01-10 at 12:47, Remco Barendse wrote: > > Ever since I changed the setting back to 5 child processes I haven't had 1 > > single SIGHUP since. I changed it back just 5 minutes ago to test it out > > and immediately after 5 minutes I saw a SIGHUP again in the maillog :( > > > > Will switch back to 5 cp's but there must be a bug somewhere related to > > this number. > > > > On Fri, 10 Jan 2003, Peter Peters wrote: > > > > > On Thu, 9 Jan 2003 23:31:53 +0100, you wrote: > > > > > > >Strangely enough, immediately after increasing the Max Children = setting > > > >back to 5 the problem disappeared and I had not had a single SIGHUP since! > > > > > > > >That is the only thing I changed and immediately solved the problem. > > > > > > Try changing it back to 2 and check whether the SIGHUP's start > > > reappearing again. > > > > > > -- > > > Peter Peters > > > senior netwerkbeheerder, Centrum voor Informatievoorziening, > > > Universiteit Twente, Postbus 217, 7500 AE Enschede > > > telefoon: +31 53 489 2301, fax:+31 53 489 2383, http://www.utwente.nl/civ > > > > > > > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. . This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses *********************************************************************************** . This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses *********************************************************************************** From mailscanner at ecs.soton.ac.uk Fri Jan 10 18:54:39 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:56 2006 Subject: Orphaned, undelivered files in mqueue.in In-Reply-To: References: <6i4t1vcmfl5pja96m582gqpadsj96mlaqg@4ax.com> Message-ID: <5.2.0.9.2.20030110185333.02ab1770@imap.ecs.soton.ac.uk> The odd thing is that there are other people out there happily running with 2 or 3 processes, without any problem at all. Any chance of remote access to your server so I can take a look and try to find the problem for you? At 18:47 10/01/2003, you wrote: >Ever since I changed the setting back to 5 child processes I haven't had 1 >single SIGHUP since. I changed it back just 5 minutes ago to test it out >and immediately after 5 minutes I saw a SIGHUP again in the maillog :( > >Will switch back to 5 cp's but there must be a bug somewhere related to >this number. > >On Fri, 10 Jan 2003, Peter Peters wrote: > > > On Thu, 9 Jan 2003 23:31:53 +0100, you wrote: > > > > >Strangely enough, immediately after increasing the Max Children = setting > > >back to 5 the problem disappeared and I had not had a single SIGHUP since! > > > > > >That is the only thing I changed and immediately solved the problem. > > > > Try changing it back to 2 and check whether the SIGHUP's start > > reappearing again. > > > > -- > > Peter Peters > > senior netwerkbeheerder, Centrum voor Informatievoorziening, > > Universiteit Twente, Postbus 217, 7500 AE Enschede > > telefoon: +31 53 489 2301, fax:+31 53 489 2383, http://www.utwente.nl/civ > > > > > > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support . This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses *********************************************************************************** . This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses *********************************************************************************** From gerry at DORFAM.CA Fri Jan 10 20:03:04 2003 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:16:56 2006 Subject: SV: Performance Enhancements In-Reply-To: <5.2.0.9.2.20030110101911.02da5e50@imap.ecs.soton.ac.uk> Message-ID: On Fri, 10 Jan 2003, Julian Field wrote: > >I see spamd running on my MailScanner boxes (default rpm install of > >spamassassin) > >I guess I could just "chkconfig spamassassin off" and MailScanner would run > >just as well as before then? > > Indeed. You don't need spamd running. You might want to do > service spamassassin stop > as well. > -- > Julian Field Are you sure about this? Won't running service spamassassin stop turn off spamassassin not just spamd. I think you just want to make sure that you've stopped spamd not all of spamassassin...right? -- Gerry "The lyfe so short, the craft so long to learne" Chaucer . This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses *********************************************************************************** . This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses *********************************************************************************** From mailscanner at ecs.soton.ac.uk Fri Jan 10 20:06:46 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:56 2006 Subject: SV: Performance Enhancements In-Reply-To: References: <5.2.0.9.2.20030110101911.02da5e50@imap.ecs.soton.ac.uk> Message-ID: <5.2.0.9.2.20030110200453.02dadc48@imap.ecs.soton.ac.uk> At 20:03 10/01/2003, you wrote: >On Fri, 10 Jan 2003, Julian Field wrote: > > > >I see spamd running on my MailScanner boxes (default rpm install of > > >spamassassin) > > >I guess I could just "chkconfig spamassassin off" and MailScanner > would run > > >just as well as before then? > > > > Indeed. You don't need spamd running. You might want to do > > service spamassassin stop > > as well. > > -- > > Julian Field > >Are you sure about this? Yes. > Won't running > >service spamassassin stop > >turn off spamassassin not just spamd. I think you just want to make sure >that you've stopped spamd not all of spamassassin...right? The core of SpamAssassin is just a function library, which MailScanner calls directly. All service spamassassin stop can do is stop spamd. There is no way of "turning off" SpamAssassin completely, because it is a function library which my code calls, not a background service provided by another process. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support . This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses *********************************************************************************** . This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses *********************************************************************************** From mailscanner at ecs.soton.ac.uk Fri Jan 10 22:14:42 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:56 2006 Subject: MailScanner_found_Cyrus_boundary_substring_problem_ In-Reply-To: References: Message-ID: <5.2.0.9.2.20030110220655.02db5d10@imap.ecs.soton.ac.uk> This is a result of a check used to defend against a bug in the Cyrus IMAP server which is exercised by some versions of Eudora. You have a multipart/mixed with a multipart/alternative inside it, where the "mised" MIME boundary is a substring of the "alternative" MIME boundary. So when MailScanner finds this situation, it changes the inner MIME boundary to be the string you saw. However, I did test this and it worked just fine when I tested it... Are you using the latest MIME tools and so on? It will only happen to messages created with Eudora which contain "styled" text (i.e. HTML) as well as plain text, and an attachment. Is anyone else seeing this problem? Or could it be a majordomo problem? The fact that it doesn't occur in messages sent to individual users shows it must be at least mostly correct. Can you send me (zipped up) the complete message sent to individual users, and the message sent out by majordomo, so I can compare them please? At 21:52 10/01/2003, you wrote: >Hello, > >We are running version 4.11-1 of mailscanner on HP-UX 11.0 with sendmail >8.12.7, Qpopper and majordomo as our mailing list manager. When a Word file >was sent as an attachemnt to a majordomo list it resulted in the following >error: _MailScanner_found_Cyrus_boundary_substring_problem__ >and the attachment was included in the message. When the same attachment is >sent to individual users it is deliverd normally. >The sender uses Eudora on Windows 2000. > >Does anyone know what the problem might be? > > >--=====================_366438080==_.ALT-- > > >--__MailScanner_found_Cyrus_boundary_substring_problem__ >Content-Type: application/msword; name="serials survey 1-03.doc"; > x-mac-type="42494E41"; x-mac-creator="4D535744" >Content-Transfer-Encoding: base64>Content-Disposition: attachment; >filename="serials survey 1-03.doc" >0M8R4KGxGuEAAAAAAAAAAAAAAAAAAAAAPgADAP7/CQAGAAAAAAAAAAAAAAAB >AAAAQwAAAAAAAAAAEAAARQAAAAEAAAD+////AAAAAEIAAAD///////////// > >etc. > >Thanks >Johannes Johannsson -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From john.hanks at USU.EDU Sat Jan 11 00:49:30 2003 From: john.hanks at USU.EDU (John B. Hanks) Date: Thu Jan 12 21:16:56 2006 Subject: Cry for help. Message-ID: <5CA287DBA85BF649A45916B75FD20E0E1224F3@exchange01.blue.usu.edu> We are getting pounded by a (new?) virus that always sends from big@boss.com. Can someone tell me a quick and dirty way to start dropping all mail from this address? McAfee is not detecting it and I have added a block for .pif attachments, but would prefer to drop the mails altogether. Thanks jbh From mike at CAMAROSS.NET Sat Jan 11 01:05:56 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:16:56 2006 Subject: Cry for help. In-Reply-To: <5CA287DBA85BF649A45916B75FD20E0E1224F3@exchange01.blue.usu.edu> Message-ID: <002401c2b90d$99911210$9901a8c0@home.middlefinger.net> Sophos has been detecting it all day today. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of John B. Hanks Sent: Friday, January 10, 2003 6:50 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Cry for help. We are getting pounded by a (new?) virus that always sends from big@boss.com. Can someone tell me a quick and dirty way to start dropping all mail from this address? McAfee is not detecting it and I have added a block for .pif attachments, but would prefer to drop the mails altogether. Thanks jbh From mailscanner-sub at WIREHUB.NET Sat Jan 11 01:05:22 2003 From: mailscanner-sub at WIREHUB.NET (Ben C. O. Grimm) Date: Thu Jan 12 21:16:56 2006 Subject: Cry for help. In-Reply-To: References: Message-ID: On 11 Jan 2003 01:54:23 +0100, "John B. Hanks" wrote: > We are getting pounded by a (new?) virus that always sends from > big@boss.com. Can someone tell me a quick and dirty way to start dropping > all mail from this address? McAfee is not detecting it and I have added a > block for .pif attachments, but would prefer to drop the mails altogether. We put this one in our access.db with a DISCARD (under Sendmail). Not sure what this .pif is yet, but we were blocking it anyway with the filename rule. DISCARD just saves a bit of extra work. -- - Ben C. O. Grimm ----------------- Ben.Grimm@wirehub.net - - Wirehub! Internet Engineering - http://www.wirehub.net/ - - Private Ponderings ----------- http://www.bengrimm.net/ - - Wirehub! Internet ----------- part of easynet Group plc - From john.hanks at USU.EDU Sat Jan 11 01:05:07 2003 From: john.hanks at USU.EDU (John B. Hanks) Date: Thu Jan 12 21:16:56 2006 Subject: Cry for help. Message-ID: <5CA287DBA85BF649A45916B75FD20E0E1224F4@exchange01.blue.usu.edu> Nevermind, I figured it out with /etc/mail/access and sendmail. No need to bother mailscanner with it. Thanks anyway for MailScanner being incredible. jbh > -----Original Message----- > From: John B. Hanks > Sent: Friday, January 10, 2003 5:50 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Cry for help. > > > We are getting pounded by a (new?) virus that always sends > from big@boss.com. Can someone tell me a quick and dirty way > to start dropping all mail from this address? McAfee is not > detecting it and I have added a block for .pif attachments, > but would prefer to drop the mails altogether. > > Thanks > > jbh > From mailscanner at BARENDSE.TO Sat Jan 11 10:53:55 2003 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:16:56 2006 Subject: Cry for help. In-Reply-To: <5CA287DBA85BF649A45916B75FD20E0E1224F3@exchange01.blue.usu.edu> Message-ID: Alternatively you could use the daily dats for mcafee. These are `beta', I only had a problem with them once, it was blocking one non-infected file but it's well worth the time gain :) http://download.nai.com/products/mcafee-avert/daily_dats/DAILYDAT.ZIP Probaby you need to run a little rename command over the files in that ZIP because usually the filenames are in CAPS Remco On Fri, 10 Jan 2003, John B. Hanks wrote: > We are getting pounded by a (new?) virus that always sends from > big@boss.com. Can someone tell me a quick and dirty way to start dropping > all mail from this address? McAfee is not detecting it and I have added a > block for .pif attachments, but would prefer to drop the mails altogether. > > Thanks > > jbh > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailscanner at BARENDSE.TO Sat Jan 11 11:00:39 2003 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:16:56 2006 Subject: Spam blacklist? In-Reply-To: <5.2.0.9.2.20030109000924.02cf5068@imap.ecs.soton.ac.uk> Message-ID: It's not really a problem, I just created another rule under low scoring spam actions where I put the same stuff as the spam blacklist rule. This does the job although if the blacklisted stuff would be treated as high scoring it would save an extra rule file. :) On Thu, 9 Jan 2003, Julian Field wrote: > At 21:24 08/01/2003, you wrote: > >Indeed, that is one possible solution. > > > >But not all of my boxes run spamassassin, particularly RedHat 6.2 is very > >difficult to get SA properly installed. Lots of things to upgrade and 90% > >of the spam problem is from or to a limited set of e-mail adresses on my > >boxes. > > > >But one would think that a blacklisted mail adress would be processed > >according to high scoring rules, otherwise there isn't much use in > >blacklisting them :) > > My black/white-listing isn't really connected to the SpamAssassin scoring > code. Maybe it should be. > > > > >On Wed, 8 Jan 2003, Lewis Bergman wrote: > > > > > On Wednesday 08 January 2003 04:24 am, Remco Barendse wrote: > > > > I have a rule list that will mark certain messages as spam even though > > > > there is no other reason to mark them as spam. This is working perfectly. > > > > > > > > I have noticed however that MailScanner will treat messages that are > > > > marked by a blacklist rule as low scoring spam? > > > > > > > > Would it be possible to change this to high scoring spam? After all you > > > > want to blacklist them. I allow low scoring spam messages to go through > > > > but high scoring stuff is forwarded to an alternate address. I would like > > > > to do the same for the blacklisted stuff. > > > Why not use SA to do the RBL checks and then assign them a score which will > > > force them into the high score category using the spam.assassin.prefs.conf > > > file? > > > -- > > > Lewis Bergman > > > Texas Communications > > > 4309 Maple St. > > > Abilene, TX 79602-8044 > > > 915-695-6962 ext 115 > > > > > > > > > > > >-- > >This message has been scanned for viruses and > >dangerous content by MailScanner, and is > >believed to be clean. > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Jan-Peter.Koopmann at SECEIDOS.DE Sat Jan 11 11:10:26 2003 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:16:56 2006 Subject: AW: Cry for help. Message-ID: <4E7026FF8A422749B1553FE508E0068007ECF3@message.intern.akctech.de> Remco, would you mind stopping this childish "Outlook sucks" business? Thanks, JP -----Urspr?ngliche Nachricht----- Von: Remco Barendse [mailto:mailscanner@BARENDSE.TO] Gesendet: Samstag, 11. Januar 2003 11:54 An: MAILSCANNER@JISCMAIL.AC.UK Betreff: Re: Cry for help. Alternatively you could use the daily dats for mcafee. These are `beta', I only had a problem with them once, it was blocking one non-infected file but it's well worth the time gain :) http://download.nai.com/products/mcafee-avert/daily_dats/DAILYDAT.ZIP Probaby you need to run a little rename command over the files in that ZIP because usually the filenames are in CAPS Remco On Fri, 10 Jan 2003, John B. Hanks wrote: > We are getting pounded by a (new?) virus that always sends from > big@boss.com. Can someone tell me a quick and dirty way to start > dropping all mail from this address? McAfee is not detecting it and I > have added a block for .pif attachments, but would prefer to drop the > mails altogether. > > Thanks > > jbh > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mike at ZANKER.ORG Sat Jan 11 12:36:24 2003 From: mike at ZANKER.ORG (Mike Zanker) Date: Thu Jan 12 21:16:56 2006 Subject: AW: Cry for help. In-Reply-To: <4E7026FF8A422749B1553FE508E0068007ECF3@message.intern.akctech.de> References: <4E7026FF8A422749B1553FE508E0068007ECF3@message.intern.akcte ch.de> Message-ID: <148473433.1042288584@jemima.zanker.org> On 11 January 2003 12:10 +0100 Jan-Peter Koopmann wrote: > Remco, > > would you mind stopping this childish "Outlook sucks" business? Where did he say that? Mike. From brose at MED.WAYNE.EDU Sat Jan 11 15:21:44 2003 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:16:56 2006 Subject: AW: Cry for help. Message-ID: It's in the header. X-message-flag. Outlook displays that marker in the message window so Outlook people would see it. It is rather childish for this... A professional mailing list. -----Original Message----- From: Mike Zanker [mailto:mike@ZANKER.ORG] Sent: Saturday, January 11, 2003 7:36 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: AW: Cry for help. On 11 January 2003 12:10 +0100 Jan-Peter Koopmann wrote: > Remco, > > would you mind stopping this childish "Outlook sucks" business? Where did he say that? Mike. From mailscanner at ecs.soton.ac.uk Sat Jan 11 17:43:46 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:56 2006 Subject: AW: Cry for help. In-Reply-To: Message-ID: <5.2.0.9.2.20030111174144.02af5b68@imap.ecs.soton.ac.uk> At 15:21 11/01/2003, you wrote: >It's in the header. X-message-flag. Outlook displays that marker in >the message window so Outlook people would see it. It is rather >childish for this... A professional mailing list. Now, now, let's call a halt to this thread. Putting things in X-headers is not worth anyone getting upset about. >-----Original Message----- >From: Mike Zanker [mailto:mike@ZANKER.ORG] >Sent: Saturday, January 11, 2003 7:36 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: AW: Cry for help. > > >On 11 January 2003 12:10 +0100 Jan-Peter Koopmann > wrote: > > > Remco, > > > > would you mind stopping this childish "Outlook sucks" business? > >Where did he say that? > >Mike. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From funk.gabor at HUNETKFT.HU Sat Jan 11 23:26:46 2003 From: funk.gabor at HUNETKFT.HU (Funk Gabor) Date: Thu Jan 12 21:16:56 2006 Subject: Cry for help. - NAI-4242 is out. References: Message-ID: <003a01c2b9c8$e9d76380$2c8bded5@chello.hu> NAI 4242 is out. (incl. sobig detection) Currently download from ftp.nai.com didn't work for me, as I could only get 4241 from the ftp, but akamai worked. http://www.mcafeeb2b.com/naicommon/download/dats/find.asp G. From jscott at INFOCONEX.COM Sun Jan 12 00:07:05 2003 From: jscott at INFOCONEX.COM (Jim Scott) Date: Thu Jan 12 21:16:56 2006 Subject: Cannot modify postmaster notify signature? Message-ID: <004301c2b9ce$8a83f320$2719a8c0@infoconex.com> Version: 4.11-1 OS: Redhat 7.x MTA: Sendmail Virus Software: F-PROT I have modified all the templates in the "en" directory replacing any of the notifications that have this -- MailScanner Email Virus Scanner www.mailscanner.info I have modified the default with my own signature. When a virus is detected it sends out notification to the sending user with the proper signature that I have created in the template. However the postmaster I specified which is me for now gets a message with the above signature. I have searched high and low and cannot seem to find the location that this is changed in. The following is the example of what I get sent to me. Notice the signature is the default. Anyone know were this can be changed for the notification email that is sent to the postmaster? <-- Begin Sample --> The following e-mail messages were found to have viruses in them: Sender: IP Address: 213.163.105.2 Recipient: d1cdvvpfsswu94@somedain.com Subject: You are so sweet MessageID: h0BJdKW29137 Report: /var/spool/MailScanner/incoming/27694/h0BJdKW29137/love.scr Infection: W32/Lentin.H@mm Windows Screensavers are often used to hide viruses (love.scr) -- MailScanner Email Virus Scanner www.mailscanner.info <-- End Sample --> Thanks Jim Scott From Kevin.Spicer at BMRB.CO.UK Sun Jan 12 00:48:45 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:16:56 2006 Subject: Cannot modify postmaster notify signature? Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0A32C20@pascal.priv.bmrb.co.uk> Its hardcoded in MessageBatch.pm (in /usr/lib/MailScanner/MailScanner/ on my system) > -----Original Message----- > From: Jim Scott [mailto:jscott@INFOCONEX.COM] > Sent: 12 January 2003 00:07 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] Cannot modify postmaster notify signature? > > > Version: 4.11-1 > OS: Redhat 7.x > MTA: Sendmail > Virus Software: F-PROT > > I have modified all the templates in the "en" directory > replacing any of the > notifications that have this > > -- > MailScanner > Email Virus Scanner > www.mailscanner.info > > > I have modified the default with my own signature. When a > virus is detected it sends > out notification to the sending user with the proper > signature that I have created in > the template. However the postmaster I specified which is me > for now gets a message > with the above signature. I have searched high and low and > cannot seem to find the > location that this is changed in. > > The following is the example of what I get sent to me. Notice > the signature is the > default. Anyone know were this can be changed for the > notification email that is sent > to the postmaster? > > <-- Begin Sample --> > > The following e-mail messages were found to have viruses in them: > > Sender: > IP Address: 213.163.105.2 > Recipient: d1cdvvpfsswu94@somedain.com > Subject: You are so sweet > MessageID: h0BJdKW29137 > Report: > /var/spool/MailScanner/incoming/27694/h0BJdKW29137/love.scr > Infection: > W32/Lentin.H@mm > Windows Screensavers are often used to hide viruses (love.scr) > > > -- > MailScanner > Email Virus Scanner > www.mailscanner.info > > <-- End Sample --> > > Thanks > Jim Scott > From jscott at INFOCONEX.COM Sun Jan 12 00:56:27 2003 From: jscott at INFOCONEX.COM (Jim Scott) Date: Thu Jan 12 21:16:56 2006 Subject: Cannot modify postmaster notify signature? References: <5C0296D26910694BB9A9BBFC577E7AB0A32C20@pascal.priv.bmrb.co.uk> Message-ID: <008401c2b9d5$70045560$2719a8c0@infoconex.com> > -----Original Message----- > From: Jim Scott [mailto:jscott@INFOCONEX.COM] > Sent: 12 January 2003 00:07 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] Cannot modify postmaster notify signature? > > > Version: 4.11-1 > OS: Redhat 7.x > MTA: Sendmail > Virus Software: F-PROT > > I have modified all the templates in the "en" directory > replacing any of the > notifications that have this > > -- > MailScanner > Email Virus Scanner > www.mailscanner.info > > > I have modified the default with my own signature. When a > virus is detected it sends > out notification to the sending user with the proper > signature that I have created in > the template. However the postmaster I specified which is me > for now gets a message > with the above signature. I have searched high and low and > cannot seem to find the > location that this is changed in. > > The following is the example of what I get sent to me. Notice > the signature is the > default. Anyone know were this can be changed for the > notification email that is sent > to the postmaster? > > <-- Begin Sample --> > > The following e-mail messages were found to have viruses in them: > > Sender: > IP Address: 213.163.105.2 > Recipient: d1cdvvpfsswu94@somedain.com > Subject: You are so sweet > MessageID: h0BJdKW29137 > Report: > /var/spool/MailScanner/incoming/27694/h0BJdKW29137/love.scr > Infection: > W32/Lentin.H@mm > Windows Screensavers are often used to hide viruses (love.scr) > > > -- > MailScanner > Email Virus Scanner > www.mailscanner.info > > <-- End Sample --> > > Thanks > Jim Scott > >->---- Original Message ----- >>From: "Spicer, Kevin" >>To: >>Sent: Saturday, January 11, 2003 4:48 PM >>Subject: Re: Cannot modify postmaster notify signature? >> >> >>Its hardcoded in MessageBatch.pm (in /usr/lib/MailScanner/MailScanner/ on my system) I modified that one already thinking the same thing. Still get the same signature. Evidently even though it looks like that would fix it, it must be hardcoded somewhere else. Jim From Kevin.Spicer at BMRB.CO.UK Sun Jan 12 01:28:24 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:16:56 2006 Subject: Cannot modify postmaster notify signature? Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0A4ACFE@pascal.priv.bmrb.co.uk> > >>Its hardcoded in MessageBatch.pm (in > /usr/lib/MailScanner/MailScanner/ on my > system) > > > I modified that one already thinking the same thing. Still > get the same signature. > Evidently even though it looks like that would fix it, it > must be hardcoded somewhere > else. > > Jim I just tested that on my system and it definately works (MS4.10) Did you stop and restart mailscanner (just doing a reload isn't enough)? Have you by any chance got two versions of MS installed in different directories and maybe changed the non-current one (long shot!) The line I changed was... $notices{$postie} . "\n-- \nMailScanner\nEmail Virus Scanner\n" . "www.mailscanner.info\n"; which is line 587 in MessageBatch.pm in release 4.10 From P.G.M.Peters at civ.utwente.nl Sun Jan 12 12:44:32 2003 From: P.G.M.Peters at civ.utwente.nl (Peter Peters) Date: Thu Jan 12 21:16:56 2006 Subject: AW: Cry for help. In-Reply-To: <5.2.0.9.2.20030111174144.02af5b68@imap.ecs.soton.ac.uk> References: <5.2.0.9.2.20030111174144.02af5b68@imap.ecs.soton.ac.uk> Message-ID: <2no22v0gthlooki0elibfo4ornfmh3kdm3@4ax.com> On Sat, 11 Jan 2003 17:43:46 +0000, you wrote: >At 15:21 11/01/2003, you wrote: >>It's in the header. X-message-flag. Outlook displays that marker in >>the message window so Outlook people would see it. It is rather >>childish for this... A professional mailing list. > >Now, now, let's call a halt to this thread. >Putting things in X-headers is not worth anyone getting upset about. But complaining about using AW: instead of Re: in the subject of replies is. That can (and will in a number of places) break threading. -- Peter Peters senior netwerkbeheerder, Centrum voor Informatievoorziening, Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: +31 53 489 2301, fax:+31 53 489 2383, http://www.utwente.nl/civ From paul.hamilton at sme-ecom.co.uk Sun Jan 12 14:14:51 2003 From: paul.hamilton at sme-ecom.co.uk (Paul Hamilton) Date: Thu Jan 12 21:16:56 2006 Subject: Setting up Black & Whitelists by domain Message-ID: <000001c2ba44$f9961420$fc32000a@4> Hi all, Is anyone willing to share their Black & Whitelist rulesets for 'By Domain' config? We have set-up rulesets up in the MailScanner.conf for Black & Whitelisting as follows: /opt/rules/blacklist.rules /opt/rules/whitelist.rules Both have the default as: FromTo: default no Further to this we have created the following directory: /opt/bydomain Within this we have further directories which represent the individual domains we wish to allow control over their own Black & White lists. e.g. sme-ecom.co.uk. - This directory then has its own blacklist & whitelist.rules files. The problem we have is that everytime we add to /opt/rules/blacklist.rules the following: FromTo: default no To: *@sme-ecom.co.uk /opt/bydomain/sme-ecom.co.uk/blacklist.rules we get a syntax error in our logs as shown here: "Syntax error in line 2 of ruleset file /opt/rules/spam.blacklist.rules for keyword spamblacklist Jan 12 14:02:21 cobaltxxxx MailScanner[3589]: Aborting due to syntax errors in /opt/rules/spam.blacklist.rules. The same happens when we try to set the Whitelist rules. Could anyone guide us or point out the errors of our ways - can this be done? Many thanks in advance. Paul H. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030112/214e9b78/attachment.html From Kevin.Spicer at BMRB.CO.UK Sun Jan 12 14:55:32 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:16:56 2006 Subject: Setting up Black & Whitelists by domain Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0A4ACFF@pascal.priv.bmrb.co.uk> > The problem we have is that everytime we add to /opt/rules/blacklist.rules the following: > FromTo: default no > To: *@sme-ecom.co.uk /opt/bydomain/sme-ecom.co.uk/blacklist.rules > we get a syntax error in our logs as shown here: > "Syntax error in line 2 of ruleset file /opt/rules/spam.blacklist.rules for keyword > spamblacklist > Jan 12 14:02:21 cobaltxxxx MailScanner[3589]: Aborting due to syntax errors in > /opt/rules/spam.blacklist.rules. > The same happens when we try to set the Whitelist rules. > Could anyone guide us or point out the errors of our ways - can this be done? You are trying to specify a ruleset as the result of a ruleset, whereas you should only specify a yes or no (or whatever the legal values are for that option in the config file). I don't know any easy way of achieving what you want to do, if its no possible to combine all the rules you want into a single ruleset. If you are running a version of MS since 4.03 and you know some perl you could get your hands dirty and write a custom function in CustomConfig.pm to handle this (see the top of the config file for details about how to call this function). I imagine it would be possible to achieve what you want like that. From mailscanner at ecs.soton.ac.uk Sun Jan 12 15:35:59 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:56 2006 Subject: Setting up Black & Whitelists by domain In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0A4ACFF@pascal.priv.bmrb.co .uk> Message-ID: <5.2.0.9.2.20030112151646.02531500@imap.ecs.soton.ac.uk> At 14:55 12/01/2003, you wrote: > > The problem we have is that everytime we add to > /opt/rules/blacklist.rules the following: > > > FromTo: default no > > To: *@sme-ecom.co.uk /opt/bydomain/sme-ecom.co.uk/blacklist.rules > > > we get a syntax error in our logs as shown here: > > > "Syntax error in line 2 of ruleset file /opt/rules/spam.blacklist.rules > for keyword > > spamblacklist > > Jan 12 14:02:21 cobaltxxxx MailScanner[3589]: Aborting due to syntax > errors in > > /opt/rules/spam.blacklist.rules. > > > The same happens when we try to set the Whitelist rules. > > > Could anyone guide us or point out the errors of our ways - can this > be done? > >You are trying to specify a ruleset as the result of a ruleset, whereas >you should only specify a yes or no (or whatever the legal values are for >that option in the config file). > >I don't know any easy way of achieving what you want to do, if its no >possible to combine all the rules you want into a single ruleset. If you >are running a version of MS since 4.03 and you know some perl you could >get your hands dirty and write a custom function in >CustomConfig.pm to handle this (see the top of the config file for details >about how to call this function). I imagine it would be possible to >achieve what you want like that. Just to confirm that you are quite right. I haven't yet come up with a way of having rulesets within rulesets, which is what this would need. Currently you will have to write some custom function to do it for you. Shouldn't be too hard to do, especially if it's only a simple (but possibly long) ruleset for each domain. If each black/white-listed address is either a complete address or a domain name (so no "*" characters anywhere), then the end result will be very fast too. Thinking further, we have a dir "/opt/bydomain" which contains 2 subdirectories, "blacklist" and "whitelist". Each of those directories contains a file named after each domain. So for "example.com" there will be /opt/bydomain/whitelist/example.com and /opt/bydomain/blacklist/example.com. Each of the example.com files can contain entries of the form user@address.spam.com and address.spam.com and that's all. Keeping it restricted to this makes life a lot easier later. I'll get back to the list shortly about this, it's probably worth me writing an implementation of this as it is going to be a common requirement. For a sample domain "example.com", there is a file "example.com.white" and "example.com.black". -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Sun Jan 12 16:33:21 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:56 2006 Subject: Setting up Black & Whitelists by domain In-Reply-To: <5.2.0.9.2.20030112151646.02531500@imap.ecs.soton.ac.uk> References: <5C0296D26910694BB9A9BBFC577E7AB0A4ACFF@pascal.priv.bmrb.co .uk> Message-ID: <5.2.0.9.2.20030112162449.0269ec00@imap.ecs.soton.ac.uk> Okay, I've moved the directories to be /etc/MailScanner/spam.bydomain/whitelist and /etc/MailScanner/spam.bydomain/blacklist but otherwise it is pretty much as I said in my previous posting (included at the bottom of this message). The patch to CustomConfig.pm I have attached has *not* been tested. So give it a go and see if it works. If you know some perl, please find all the bugs and mail me the corrections :-) If it works (or once it works after you have found all the bugs for me) then feel free to use it. To use it, you will need to set these in your MailScanner.conf file: Is Definitely Not Spam = &ByDomainSpamWhitelist Is Definitely Spam = &ByDomainSpamBlacklist At 15:35 12/01/2003, you wrote: >Currently you will have to write some custom function to do it for you. >Shouldn't be too hard to do, especially if it's only a simple (but possibly >long) ruleset for each domain. If each black/white-listed address is either >a complete address or a domain name (so no "*" characters anywhere), then >the end result will be very fast too. > >Thinking further, we have a dir "/opt/bydomain" which contains 2 >subdirectories, "blacklist" and "whitelist". >Each of those directories contains a file named after each domain. So for >"example.com" there will be /opt/bydomain/whitelist/example.com and >/opt/bydomain/blacklist/example.com. >Each of the example.com files can contain entries of the form > user@address.spam.com >and > address.spam.com >and that's all. Keeping it restricted to this makes life a lot easier later. > >I'll get back to the list shortly about this, it's probably worth me >writing an implementation of this as it is going to be a common requirement. >-- >Julian Field >www.MailScanner.info >MailScanner thanks transtec Computers for their support -------------- next part -------------- A non-text attachment was scrubbed... Name: CustomConfig.pm.patch Type: application/octet-stream Size: 4028 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030112/24ff20e7/CustomConfig.pm.obj -------------- next part -------------- -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From paul.hamilton at sme-ecom.co.uk Sun Jan 12 19:39:47 2003 From: paul.hamilton at sme-ecom.co.uk (Paul Hamilton) Date: Thu Jan 12 21:16:56 2006 Subject: FW: Setting up Black & Whitelists by domain Message-ID: <000501c2ba72$5dbb76c0$fc32000a@4> You Wrote: >Each of those directories contains a file named after each domain. So for >"example.com" there will be /opt/bydomain/whitelist/example.com and >/opt/bydomain/blacklist/example.com. >Each of the example.com files can contain entries of the form > user@address.spam.com >and > address.spam.com >and that's all. Keeping it restricted to this makes life a lot easier later. **************************************************************************** Jules, Thanks for this, will test and come back, just a couple of questions: Can we still add the default function for each domain? Do we still require 'FromTo:' i.e So whitelist/example.com - would look like: FromTo: default no FromTo: user@address.spam.com yes FromTo: address.spam.com yes or should it be: default no user@address.spam.com yes address.spam.com yes Regards Paul H. **************************************************************************** >I'll get back to the list shortly about this, it's probably worth me >writing an implementation of this as it is going to be a common requirement. >-- >Julian Field >www.MailScanner.info >MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Sun Jan 12 19:46:14 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:56 2006 Subject: FW: Setting up Black & Whitelists by domain In-Reply-To: <000501c2ba72$5dbb76c0$fc32000a@4> Message-ID: <5.2.0.9.2.20030112194407.0207fe70@imap.ecs.soton.ac.uk> At 19:39 12/01/2003, you wrote: >You Wrote: > > >Each of those directories contains a file named after each domain. So for > >"example.com" there will be /opt/bydomain/whitelist/example.com and > >/opt/bydomain/blacklist/example.com. > >Each of the example.com files can contain entries of the form > > user@address.spam.com > >and > > address.spam.com > >and that's all. Keeping it restricted to this makes life a lot easier >later. > >**************************************************************************** >Jules, > >Thanks for this, will test and come back, just a couple of questions: > >Can we still add the default function for each domain? >Do we still require 'FromTo:' i.e > >So whitelist/example.com - would look like: > >FromTo: default no >FromTo: user@address.spam.com yes >FromTo: address.spam.com yes > >or should it be: > >default no >user@address.spam.com yes >address.spam.com yes It's even simpler than that: user@address.spam.com adress.spam.com -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Sun Jan 12 20:00:10 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:56 2006 Subject: FW: Setting up Black & Whitelists by domain In-Reply-To: <5.2.0.9.2.20030112194407.0207fe70@imap.ecs.soton.ac.uk> References: <000501c2ba72$5dbb76c0$fc32000a@4> Message-ID: <5.2.0.9.2.20030112195905.02b75e10@imap.ecs.soton.ac.uk> At 19:46 12/01/2003, you wrote: >At 19:39 12/01/2003, you wrote: >>You Wrote: >> >> >Each of those directories contains a file named after each domain. So for >> >"example.com" there will be /opt/bydomain/whitelist/example.com and >> >/opt/bydomain/blacklist/example.com. >> >Each of the example.com files can contain entries of the form >> > user@address.spam.com >> >and >> > address.spam.com >> >and that's all. Keeping it restricted to this makes life a lot easier >>later. >> >>**************************************************************************** >>Jules, >> >>Thanks for this, will test and come back, just a couple of questions: >> >>Can we still add the default function for each domain? No, my patch assumes that the default is no. If you need this to be "yes" for some reason, get back to me. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From jscott at INFOCONEX.COM Mon Jan 13 04:37:46 2003 From: jscott at INFOCONEX.COM (Jim Scott) Date: Thu Jan 12 21:16:56 2006 Subject: Redhat 7.x startup script? Message-ID: <021a01c2babd$8743d4b0$1b19a8c0@jimlaptop> I have been changing config files and restarting and assuming that the mailscanner service was stopping and starting. Turns out it was not. I have insatlled 4.11-1 from source on my box. Does someone have a script that works? I have already tried the one listed on the website oldnews section and it does not stop the process. Just reports failed. Any help appreciated. Thanks Jim From jscott at INFOCONEX.COM Mon Jan 13 04:41:28 2003 From: jscott at INFOCONEX.COM (Jim Scott) Date: Thu Jan 12 21:16:56 2006 Subject: Cannot modify postmaster notify signature? References: <5C0296D26910694BB9A9BBFC577E7AB0A32C20@pascal.priv.bmrb.co.uk> Message-ID: <022101c2babe$0a9eb140$1b19a8c0@jimlaptop> Kevin, thanks. After you mentioned restarting I first discounted that as I had stopped and started it many times thinking the same thing. I then thought that since you made the same change and it worked that I must be doing something wrong. I stopped the service and then went to look and mailscanner was still running. Looks like the redhat startup script I am using starts the service fine, however stopping it does not work. Only shuts down the sendmail services. Thanks for you help. If you have a script for redhat I would appreciate it. If not no big deal as I have posted the issue to the list. After rebooting my machine the modification started working. Jim ----- Original Message ----- From: "Spicer, Kevin" To: Sent: Saturday, January 11, 2003 4:48 PM Subject: Re: Cannot modify postmaster notify signature? Its hardcoded in MessageBatch.pm (in /usr/lib/MailScanner/MailScanner/ on my system) > -----Original Message----- > From: Jim Scott [mailto:jscott@INFOCONEX.COM] > Sent: 12 January 2003 00:07 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] Cannot modify postmaster notify signature? > > > Version: 4.11-1 > OS: Redhat 7.x > MTA: Sendmail > Virus Software: F-PROT > > I have modified all the templates in the "en" directory > replacing any of the > notifications that have this > > -- > MailScanner > Email Virus Scanner > www.mailscanner.info > > > I have modified the default with my own signature. When a > virus is detected it sends > out notification to the sending user with the proper > signature that I have created in > the template. However the postmaster I specified which is me > for now gets a message > with the above signature. I have searched high and low and > cannot seem to find the > location that this is changed in. > > The following is the example of what I get sent to me. Notice > the signature is the > default. Anyone know were this can be changed for the > notification email that is sent > to the postmaster? > > <-- Begin Sample --> > > The following e-mail messages were found to have viruses in them: > > Sender: > IP Address: 213.163.105.2 > Recipient: d1cdvvpfsswu94@somedain.com > Subject: You are so sweet > MessageID: h0BJdKW29137 > Report: > /var/spool/MailScanner/incoming/27694/h0BJdKW29137/love.scr > Infection: > W32/Lentin.H@mm > Windows Screensavers are often used to hide viruses (love.scr) > > > -- > MailScanner > Email Virus Scanner > www.mailscanner.info > > <-- End Sample --> > > Thanks > Jim Scott > From todd.williams at TFCCI.COM Mon Jan 13 04:52:46 2003 From: todd.williams at TFCCI.COM (Todd Williams) Date: Thu Jan 12 21:16:56 2006 Subject: Couple of things for the next version Message-ID: <200301130452.XAA09011@twister.tfcc.com> Hi all, Just an FYI, found a couple of minor issues... In 4.11-1, there is a problem with the antivir-wrapper shell script, which makes your cron attempt to use the generic update script each time it runs -- at least it did on my system. Not a biggie, but may help save some confusion. The variable definitions were in perl style, which didn't work with #!/bin/sh. :) Fix: (Your distribution may vary.) In /usr/lib/MailScanner/antivir-wrapper #$PackageDir=/usr/lib/AntiVir #$prog=antivir PackageDir=/usr/lib/AntiVir prog=antivir Also, one other thing to note. The mcafee-autoupdate script requires the Net::FTP perl module to be installed. This isn't mentioned much of anywhere else, so arguably perhaps the MailScanner module should list this as a pre-requisite, especially if McAfee is to be used and autoupdated? It seems the McAfee script is the only autoupdate script requiring this, but it's important to note. Also, there is no "update failed" log entry generated or any other indication that the autoupdate failed. Hope this helps someone. Thanks, Todd From todd.williams at TFCCI.COM Mon Jan 13 04:59:34 2003 From: todd.williams at TFCCI.COM (Todd Williams) Date: Thu Jan 12 21:16:56 2006 Subject: Redhat Startup Script issue? Message-ID: <200301130459.XAA09272@twister.tfcc.com> Hi folks, It seems to me there is an issue with the init script on RedHat. When the init script (*/init.d/MailScanner) does pid=`pidofproc MailScanner` it finds itself running (the init script -- maybe NOT the MailScanner program!) This could give you a false positive to make you think the MailScanner is scanning messages, and it may not be running. The init script's status and reload functions are affected -- it could find the init script and/or the MailScanner perl program running. I'm not sure how the best way to get around this might be... Perhaps rename the init script? Julian, any thoughts? Thanks, Todd From jscott at INFOCONEX.COM Mon Jan 13 05:04:52 2003 From: jscott at INFOCONEX.COM (Jim Scott) Date: Thu Jan 12 21:16:56 2006 Subject: Redhat 7.x startup script? References: <021a01c2babd$8743d4b0$1b19a8c0@jimlaptop> Message-ID: <02b601c2bac1$4e603ea0$1b19a8c0@jimlaptop> Found the problem. The startup script that I got refers to mailscanner in lowercase. The script is running as MailScanner changing this: killproc mailscanner to this: killproc MailScanner Also updating in status area of script worked as well. Things now stop correctly and report status properly. Jim ----- Original Message ----- From: To: Sent: Sunday, January 12, 2003 8:37 PM Subject: Redhat 7.x startup script? I have been changing config files and restarting and assuming that the mailscanner service was stopping and starting. Turns out it was not. I have insatlled 4.11-1 from source on my box. Does someone have a script that works? I have already tried the one listed on the website oldnews section and it does not stop the process. Just reports failed. Any help appreciated. Thanks Jim From jscott at INFOCONEX.COM Mon Jan 13 05:11:10 2003 From: jscott at INFOCONEX.COM (Jim Scott) Date: Thu Jan 12 21:16:56 2006 Subject: Redhat Startup Script issue? References: <200301130459.XAA09272@twister.tfcc.com> Message-ID: <02be01c2bac2$303d2310$1b19a8c0@jimlaptop> I was never able to reliably get mailscanner to stop and start using the default name of mailscanner as the startup script. I renamed it mailscanner1 and it worked. Jim ----- Original Message ----- From: "Todd Williams" To: Sent: Sunday, January 12, 2003 8:59 PM Subject: Redhat Startup Script issue? Hi folks, It seems to me there is an issue with the init script on RedHat. When the init script (*/init.d/MailScanner) does pid=`pidofproc MailScanner` it finds itself running (the init script -- maybe NOT the MailScanner program!) This could give you a false positive to make you think the MailScanner is scanning messages, and it may not be running. The init script's status and reload functions are affected -- it could find the init script and/or the MailScanner perl program running. I'm not sure how the best way to get around this might be... Perhaps rename the init script? Julian, any thoughts? Thanks, Todd From todd.williams at TFCCI.COM Mon Jan 13 05:39:05 2003 From: todd.williams at TFCCI.COM (Todd Williams) Date: Thu Jan 12 21:16:56 2006 Subject: Question about "Full headers are" in virus report to postmaster Message-ID: <200301130539.AAA11126@twister.tfcc.com> Hello, Running Redhat and MailScanner 4.11-1 and Sendmail 8.11.6. In testing, I'm seeing something odd in the "Full headers are" section in the postmaster virus report... Full headers are Return-Path: <^Ag> The message above shown in the Return-Path should actually read: (LessThan)(Carat/Control?)(Capital A with ' accent mark)(GreaterThan) Anybody seeing similar behavior? It could be Sendmail or who knows?? Thanks in advance! Todd From mike at CAMAROSS.NET Mon Jan 13 05:42:09 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:16:56 2006 Subject: Question about "Full headers are" in virus report to postmaster In-Reply-To: <200301130539.AAA11126@twister.tfcc.com> Message-ID: <00d801c2bac6$846d4600$9801a8c0@home.middlefinger.net> I see ^g a lot...don't know what it means :) -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Todd Williams Sent: Sunday, January 12, 2003 11:39 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Question about "Full headers are" in virus report to postmaster Hello, Running Redhat and MailScanner 4.11-1 and Sendmail 8.11.6. In testing, I'm seeing something odd in the "Full headers are" section in the postmaster virus report... Full headers are Return-Path: <^Ag> The message above shown in the Return-Path should actually read: (LessThan)(Carat/Control?)(Capital A with ' accent mark)(GreaterThan) Anybody seeing similar behavior? It could be Sendmail or who knows?? Thanks in advance! Todd From Kevin.Spicer at BMRB.CO.UK Mon Jan 13 08:09:00 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:16:56 2006 Subject: Cannot modify postmaster notify signature? Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0A32C23@pascal.priv.bmrb.co.uk> > Thanks for you help. If you have a script for redhat I would > appreciate it. > If not no big deal as I have posted the issue to the list. > It looks like maybe you have an init script left over from 3.x - (if I remember 3.x's init script was mailscanner, whereas 4.x is MailScanner). See if you have a MailScanner in /etc/init.d - if so try chkconfig mailscanner off chkconfig --level 2345 MailScanner on From paul at ESPMAIL.CO.UK Mon Jan 13 09:15:32 2003 From: paul at ESPMAIL.CO.UK (Paul Welsh) Date: Thu Jan 12 21:16:56 2006 Subject: Does Lirva send from a genuine address? References: <200301130452.XAA09011@twister.tfcc.com> Message-ID: <008f01c2bae4$52e95b50$6a0110ac@sbsplc.com> Just wondering whether Lirva is one of those viruses that sends itself using a bogus email address and therefore not worth notifying the sender about? I have looked at the Symantec site (http://www.symantec.com/avcenter/venc/data/w32.lirva.a@mm.html) and at Frisk's site (http://www.f-prot.com/virusinfo/lirva_desc.html) and can't find anything to indicate this. From G.Welter at ROCLEIDEN.NL Mon Jan 13 09:26:58 2003 From: G.Welter at ROCLEIDEN.NL (G Welter) Date: Thu Jan 12 21:16:56 2006 Subject: Does Lirva send from a genuine address? Message-ID: Hi. >From the mcafee page you mentioned below: The worm uses the default SMTP server of the infected computer, and then adds either the address of the sender or a randomly selected email address to the "From:" line of the email. So it seems to me that the from address is bogus. So yes, it should be added to the silent viruses. Gerben. >>> paul@ESPMAIL.CO.UK 01/13/03 10:15AM >>> Just wondering whether Lirva is one of those viruses that sends itself using a bogus email address and therefore not worth notifying the sender about? I have looked at the Symantec site (http://www.symantec.com/avcenter/venc/data/w32.lirva.a@mm.html) and at Frisk's site (http://www.f-prot.com/virusinfo/lirva_desc.html) and can't find anything to indicate this. From mailscanner at BARENDSE.TO Mon Jan 13 09:44:35 2003 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:16:56 2006 Subject: Cry for help. - NAI-4242 is out. In-Reply-To: <003a01c2b9c8$e9d76380$2c8bded5@chello.hu> Message-ID: Try the daily dats that McAfee release, I fetch these twice daily, McAfee found and stopped sobig only a few hours after the announcement was on their website. http://download.nai.com/products/mcafee-avert/daily_dats/DAILYDAT.ZIP On Sun, 12 Jan 2003, Funk Gabor wrote: > NAI 4242 is out. (incl. sobig detection) > Currently download from ftp.nai.com didn't work for me, as > I could only get 4241 from the ftp, but akamai worked. > > http://www.mcafeeb2b.com/naicommon/download/dats/find.asp > > > G. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From paul at ESPMAIL.CO.UK Mon Jan 13 10:11:39 2003 From: paul at ESPMAIL.CO.UK (Paul Welsh) Date: Thu Jan 12 21:16:56 2006 Subject: Does Lirva send from a genuine address? References: Message-ID: <00c201c2baec$29c06cc0$6a0110ac@sbsplc.com> ----- Original Message ----- From: "G Welter" To: Sent: Monday, January 13, 2003 9:26 AM Subject: Re: Does Lirva send from a genuine address? > >From the mcafee page you mentioned below: > > The worm uses the default SMTP server of the infected computer, and then adds either the address of the sender or a randomly selected email address to the "From:" line of the email. > > So it seems to me that the from address is bogus. So yes, it should be added to the silent viruses. > Sorry, half asleep - didn't notice that, even though I skimmed through the Symantec article. From mailscanner at ecs.soton.ac.uk Mon Jan 13 10:18:12 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:56 2006 Subject: Redhat 7.x startup script? In-Reply-To: <021a01c2babd$8743d4b0$1b19a8c0@jimlaptop> Message-ID: <5.2.0.9.2.20030113101429.02a96240@imap.ecs.soton.ac.uk> At 04:37 13/01/2003, you wrote: >I have been changing config files and restarting and assuming that the >mailscanner service was stopping and starting. Turns out it was not. I have >insatlled 4.11-1 from source on my box. Does someone have a script that >works? > >I have already tried the one listed on the website oldnews section and it >does not stop the process. Just reports failed. The correct script is included in the RPM. Out of interest, why not use the rpm? As it is all written in perl you wind up with a copy of the source anyway. Just curious... I have attached a copy of the init.d script for you. -------------- next part -------------- A non-text attachment was scrubbed... Name: MailScanner Type: application/octet-stream Size: 4031 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030113/f782ce6d/MailScanner.obj -------------- next part -------------- -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Mon Jan 13 10:19:53 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:56 2006 Subject: Couple of things for the next version In-Reply-To: <200301130452.XAA09011@twister.tfcc.com> Message-ID: <5.2.0.9.2.20030113101857.02ad5e58@imap.ecs.soton.ac.uk> Both are good points. I have fixed the bug you point out in the antivir-wrapper script, and I will have a think to try to work out a method of detecting the problem in your second point. At 04:52 13/01/2003, you wrote: >Hi all, > >Just an FYI, found a couple of minor issues... > >In 4.11-1, there is a problem with the antivir-wrapper shell script, which >makes your cron attempt to use the generic update script each time it runs >-- at least it did on my system. Not a biggie, but may help save some >confusion. The variable definitions were in perl style, which didn't work >with #!/bin/sh. :) > >Fix: (Your distribution may vary.) In /usr/lib/MailScanner/antivir-wrapper > >#$PackageDir=/usr/lib/AntiVir >#$prog=antivir >PackageDir=/usr/lib/AntiVir >prog=antivir > >Also, one other thing to note. The mcafee-autoupdate script requires >the Net::FTP perl module to be installed. This isn't mentioned much of >anywhere else, so arguably perhaps the MailScanner module should list this >as a pre-requisite, especially if McAfee is to be used and >autoupdated? It seems the McAfee script is the only autoupdate script >requiring this, but it's important to note. Also, there is no "update >failed" log entry generated or any other indication that the autoupdate failed. > >Hope this helps someone. > >Thanks, > >Todd -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Mon Jan 13 10:22:59 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:56 2006 Subject: Redhat Startup Script issue? In-Reply-To: <200301130459.XAA09272@twister.tfcc.com> Message-ID: <5.2.0.9.2.20030113102123.02adc488@imap.ecs.soton.ac.uk> Is this not a problem with other init.d scripts as well? Do RedHat subtly make the init.d script names different from the process names in every case? the shell pidofproc function should look for the PID file before actually studying the process table if I remember rightly. It's all in /etc/rc.d/init.d/functions. At 04:59 13/01/2003, you wrote: >Hi folks, > >It seems to me there is an issue with the init script on RedHat. When the >init script (*/init.d/MailScanner) does pid=`pidofproc MailScanner` >it finds itself running (the init script -- maybe NOT the MailScanner >program!) This could give you a false positive to make you think the >MailScanner is scanning messages, and it may not be running. > >The init script's status and reload functions are affected -- it could >find the init script and/or the MailScanner perl program running. > >I'm not sure how the best way to get around this might be... Perhaps >rename the init script? Julian, any thoughts? > >Thanks, > >Todd -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Mon Jan 13 10:24:40 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:56 2006 Subject: Question about "Full headers are" in virus report to postmaster In-Reply-To: <200301130539.AAA11126@twister.tfcc.com> Message-ID: <5.2.0.9.2.20030113102327.02ad8af8@imap.ecs.soton.ac.uk> At 05:39 13/01/2003, you wrote: >Hello, > >Running Redhat and MailScanner 4.11-1 and Sendmail 8.11.6. In testing, >I'm seeing something odd in the "Full headers are" section in the >postmaster virus report... > >Full headers are > Return-Path: <^Ag> Sendmail puts really bizarre content in that header. I have tried removing the ^A character before, but it doesn't actually help. And there's no docs on this, it should just contain the envelope sender address but doesn't appear to. >The message above shown in the Return-Path should actually read: >(LessThan)(Carat/Control?)(Capital A with ' accent mark)(GreaterThan) > >Anybody seeing similar behavior? It could be Sendmail or who knows?? > >Thanks in advance! > >Todd -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From jjohanns at SEWANEE.EDU Fri Jan 10 21:52:41 2003 From: jjohanns at SEWANEE.EDU (jj) Date: Thu Jan 12 21:16:56 2006 Subject: MailScanner_found_Cyrus_boundary_substring_problem_ In-Reply-To: Message-ID: Hello, We are running version 4.11-1 of mailscanner on HP-UX 11.0 with sendmail 8.12.7, Qpopper and majordomo as our mailing list manager. When a Word file was sent as an attachemnt to a majordomo list it resulted in the following error: _MailScanner_found_Cyrus_boundary_substring_problem__ and the attachment was included in the message. When the same attachment is sent to individual users it is deliverd normally. The sender uses Eudora on Windows 2000. Does anyone know what the problem might be? >--=====================_366438080==_.ALT-- > --__MailScanner_found_Cyrus_boundary_substring_problem__ Content-Type: application/msword; name="serials survey 1-03.doc"; x-mac-type="42494E41"; x-mac-creator="4D535744" Content-Transfer-Encoding: base64>Content-Disposition: attachment; filename="serials survey 1-03.doc" 0M8R4KGxGuEAAAAAAAAAAAAAAAAAAAAAPgADAP7/CQAGAAAAAAAAAAAAAAAB AAAAQwAAAAAAAAAAEAAARQAAAAEAAAD+////AAAAAEIAAAD///////////// etc. Thanks Johannes Johannsson . This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses *********************************************************************************** . This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses *********************************************************************************** From mailscanner at ecs.soton.ac.uk Fri Jan 10 22:14:42 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:56 2006 Subject: MailScanner_found_Cyrus_boundary_substring_problem_ In-Reply-To: References: Message-ID: <5.2.0.9.2.20030110220655.02db5d10@imap.ecs.soton.ac.uk> This is a result of a check used to defend against a bug in the Cyrus IMAP server which is exercised by some versions of Eudora. You have a multipart/mixed with a multipart/alternative inside it, where the "mised" MIME boundary is a substring of the "alternative" MIME boundary. So when MailScanner finds this situation, it changes the inner MIME boundary to be the string you saw. However, I did test this and it worked just fine when I tested it... Are you using the latest MIME tools and so on? It will only happen to messages created with Eudora which contain "styled" text (i.e. HTML) as well as plain text, and an attachment. Is anyone else seeing this problem? Or could it be a majordomo problem? The fact that it doesn't occur in messages sent to individual users shows it must be at least mostly correct. Can you send me (zipped up) the complete message sent to individual users, and the message sent out by majordomo, so I can compare them please? At 21:52 10/01/2003, you wrote: >Hello, > >We are running version 4.11-1 of mailscanner on HP-UX 11.0 with sendmail >8.12.7, Qpopper and majordomo as our mailing list manager. When a Word file >was sent as an attachemnt to a majordomo list it resulted in the following >error: _MailScanner_found_Cyrus_boundary_substring_problem__ >and the attachment was included in the message. When the same attachment is >sent to individual users it is deliverd normally. >The sender uses Eudora on Windows 2000. > >Does anyone know what the problem might be? > > >--=====================_366438080==_.ALT-- > > >--__MailScanner_found_Cyrus_boundary_substring_problem__ >Content-Type: application/msword; name="serials survey 1-03.doc"; > x-mac-type="42494E41"; x-mac-creator="4D535744" >Content-Transfer-Encoding: base64>Content-Disposition: attachment; >filename="serials survey 1-03.doc" >0M8R4KGxGuEAAAAAAAAAAAAAAAAAAAAAPgADAP7/CQAGAAAAAAAAAAAAAAAB >AAAAQwAAAAAAAAAAEAAARQAAAAEAAAD+////AAAAAEIAAAD///////////// > >etc. > >Thanks >Johannes Johannsson -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support . This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses *********************************************************************************** . This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses *********************************************************************************** From mailscanner-sub at WIREHUB.NET Sat Jan 11 01:05:22 2003 From: mailscanner-sub at WIREHUB.NET (Ben C. O. Grimm) Date: Thu Jan 12 21:16:56 2006 Subject: Cry for help. In-Reply-To: References: Message-ID: On 11 Jan 2003 01:54:23 +0100, "John B. Hanks" wrote: > We are getting pounded by a (new?) virus that always sends from > big@boss.com. Can someone tell me a quick and dirty way to start dropping > all mail from this address? McAfee is not detecting it and I have added a > block for .pif attachments, but would prefer to drop the mails altogether. We put this one in our access.db with a DISCARD (under Sendmail). Not sure what this .pif is yet, but we were blocking it anyway with the filename rule. DISCARD just saves a bit of extra work. -- - Ben C. O. Grimm ----------------- Ben.Grimm@wirehub.net - - Wirehub! Internet Engineering - http://www.wirehub.net/ - - Private Ponderings ----------- http://www.bengrimm.net/ - - Wirehub! Internet ----------- part of easynet Group plc - . This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses *********************************************************************************** . This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses *********************************************************************************** From john.hanks at USU.EDU Sat Jan 11 01:05:07 2003 From: john.hanks at USU.EDU (John B. Hanks) Date: Thu Jan 12 21:16:56 2006 Subject: Cry for help. Message-ID: <5CA287DBA85BF649A45916B75FD20E0E1224F4@exchange01.blue.usu.edu> Nevermind, I figured it out with /etc/mail/access and sendmail. No need to bother mailscanner with it. Thanks anyway for MailScanner being incredible. jbh > -----Original Message----- > From: John B. Hanks > Sent: Friday, January 10, 2003 5:50 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Cry for help. > > > We are getting pounded by a (new?) virus that always sends > from big@boss.com. Can someone tell me a quick and dirty way > to start dropping all mail from this address? McAfee is not > detecting it and I have added a block for .pif attachments, > but would prefer to drop the mails altogether. > > Thanks > > jbh > . This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses *********************************************************************************** . This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses *********************************************************************************** From john.hanks at USU.EDU Sat Jan 11 00:49:30 2003 From: john.hanks at USU.EDU (John B. Hanks) Date: Thu Jan 12 21:16:56 2006 Subject: Cry for help. Message-ID: <5CA287DBA85BF649A45916B75FD20E0E1224F3@exchange01.blue.usu.edu> We are getting pounded by a (new?) virus that always sends from big@boss.com. Can someone tell me a quick and dirty way to start dropping all mail from this address? McAfee is not detecting it and I have added a block for .pif attachments, but would prefer to drop the mails altogether. Thanks jbh . This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses *********************************************************************************** . This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses *********************************************************************************** From mailscanner at ecs.soton.ac.uk Mon Jan 13 11:12:01 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:56 2006 Subject: Does Lirva send from a genuine address? In-Reply-To: <00c201c2baec$29c06cc0$6a0110ac@sbsplc.com> References: Message-ID: <5.2.0.9.2.20030113111003.02acdbc0@imap.ecs.soton.ac.uk> At 10:11 13/01/2003, you wrote: >----- Original Message ----- >From: "G Welter" >To: >Sent: Monday, January 13, 2003 9:26 AM >Subject: Re: Does Lirva send from a genuine address? > > > >From the mcafee page you mentioned below: > > > > The worm uses the default SMTP server of the infected computer, and then >adds either the address of the sender or a randomly selected email address >to the "From:" line of the email. > > > > So it seems to me that the from address is bogus. So yes, it should be >added to the silent viruses. I can see us all slowly coming to the situation that we turn off sender warnings altogether some time in the next year or so. Trouble is, this is going to make the virus situation worse than ever as there will be (practically) no way of finding the infected machines spewing out these messages. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From smohan at VSNL.COM Mon Jan 13 11:10:33 2003 From: smohan at VSNL.COM (S Mohan) Date: Thu Jan 12 21:16:56 2006 Subject: Cry for help. In-Reply-To: <5CA287DBA85BF649A45916B75FD20E0E1224F3@exchange01.blue.usu.edu> Message-ID: Give this address in the /etc/access file for discard as under. < content of /etc/access> # Check the /usr/doc/sendmail-8.11.0/README.cf file for a description # of the format of this file. (search for access_db in that file) # The /usr/doc/sendmail-8.11.0/README.cf is part of the sendmail-doc # package. # # by default we allow relaying from localhost... localhost.localdomain RELAY localhost RELAY 127.0.0.1 RELAY offers@ REJECT big@boss.com DISCARD < end of content /etc/access> Mohan -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of John B. Hanks Sent: 11 January 2003 06:20 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Cry for help. We are getting pounded by a (new?) virus that always sends from big@boss.com. Can someone tell me a quick and dirty way to start dropping all mail from this address? McAfee is not detecting it and I have added a block for .pif attachments, but would prefer to drop the mails altogether. Thanks jbh . This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses **************************************************************************** ******* . This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses **************************************************************************** ******* From mailscanner at ecs.soton.ac.uk Mon Jan 13 10:22:59 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:56 2006 Subject: Redhat Startup Script issue? In-Reply-To: <200301130459.XAA09272@twister.tfcc.com> Message-ID: <5.2.0.9.2.20030113102123.02adc488@imap.ecs.soton.ac.uk> Is this not a problem with other init.d scripts as well? Do RedHat subtly make the init.d script names different from the process names in every case? the shell pidofproc function should look for the PID file before actually studying the process table if I remember rightly. It's all in /etc/rc.d/init.d/functions. At 04:59 13/01/2003, you wrote: >Hi folks, > >It seems to me there is an issue with the init script on RedHat. When the >init script (*/init.d/MailScanner) does pid=`pidofproc MailScanner` >it finds itself running (the init script -- maybe NOT the MailScanner >program!) This could give you a false positive to make you think the >MailScanner is scanning messages, and it may not be running. > >The init script's status and reload functions are affected -- it could >find the init script and/or the MailScanner perl program running. > >I'm not sure how the best way to get around this might be... Perhaps >rename the init script? Julian, any thoughts? > >Thanks, > >Todd -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support . This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses *********************************************************************************** From mailscanner at ecs.soton.ac.uk Mon Jan 13 10:24:40 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:56 2006 Subject: Question about "Full headers are" in virus report to postmaster In-Reply-To: <200301130539.AAA11126@twister.tfcc.com> Message-ID: <5.2.0.9.2.20030113102327.02ad8af8@imap.ecs.soton.ac.uk> At 05:39 13/01/2003, you wrote: >Hello, > >Running Redhat and MailScanner 4.11-1 and Sendmail 8.11.6. In testing, >I'm seeing something odd in the "Full headers are" section in the >postmaster virus report... > >Full headers are > Return-Path: <^Ag> Sendmail puts really bizarre content in that header. I have tried removing the ^A character before, but it doesn't actually help. And there's no docs on this, it should just contain the envelope sender address but doesn't appear to. >The message above shown in the Return-Path should actually read: >(LessThan)(Carat/Control?)(Capital A with ' accent mark)(GreaterThan) > >Anybody seeing similar behavior? It could be Sendmail or who knows?? > >Thanks in advance! > >Todd -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support . This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses *********************************************************************************** From mike at ZANKER.ORG Sat Jan 11 12:36:24 2003 From: mike at ZANKER.ORG (Mike Zanker) Date: Thu Jan 12 21:16:56 2006 Subject: AW: Cry for help. In-Reply-To: <4E7026FF8A422749B1553FE508E0068007ECF3@message.intern.akctech.de> References: <4E7026FF8A422749B1553FE508E0068007ECF3@message.intern.akcte ch.de> Message-ID: <148473433.1042288584@jemima.zanker.org> On 11 January 2003 12:10 +0100 Jan-Peter Koopmann wrote: > Remco, > > would you mind stopping this childish "Outlook sucks" business? Where did he say that? Mike. . This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses *********************************************************************************** . This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses *********************************************************************************** From funk.gabor at HUNETKFT.HU Sat Jan 11 23:26:46 2003 From: funk.gabor at HUNETKFT.HU (Funk Gabor) Date: Thu Jan 12 21:16:56 2006 Subject: Cry for help. - NAI-4242 is out. References: Message-ID: <003a01c2b9c8$e9d76380$2c8bded5@chello.hu> NAI 4242 is out. (incl. sobig detection) Currently download from ftp.nai.com didn't work for me, as I could only get 4241 from the ftp, but akamai worked. http://www.mcafeeb2b.com/naicommon/download/dats/find.asp G. . This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses *********************************************************************************** . This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses *********************************************************************************** From jscott at INFOCONEX.COM Sun Jan 12 00:07:05 2003 From: jscott at INFOCONEX.COM (Jim Scott) Date: Thu Jan 12 21:16:56 2006 Subject: Cannot modify postmaster notify signature? Message-ID: <004301c2b9ce$8a83f320$2719a8c0@infoconex.com> Version: 4.11-1 OS: Redhat 7.x MTA: Sendmail Virus Software: F-PROT I have modified all the templates in the "en" directory replacing any of the notifications that have this -- MailScanner Email Virus Scanner www.mailscanner.info I have modified the default with my own signature. When a virus is detected it sends out notification to the sending user with the proper signature that I have created in the template. However the postmaster I specified which is me for now gets a message with the above signature. I have searched high and low and cannot seem to find the location that this is changed in. The following is the example of what I get sent to me. Notice the signature is the default. Anyone know were this can be changed for the notification email that is sent to the postmaster? <-- Begin Sample --> The following e-mail messages were found to have viruses in them: Sender: IP Address: 213.163.105.2 Recipient: d1cdvvpfsswu94@somedain.com Subject: You are so sweet MessageID: h0BJdKW29137 Report: /var/spool/MailScanner/incoming/27694/h0BJdKW29137/love.scr Infection: W32/Lentin.H@mm Windows Screensavers are often used to hide viruses (love.scr) -- MailScanner Email Virus Scanner www.mailscanner.info <-- End Sample --> Thanks Jim Scott . This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses *********************************************************************************** . This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses *********************************************************************************** From Jan-Peter.Koopmann at SECEIDOS.DE Sat Jan 11 11:10:26 2003 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:16:56 2006 Subject: AW: Cry for help. Message-ID: <4E7026FF8A422749B1553FE508E0068007ECF3@message.intern.akctech.de> Remco, would you mind stopping this childish "Outlook sucks" business? Thanks, JP -----Urspr?ngliche Nachricht----- Von: Remco Barendse [mailto:mailscanner@BARENDSE.TO] Gesendet: Samstag, 11. Januar 2003 11:54 An: MAILSCANNER@JISCMAIL.AC.UK Betreff: Re: Cry for help. Alternatively you could use the daily dats for mcafee. These are `beta', I only had a problem with them once, it was blocking one non-infected file but it's well worth the time gain :) http://download.nai.com/products/mcafee-avert/daily_dats/DAILYDAT.ZIP Probaby you need to run a little rename command over the files in that ZIP because usually the filenames are in CAPS Remco On Fri, 10 Jan 2003, John B. Hanks wrote: > We are getting pounded by a (new?) virus that always sends from > big@boss.com. Can someone tell me a quick and dirty way to start > dropping all mail from this address? McAfee is not detecting it and I > have added a block for .pif attachments, but would prefer to drop the > mails altogether. > > Thanks > > jbh > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. . This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses *********************************************************************************** . This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses *********************************************************************************** From Kevin.Spicer at BMRB.CO.UK Sun Jan 12 01:28:24 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:16:56 2006 Subject: Cannot modify postmaster notify signature? Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0A4ACFE@pascal.priv.bmrb.co.uk> > >>Its hardcoded in MessageBatch.pm (in > /usr/lib/MailScanner/MailScanner/ on my > system) > > > I modified that one already thinking the same thing. Still > get the same signature. > Evidently even though it looks like that would fix it, it > must be hardcoded somewhere > else. > > Jim I just tested that on my system and it definately works (MS4.10) Did you stop and restart mailscanner (just doing a reload isn't enough)? Have you by any chance got two versions of MS installed in different directories and maybe changed the non-current one (long shot!) The line I changed was... $notices{$postie} . "\n-- \nMailScanner\nEmail Virus Scanner\n" . "www.mailscanner.info\n"; which is line 587 in MessageBatch.pm in release 4.10 . This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses *********************************************************************************** . This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses *********************************************************************************** From mailscanner at BARENDSE.TO Sat Jan 11 10:53:55 2003 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:16:56 2006 Subject: Cry for help. In-Reply-To: <5CA287DBA85BF649A45916B75FD20E0E1224F3@exchange01.blue.usu.edu> Message-ID: Alternatively you could use the daily dats for mcafee. These are `beta', I only had a problem with them once, it was blocking one non-infected file but it's well worth the time gain :) http://download.nai.com/products/mcafee-avert/daily_dats/DAILYDAT.ZIP Probaby you need to run a little rename command over the files in that ZIP because usually the filenames are in CAPS Remco On Fri, 10 Jan 2003, John B. Hanks wrote: > We are getting pounded by a (new?) virus that always sends from > big@boss.com. Can someone tell me a quick and dirty way to start dropping > all mail from this address? McAfee is not detecting it and I have added a > block for .pif attachments, but would prefer to drop the mails altogether. > > Thanks > > jbh > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. . This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses *********************************************************************************** . This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses *********************************************************************************** From jscott at INFOCONEX.COM Sun Jan 12 00:56:27 2003 From: jscott at INFOCONEX.COM (Jim Scott) Date: Thu Jan 12 21:16:57 2006 Subject: Cannot modify postmaster notify signature? References: <5C0296D26910694BB9A9BBFC577E7AB0A32C20@pascal.priv.bmrb.co.uk> Message-ID: <008401c2b9d5$70045560$2719a8c0@infoconex.com> > -----Original Message----- > From: Jim Scott [mailto:jscott@INFOCONEX.COM] > Sent: 12 January 2003 00:07 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] Cannot modify postmaster notify signature? > > > Version: 4.11-1 > OS: Redhat 7.x > MTA: Sendmail > Virus Software: F-PROT > > I have modified all the templates in the "en" directory > replacing any of the > notifications that have this > > -- > MailScanner > Email Virus Scanner > www.mailscanner.info > > > I have modified the default with my own signature. When a > virus is detected it sends > out notification to the sending user with the proper > signature that I have created in > the template. However the postmaster I specified which is me > for now gets a message > with the above signature. I have searched high and low and > cannot seem to find the > location that this is changed in. > > The following is the example of what I get sent to me. Notice > the signature is the > default. Anyone know were this can be changed for the > notification email that is sent > to the postmaster? > > <-- Begin Sample --> > > The following e-mail messages were found to have viruses in them: > > Sender: > IP Address: 213.163.105.2 > Recipient: d1cdvvpfsswu94@somedain.com > Subject: You are so sweet > MessageID: h0BJdKW29137 > Report: > /var/spool/MailScanner/incoming/27694/h0BJdKW29137/love.scr > Infection: > W32/Lentin.H@mm > Windows Screensavers are often used to hide viruses (love.scr) > > > -- > MailScanner > Email Virus Scanner > www.mailscanner.info > > <-- End Sample --> > > Thanks > Jim Scott > >->---- Original Message ----- >>From: "Spicer, Kevin" >>To: >>Sent: Saturday, January 11, 2003 4:48 PM >>Subject: Re: Cannot modify postmaster notify signature? >> >> >>Its hardcoded in MessageBatch.pm (in /usr/lib/MailScanner/MailScanner/ on my system) I modified that one already thinking the same thing. Still get the same signature. Evidently even though it looks like that would fix it, it must be hardcoded somewhere else. Jim . This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses *********************************************************************************** . This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses *********************************************************************************** From Kevin.Spicer at BMRB.CO.UK Sun Jan 12 00:48:45 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:16:57 2006 Subject: Cannot modify postmaster notify signature? Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0A32C20@pascal.priv.bmrb.co.uk> Its hardcoded in MessageBatch.pm (in /usr/lib/MailScanner/MailScanner/ on my system) > -----Original Message----- > From: Jim Scott [mailto:jscott@INFOCONEX.COM] > Sent: 12 January 2003 00:07 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] Cannot modify postmaster notify signature? > > > Version: 4.11-1 > OS: Redhat 7.x > MTA: Sendmail > Virus Software: F-PROT > > I have modified all the templates in the "en" directory > replacing any of the > notifications that have this > > -- > MailScanner > Email Virus Scanner > www.mailscanner.info > > > I have modified the default with my own signature. When a > virus is detected it sends > out notification to the sending user with the proper > signature that I have created in > the template. However the postmaster I specified which is me > for now gets a message > with the above signature. I have searched high and low and > cannot seem to find the > location that this is changed in. > > The following is the example of what I get sent to me. Notice > the signature is the > default. Anyone know were this can be changed for the > notification email that is sent > to the postmaster? > > <-- Begin Sample --> > > The following e-mail messages were found to have viruses in them: > > Sender: > IP Address: 213.163.105.2 > Recipient: d1cdvvpfsswu94@somedain.com > Subject: You are so sweet > MessageID: h0BJdKW29137 > Report: > /var/spool/MailScanner/incoming/27694/h0BJdKW29137/love.scr > Infection: > W32/Lentin.H@mm > Windows Screensavers are often used to hide viruses (love.scr) > > > -- > MailScanner > Email Virus Scanner > www.mailscanner.info > > <-- End Sample --> > > Thanks > Jim Scott > . This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses *********************************************************************************** . This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses *********************************************************************************** From mailscanner at ecs.soton.ac.uk Sat Jan 11 17:43:46 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:57 2006 Subject: AW: Cry for help. In-Reply-To: Message-ID: <5.2.0.9.2.20030111174144.02af5b68@imap.ecs.soton.ac.uk> At 15:21 11/01/2003, you wrote: >It's in the header. X-message-flag. Outlook displays that marker in >the message window so Outlook people would see it. It is rather >childish for this... A professional mailing list. Now, now, let's call a halt to this thread. Putting things in X-headers is not worth anyone getting upset about. >-----Original Message----- >From: Mike Zanker [mailto:mike@ZANKER.ORG] >Sent: Saturday, January 11, 2003 7:36 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: AW: Cry for help. > > >On 11 January 2003 12:10 +0100 Jan-Peter Koopmann > wrote: > > > Remco, > > > > would you mind stopping this childish "Outlook sucks" business? > >Where did he say that? > >Mike. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support . This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses *********************************************************************************** . This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses *********************************************************************************** From mailscanner at BARENDSE.TO Sat Jan 11 11:00:39 2003 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:16:57 2006 Subject: Spam blacklist? In-Reply-To: <5.2.0.9.2.20030109000924.02cf5068@imap.ecs.soton.ac.uk> Message-ID: It's not really a problem, I just created another rule under low scoring spam actions where I put the same stuff as the spam blacklist rule. This does the job although if the blacklisted stuff would be treated as high scoring it would save an extra rule file. :) On Thu, 9 Jan 2003, Julian Field wrote: > At 21:24 08/01/2003, you wrote: > >Indeed, that is one possible solution. > > > >But not all of my boxes run spamassassin, particularly RedHat 6.2 is very > >difficult to get SA properly installed. Lots of things to upgrade and 90% > >of the spam problem is from or to a limited set of e-mail adresses on my > >boxes. > > > >But one would think that a blacklisted mail adress would be processed > >according to high scoring rules, otherwise there isn't much use in > >blacklisting them :) > > My black/white-listing isn't really connected to the SpamAssassin scoring > code. Maybe it should be. > > > > >On Wed, 8 Jan 2003, Lewis Bergman wrote: > > > > > On Wednesday 08 January 2003 04:24 am, Remco Barendse wrote: > > > > I have a rule list that will mark certain messages as spam even though > > > > there is no other reason to mark them as spam. This is working perfectly. > > > > > > > > I have noticed however that MailScanner will treat messages that are > > > > marked by a blacklist rule as low scoring spam? > > > > > > > > Would it be possible to change this to high scoring spam? After all you > > > > want to blacklist them. I allow low scoring spam messages to go through > > > > but high scoring stuff is forwarded to an alternate address. I would like > > > > to do the same for the blacklisted stuff. > > > Why not use SA to do the RBL checks and then assign them a score which will > > > force them into the high score category using the spam.assassin.prefs.conf > > > file? > > > -- > > > Lewis Bergman > > > Texas Communications > > > 4309 Maple St. > > > Abilene, TX 79602-8044 > > > 915-695-6962 ext 115 > > > > > > > > > > > >-- > >This message has been scanned for viruses and > >dangerous content by MailScanner, and is > >believed to be clean. > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. . This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses *********************************************************************************** . This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses *********************************************************************************** From Richard.Lush at HP.COM Mon Jan 13 11:58:22 2003 From: Richard.Lush at HP.COM (Lush, Richard) Date: Thu Jan 12 21:16:57 2006 Subject: Webmin module 0.01 BETA released Message-ID: Hi All, I've just finished the BETA version of my webmin module and would like some volunteers to test it. Although it is beta I haven't trashed my system yet using it, although I do backup my mailscanner.conf just in case. I'm not sure what people want from it so I do need your help in shaping what this looking like. I'm new to cgi and perl so there are a few "features" which need ironing out. Here is a list of the ones I know about: Maximum number of child forks not displaying Currently no external rules sets can be viewed/edited No lines which are #'d out can be edited (Any ideas anyone?) Currently no help is available Some of the file browsing buttons aren't working Here is a link to the website: http://lushsoft.dyndns.org/mailscanner-webmin/index.html Please note: This is written by me and as such all feedback comments etc should be sent to me and not Julian. Regards, Richard Richard Lush Consulting and Integration Security Practise Reading UK Email richard.lush@hp.com Mobile +44 (0) 7788 916941 Office +44 (0) 118 920 2349 Fax +44 (0) 118 920 4612 D I S C L A I M E R The information contained in this communication is intended solely for use by the individual or entity to whom it is addressed. Use of this communication by others is prohibited. HP and / or Compaq is neither liable for the proper and complete transmission of the information contained in this communication nor for any delay in its receipt nor for any special, incidental or consequential damages of any nature whatsoever resulting from receipt or use of this communication. If you are not the intended recipient, you may not peruse, use, disseminate, distribute or copy this message. If you have received this message in error, please notify the sender immediately by email, facsimile or telephone and return or destroy the original message. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030113/0b0bd43a/attachment.html From andersan at LTKALMAR.SE Mon Jan 13 12:08:40 2003 From: andersan at LTKALMAR.SE (Anders Andersson, IT) Date: Thu Jan 12 21:16:57 2006 Subject: Dejavue Message-ID: <7B475DC5E9502B4D91EA73C283AE48D70263EDA9@lkl22.ltkalmar.se> Hi Is it only me are are we all getting doubble or tripple mail from the list? /Anders From David.Sullivan at BARNET.AC.UK Mon Jan 13 12:13:24 2003 From: David.Sullivan at BARNET.AC.UK (David Sullivan) Date: Thu Jan 12 21:16:57 2006 Subject: Dejavue In-Reply-To: <7B475DC5E9502B4D91EA73C283AE48D70263EDA9@lkl22.ltkalmar.se> Message-ID: <3E22AD7E.29771.143EA4D6@localhost> On 13 Jan 2003 at 13:08, Anders Andersson, IT wrote: > Hi > Is it only me are are we all getting doubble or tripple mail from the > list? Yes, we've discussed this before. ... Sorry :) David. ============================================================== This communication may contain privileged or confidential information which is for the exclusive use of the intended recipient. If you are not the intended recipient, please note that you may not distribute or use this communication or the information it contains. If this e-mail has reached you in error, please delete it and any attachment. Internet communications are not secure and Barnet College does not accept legal responsibility for the content of this message. Any views or opinions expressed are those of the author and not necessarily those of Barnet College. Please note that Barnet College reserves the right to monitor the source/destinations of all incoming or outgoing e-mail communications. ============================================================== From Jan-Peter.Koopmann at SECEIDOS.DE Mon Jan 13 12:14:39 2003 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:16:57 2006 Subject: AW: Dejavue Message-ID: <4E7026FF8A422749B1553FE508E00680087534@message.intern.akctech.de> It is not only you... :-( Who? Why? This happened a few weeks ago. What was/is the cause? Thanks, JP -----Urspr?ngliche Nachricht----- Von: Anders Andersson, IT [mailto:andersan@LTKALMAR.SE] Gesendet: Montag, 13. Januar 2003 13:09 An: MAILSCANNER@JISCMAIL.AC.UK Betreff: Dejavue Hi Is it only me are are we all getting doubble or tripple mail from the list? /Anders From mailscanner at ecs.soton.ac.uk Mon Jan 13 12:13:22 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:57 2006 Subject: Dejavue In-Reply-To: <7B475DC5E9502B4D91EA73C283AE48D70263EDA9@lkl22.ltkalmar.se > Message-ID: <5.2.0.9.2.20030113121255.03e5b348@imap.ecs.soton.ac.uk> At 12:08 13/01/2003, you wrote: >Hi >Is it only me are are we all getting doubble or tripple mail from the list? My copy of Eudora doubles up (incoming) messages occasionally, but otherwise everything appears fine. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mike at ZANKER.ORG Mon Jan 13 12:23:27 2003 From: mike at ZANKER.ORG (Mike Zanker) Date: Thu Jan 12 21:16:57 2006 Subject: Dejavue In-Reply-To: <7B475DC5E9502B4D91EA73C283AE48D70263EDA9@lkl22.ltkalmar.se> References: <7B475DC5E9502B4D91EA73C283AE48D70263EDA9@lkl22.ltkalmar.se> Message-ID: <11454796.1042460607@mallard.open.ac.uk> On 13 January 2003 13:08 +0100 "Anders Andersson, IT" wrote: > Is it only me are are we all getting doubble or tripple mail from the > list? No, I'm getting lots of duplicates too. It's nottinghamcity.gov.uk's mail server playing up again. Mike. From andersan at LTKALMAR.SE Mon Jan 13 12:33:52 2003 From: andersan at LTKALMAR.SE (Anders Andersson, IT) Date: Thu Jan 12 21:16:57 2006 Subject: SV: Dejavue Message-ID: <7B475DC5E9502B4D91EA73C283AE48D70263EDAA@lkl22.ltkalmar.se> > -----Ursprungligt meddelande----- > Fr?n: David Sullivan [mailto:David.Sullivan@BARNET.AC.UK] > Skickat: den 13 januari 2003 13:13 > Till: MAILSCANNER@JISCMAIL.AC.UK > ?mne: Re: Dejavue > > > On 13 Jan 2003 at 13:08, Anders Andersson, IT wrote: > > > Hi > > Is it only me are are we all getting doubble or tripple > mail from the > > list? > > Yes, we've discussed this before. I know it happend before but that was long time ago but for the moment it have stoped so I guees there is no wurry then. Lets blame the boring weather... :) /Anders > > ... Sorry :) > > David. > > ============================================================== > This communication may contain privileged or confidential > information which > is for the exclusive use of the intended recipient. If you > are not the > intended recipient, please note that you may not distribute > or use this > communication or the information it contains. If this e-mail > has reached you > in error, please delete it and any attachment. > > Internet communications are not secure and Barnet College > does not accept > legal responsibility for the content of this message. Any > views or opinions > expressed are those of the author and not necessarily those > of Barnet College. > > Please note that Barnet College reserves the right to monitor the > source/destinations of all incoming or outgoing e-mail communications. > ============================================================== > From sintje at PANDORA.BE Mon Jan 13 12:30:43 2003 From: sintje at PANDORA.BE (Sander K. Naudts) Date: Thu Jan 12 21:16:57 2006 Subject: problems installing mailscanner in debian Message-ID: <200301131230.h0DCUkM29937@ori.rl.ac.uk> I was trying to install mailscanner with debian (apt-get install mailscanner but I got the following error): Setting up mailscanner (3.13.2-4) ... hostname: Unknown host dpkg: error processing mailscanner (--configure): subprocess post-installation script returned error exit status 1 Errors were encountered while processing: mailscanner E: Sub-process /usr/bin/dpkg returned an error code (1) How can I fix this? Sander From j.figueira at zmail.pt Mon Jan 13 13:33:25 2003 From: j.figueira at zmail.pt (j. Figueira) Date: Thu Jan 12 21:16:57 2006 Subject: Outgoing sendmail [FAILED] Message-ID: Hello, I've recently installed MailScanner... The instalation went very well. And everything seems to be running well except one thing. When I start sendmail, it starts all ok... After a while, when I make: service MailScanner status MailScanner: [ OK ] incoming sendmail: [ OK ] outgoing sendmail: [FAILED] I am using RH7.2 I've already searched the list but I haven't find anything usefull. Any tip can be usefull Best regards Figueira From jaearick at COLBY.EDU Mon Jan 13 13:59:32 2003 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:16:57 2006 Subject: silent virii list In-Reply-To: <5.2.0.9.2.20030113111003.02acdbc0@imap.ecs.soton.ac.uk> References: <5.2.0.9.2.20030113111003.02acdbc0@imap.ecs.soton.ac.uk> Message-ID: Julian, If/when it gets to the point where MailScanner does not send virus warnings to the masses, I would still like it to: * send warnings to users when filenames.rules.conf is triggered. The sender usually did this action themselves, and they should be warned that their email got squashed. * send virus and filenames.rules complaints to postmaster (Notices To), so that I can be aware of problem users in my own domain. I use procmail rulesets to shove klez and other virus complaints aside into their own mailboxes. Then I run a cron job to grep thru these files, looking for anybody in my own domain. This info is emailed to me periodically, so I can track down infections and fix them. --- Jeff On Mon, 13 Jan 2003, Julian Field wrote: > Date: Mon, 13 Jan 2003 11:12:01 +0000 > From: Julian Field > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Does Lirva send from a genuine address? > > At 10:11 13/01/2003, you wrote: > >----- Original Message ----- > >From: "G Welter" > >To: > >Sent: Monday, January 13, 2003 9:26 AM > >Subject: Re: Does Lirva send from a genuine address? > > > > > >From the mcafee page you mentioned below: > > > > > > The worm uses the default SMTP server of the infected computer, and then > >adds either the address of the sender or a randomly selected email address > >to the "From:" line of the email. > > > > > > So it seems to me that the from address is bogus. So yes, it should be > >added to the silent viruses. > > I can see us all slowly coming to the situation that we turn off sender > warnings altogether some time in the next year or so. Trouble is, this is > going to make the virus situation worse than ever as there will be > (practically) no way of finding the infected machines spewing out these > messages. > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > From richard.siddall at ELIRION.NET Mon Jan 13 13:59:49 2003 From: richard.siddall at ELIRION.NET (Richard Siddall) Date: Thu Jan 12 21:16:57 2006 Subject: Handling mass-mailing worms, was: Does Lirva send from a genuine address? In-Reply-To: <5.2.0.9.2.20030113111003.02acdbc0@imap.ecs.soton.ac.uk> References: <5.2.0.9.2.20030113111003.02acdbc0@imap.ecs.soton.ac.uk> Message-ID: <3E22C655.8060206@elirion.net> Julian Field wrote: > I can see us all slowly coming to the situation that we turn off sender > warnings altogether some time in the next year or so. Trouble is, this is > going to make the virus situation worse than ever as there will be > (practically) no way of finding the infected machines spewing out these > messages. I have noticed that viruses received from AOL include an X-Apparently-From: header, which presumably the AOL mail server is inserting when receiving mail from the SMTP server built into the virus. I haven't verified whether you can contact the owner of the infected machine using the email address in this header. On a side note, it's a pity the virus scanner manufacturers don't include information on how to handle the virus in the detection report. For mass-mailing viruses, the best approach may be to report the virus to a distributed intrusion service like Dshield or myNetWatchman. They can aggregate all the reports and contact the ISP's abuse department. (Unfortunately, this may be as close to the infected machine as you can get without the ISP's authentication records.) Regards, Richard Siddall From adkinss at OHIO.EDU Mon Jan 13 14:11:31 2003 From: adkinss at OHIO.EDU (Scott Adkins) Date: Thu Jan 12 21:16:57 2006 Subject: Cry for help. In-Reply-To: References: Message-ID: <2758785153.1042449091@Callisto> Incidentally, I actually added another address to our /etc/mail/access files as well... It appears that a lot of outbound mail was getting created (bounced emails) that were trying to go back to the "originating" site (which I am not even sure exists). As a consequence, the mail queues were backing up, since the connections to remote host were being refused :-) Anyways, I put it in the access database and then removed all the emails from the mail queue, since they weren't doing us any good. This is what I have in our access database: big@boss.com DISCARD boss-polar.bossgame.com DISCARD Scott --On Monday, January 13, 2003 4:40 PM +0530 S Mohan wrote: > Give this address in the /etc/access file for discard as under. > > < content of /etc/access> ># Check the /usr/doc/sendmail-8.11.0/README.cf file for a description ># of the format of this file. (search for access_db in that file) ># The /usr/doc/sendmail-8.11.0/README.cf is part of the sendmail-doc ># package. ># ># by default we allow relaying from localhost... > localhost.localdomain RELAY > localhost RELAY > 127.0.0.1 RELAY > offers@ REJECT > big@boss.com DISCARD > < end of content /etc/access> > > Mohan > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of John B. Hanks > Sent: 11 January 2003 06:20 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Cry for help. > > > We are getting pounded by a (new?) virus that always sends from > big@boss.com. Can someone tell me a quick and dirty way to start dropping > all mail from this address? McAfee is not detecting it and I have added a > block for .pif attachments, but would prefer to drop the mails altogether. > -- +-----------------------------------------------------------------------+ Scott W. Adkins http://www.cns.ohiou.edu/~sadkins/ UNIX Systems Engineer mailto:adkinss@ohio.edu ICQ 7626282 Work (740)593-9478 Fax (740)593-1944 +-----------------------------------------------------------------------+ PGP Public Key available at http://www.cns.ohiou.edu/~sadkins/pgp/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 231 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030113/35f17bc6/attachment.bin From sean at NISD.NET Mon Jan 13 15:09:43 2003 From: sean at NISD.NET (Sean Embry) Date: Thu Jan 12 21:16:57 2006 Subject: AOL: Menace to the 'net Message-ID: >Julian Field wrote: > >I have noticed that viruses received from AOL include an >X-Apparently-From: header, which presumably the AOL mail server is >inserting when receiving mail from the SMTP server built into the virus. > >I haven't verified whether you can contact the owner of the infected >machine using the email address in this header. > I've sent several e-mails to AOL requesting this information. I've not received ANY kind of answer at all, which doesn't really surprise me at all. I have sent e-mails to these addresses, and not gotten a bounce because the address is invalid. I get nothing at all, or "This user doesn't want to receive e-mail from your account." I've also not ever gotten anything from any of these users, but then again the e-mail I send concludes with "I am not allowed to assist you in this matter. If you are unsure how to proceed, please contact a friend and ask their advice." I had 207 Klez alerts from AOL accounts in my in box this morning (Sunday night to Monday morning). Some of the accounts have been reported as long as eight weeks ago, and most every day since. If I wouldn't get lynched, I'd start blocking AOL at MX'es I run. I've blocked ISP's for less in the past, and they are still on the block list. (Ignore a problem for a week, win a place in my block list after last warning.) If I suspected that AOL would start blocking my abuse reports, I'd start forwarding all these reports to them automagically. Sean From ellis at KAZAKCOMPOSITES.COM Mon Jan 13 17:06:40 2003 From: ellis at KAZAKCOMPOSITES.COM (Steve Ellis) Date: Thu Jan 12 21:16:57 2006 Subject: Cry for help. In-Reply-To: <5CA287DBA85BF649A45916B75FD20E0E1224F3@exchange01.blue.usu.edu> Message-ID: <003701c2bb26$23f89440$6600a8c0@Orthanc> I'm curious as to what virus was being sent from thebig@boss.com address. We received a few messages, but they were not detected as a virus by the virus software we are using with MailScanner. Anyone have a name for it? Steve Ellis Sr Engineer KaZaK Composites, Inc. 781.932.5665 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of John B. Hanks Sent: Friday, January 10, 2003 7:50 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Cry for help. We are getting pounded by a (new?) virus that always sends from big@boss.com. Can someone tell me a quick and dirty way to start dropping all mail from this address? McAfee is not detecting it and I have added a block for .pif attachments, but would prefer to drop the mails altogether. Thanks jbh From jaearick at COLBY.EDU Mon Jan 13 17:18:55 2003 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:16:57 2006 Subject: Cry for help. In-Reply-To: <003701c2bb26$23f89440$6600a8c0@Orthanc> References: <003701c2bb26$23f89440$6600a8c0@Orthanc> Message-ID: Sobig-A, in Sophos-speak. Other anti-virus makers may have other names for it. Just add "big@boss.com" to your sendmail access file to reject/discard these things. --- Jeff On Mon, 13 Jan 2003, Steve Ellis wrote: > Date: Mon, 13 Jan 2003 12:06:40 -0500 > From: Steve Ellis > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Cry for help. > > I'm curious as to what virus was being sent from thebig@boss.com > address. We received a few messages, but they were not detected as a > virus by the virus software we are using with MailScanner. Anyone have a > name for it? > > Steve Ellis > Sr Engineer > KaZaK Composites, Inc. > 781.932.5665 > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of John B. Hanks > Sent: Friday, January 10, 2003 7:50 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Cry for help. > > We are getting pounded by a (new?) virus that always sends from > big@boss.com. Can someone tell me a quick and dirty way to start > dropping > all mail from this address? McAfee is not detecting it and I have added > a > block for .pif attachments, but would prefer to drop the mails > altogether. > > Thanks > > jbh > From jethro.binks at STRATH.AC.UK Mon Jan 13 17:18:24 2003 From: jethro.binks at STRATH.AC.UK (Jethro R Binks) Date: Thu Jan 12 21:16:57 2006 Subject: Cry for help. In-Reply-To: <003701c2bb26$23f89440$6600a8c0@Orthanc> Message-ID: <20030113171818.D29803-100000@defjam.cc.strath.ac.uk> W32/Sobig@MM http://vil.mcafee.com/dispVirus.asp?virus_k=99950 On Mon, 13 Jan 2003, Steve Ellis wrote: > I'm curious as to what virus was being sent from thebig@boss.com > address. We received a few messages, but they were not detected as a > virus by the virus software we are using with MailScanner. Anyone have a > name for it? > > Steve Ellis > Sr Engineer > KaZaK Composites, Inc. > 781.932.5665 > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of John B. Hanks > Sent: Friday, January 10, 2003 7:50 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Cry for help. > > We are getting pounded by a (new?) virus that always sends from > big@boss.com. Can someone tell me a quick and dirty way to start > dropping > all mail from this address? McAfee is not detecting it and I have added > a > block for .pif attachments, but would prefer to drop the mails > altogether. > > Thanks > > jbh > . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services University Of Strathclyde, Glasgow, UK From mailscanner at ecs.soton.ac.uk Mon Jan 13 17:59:26 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:57 2006 Subject: problems installing mailscanner in debian In-Reply-To: <200301131230.h0DCUkM29937@ori.rl.ac.uk> Message-ID: <5.2.0.9.2.20030113175858.01a41d50@imap.ecs.soton.ac.uk> I have passed your problem onto my Debian expert (ie. Nick). Hopefully he will get back to you soon. At 12:30 13/01/2003, you wrote: >I was trying to install mailscanner with debian (apt-get install mailscanner >but I got the following error): > >Setting up mailscanner (3.13.2-4) ... >hostname: Unknown host >dpkg: error processing mailscanner (--configure): > subprocess post-installation script returned error exit status 1 >Errors were encountered while processing: > mailscanner >E: Sub-process /usr/bin/dpkg returned an error code (1) > >How can I fix this? > > >Sander -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Mon Jan 13 18:01:38 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:57 2006 Subject: silent virii list In-Reply-To: References: <5.2.0.9.2.20030113111003.02acdbc0@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030113111003.02acdbc0@imap.ecs.soton.ac.uk> Message-ID: <5.2.0.9.2.20030113180022.02ae8ed8@imap.ecs.soton.ac.uk> Both good points. I won't do anything quite as simple as hard-coding "Warn Senders = no", I'll separate out the virus warnings from other warnings. But no need to do it quite yet, fortunately. At 13:59 13/01/2003, you wrote: >Julian, > > If/when it gets to the point where MailScanner does not send virus >warnings to the masses, I would still like it to: > >* send warnings to users when filenames.rules.conf is triggered. > The sender usually did this action themselves, and they should be > warned that their email got squashed. > >* send virus and filenames.rules complaints to postmaster (Notices To), > so that I can be aware of problem users in my own domain. I use > procmail rulesets to shove klez and other virus complaints aside > into their own mailboxes. Then I run a cron job to grep thru these > files, looking for anybody in my own domain. This info is emailed > to me periodically, so I can track down infections and fix them. > >--- Jeff > >On Mon, 13 Jan 2003, Julian Field wrote: > > > Date: Mon, 13 Jan 2003 11:12:01 +0000 > > From: Julian Field > > Reply-To: MailScanner mailing list > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Does Lirva send from a genuine address? > > > > At 10:11 13/01/2003, you wrote: > > >----- Original Message ----- > > >From: "G Welter" > > >To: > > >Sent: Monday, January 13, 2003 9:26 AM > > >Subject: Re: Does Lirva send from a genuine address? > > > > > > > >From the mcafee page you mentioned below: > > > > > > > > The worm uses the default SMTP server of the infected computer, and > then > > >adds either the address of the sender or a randomly selected email address > > >to the "From:" line of the email. > > > > > > > > So it seems to me that the from address is bogus. So yes, it should be > > >added to the silent viruses. > > > > I can see us all slowly coming to the situation that we turn off sender > > warnings altogether some time in the next year or so. Trouble is, this is > > going to make the virus situation worse than ever as there will be > > (practically) no way of finding the infected machines spewing out these > > messages. > > -- > > Julian Field > > www.MailScanner.info > > MailScanner thanks transtec Computers for their support > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From adkinss at OHIO.EDU Mon Jan 13 17:40:46 2003 From: adkinss at OHIO.EDU (Scott Adkins) Date: Thu Jan 12 21:16:57 2006 Subject: Adding a mail header... Message-ID: <2771340086.1042461646@Callisto> Maybe I missed something, but it doesn't look like it is possible to add an arbitrary header to the emails in addition to the "Mail Header" and the "Spam Header" headers. I am interested in adding a header that contains a URL to a web page we maintain describing the spam checking and virus scanning we are now doing. Is there an easy way to do this that I might be missing? Thanks, Scott -- +-----------------------------------------------------------------------+ Scott W. Adkins http://www.cns.ohiou.edu/~sadkins/ UNIX Systems Engineer mailto:adkinss@ohio.edu ICQ 7626282 Work (740)593-9478 Fax (740)593-1944 +-----------------------------------------------------------------------+ PGP Public Key available at http://www.cns.ohiou.edu/~sadkins/pgp/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 231 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030113/c32fa40c/attachment.bin From mike at CAMAROSS.NET Mon Jan 13 18:51:15 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:16:57 2006 Subject: Adding a mail header... In-Reply-To: <2771340086.1042461646@Callisto> Message-ID: <004601c2bb34$c0dfc860$9801a8c0@home.middlefinger.net> I do it with procmail -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Scott Adkins Sent: Monday, January 13, 2003 11:41 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Adding a mail header... Maybe I missed something, but it doesn't look like it is possible to add an arbitrary header to the emails in addition to the "Mail Header" and the "Spam Header" headers. I am interested in adding a header that contains a URL to a web page we maintain describing the spam checking and virus scanning we are now doing. Is there an easy way to do this that I might be missing? Thanks, Scott -- +----------------------------------------------------------------------- + Scott W. Adkins http://www.cns.ohiou.edu/~sadkins/ UNIX Systems Engineer mailto:adkinss@ohio.edu ICQ 7626282 Work (740)593-9478 Fax (740)593-1944 +----------------------------------------------------------------------- + PGP Public Key available at http://www.cns.ohiou.edu/~sadkins/pgp/ From mailscanner at ecs.soton.ac.uk Mon Jan 13 18:53:43 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:57 2006 Subject: Adding a mail header... In-Reply-To: <2771340086.1042461646@Callisto> Message-ID: <5.2.0.9.2.20030113184729.01a916f0@imap.ecs.soton.ac.uk> At 17:40 13/01/2003, you wrote: >Maybe I missed something, but it doesn't look like it is possible to add >an arbitrary header to the emails in addition to the "Mail Header" and the >"Spam Header" headers. I am interested in adding a header that contains >a URL to a web page we maintain describing the spam checking and virus >scanning we are now doing. Is there an easy way to do this that I might >be missing? Best way is to get your MTA to do it for you. Apparently very easy in Exim, shouldn't be too taxing in sendmail either. In sendmail you should be able to add this to your sendmail.cf file: HX-Help-Available-At: http://www.your.domain.com/help If you want to know how to do it in Exim, search the archives for the past couple of weeks, this was discussed recently. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From todd.williams at TFCCI.COM Mon Jan 13 18:54:21 2003 From: todd.williams at TFCCI.COM (Todd Williams) Date: Thu Jan 12 21:16:57 2006 Subject: RBL checking w/ MS and SA In-Reply-To: <200212130924.gBD9Ona26846@ori.rl.ac.uk> Message-ID: <002b01c2bb35$2f94d8e0$c802a8c0@toddntbox.tfcc.com> Hi all, There must be something I'm missing? The MailScanner's RBL lists in my setup seem as if all of them are not being checked. I normally get multiple RBL returns on most SPAM messages. I do have SpamAssassin enabled -- if I added lists to the MailScanner.conf and the spam.lists.conf files, I assumed the MailScanner either did RBL checking on it's own or passed the RBL's on to SpamAssassin to be checked? - Do I need to add the RBL checking to the spamassassin config to make it all happen and to check all of the RBLs I desire to use? - Is the MailScanner spam.lists.conf file used if SpamAssassin is in play? - Also one other question about the MailScanner.conf and the DNS blacklists, what is the difference between the "Spam List" configuration entry and the "Spam Domain List". I guess I don't see how the two actually interact. If SA is used, is it a moot point what's in this part of the config? Just a little confused -- sorry. Here are excerpts from my config files... ---------------------------- MailScanner.conf ---------------------------- # This is the name of the file that translates the names of the "Spam List" # values to the real DNS names of the spam blacklists. Spam List Definitions = /etc/MailScanner/spam.lists.conf ... # Do you want to check messages to see if they are spam? # This can also be the filename of a ruleset. Spam Checks = yes # This is the list of spam blacklists (RBLs) which you are using. # See the "Spam List Definitions" file for more information about what # you can put here. # This can also be the filename of a ruleset. #Spam List = ORDB-RBL Infinite-Monkeys # MAPS-RBL+ costs money (except .ac.uk) Spam List = ORDB-RBL spamcop.net Infinite-Monkeys osirusoft.com WIREHUB-DNSBL OSIRUSOFT-SPEWS # This is the list of spam domain blacklists which you are using # (such as the "rfc-ignorant" domains). See the "Spam List Definitions" # file for more information about what you can put here. # This can also be the filename of a ruleset. #Spam Domain List = ... # Set the location of the SpamAssassin user_prefs file. If you want to # stop SpamAssassin doing all the RBL checks again, then you can add # "skip_rbl_checks = 1" to this prefs file. SpamAssassin Prefs File = /etc/MailScanner/spam.assassin.prefs.conf ---------------------------- /MailScanner.conf ---------------------------- ---------------------------- spam.assassin.prefs.conf ---------------------------- ... # By default, SpamAssassin will run RBL checks. If your ISP already # does this, set this to 1. # # skip_rbl_checks 1 ... ---------------------------- /spam.assassin.prefs.conf ---------------------------- Thanks for your time, Todd From mailscanner at ecs.soton.ac.uk Mon Jan 13 19:07:51 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:57 2006 Subject: RBL checking w/ MS and SA In-Reply-To: <002b01c2bb35$2f94d8e0$c802a8c0@toddntbox.tfcc.com> References: <200212130924.gBD9Ona26846@ori.rl.ac.uk> Message-ID: <5.2.0.9.2.20030113185903.02ae2e60@imap.ecs.soton.ac.uk> At 18:54 13/01/2003, you wrote: >There must be something I'm missing? The MailScanner's RBL lists in my >setup seem as if all of them are not being checked. I normally get multiple >RBL returns on most SPAM messages. I do have SpamAssassin enabled -- if I >added lists to the MailScanner.conf and the spam.lists.conf files, I assumed >the MailScanner either did RBL checking on it's own or passed the RBL's on >to SpamAssassin to be checked? The RBL checking in MS and SA are separate. If the sender appears in any of the "Spam Lists" or "Spam Domain Lists" in MS then they will be marked as spam. SA does its own RBL checking as well unless you set "skip_rbl_checks = 1" in your spam.assassin.conf file. If SA gets a "hit" on any of the RBLs that it checks, then a value is added to the overall SpamAssassin score. >- Do I need to add the RBL checking to the spamassassin config to make it >all happen and to check all of the RBLs I desire to use? If you want "appearance in any RBL implies spam" then use MS to do it. If you want it to add to the SA score, then let SA do it. There's not much point doing the RBL checks twice, it just slows everything down. >- Is the MailScanner spam.lists.conf file used if SpamAssassin is in play? Yes. The MS spam lists and SA are separate. >- Also one other question about the MailScanner.conf and the DNS blacklists, >what is the difference between the "Spam List" configuration entry and the >"Spam Domain List". I guess I don't see how the two actually interact. If >SA is used, is it a moot point what's in this part of the config? Most RBLs are done using the IP address of the SMTP server that sent you the message. These are "Spam Lists". But a few are done using the domain name instead. These are "Spam Domain Lists". Personally I don't use "Spam Domain Lists" at all, but some people do. >Just a little confused -- sorry. No problem. The whole MS/SA interaction can seem a little complicated at first :-) In your config below, you are doing some of the RBL checks twice, which isn't optimal, but won't do any harm if your server can handle the load. You can configure MS so that if it gets any "hits" on the "Spam Lists" then it won't bother calling SA at all, as it will have already decided the message is spam. You might try using that. If you need any more help or explanation, do get in touch. >Here are excerpts from my config files... >---------------------------- >MailScanner.conf >---------------------------- ># This is the name of the file that translates the names of the "Spam List" ># values to the real DNS names of the spam blacklists. >Spam List Definitions = /etc/MailScanner/spam.lists.conf >... ># Do you want to check messages to see if they are spam? ># This can also be the filename of a ruleset. >Spam Checks = yes > ># This is the list of spam blacklists (RBLs) which you are using. ># See the "Spam List Definitions" file for more information about what ># you can put here. ># This can also be the filename of a ruleset. >#Spam List = ORDB-RBL Infinite-Monkeys # MAPS-RBL+ costs money (except >.ac.uk) >Spam List = ORDB-RBL spamcop.net Infinite-Monkeys osirusoft.com >WIREHUB-DNSBL OSIRUSOFT-SPEWS > ># This is the list of spam domain blacklists which you are using ># (such as the "rfc-ignorant" domains). See the "Spam List Definitions" ># file for more information about what you can put here. ># This can also be the filename of a ruleset. >#Spam Domain List = >... ># Set the location of the SpamAssassin user_prefs file. If you want to ># stop SpamAssassin doing all the RBL checks again, then you can add ># "skip_rbl_checks = 1" to this prefs file. >SpamAssassin Prefs File = /etc/MailScanner/spam.assassin.prefs.conf >---------------------------- >/MailScanner.conf >---------------------------- >---------------------------- >spam.assassin.prefs.conf >---------------------------- >... ># By default, SpamAssassin will run RBL checks. If your ISP already ># does this, set this to 1. ># ># skip_rbl_checks 1 >... >---------------------------- >/spam.assassin.prefs.conf >---------------------------- > >Thanks for your time, > >Todd -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Mon Jan 13 21:12:13 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:57 2006 Subject: problems installing mailscanner in debian In-Reply-To: <5.2.0.9.2.20030113175858.01a41d50@imap.ecs.soton.ac.uk> References: <200301131230.h0DCUkM29937@ori.rl.ac.uk> Message-ID: <5.2.0.9.2.20030113211148.02846b18@imap.ecs.soton.ac.uk> Nick says this: Fix whatever causes hostname to output "Unknown host" I guess... I haven't really looked at the scripts in the mailscanner 3 package, but I guess it's trying to use /bin/hostname to get the name to use in the config file and finding that hostname fails. Maybe check /etc/mailname and /etc/hosts? Failing that use the Debian BTS to report a bug (if it's possible for hostname to fail then the scripts need to handle it, I guess). At 17:59 13/01/2003, you wrote: >I have passed your problem onto my Debian expert (ie. Nick). Hopefully he >will get back to you soon. > >At 12:30 13/01/2003, you wrote: >>I was trying to install mailscanner with debian (apt-get install mailscanner >>but I got the following error): >> >>Setting up mailscanner (3.13.2-4) ... >>hostname: Unknown host >>dpkg: error processing mailscanner (--configure): >> subprocess post-installation script returned error exit status 1 >>Errors were encountered while processing: >> mailscanner >>E: Sub-process /usr/bin/dpkg returned an error code (1) >> >>How can I fix this? >> >> >>Sander > >-- >Julian Field >www.MailScanner.info >MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From john.hanks at USU.EDU Mon Jan 13 20:50:15 2003 From: john.hanks at USU.EDU (John B. Hanks) Date: Thu Jan 12 21:16:57 2006 Subject: Forcing sendmail to use /etc/hosts before using DNS Message-ID: <5CA287DBA85BF649A45916B75FD20E0E125761@exchange.usu.edu> I am trying to get sendmail/mailscanner to do something that has me questioning my understanding of the way this has been working. Here is what I currently do to scan mail for a mail server. My MailScanner machines are noturus.usu.edu and ameiurus.usu.edu. If I want to scan mail for mail.dept.usu.edu, I go to that DNS record and add mail.dept.usu.edu in mx 10 noturus.usu.edu mail.dept.usu.edu in mx 10 ameiurus.usu.edu This has been working flawlessly for some time. I think what happens is mail gets delivered to the MailScanner machines, they recognize themselves as MX hosts and then forward the scanned mail to the A record for the target. Now I need to do some magic for a server move. I have a host, someserver.usu.edu, that wants mail scanned and delivered to another box which will host mail but someserver.usu.edu still has other functions so it need to keep this name in its a record. I thought I could accomplish this by adding entries to /etc/hosts on the mailscanners like 172.17.1.33 someserver.usu.edu So that when noturus or ameiurus looked up someserver.usu.edu they would use the entry from the hosts file and unwittingly deliver mail to the new server. But, sendmail seems intent on ignoring the /etc/hosts file. I have changed /etc/resolv.conf, /etc/nsswitch.conf, /etc/host.conf and /etc/mail/services.switch so that all these point to files first, then dns but it still isn't working. The ping command works as expected, checking /etc/hosts and using the IP address from the file. Can someone tell me if what I want to do is possible and if so, how do I get sendmail to behave this way? As we move more mailservers to use MailScanner this is going to come up again and I need a way to solve it. This is Redhat 7.3, MailScanner 4.11-1 and sendmail 8.11.6-15. Thanks, jbh From brose at MED.WAYNE.EDU Mon Jan 13 21:30:21 2003 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:16:57 2006 Subject: Webmin module 0.01 BETA released Message-ID: Looks good on Solaris. Here's a suggestions, in the places where you can set rule files or the reports add an option to manual edit them. As it times goes on, you could probably add a subpage for adding/removing rules to the rule files for those people who still mess up making them. You could probably reuse the edit code from the sendmail module such as the sendmail/edit_file.cgi. Also you missed the browse option for Spam Actions under What to do with Spam. Can't High Scoring Spam Action be a rule also? -----Original Message----- From: Lush, Richard [mailto:Richard.Lush@HP.COM] Sent: Monday, January 13, 2003 6:58 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Webmin module 0.01 BETA released Hi All, I've just finished the BETA version of my webmin module and would like some volunteers to test it. Although it is beta I haven't trashed my system yet using it, although I do backup my mailscanner.conf just in case. I'm not sure what people want from it so I do need your help in shaping what this looking like. I'm new to cgi and perl so there are a few "features" which need ironing out. Here is a list of the ones I know about: Maximum number of child forks not displaying Currently no external rules sets can be viewed/edited No lines which are #'d out can be edited (Any ideas anyone?) Currently no help is available Some of the file browsing buttons aren't working Here is a link to the website: http://lushsoft.dyndns.org/mailscanner-webmin/index.html Please note: This is written by me and as such all feedback comments etc should be sent to me and not Julian. Regards, Richard Richard Lush Consulting and Integration Security Practise Reading UK Email richard.lush@hp.com Mobile +44 (0) 7788 916941 Office +44 (0) 118 920 2349 Fax +44 (0) 118 920 4612 D I S C L A I M E R The information contained in this communication is intended solely for use by the individual or entity to whom it is addressed. Use of this communication by others is prohibited. HP and / or Compaq is neither liable for the proper and complete transmission of the information contained in this communication nor for any delay in its receipt nor for any special, incidental or consequential damages of any nature whatsoever resulting from receipt or use of this communication. If you are not the intended recipient, you may not peruse, use, disseminate, distribute or copy this message. If you have received this message in error, please notify the sender immediately by email, facsimile or telephone and return or destroy the original message. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030113/fbb3a2a0/attachment.html From mailscanner at ecs.soton.ac.uk Mon Jan 13 21:35:51 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:57 2006 Subject: Webmin module 0.01 BETA released In-Reply-To: Message-ID: <5.2.0.9.2.20030113213516.02af3bf0@imap.ecs.soton.ac.uk> At 21:30 13/01/2003, you wrote: >Also you missed the browse option for Spam Actions under What to do with Spam. Do you mean "bounce"? >Can't High Scoring Spam Action be a rule also? It can, yes. > >-----Original Message----- >From: Lush, Richard [mailto:Richard.Lush@HP.COM] >Sent: Monday, January 13, 2003 6:58 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Webmin module 0.01 BETA released > >Hi All, > >I've just finished the BETA version of my webmin module and would like >some volunteers to test it. Although it is beta I haven't trashed my >system yet using it, although I do backup my mailscanner.conf just in case. > >I'm not sure what people want from it so I do need your help in shaping >what this looking like. > >I'm new to cgi and perl so there are a few "features" which need ironing >out. Here is a list of the ones I know about: > >Maximum number of child forks not displaying >Currently no external rules sets can be viewed/edited >No lines which are #'d out can be edited (Any ideas anyone?) >Currently no help is available >Some of the file browsing buttons aren't working > >Here is a link to the website: >http://lushsoft.dyndns.org/mailscanner-webmin/index.html > > >Please note: This is written by me and as such all feedback comments etc >should be sent to me and not Julian. > >Regards, > >Richard > >Richard Lush > >Consulting and Integration >Security Practise >Reading UK >Email richard.lush@hp.com >Mobile +44 (0) 7788 916941 >Office +44 (0) 118 920 2349 >Fax +44 (0) 118 920 4612 >D I S C L A I M E R >The information contained in this communication is intended solely for use >by the individual or entity to whom it is addressed. Use of this >communication by others is prohibited. HP and / or Compaq is neither >liable for the proper and complete transmission of the information >contained in this communication nor for any delay in its receipt nor for >any special, incidental or consequential damages of any nature whatsoever >resulting from receipt or use of this communication. If you are not the >intended recipient, you may not peruse, use, disseminate, distribute or >copy this message. If you have received this message in error, please >notify the sender immediately by email, facsimile or telephone and return >or destroy the original message. Thank you. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030113/a565e181/attachment.html From mkettler at EVI-INC.COM Mon Jan 13 22:08:51 2003 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:16:57 2006 Subject: Forcing sendmail to use /etc/hosts before using DNS In-Reply-To: <5CA287DBA85BF649A45916B75FD20E0E125761@exchange.usu.edu> Message-ID: <5.1.1.6.0.20030113170448.018fbea0@192.168.50.2> This is a result of SMTP standards requirements, some discussion can be read here: http://www.linuxgazette.com/issue31/tag_maildns.html Really trying to deliver mail to a host without a valid MX record is a somewhat dangerous thing to do as far as "accidental open relay" bugs are concerned. More info is easily found on google: http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=sendmail+%2Fetc%2Fhosts&btnG=Google+Search At 01:50 PM 1/13/2003 -0700, John B. Hanks wrote: >I am trying to get sendmail/mailscanner to do something that has me >questioning my understanding of the way this has been working. Here is what >I currently do to scan mail for a mail server. > >My MailScanner machines are noturus.usu.edu and ameiurus.usu.edu. > >If I want to scan mail for mail.dept.usu.edu, I go to that DNS record and >add > >mail.dept.usu.edu in mx 10 noturus.usu.edu >mail.dept.usu.edu in mx 10 ameiurus.usu.edu > >This has been working flawlessly for some time. I think what happens is mail >gets delivered to the MailScanner machines, they recognize themselves as MX >hosts and then forward the scanned mail to the A record for the target. > >Now I need to do some magic for a server move. I have a host, >someserver.usu.edu, that wants mail scanned and delivered to another box >which will host mail but someserver.usu.edu still has other functions so it >need to keep this name in its a record. I thought I could accomplish this by >adding entries to /etc/hosts on the mailscanners like > >172.17.1.33 someserver.usu.edu > >So that when noturus or ameiurus looked up someserver.usu.edu they would use >the entry from the hosts file and unwittingly deliver mail to the new >server. But, sendmail seems intent on ignoring the /etc/hosts file. I have >changed /etc/resolv.conf, /etc/nsswitch.conf, /etc/host.conf and >/etc/mail/services.switch so that all these point to files first, then dns >but it still isn't working. The ping command works as expected, checking >/etc/hosts and using the IP address from the file. Can someone tell me if >what I want to do is possible and if so, how do I get sendmail to behave >this way? As we move more mailservers to use MailScanner this is going to >come up again and I need a way to solve it. > >This is Redhat 7.3, MailScanner 4.11-1 and sendmail 8.11.6-15. > >Thanks, > >jbh From robert at FENLANARENA.CO.UK Mon Jan 13 22:05:17 2003 From: robert at FENLANARENA.CO.UK (robert harpham) Date: Thu Jan 12 21:16:57 2006 Subject: starting mailscan on boot! Message-ID: <000901c2bb4f$dca904b0$0f01a8c0@kudos> hi i am wundering how you guys start mailscan up on boot? what script do u use? just wundering what the best way is and if i could have a copy so save me writting one out my self! also was wudnering what the best way is! thx robert -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030113/e560f351/attachment.html From mailscanner at ecs.soton.ac.uk Mon Jan 13 22:19:59 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:57 2006 Subject: starting mailscan on boot! In-Reply-To: <000901c2bb4f$dca904b0$0f01a8c0@kudos> Message-ID: <5.2.0.9.2.20030113221706.02ba8b20@imap.ecs.soton.ac.uk> At 22:05 13/01/2003, you wrote: >i am wundering how you guys start mailscan up on boot? what script do u use? >just wundering what the best way is and if i could have a copy so save me >writting one out my self! also was wudnering what the best way is! You need an init.d script, which you can base on the one used on your system to start sendmail. You need to start a sendmail -bd with all the relevant options as dictated by the MailScanner installation guide on the web site. You should also start a sendmail -q15m to run the outgoing queue. Then you should run check_mailscanner to actually start up MailScanner itself. What operating system and version are you using? What version of MailScanner are you using? How and where did you install MailScanner? -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030113/e70a1737/attachment.html From robert at FENLANARENA.CO.UK Mon Jan 13 22:53:00 2003 From: robert at FENLANARENA.CO.UK (robert harpham) Date: Thu Jan 12 21:16:57 2006 Subject: starting mailscan on boot! References: <5.2.0.9.2.20030113221706.02ba8b20@imap.ecs.soton.ac.uk> Message-ID: <001d01c2bb56$8656eb20$0f01a8c0@kudos> hi thx for help this is what is in my sendmail init.d scrpt #daemon /usr/sbin/sendmail -bd -q1h daemon /usr/sbin/sendmail -bd -OPrivacyOptions=noetrn -ODeliveryMode=queueonly -OQueueDirectory=/var/spool/mqueue.in sendmail -q1h echo touch /var/lock/subsys/sendmail ;; i am using turbolinux 6.5 server and version of mail scanner is MailScanner-4.11-1.tar which is installed under /opt/MailScanner-4.11-1 thx robert ----- Original Message ----- From: Julian Field To: MAILSCANNER@JISCMAIL.AC.UK Sent: Monday, January 13, 2003 10:19 PM Subject: Re: starting mailscan on boot! At 22:05 13/01/2003, you wrote: i am wundering how you guys start mailscan up on boot? what script do u use? just wundering what the best way is and if i could have a copy so save me writting one out my self! also was wudnering what the best way is! You need an init.d script, which you can base on the one used on your system to start sendmail. You need to start a sendmail -bd with all the relevant options as dictated by the MailScanner installation guide on the web site. You should also start a sendmail -q15m to run the outgoing queue. Then you should run check_mailscanner to actually start up MailScanner itself. What operating system and version are you using? What version of MailScanner are you using? How and where did you install MailScanner? -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030113/db25f605/attachment.html From adkinss at OHIO.EDU Mon Jan 13 18:24:25 2003 From: adkinss at OHIO.EDU (Scott Adkins) Date: Thu Jan 12 21:16:57 2006 Subject: Cry for help. In-Reply-To: <003701c2bb26$23f89440$6600a8c0@Orthanc> References: <003701c2bb26$23f89440$6600a8c0@Orthanc> Message-ID: <2773959292.1042464265@Callisto> --On Monday, January 13, 2003 12:06 PM -0500 Steve Ellis wrote: > I'm curious as to what virus was being sent from thebig@boss.com > address. We received a few messages, but they were not detected as a > virus by the virus software we are using with MailScanner. Anyone have a > name for it? Are you sure that the attachment was in there with the virus? I have seen a lot of copies of this email come through some mailing lists, but the attachments were stripped out of it. In some cases, Spam Assassin has scored it with 5.5, 5.4 and 3.2 fairly consistent, depending on the mail headers, and when the attachment is left in place, it would not get checked at all due to file size. Scott -- +-----------------------------------------------------------------------+ Scott W. Adkins http://www.cns.ohiou.edu/~sadkins/ UNIX Systems Engineer mailto:adkinss@ohio.edu ICQ 7626282 Work (740)593-9478 Fax (740)593-1944 +-----------------------------------------------------------------------+ PGP Public Key available at http://www.cns.ohiou.edu/~sadkins/pgp/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 231 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030113/c0e7541e/attachment.bin From alex at IALEX.NET Mon Jan 13 23:29:27 2003 From: alex at IALEX.NET (Alex Short) Date: Thu Jan 12 21:16:57 2006 Subject: Feature Request. Message-ID: With this pesky big@boss.com wave of mail i'm sure some of us have noticed, i don't think the load is so much caused by handling the incoming mail and scan, but also sending it out, having it deferred and so on. Can it be added to log email addresses of people that send a virus, and perhaps logs that and only send one notification per person per day? Alex From adkinss at OHIO.EDU Mon Jan 13 22:05:57 2003 From: adkinss at OHIO.EDU (Scott Adkins) Date: Thu Jan 12 21:16:57 2006 Subject: Adding a mail header... In-Reply-To: <5.2.0.9.2.20030113184729.01a916f0@imap.ecs.soton.ac.uk> References: <5.2.0.9.2.20030113184729.01a916f0@imap.ecs.soton.ac.uk> Message-ID: <2787250864.1042477557@Callisto> Okay, I don't agree with this solution. For starters, our mail queue system is split up into a bunch of queues. When mail comes into our main incoming queue, these messages are moved into other queues appropriate for their destinations. Some go to the cyrus queue, some go to the our edirectory queue, and the rest go to our outbound queue. We actually have more queues than this, but that is a bit off topic. MailScanner is setup to process messages coming into the cyrus queue before delivering them to LMTP. When server load gets really high, we sometimes have to shut off MailScanner altogether in order to get the mail processed in a timely manner. For example, we have processed about 50,000 messages (just counting the ones going to the cyrus queue, not the ones going elsewhere that are coming into our system) in the last 2 hours alone! So, what I would like is to have a line like the following added to emails that are touched by MailScanner: X-MailScanner-Information: If MailScanner gets shutdown, I don't want that header in the messages. I certainly don't want that header in emails that come into our server and go back out without ever touching MailScanner. I agree that in some cases, it should be the MTA's responsibility to add headers to emails, but not in all cases. I believe this is one of them. I would suggest in the next version to allow for such a header, maybe call the config option "Information Header:". Scott --On Monday, January 13, 2003 6:53 PM +0000 Julian Field wrote: > At 17:40 13/01/2003, you wrote: >> Maybe I missed something, but it doesn't look like it is possible to add >> an arbitrary header to the emails in addition to the "Mail Header" and >> the "Spam Header" headers. I am interested in adding a header that >> contains a URL to a web page we maintain describing the spam checking >> and virus scanning we are now doing. Is there an easy way to do this >> that I might be missing? > > Best way is to get your MTA to do it for you. Apparently very easy in > Exim, shouldn't be too taxing in sendmail either. > > In sendmail you should be able to add this to your sendmail.cf file: > HX-Help-Available-At: http://www.your.domain.com/help > > If you want to know how to do it in Exim, search the archives for the past > couple of weeks, this was discussed recently. > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support -- +-----------------------------------------------------------------------+ Scott W. Adkins http://www.cns.ohiou.edu/~sadkins/ UNIX Systems Engineer mailto:adkinss@ohio.edu ICQ 7626282 Work (740)593-9478 Fax (740)593-1944 +-----------------------------------------------------------------------+ PGP Public Key available at http://www.cns.ohiou.edu/~sadkins/pgp/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 231 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030113/3351c061/attachment.bin From mike at CAMAROSS.NET Mon Jan 13 23:22:27 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:16:57 2006 Subject: Feature Request. In-Reply-To: Message-ID: <00af01c2bb5a$a377e6b0$9801a8c0@home.middlefinger.net> I'd rather pester the beejesus out of people too stupid to protect themselves! :) -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Alex Short Sent: Monday, January 13, 2003 5:29 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Feature Request. With this pesky big@boss.com wave of mail i'm sure some of us have noticed, i don't think the load is so much caused by handling the incoming mail and scan, but also sending it out, having it deferred and so on. Can it be added to log email addresses of people that send a virus, and perhaps logs that and only send one notification per person per day? Alex From gerry at DORFAM.CA Tue Jan 14 01:15:54 2003 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:16:57 2006 Subject: Cry for help. In-Reply-To: <2773959292.1042464265@Callisto> Message-ID: On Mon, 13 Jan 2003, Scott Adkins wrote: > --On Monday, January 13, 2003 12:06 PM -0500 Steve Ellis > wrote: > Are you sure that the attachment was in there with the virus? I have > seen a lot of copies of this email come through some mailing lists, but > the attachments were stripped out of it. In some cases, Spam Assassin > has scored it with 5.5, 5.4 and 3.2 fairly consistent, depending on > the mail headers, and when the attachment is left in place, it would > not get checked at all due to file size. > > Scott Well, MailScanner and F-Prot pulled out a big@boss.com message on my server this morning that had the W32/Sobig.A@mm virus. This thing came directly to me and not through a mail list. On the other hand I've had several big@boss.com messages from mailing lists that had the attachment stripped. It was 89924 bytes in size. I guess the lesson is that more and more mailing lists are using virus scanning. -- Gerry "The lyfe so short, the craft so long to learne" Chaucer From mike at CAMAROSS.NET Tue Jan 14 01:23:28 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:16:57 2006 Subject: Cry for help. In-Reply-To: <2773959292.1042464265@Callisto> Message-ID: <000801c2bb6b$8bb7d290$9801a8c0@home.middlefinger.net> SpamAssassin doesn't have anything to do with the virus scanning. Attachments are virus scanned regardless of size... -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Scott Adkins Sent: Monday, January 13, 2003 12:24 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Cry for help. --On Monday, January 13, 2003 12:06 PM -0500 Steve Ellis wrote: > I'm curious as to what virus was being sent from thebig@boss.com > address. We received a few messages, but they were not detected as a > virus by the virus software we are using with MailScanner. Anyone have > a name for it? Are you sure that the attachment was in there with the virus? I have seen a lot of copies of this email come through some mailing lists, but the attachments were stripped out of it. In some cases, Spam Assassin has scored it with 5.5, 5.4 and 3.2 fairly consistent, depending on the mail headers, and when the attachment is left in place, it would not get checked at all due to file size. Scott -- +----------------------------------------------------------------------- + Scott W. Adkins http://www.cns.ohiou.edu/~sadkins/ UNIX Systems Engineer mailto:adkinss@ohio.edu ICQ 7626282 Work (740)593-9478 Fax (740)593-1944 +----------------------------------------------------------------------- + PGP Public Key available at http://www.cns.ohiou.edu/~sadkins/pgp/ From adkinss at OHIO.EDU Tue Jan 14 03:46:07 2003 From: adkinss at OHIO.EDU (Scott Adkins) Date: Thu Jan 12 21:16:57 2006 Subject: Cry for help. In-Reply-To: <000801c2bb6b$8bb7d290$9801a8c0@home.middlefinger.net> References: <000801c2bb6b$8bb7d290$9801a8c0@home.middlefinger.net> Message-ID: <7229625.1042497966@IO> Yes, and I probably slid off course just a little on my reply. What made me take notice of the stripped attachments was the fact that some of the emails were classified as spam and moved to my spam folder and others were not. The stripped attachments obviously brought the messages under the size threshold for spam checking, but is also means that there isn't any attachments to do virus scanning on... That was all I was wanting to say, I just didn't say it :) Scott --On Monday, January 13, 2003 7:23 PM -0600 Mike Kercher wrote: > SpamAssassin doesn't have anything to do with the virus scanning. > Attachments are virus scanned regardless of size... > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Scott Adkins > Sent: Monday, January 13, 2003 12:24 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Cry for help. > > > --On Monday, January 13, 2003 12:06 PM -0500 Steve Ellis > wrote: > >> I'm curious as to what virus was being sent from thebig@boss.com >> address. We received a few messages, but they were not detected as a >> virus by the virus software we are using with MailScanner. Anyone have > >> a name for it? > > Are you sure that the attachment was in there with the virus? I have > seen a lot of copies of this email come through some mailing lists, but > the attachments were stripped out of it. In some cases, Spam Assassin > has scored it with 5.5, 5.4 and 3.2 fairly consistent, depending on the > mail headers, and when the attachment is left in place, it would not get > checked at all due to file size. > > Scott > -- > > +----------------------------------------------------------------------- > + > Scott W. Adkins http://www.cns.ohiou.edu/~sadkins/ > UNIX Systems Engineer mailto:adkinss@ohio.edu > ICQ 7626282 Work (740)593-9478 Fax (740)593-1944 > > +----------------------------------------------------------------------- > + > PGP Public Key available at http://www.cns.ohiou.edu/~sadkins/pgp/ -- +-----------------------------------------------------------------------+ Scott W. Adkins http://www.cns.ohiou.edu/~sadkins/ UNIX Systems Engineer mailto:adkinss@ohio.edu ICQ 7626282 Work (740)593-9478 Fax (740)593-1944 +-----------------------------------------------------------------------+ PGP Public Key available at http://www.cns.ohiou.edu/~sadkins/pgp/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 231 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030113/a1b58b81/attachment.bin From mailscanner at ecs.soton.ac.uk Tue Jan 14 08:56:55 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:57 2006 Subject: starting mailscan on boot! In-Reply-To: <001d01c2bb56$8656eb20$0f01a8c0@kudos> References: <5.2.0.9.2.20030113221706.02ba8b20@imap.ecs.soton.ac.uk> Message-ID: <5.2.0.9.2.20030114085614.028fe380@imap.ecs.soton.ac.uk> At 22:53 13/01/2003, you wrote: >hi thx for help >this is what is in my sendmail init.d scrpt >#daemon /usr/sbin/sendmail -bd -q1h >daemon /usr/sbin/sendmail -bd -OPrivacyOptions=noetrn >-ODeliveryMode=queueonly -OQueueDirectory=/var/spool/mqueue.in > sendmail -q1h > echo > touch /var/lock/subsys/sendmail > ;; > >i am using turbolinux 6.5 server and version of mail scanner is >MailScanner-4.11-1.tar which is installed under /opt/MailScanner-4.11-1 The other command you need is /opt/MailScanner/bin/check_mailscanner to start up MailScanner itself once the 2 sendmail processes are started. You are very nearly there! :-) >thx >robert >>----- Original Message ----- >>From: Julian Field >>To: MAILSCANNER@JISCMAIL.AC.UK >>Sent: Monday, January 13, 2003 10:19 PM >>Subject: Re: starting mailscan on boot! >> >>At 22:05 13/01/2003, you wrote: >>>i am wundering how you guys start mailscan up on boot? what script do u use? >>>just wundering what the best way is and if i could have a copy so save >>>me writting one out my self! also was wudnering what the best way is! >> >>You need an init.d script, which you can base on the one used on your >>system to start sendmail. You need to start a sendmail -bd with all the >>relevant options as dictated by the MailScanner installation guide on the >>web site. You should also start a sendmail -q15m to run the outgoing >>queue. Then you should run check_mailscanner to actually start up >>MailScanner itself. >> >>What operating system and version are you using? What version of >>MailScanner are you using? How and where did you install MailScanner? >>-- >>Julian Field >>www.MailScanner.info >>MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Tue Jan 14 09:00:45 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:57 2006 Subject: Feature Request. In-Reply-To: Message-ID: <5.2.0.9.2.20030114085857.04ccbae0@imap.ecs.soton.ac.uk> At 23:29 13/01/2003, you wrote: >With this pesky big@boss.com wave of mail i'm sure some of us have >noticed, i don't think the load is so much caused by handling the incoming >mail and scan, but also sending it out, having it deferred and so on. > >Can it be added to log email addresses of people that send a virus, and >perhaps logs that and only send one notification per person per day? If you quarantine the entire message when you find a virus, you can extract the sender info out of the message yourself in a nightly cron job and mail them all warnings. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From richard.lush at HP.COM Tue Jan 14 09:03:55 2003 From: richard.lush at HP.COM (Richard Lush) Date: Thu Jan 12 21:16:57 2006 Subject: Webmin module 0.01 BETA released In-Reply-To: References: Message-ID: <1042535035.1412.7.camel@vader> Thanks for the comments, glad you like it so far :-) The plan is to add the ability to manually edit the files, I sort of have it working at the moment but not good enough to put into this release. Where there are multiple options for actions which are predefined, such as what to do with spam, I want to add these as check boxes - just need to work out how to do it. Not sure what you mean by browse option under what to do with spam, but I'll check it out. Anyway, thanks for the feedback so far. Richard On Mon, 2003-01-13 at 21:30, Rose, Bobby wrote: > Looks good on Solaris. Here's a suggestions, in the places where you > can set rule files or the reports add an option to manual edit them. > As it times goes on, you could probably add a subpage for > adding/removing rules to the rule files for those people who still > mess up making them. You could probably reuse the edit code from the > sendmail module such as the sendmail/edit_file.cgi. > > Also you missed the browse option for Spam Actions under What to do > with Spam. Can't High Scoring Spam Action be a rule also? > > -----Original Message----- > From: Lush, Richard [mailto:Richard.Lush@HP.COM] > Sent: Monday, January 13, 2003 6:58 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Webmin module 0.01 BETA released > > > Hi All, > > I've just finished the BETA version of my webmin module and > would like some volunteers to test it. Although it is beta I > haven't trashed my system yet using it, although I do backup > my mailscanner.conf just in case. > > I'm not sure what people want from it so I do need your help > in shaping what this looking like. > > I'm new to cgi and perl so there are a few "features" which > need ironing out. Here is a list of the ones I know about: > > Maximum number of child forks not displaying > Currently no external rules sets can be viewed/edited > No lines which are #'d out can be edited (Any ideas anyone?) > Currently no help is available > Some of the file browsing buttons aren't working > > Here is a link to the website: > http://lushsoft.dyndns.org/mailscanner-webmin/index.html > > Please note: This is written by me and as such all feedback > comments etc should be sent to me and not Julian. > > Regards, > > Richard > > Richard Lush > > Consulting and Integration > Security Practise > Reading UK > Email richard.lush@hp.com > Mobile +44 (0) 7788 916941 > Office +44 (0) 118 920 2349 > Fax +44 (0) 118 920 4612 > D I S C L A I M E R > The information contained in this communication is intended > solely for use by the individual or entity to whom it is > addressed. Use of this communication by others is prohibited. > HP and / or Compaq is neither liable for the proper and > complete transmission of the information contained in this > communication nor for any delay in its receipt nor for any > special, incidental or consequential damages of any nature > whatsoever resulting from receipt or use of this > communication. If you are not the intended recipient, you may > not peruse, use, disseminate, distribute or copy this message. > If you have received this message in error, please notify the > sender immediately by email, facsimile or telephone and return > or destroy the original message. Thank you. -- Richard Lush From mailscanner at ecs.soton.ac.uk Tue Jan 14 08:55:23 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:57 2006 Subject: Adding a mail header... In-Reply-To: <2787250864.1042477557@Callisto> References: <5.2.0.9.2.20030113184729.01a916f0@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030113184729.01a916f0@imap.ecs.soton.ac.uk> Message-ID: <5.2.0.9.2.20030114085329.028fe678@imap.ecs.soton.ac.uk> At 22:05 13/01/2003, you wrote: >So, what I would like is to have a line like the following added to >emails that are touched by MailScanner: > > X-MailScanner-Information: Do you want this in messages which MailScanner was configured not to scan as well as those it did scan? Or do you want it only in messages which MailScanner was configured to scan? What does anyone else want? >If MailScanner gets shutdown, I don't want that header in the messages. >I certainly don't want that header in emails that come into our server >and go back out without ever touching MailScanner. > >I agree that in some cases, it should be the MTA's responsibility to add >headers to emails, but not in all cases. I believe this is one of them. >I would suggest in the next version to allow for such a header, maybe >call the config option "Information Header:". > >Scott > >--On Monday, January 13, 2003 6:53 PM +0000 Julian Field > wrote: > >>At 17:40 13/01/2003, you wrote: >>>Maybe I missed something, but it doesn't look like it is possible to add >>>an arbitrary header to the emails in addition to the "Mail Header" and >>>the "Spam Header" headers. I am interested in adding a header that >>>contains a URL to a web page we maintain describing the spam checking >>>and virus scanning we are now doing. Is there an easy way to do this >>>that I might be missing? >> >>Best way is to get your MTA to do it for you. Apparently very easy in >>Exim, shouldn't be too taxing in sendmail either. >> >>In sendmail you should be able to add this to your sendmail.cf file: >>HX-Help-Available-At: http://www.your.domain.com/help >> >>If you want to know how to do it in Exim, search the archives for the past >>couple of weeks, this was discussed recently. >>-- >>Julian Field >>www.MailScanner.info >>MailScanner thanks transtec Computers for their support > > >-- >+-----------------------------------------------------------------------+ > Scott W. Adkins http://www.cns.ohiou.edu/~sadkins/ > UNIX Systems Engineer mailto:adkinss@ohio.edu > ICQ 7626282 Work (740)593-9478 Fax (740)593-1944 >+-----------------------------------------------------------------------+ > PGP Public Key available at > http://www.cns.ohiou.edu/~sadkins/pgp/ -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From daniele.antoniazzi at ACCENT.IT Tue Jan 14 08:41:26 2003 From: daniele.antoniazzi at ACCENT.IT (Daniele Antoniazzi) Date: Thu Jan 12 21:16:57 2006 Subject: need help installing patches on perl module MIME::tools Message-ID: <3E23CD36.7090303@accent.it> Hi, I'm trying to install the prerequisites for MailScanner. I've not understood how to apply the 4 patches to install MIME::tools perl module. I've tried "patch" command but without success :-( I've another question, concerning perl version. The installation docs say MailScanner has been tested on perl 5.8. What about 5.6? Thanks in advance for your help Ciao Daniele From mailscanner at ecs.soton.ac.uk Tue Jan 14 10:12:20 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:57 2006 Subject: need help installing patches on perl module MIME::tools In-Reply-To: <3E23CD36.7090303@accent.it> Message-ID: <5.2.0.9.2.20030114101047.02954848@imap.ecs.soton.ac.uk> At 08:41 14/01/2003, you wrote: >I'm trying to install the prerequisites for MailScanner. I've not >understood how to apply the 4 patches to install MIME::tools perl >module. I've tried "patch" command but without success :-( Get into the directory containing the unpacked mime-tools .tar.gz file, and do patch -p1 < mime-tools-patch.txt If "-p1" doesn't work nicely, then try "-p0". Then do the same command for each of the other patch files. >I've another question, concerning perl version. The installation docs >say MailScanner has been tested on perl 5.8. What about 5.6? Just needs 5.005 or later. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From tony.johansson at SVENSKAKYRKAN.SE Tue Jan 14 10:37:40 2003 From: tony.johansson at SVENSKAKYRKAN.SE (Tony Johansson) Date: Thu Jan 12 21:16:57 2006 Subject: Manage quarantine Message-ID: <3C4F5084EF16D4119CE700508B6B8B10058D0932@nt.svenskakyrkan.se> Hello, How do you people manage your quarantines? We will shortly tighten our policy which will result in many more items getting quarantined. What is the easiest way to view the quarantine and if needed relase items for delivery? regards, Tony From howard at harper-adams.ac.uk Tue Jan 14 11:38:59 2003 From: howard at harper-adams.ac.uk (Howard Robinson) Date: Thu Jan 12 21:16:57 2006 Subject: Manage quarantine In-Reply-To: <3C4F5084EF16D4119CE700508B6B8B10058D0932@nt.svenskakyrkan.se> Message-ID: <200301141137.h0EBbM410024@blackhole.harper-adams.ac.uk> On 14 Jan 03, at 11:37, Tony Johansson wrote: Hello Tony et al, We have been running Mailscanner since July 2001. For a year we kept the quarantined files but only had a few requests to recover them and then they were usually uncleanable/unusable. In July this year we took the decision to delete quarantined file and so far no one has complained. If someone sends a denied file (but virus free file) and its needed the user has to request it to be zipped or renamed and sent again. Of course it also saves disk space and reduces backup time. > Hello, > > How do you people manage your quarantines? > > We will shortly tighten our policy which will result in many more items > getting quarantined. What is the easiest way to view the quarantine and if > needed relase items for delivery? > > regards, Tony Regards Howard Robinson (Senior Technical Development Officer) Harper Adams University College Edgmond Newport Shropshire TF10 8NB UK E-mail: hrobinson@harper-adams.ac.uk Tel. : +44(0)1952 820280 Via switchboard : +44(0)1952 815253 Direct line Fax. : +44(0)1952 814783 College Web site http://www.harper-adams.ac.uk From joan.bryan at KCL.AC.UK Tue Jan 14 12:20:47 2003 From: joan.bryan at KCL.AC.UK (Joan Bryan) Date: Thu Jan 12 21:16:57 2006 Subject: Manage quarantine In-Reply-To: <200301141137.h0EBbM410024@blackhole.harper-adams.ac.uk> Message-ID: Hello We delete quarantine files over 30 days old with a cron job. We have decided against automated retrieval of quarantine files, because users often request to be sent actual infected files. When a new virus comes out the number of requests for infected files increases. For example, when Bugbear came out the virus-info account received 10 or so requests per day for a couple of weeks. The only case for automatic retrieval (in our case) would be restricted to IFRame and object codebase files. The requests for these amount to roughly 2 or 3 per week. (This is from a total of 240,000 average daily scanned messages and average 600 viruses per day) Joan Joan Bryan Information Systems King's College London 020 7848 2671 mailto:joan.bryan@kcl.ac.uk From Edward_Ortiz at SSA-SA.SEL.SONY.COM Tue Jan 14 13:36:25 2003 From: Edward_Ortiz at SSA-SA.SEL.SONY.COM (Ed Ortiz) Date: Thu Jan 12 21:16:57 2006 Subject: need help installing patches on perl module MIME::tools Message-ID: You may need to use the GNU version of patch, not the one provided with Solaris, if this is the OS you're using. After installing thge GNU version use /usr/local/bin/patch and follow Julian's instructions. Just my two cents, hope it helps. Ed Ortiz. >>> mailscanner@ECS.SOTON.AC.UK 1/14/03 4:12:20 AM >>> At 08:41 14/01/2003, you wrote: >I'm trying to install the prerequisites for MailScanner. I've not >understood how to apply the 4 patches to install MIME::tools perl >module. I've tried "patch" command but without success :-( Get into the directory containing the unpacked mime-tools .tar.gz file, and do patch -p1 < mime-tools-patch.txt If "-p1" doesn't work nicely, then try "-p0". Then do the same command for each of the other patch files. >I've another question, concerning perl version. The installation docs >say MailScanner has been tested on perl 5.8. What about 5.6? Just needs 5.005 or later. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From jaearick at COLBY.EDU Tue Jan 14 13:49:29 2003 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:16:57 2006 Subject: Manage quarantine In-Reply-To: References: Message-ID: Hi, We have discarded infected emails since day one (April 2002 in our case). We also do not disinfect-then-deliver. The sender and postmaster are notified that the email was vaporized (the recipient is not), but that is it. The reason we do not either quarantine or deliver cleaned messages is privacy. Some virii grab a document at random and email it; cleaning and delivering that document violates the privacy of the user of the infected machine. Likewise, hanging onto the document via quarantine also violates the privacy of the victim. I've never had a complaint about "your system ate my email and I want it back." ----------------------------------- Jeff A. Earickson, Ph.D Senior UNIX Sysadmin and Email Guru Information Technology Services Colby College, 4214 Mayflower Hill, Waterville ME, 04901-8842 phone: 207-872-3659 (fax = 3076) ----------------------------------- From joe at QITC.CO.UK Tue Jan 14 14:56:47 2003 From: joe at QITC.CO.UK (Joe Quinn) Date: Thu Jan 12 21:16:57 2006 Subject: mail not being scanned after reboot althought MailScanner was running References: <5.2.0.9.2.20030113221706.02ba8b20@imap.ecs.soton.ac.uk> <001d01c2bb56$8656eb20$0f01a8c0@kudos> Message-ID: <02af01c2bbdd$296ed0d0$78720550@T20> Hi, I'm running version 4.11-1 on a RaQ3 Strange thing this morning, I noticed an email coming in from a source that would normally have been tagged as spam but wasn't. I had a look at the header and sure enough, no indication that MailScanner had checked it??? I ran the top command and it showed MailScanner was running a few processes then tailed the maillog which showed mail coming in but no scan??? I traced the exact time the problem arose back to a reboot I did; reboot system boot 2.2.16C32_III Sun Jan 12 23:28 (1+11:23) prior to this all was OK but after this, no scanning. I stopped MailScanner then started it again after checking it was definitely stopped; [root@raq1 /root]# /etc/rc.d/init.d/MailScanner stop Shutting down MailScanner daemons: MailScanner: ERROR! incoming sendmail: sendmail ok outgoing sendmail: sendmail ok [root@raq1 /root]# ps -auxww | grep -i mail root 439 0.0 0.0 1192 456 pts/0 S 10:53 0:00 grep -i mail [root@raq1 /root]# ps -auxww | grep -i mail [root@raq1 /root]# /etc/rc.d/init.d/MailScanner start All is now OK and mail is definitely being scanned but what caused the problem, any ideas? Joe Quinn, QITC Internet Solutions (joe@qitc.co.uk) www.qitc.net From Stephen.Dawes at GOV.CALGARY.AB.CA Tue Jan 14 15:02:15 2003 From: Stephen.Dawes at GOV.CALGARY.AB.CA (Dawes, Stephen) Date: Thu Jan 12 21:16:57 2006 Subject: Upgrading MailScanner: Message-ID: I am not sure if I have made a mistake or not, and for that reason I am looking for conformation one way or the other. What I have done, is to download the latest version, 4.11, of MailScanner from the Web site. Then I ran the command tar -xvf MailScanner cd MailScanner source install.sh I am now seconding guessing myself. I did not uninstall the previous version of MailScanner before running the install command. Is this going to cause problems? Does the install script have built-in smarts to detect a previous version of MailScanner and then do the appropriate upgrades? I couldn't find anything about this in the documentation that comes with MailScanner, so if I missed it, or if it is not there, can a brief note be added to the documentation on upgrading procedures for future releases? Thanks! Stephen Dawes The City of Calgary | Phone: (403) 268-5527 Web Business Office #8300 | Fax: (403) 268-6423 PO Box 2100 Postal Station M. | Email: Stephen.Dawes@calgary.ca Calgary, Alberta, Canada. T2P 2M5 | Web: http://www.calgary.ca FOIPP NOTIFICATION This communication is intended ONLY for the use of the person or entity named above and may contain information that is confidential or legally privileged. If you are not the intended recipient named above or a person responsible for delivering messages or communications to the intended recipient, YOU ARE HEREBY NOTIFIED that any use, distribution, or copying of this communication or any of the information contained in it is strictly prohibited. If you have received this communication in error, please notify us immediately by telephone and then destroy or delete this communication, or return it to us by mail if requested by us. Thank you for your attention and co-operation. From mike at CAMAROSS.NET Tue Jan 14 15:09:30 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:16:57 2006 Subject: Upgrading MailScanner: In-Reply-To: Message-ID: <004901c2bbde$f37a5650$9801a8c0@home.middlefinger.net> You can rpm -Uvh mailscanner*.rpm Then all you need to do is diff the MailScanner.conf and MailScanner.conf.rpmnew to find configuration changed that need to be made. Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Dawes, Stephen Sent: Tuesday, January 14, 2003 9:02 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Upgrading MailScanner: I am not sure if I have made a mistake or not, and for that reason I am looking for conformation one way or the other. What I have done, is to download the latest version, 4.11, of MailScanner from the Web site. Then I ran the command tar -xvf MailScanner cd MailScanner source install.sh I am now seconding guessing myself. I did not uninstall the previous version of MailScanner before running the install command. Is this going to cause problems? Does the install script have built-in smarts to detect a previous version of MailScanner and then do the appropriate upgrades? I couldn't find anything about this in the documentation that comes with MailScanner, so if I missed it, or if it is not there, can a brief note be added to the documentation on upgrading procedures for future releases? Thanks! Stephen Dawes The City of Calgary | Phone: (403) 268-5527 Web Business Office #8300 | Fax: (403) 268-6423 PO Box 2100 Postal Station M. | Email: Stephen.Dawes@calgary.ca Calgary, Alberta, Canada. T2P 2M5 | Web: http://www.calgary.ca FOIPP NOTIFICATION This communication is intended ONLY for the use of the person or entity named above and may contain information that is confidential or legally privileged. If you are not the intended recipient named above or a person responsible for delivering messages or communications to the intended recipient, YOU ARE HEREBY NOTIFIED that any use, distribution, or copying of this communication or any of the information contained in it is strictly prohibited. If you have received this communication in error, please notify us immediately by telephone and then destroy or delete this communication, or return it to us by mail if requested by us. Thank you for your attention and co-operation. From JeremyE at BSA.CA.GOV Tue Jan 14 15:16:54 2003 From: JeremyE at BSA.CA.GOV (Jeremy Evans) Date: Thu Jan 12 21:16:58 2006 Subject: Maximum Filename Length Message-ID: <2739ECF7268CD0118F50080009DCC9F00156DB10@pebble.bsa.ca.gov> I'm trying to write a rule in filename.rules.conf that will block all attachments over a certain number of characters (in this case, 100). However, I've been unsuccessful. I've tried deny .{100,} Filename over 100 characters Filename over 100 characters and deny ^.{100,}$ Filename over 100 characters Filename over 100 characters neither of which work (the e-mail just goes through normally). I'm not an expert at regular expressions, so maybe I just didn't write it properly. This entry is the first entry in the file, there are tabs between all of the fields, and I have rebooted the server between changes, but I when I sent through an attachment with a filename over 100 characters, it goes through without being blocked. Other rules I have written work as expected. What should I do to get the functionality I want? Jeremy Evans Information Systems Analyst California State Auditor 916-445-0255 phone 916-322-7801 fax From mailscanner at ecs.soton.ac.uk Tue Jan 14 15:23:27 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:58 2006 Subject: mail not being scanned after reboot althought MailScanner was running In-Reply-To: <02af01c2bbdd$296ed0d0$78720550@T20> References: <5.2.0.9.2.20030113221706.02ba8b20@imap.ecs.soton.ac.uk> <001d01c2bb56$8656eb20$0f01a8c0@kudos> Message-ID: <5.2.0.9.2.20030114152242.050742e8@imap.ecs.soton.ac.uk> Check your init.d to ensure only MailScanner is being fired up, not the "sendmail" init.d script as well. chkconfig --list | grep -i mail should show that sendmail is off and MailScanner is on. At 14:56 14/01/2003, you wrote: >Hi, > >I'm running version 4.11-1 on a RaQ3 > >Strange thing this morning, I noticed an email coming in from a source that >would normally have been tagged as spam but wasn't. > >I had a look at the header and sure enough, no indication that MailScanner >had checked it??? > >I ran the top command and it showed MailScanner was running a few processes >then tailed the maillog which showed mail coming in but no scan??? > >I traced the exact time the problem arose back to a reboot I did; > >reboot system boot 2.2.16C32_III Sun Jan 12 23:28 (1+11:23) > >prior to this all was OK but after this, no scanning. > >I stopped MailScanner then started it again after checking it was definitely >stopped; > >[root@raq1 /root]# /etc/rc.d/init.d/MailScanner stop >Shutting down MailScanner daemons: > MailScanner: ERROR! > incoming sendmail: sendmail ok > outgoing sendmail: sendmail ok >[root@raq1 /root]# ps -auxww | grep -i mail >root 439 0.0 0.0 1192 456 pts/0 S 10:53 0:00 grep -i mail >[root@raq1 /root]# ps -auxww | grep -i mail >[root@raq1 /root]# /etc/rc.d/init.d/MailScanner start > >All is now OK and mail is definitely being scanned but what caused the >problem, any ideas? > >Joe Quinn, QITC Internet Solutions (joe@qitc.co.uk) >www.qitc.net -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From zabriskw at ITECH.NET Tue Jan 14 15:37:36 2003 From: zabriskw at ITECH.NET (Kris Zabriskie) Date: Thu Jan 12 21:16:58 2006 Subject: Spam Retrival Problem Message-ID: <002801c2bbe2$dd436620$0c02a8c0@itech.dom> I have a quick question. Back when we were using MailScanner 2.20 I was able to 'tail' my mail.log and retrieve spam based on the message ID from /var/spool/MailScanner/quarantine/date/messageid. Then I would simply copy it to /var/spool/mqueue.in and it would go through MailScanner again and be delivered (of course after I added the whitelist). Recently we upgraded to 4.11 and I noticed that the messages just sit in that directory. Is there a configuration error that I have made, or something I am missing. Any help would be appreciated. Thanks everyone! Kris Zabriskie Network Admin / Consultant I-Tech Inc. zabriskw@itech.net 717-657-3035 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030114/862140be/attachment.html From mailscanner at ecs.soton.ac.uk Tue Jan 14 16:15:42 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:58 2006 Subject: Spam Retrival Problem In-Reply-To: <002801c2bbe2$dd436620$0c02a8c0@itech.dom> Message-ID: <5.2.0.9.2.20030114161445.0535d4c0@imap.ecs.soton.ac.uk> At 15:37 14/01/2003, you wrote: >I have a quick question. Back when we were using MailScanner 2.20 I was >able to 'tail' my mail.log and retrieve spam based on the message ID from >/var/spool/MailScanner/quarantine/date/messageid. Then I would simply >copy it to /var/spool/mqueue.in and it would go through MailScanner again >and be delivered (of course after I added the whitelist). Recently we >upgraded to 4.11 and I noticed that the messages just sit in that >directory. Is there a configuration error that I have made, or something >I am missing. Any help would be appreciated. Thanks everyone! You need the raw queue files in your quarantine, not the "1 file per message" format. Take a look in your MailScanner.conf file for Quarantine Whole Messages As Queue Files = no and change it to "yes", then "reload" MailScanner. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From adkinss at OHIO.EDU Tue Jan 14 14:55:22 2003 From: adkinss at OHIO.EDU (Scott Adkins) Date: Thu Jan 12 21:16:58 2006 Subject: Adding a mail header... In-Reply-To: <5.2.0.9.2.20030114085329.028fe678@imap.ecs.soton.ac.uk> References: <5.2.0.9.2.20030114085329.028fe678@imap.ecs.soton.ac.uk> Message-ID: <2847814731.1042538122@Callisto> --On Tuesday, January 14, 2003 8:55 AM +0000 Julian Field wrote: > At 22:05 13/01/2003, you wrote: >> So, what I would like is to have a line like the following added to >> emails that are touched by MailScanner: >> >> X-MailScanner-Information: > > Do you want this in messages which MailScanner was configured not to scan > as well as those it did scan? > Or do you want it only in messages which MailScanner was configured to > scan? > > What does anyone else want? My guess is that if MailScanner is doing any checks of any kind, that it should stick in the header. Even if we configured all the checks to be off (what, that would be Spam Checking, Spam Assassin, Virus Scanning, Filename Checking, Blacklist Lookups, anything else?), which means that MailScanner is just moving messages from the input queue to the output queue, that we should still have the header inserted. If we didn't want that, we could comment out the "Information Header" config option and be done with it. You know, I am surprised that you don't have an X-MailScanner-Version header line in there. :-) Anyways, I have been pleased with the ease of use for MailScanner, and feel I still have a lot to learn about it. We are still fighting a lot of performance issues on our server, and we are still tracking it down. The server supports about 2000 concurrent users logging in and checking their email, and doing mail processing with spam/virus checking turned on just throws the server over the edge. Of course, it doesn't help when we are delivering close to 50,000 emails in an hours worth of time either :-) Scott -- +-----------------------------------------------------------------------+ Scott W. Adkins http://www.cns.ohiou.edu/~sadkins/ UNIX Systems Engineer mailto:adkinss@ohio.edu ICQ 7626282 Work (740)593-9478 Fax (740)593-1944 +-----------------------------------------------------------------------+ PGP Public Key available at http://www.cns.ohiou.edu/~sadkins/pgp/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 231 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030114/51cead41/attachment.bin From joe at QITC.CO.UK Tue Jan 14 16:22:09 2003 From: joe at QITC.CO.UK (Joe Quinn) Date: Thu Jan 12 21:16:58 2006 Subject: mail not being scanned after reboot althought MailScanner was running References: <5.2.0.9.2.20030113221706.02ba8b20@imap.ecs.soton.ac.uk> <001d01c2bb56$8656eb20$0f01a8c0@kudos> <5.2.0.9.2.20030114152242.050742e8@imap.ecs.soton.ac.uk> Message-ID: <002701c2bbe9$163bff40$2d30c3c1@T20> Haven't a clue what this means :-) [root@raq1 /root]# chkconfig --list | grep -i mail sendmail 0:off 1:off 2:off 3:on 4:on 5:on 6:off MailScanner 0:off 1:off 2:on 3:off 4:off 5:off 6:off [root@raq1 /root]# Can you advise please? Joe Quinn, QITC Internet Solutions (joe@qitc.co.uk) Cisco re-seller, Cobalt Sapphire Partner. www.qitc.net/stocklist Web Site Hosting, Server Hosting, Co-location. Tel: (UK) +44 776 737 1234 ----- Original Message ----- From: "Julian Field" To: Sent: Tuesday, January 14, 2003 3:23 PM Subject: Re: mail not being scanned after reboot althought MailScanner was running Check your init.d to ensure only MailScanner is being fired up, not the "sendmail" init.d script as well. chkconfig --list | grep -i mail should show that sendmail is off and MailScanner is on. At 14:56 14/01/2003, you wrote: >Hi, > >I'm running version 4.11-1 on a RaQ3 > >Strange thing this morning, I noticed an email coming in from a source that >would normally have been tagged as spam but wasn't. > >I had a look at the header and sure enough, no indication that MailScanner >had checked it??? > >I ran the top command and it showed MailScanner was running a few processes >then tailed the maillog which showed mail coming in but no scan??? > >I traced the exact time the problem arose back to a reboot I did; > >reboot system boot 2.2.16C32_III Sun Jan 12 23:28 (1+11:23) > >prior to this all was OK but after this, no scanning. > >I stopped MailScanner then started it again after checking it was definitely >stopped; > >[root@raq1 /root]# /etc/rc.d/init.d/MailScanner stop >Shutting down MailScanner daemons: > MailScanner: ERROR! > incoming sendmail: sendmail ok > outgoing sendmail: sendmail ok >[root@raq1 /root]# ps -auxww | grep -i mail >root 439 0.0 0.0 1192 456 pts/0 S 10:53 0:00 grep -i mail >[root@raq1 /root]# ps -auxww | grep -i mail >[root@raq1 /root]# /etc/rc.d/init.d/MailScanner start > >All is now OK and mail is definitely being scanned but what caused the >problem, any ideas? > >Joe Quinn, QITC Internet Solutions (joe@qitc.co.uk) >www.qitc.net -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From kylist at SHCORP.COM Tue Jan 14 16:14:06 2003 From: kylist at SHCORP.COM (Kurt Yoder) Date: Thu Jan 12 21:16:58 2006 Subject: spamassassin returning 255 hits Message-ID: <44413.10.10.1.71.1042560846.squirrel@webmailtest.shcorp.com> Hello list I've been using mailscanner for awhile, and having it check for spam using spamassassin. Recently I started noticing that spamassassin was frequently timing out and being killed, even though I have a 40 timeout and this has been sufficient for most mail before. Restarting spamd did not help, so I upgraded Spamassassin. Now mailscanner always says spamassassin is returning 255 hits and reports everything as spam. I run spamassassin in daemon mode and have checked test messages using the "spamc" spamassassin client. My test messages using spamc are scanned correctly and return a normal, non-255 number. So why does mailscanner always think spamassassin is returning 255? Software info: Debian Linux, woody Mailscanner 3.12.5 (old, but I'm afraid to upgrade it in case I break something) Spamassassin 2.20 (debian package 2.20-1woody) Sendmail 8.12.1 (debian package 8.12.1-5; modified to work correctly with mailscanner) -- Kurt Yoder Sport & Health network administrator From sean at NISD.NET Tue Jan 14 16:23:25 2003 From: sean at NISD.NET (Sean Embry) Date: Thu Jan 12 21:16:58 2006 Subject: AOL and virus infected users (OT) Message-ID: Has anyone else noticed that e-mail to AOL abuse isn't working? EG: E-mail a virus detection report, eight weeks later, still geting them from the same X-Apparently-From: address in the alert. Does anyone know if the X-Apparently-From: can be trusted at all? I notice that CompuServe (cs.com) does this, and one or two others that I can't think of off hand... From Kevin.Spicer at BMRB.CO.UK Tue Jan 14 16:24:35 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:16:58 2006 Subject: mail not being scanned after reboot althought MailScanner was running Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0A32C37@pascal.priv.bmrb.co.uk> chkconfig sendmail off > -----Original Message----- > From: Joe Quinn [mailto:joe@QITC.CO.UK] > Sent: 14 January 2003 16:22 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: mail not being scanned after reboot althought MailScanner > was running > > > Haven't a clue what this means :-) > > [root@raq1 /root]# chkconfig --list | grep -i mail > sendmail 0:off 1:off 2:off 3:on 4:on 5:on 6:off > MailScanner 0:off 1:off 2:on 3:off 4:off 5:off 6:off > [root@raq1 /root]# > > Can you advise please? > > Joe Quinn, QITC Internet Solutions (joe@qitc.co.uk) > Cisco re-seller, Cobalt Sapphire Partner. www.qitc.net/stocklist > Web Site Hosting, Server Hosting, Co-location. > Tel: (UK) +44 776 737 1234 > > ----- Original Message ----- > From: "Julian Field" > To: > Sent: Tuesday, January 14, 2003 3:23 PM > Subject: Re: mail not being scanned after reboot althought > MailScanner was > running > > > Check your init.d to ensure only MailScanner is being fired > up, not the > "sendmail" init.d script as well. > chkconfig --list | grep -i mail > should show that sendmail is off and MailScanner is on. > > At 14:56 14/01/2003, you wrote: > >Hi, > > > >I'm running version 4.11-1 on a RaQ3 > > > >Strange thing this morning, I noticed an email coming in > from a source that > >would normally have been tagged as spam but wasn't. > > > >I had a look at the header and sure enough, no indication > that MailScanner > >had checked it??? > > > >I ran the top command and it showed MailScanner was running > a few processes > >then tailed the maillog which showed mail coming in but no scan??? > > > >I traced the exact time the problem arose back to a reboot I did; > > > >reboot system boot 2.2.16C32_III Sun Jan 12 23:28 > (1+11:23) > > > >prior to this all was OK but after this, no scanning. > > > >I stopped MailScanner then started it again after checking it was > definitely > >stopped; > > > >[root@raq1 /root]# /etc/rc.d/init.d/MailScanner stop > >Shutting down MailScanner daemons: > > MailScanner: ERROR! > > incoming sendmail: sendmail ok > > outgoing sendmail: sendmail ok > >[root@raq1 /root]# ps -auxww | grep -i mail > >root 439 0.0 0.0 1192 456 pts/0 S 10:53 > 0:00 grep -i mail > >[root@raq1 /root]# ps -auxww | grep -i mail > >[root@raq1 /root]# /etc/rc.d/init.d/MailScanner start > > > >All is now OK and mail is definitely being scanned but what > caused the > >problem, any ideas? > > > >Joe Quinn, QITC Internet Solutions (joe@qitc.co.uk) > >www.qitc.net > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > From dwinkler at ALGORITHMICS.COM Tue Jan 14 16:27:48 2003 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:16:58 2006 Subject: mail not being scanned after reboot althought MailScanner was running Message-ID: <06EE2C86D3DAD5119A6C0060943F3C970402C0EE@tormail1.algorithmics.com> This is displaying services, run levels and whether the service is turned on or off for that run level. -----Original Message----- From: Joe Quinn [mailto:joe@qitc.co.uk] Sent: Tuesday, January 14, 2003 11:22 AM To: MAILSCANNER@jiscmail.ac.uk Subject: Re: mail not being scanned after reboot althought MailScanner was running Haven't a clue what this means :-) [root@raq1 /root]# chkconfig --list | grep -i mail sendmail 0:off 1:off 2:off 3:on 4:on 5:on 6:off MailScanner 0:off 1:off 2:on 3:off 4:off 5:off 6:off [root@raq1 /root]# Can you advise please? Joe Quinn, QITC Internet Solutions (joe@qitc.co.uk) Cisco re-seller, Cobalt Sapphire Partner. www.qitc.net/stocklist Web Site Hosting, Server Hosting, Co-location. Tel: (UK) +44 776 737 1234 ----- Original Message ----- From: "Julian Field" To: Sent: Tuesday, January 14, 2003 3:23 PM Subject: Re: mail not being scanned after reboot althought MailScanner was running Check your init.d to ensure only MailScanner is being fired up, not the "sendmail" init.d script as well. chkconfig --list | grep -i mail should show that sendmail is off and MailScanner is on. At 14:56 14/01/2003, you wrote: >Hi, > >I'm running version 4.11-1 on a RaQ3 > >Strange thing this morning, I noticed an email coming in from a source that >would normally have been tagged as spam but wasn't. > >I had a look at the header and sure enough, no indication that MailScanner >had checked it??? > >I ran the top command and it showed MailScanner was running a few processes >then tailed the maillog which showed mail coming in but no scan??? > >I traced the exact time the problem arose back to a reboot I did; > >reboot system boot 2.2.16C32_III Sun Jan 12 23:28 (1+11:23) > >prior to this all was OK but after this, no scanning. > >I stopped MailScanner then started it again after checking it was definitely >stopped; > >[root@raq1 /root]# /etc/rc.d/init.d/MailScanner stop >Shutting down MailScanner daemons: > MailScanner: ERROR! > incoming sendmail: sendmail ok > outgoing sendmail: sendmail ok >[root@raq1 /root]# ps -auxww | grep -i mail >root 439 0.0 0.0 1192 456 pts/0 S 10:53 0:00 grep -i mail >[root@raq1 /root]# ps -auxww | grep -i mail >[root@raq1 /root]# /etc/rc.d/init.d/MailScanner start > >All is now OK and mail is definitely being scanned but what caused the >problem, any ideas? > >Joe Quinn, QITC Internet Solutions (joe@qitc.co.uk) >www.qitc.net -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030114/0ac33561/attachment.html From Denis.Beauchemin at USHERBROOKE.CA Tue Jan 14 16:30:51 2003 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:16:58 2006 Subject: mail not being scanned after reboot althought MailScanner was running In-Reply-To: <002701c2bbe9$163bff40$2d30c3c1@T20> References: <5.2.0.9.2.20030113221706.02ba8b20@imap.ecs.soton.ac.uk> <001d01c2bb56$8656eb20$0f01a8c0@kudos> <5.2.0.9.2.20030114152242.050742e8@imap.ecs.soton.ac.uk> <002701c2bbe9$163bff40$2d30c3c1@T20> Message-ID: <1042561851.30405.110.camel@dbeauchemin.si.usherbrooke.ca> Depending on the run-level you use by default, starting MailScanner only in level 2 may not be enough. Try also: chkconfig --level 2345 MailScanner on Denis PS: don't forget to turn sendmail off as noted by Kevin Spicer: chkconfig sendmail off Le mar 14/01/2003 ? 11:22, Joe Quinn a ?crit : > Haven't a clue what this means :-) > > [root@raq1 /root]# chkconfig --list | grep -i mail > sendmail 0:off 1:off 2:off 3:on 4:on 5:on 6:off > MailScanner 0:off 1:off 2:on 3:off 4:off 5:off 6:off > [root@raq1 /root]# > > Can you advise please? > > Joe Quinn, QITC Internet Solutions (joe@qitc.co.uk) > Cisco re-seller, Cobalt Sapphire Partner. www.qitc.net/stocklist > Web Site Hosting, Server Hosting, Co-location. > Tel: (UK) +44 776 737 1234 > > ----- Original Message ----- > From: "Julian Field" > To: > Sent: Tuesday, January 14, 2003 3:23 PM > Subject: Re: mail not being scanned after reboot althought MailScanner was > running > > > Check your init.d to ensure only MailScanner is being fired up, not the > "sendmail" init.d script as well. > chkconfig --list | grep -i mail > should show that sendmail is off and MailScanner is on. > > At 14:56 14/01/2003, you wrote: > >Hi, > > > >I'm running version 4.11-1 on a RaQ3 > > > >Strange thing this morning, I noticed an email coming in from a source that > >would normally have been tagged as spam but wasn't. > > > >I had a look at the header and sure enough, no indication that MailScanner > >had checked it??? > > > >I ran the top command and it showed MailScanner was running a few processes > >then tailed the maillog which showed mail coming in but no scan??? > > > >I traced the exact time the problem arose back to a reboot I did; > > > >reboot system boot 2.2.16C32_III Sun Jan 12 23:28 (1+11:23) > > > >prior to this all was OK but after this, no scanning. > > > >I stopped MailScanner then started it again after checking it was > definitely > >stopped; > > > >[root@raq1 /root]# /etc/rc.d/init.d/MailScanner stop > >Shutting down MailScanner daemons: > > MailScanner: ERROR! > > incoming sendmail: sendmail ok > > outgoing sendmail: sendmail ok > >[root@raq1 /root]# ps -auxww | grep -i mail > >root 439 0.0 0.0 1192 456 pts/0 S 10:53 0:00 grep -i mail > >[root@raq1 /root]# ps -auxww | grep -i mail > >[root@raq1 /root]# /etc/rc.d/init.d/MailScanner start > > > >All is now OK and mail is definitely being scanned but what caused the > >problem, any ideas? > > > >Joe Quinn, QITC Internet Solutions (joe@qitc.co.uk) > >www.qitc.net > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x2252 F: 819.821.8045 From mailscanner at ecs.soton.ac.uk Tue Jan 14 16:40:48 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:58 2006 Subject: Maximum Filename Length In-Reply-To: <2739ECF7268CD0118F50080009DCC9F00156DB10@pebble.bsa.ca.gov > Message-ID: <5.2.0.9.2.20030114163846.053481b8@imap.ecs.soton.ac.uk> I have found the problem. To protect against nasty things in filenames, I munge the filenames to "sanitise" them. Unfortunately, the filename checks are done on the new names not the old ones. One of the checks it does is to chop off the filename (but leave filename extensions) if the filename is very long. So your long filename becomes a nice, safe, short filename before this check is done. I clearly need to fix this, just need to work out exactly how. Expect it to be fixed in the next release. At 15:16 14/01/2003, you wrote: >I'm trying to write a rule in filename.rules.conf that will block all >attachments over a certain number of characters (in this case, 100). >However, I've been unsuccessful. I've tried > >deny .{100,} Filename over 100 characters Filename over 100 characters > >and > >deny ^.{100,}$ Filename over 100 characters Filename over 100 >characters > >neither of which work (the e-mail just goes through normally). I'm not an >expert at regular expressions, so maybe I just didn't write it properly. >This entry is the first entry in the file, there are tabs between all of the >fields, and I have rebooted the server between changes, but I when I sent >through an attachment with a filename over 100 characters, it goes through >without being blocked. Other rules I have written work as expected. > >What should I do to get the functionality I want? > >Jeremy Evans >Information Systems Analyst >California State Auditor >916-445-0255 phone >916-322-7801 fax -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Tue Jan 14 16:44:13 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:58 2006 Subject: mail not being scanned after reboot althought MailScanner was running In-Reply-To: <02af01c2bbdd$296ed0d0$78720550@T20> References: <5.2.0.9.2.20030113221706.02ba8b20@imap.ecs.soton.ac.uk> <001d01c2bb56$8656eb20$0f01a8c0@kudos> Message-ID: <5.2.0.9.2.20030114164348.02850980@imap.ecs.soton.ac.uk> Did you install it using the RPM distribution? If so, did you read what it said at the very end of the installation process? At 14:56 14/01/2003, you wrote: >Hi, > >I'm running version 4.11-1 on a RaQ3 > >Strange thing this morning, I noticed an email coming in from a source that >would normally have been tagged as spam but wasn't. > >I had a look at the header and sure enough, no indication that MailScanner >had checked it??? > >I ran the top command and it showed MailScanner was running a few processes >then tailed the maillog which showed mail coming in but no scan??? > >I traced the exact time the problem arose back to a reboot I did; > >reboot system boot 2.2.16C32_III Sun Jan 12 23:28 (1+11:23) > >prior to this all was OK but after this, no scanning. > >I stopped MailScanner then started it again after checking it was definitely >stopped; > >[root@raq1 /root]# /etc/rc.d/init.d/MailScanner stop >Shutting down MailScanner daemons: > MailScanner: ERROR! > incoming sendmail: sendmail ok > outgoing sendmail: sendmail ok >[root@raq1 /root]# ps -auxww | grep -i mail >root 439 0.0 0.0 1192 456 pts/0 S 10:53 0:00 grep -i mail >[root@raq1 /root]# ps -auxww | grep -i mail >[root@raq1 /root]# /etc/rc.d/init.d/MailScanner start > >All is now OK and mail is definitely being scanned but what caused the >problem, any ideas? > >Joe Quinn, QITC Internet Solutions (joe@qitc.co.uk) >www.qitc.net -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Tue Jan 14 16:43:03 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:58 2006 Subject: spamassassin returning 255 hits In-Reply-To: <44413.10.10.1.71.1042560846.squirrel@webmailtest.shcorp.co m> Message-ID: <5.2.0.9.2.20030114164102.0291b8f0@imap.ecs.soton.ac.uk> At 16:14 14/01/2003, you wrote: >Hello list > >I've been using mailscanner for awhile, and having it check for spam using >spamassassin. Recently I started noticing that spamassassin was frequently >timing out and being killed, even though I have a 40 timeout and this has >been sufficient for most mail before. Restarting spamd did not help, so I >upgraded Spamassassin. MailScanner does not use spamd, so there isn't really much point running that. And, before you ask, it doesn't invoke the "spamassassin" script either. In a version as old as 3.12-5, I make no guarantees about anything, sorry. >Now mailscanner always says spamassassin is returning 255 hits and reports >everything as spam. I run spamassassin in daemon mode and have checked >test messages using the "spamc" spamassassin client. My test messages >using spamc are scanned correctly and return a normal, non-255 number. So >why does mailscanner always think spamassassin is returning 255? > >Software info: >Debian Linux, woody >Mailscanner 3.12.5 (old, but I'm afraid to upgrade it in case I break >something) >Spamassassin 2.20 (debian package 2.20-1woody) >Sendmail 8.12.1 (debian package 8.12.1-5; modified to work correctly with >mailscanner) > >-- >Kurt Yoder >Sport & Health network administrator -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From E.H.Beekman at AMC.UVA.NL Tue Jan 14 16:49:13 2003 From: E.H.Beekman at AMC.UVA.NL (Ewald Beekman) Date: Thu Jan 12 21:16:58 2006 Subject: Forcing sendmail to use /etc/hosts before using DNS In-Reply-To: <5CA287DBA85BF649A45916B75FD20E0E125761@exchange.usu.edu>; from john.hanks@USU.EDU on Mon, Jan 13, 2003 at 01:50:15PM -0700 References: <5CA287DBA85BF649A45916B75FD20E0E125761@exchange.usu.edu> Message-ID: <20030114174913.N14771@oink.amc.uva.nl> Probably you can use the mailertable feature to accomplish this, make sure the feature is enabled in sendmail.mc : FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl and create /etc/mail/mailertable with something like: someserver.usu.edu esmtp:[172.17.1.33] do a makemap makemap -v hash mailertable < mailertable and a kill -HUP of your sendmail process: kill -HUP `head -1 /var/run/sendmail.pid` you can always check where sendmail is going to send stuff with the -bv option: /usr/lib/sendmail -bv myuser@someserver.usu.edu http://www.sendmail.org/~ca/email/doc8.12/cf/m4/features.html have fun! Ewald... On Mon, Jan 13, 2003 at 01:50:15PM -0700, John B. Hanks wrote: > I am trying to get sendmail/mailscanner to do something that has me > questioning my understanding of the way this has been working. Here is what > I currently do to scan mail for a mail server. > > My MailScanner machines are noturus.usu.edu and ameiurus.usu.edu. > > If I want to scan mail for mail.dept.usu.edu, I go to that DNS record and > add > > mail.dept.usu.edu in mx 10 noturus.usu.edu > mail.dept.usu.edu in mx 10 ameiurus.usu.edu > > This has been working flawlessly for some time. I think what happens is mail > gets delivered to the MailScanner machines, they recognize themselves as MX > hosts and then forward the scanned mail to the A record for the target. > > Now I need to do some magic for a server move. I have a host, > someserver.usu.edu, that wants mail scanned and delivered to another box > which will host mail but someserver.usu.edu still has other functions so it > need to keep this name in its a record. I thought I could accomplish this by > adding entries to /etc/hosts on the mailscanners like > > 172.17.1.33 someserver.usu.edu > > So that when noturus or ameiurus looked up someserver.usu.edu they would use > the entry from the hosts file and unwittingly deliver mail to the new > server. But, sendmail seems intent on ignoring the /etc/hosts file. I have > changed /etc/resolv.conf, /etc/nsswitch.conf, /etc/host.conf and > /etc/mail/services.switch so that all these point to files first, then dns > but it still isn't working. The ping command works as expected, checking > /etc/hosts and using the IP address from the file. Can someone tell me if > what I want to do is possible and if so, how do I get sendmail to behave > this way? As we move more mailservers to use MailScanner this is going to > come up again and I need a way to solve it. > > This is Redhat 7.3, MailScanner 4.11-1 and sendmail 8.11.6-15. > > Thanks, > > jbh -- Ewald Beekman, Security Engineer, Academic Medical Center, dept. ADB/ICT Computer & Network Services, The Netherlands ## Your mind-mint is: God help the troubadour who tries to be a star. The more that you try to find success, the more that you will fail. -- Phil Ochs, on the Second System Effect From joe at QITC.CO.UK Tue Jan 14 16:59:24 2003 From: joe at QITC.CO.UK (Joe Quinn) Date: Thu Jan 12 21:16:58 2006 Subject: mail not being scanned after reboot althought MailScanner was running References: <5.2.0.9.2.20030113221706.02ba8b20@imap.ecs.soton.ac.uk> <001d01c2bb56$8656eb20$0f01a8c0@kudos> <5.2.0.9.2.20030114164348.02850980@imap.ecs.soton.ac.uk> Message-ID: <007c01c2bbee$4a9bf2e0$2d30c3c1@T20> > Did you install it using the RPM distribution? Yes > If so, did you read what it said at the very end of the installation process? Yes, that doesn't work on a RaQ, see my mail to the list of 6th Dec 02 :-) Is there something we can do so that it runs as it should after a reboot without any intervention? Joe Quinn, QITC Internet Solutions (joe@qitc.co.uk) Cisco re-seller, Cobalt Sapphire Partner. www.qitc.net/stocklist Web Site Hosting, Server Hosting, Co-location. Tel: (UK) +44 776 737 1234 ----- Original Message ----- From: "Julian Field" To: Sent: Tuesday, January 14, 2003 4:44 PM Subject: Re: mail not being scanned after reboot althought MailScanner was running Did you install it using the RPM distribution? If so, did you read what it said at the very end of the installation process? At 14:56 14/01/2003, you wrote: >Hi, > >I'm running version 4.11-1 on a RaQ3 > >Strange thing this morning, I noticed an email coming in from a source that >would normally have been tagged as spam but wasn't. > >I had a look at the header and sure enough, no indication that MailScanner >had checked it??? > >I ran the top command and it showed MailScanner was running a few processes >then tailed the maillog which showed mail coming in but no scan??? > >I traced the exact time the problem arose back to a reboot I did; > >reboot system boot 2.2.16C32_III Sun Jan 12 23:28 (1+11:23) > >prior to this all was OK but after this, no scanning. > >I stopped MailScanner then started it again after checking it was definitely >stopped; > >[root@raq1 /root]# /etc/rc.d/init.d/MailScanner stop >Shutting down MailScanner daemons: > MailScanner: ERROR! > incoming sendmail: sendmail ok > outgoing sendmail: sendmail ok >[root@raq1 /root]# ps -auxww | grep -i mail >root 439 0.0 0.0 1192 456 pts/0 S 10:53 0:00 grep -i mail >[root@raq1 /root]# ps -auxww | grep -i mail >[root@raq1 /root]# /etc/rc.d/init.d/MailScanner start > >All is now OK and mail is definitely being scanned but what caused the >problem, any ideas? > >Joe Quinn, QITC Internet Solutions (joe@qitc.co.uk) >www.qitc.net -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From jscott at INFOCONEX.COM Tue Jan 14 17:14:05 2003 From: jscott at INFOCONEX.COM (Jim Scott) Date: Thu Jan 12 21:16:58 2006 Subject: Forcing sendmail to use /etc/hosts before using DNS References: <5CA287DBA85BF649A45916B75FD20E0E125761@exchange.usu.edu> <20030114174913.N14771@oink.amc.uva.nl> Message-ID: <089f01c2bbf0$57f95b60$2719a8c0@infoconex.com> on the mailscanner servers put an entry like this in your /etc/mail/mailertable someserver.usu.edu RELAY:whateverserver.usu.edu Now any email that these two servers receive destined for @someserver.usu.edu will be directed to the server whateverserver.usu.edu make sure you take the entry out of the /etc/mail/local-host-names file and remove the entry for someserver.usu.edu domain Make sure you have something in the /etc/mail/local-host-names file on whateverserver.usu.edu to tell it that it accepts email for the domain someserver.usu.edu of course you probably also need to add your MX records to point to your mailscanner servers for this domain as well. Atleast this is what I think you are trying to do ;-) Email me privately if you need more help. Jim ----- Original Message ----- From: "Ewald Beekman" To: Sent: Tuesday, January 14, 2003 8:49 AM Subject: Re: Forcing sendmail to use /etc/hosts before using DNS Probably you can use the mailertable feature to accomplish this, make sure the feature is enabled in sendmail.mc : FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl and create /etc/mail/mailertable with something like: someserver.usu.edu esmtp:[172.17.1.33] do a makemap makemap -v hash mailertable < mailertable and a kill -HUP of your sendmail process: kill -HUP `head -1 /var/run/sendmail.pid` you can always check where sendmail is going to send stuff with the -bv option: /usr/lib/sendmail -bv myuser@someserver.usu.edu http://www.sendmail.org/~ca/email/doc8.12/cf/m4/features.html have fun! Ewald... On Mon, Jan 13, 2003 at 01:50:15PM -0700, John B. Hanks wrote: > I am trying to get sendmail/mailscanner to do something that has me > questioning my understanding of the way this has been working. Here is what > I currently do to scan mail for a mail server. > > My MailScanner machines are noturus.usu.edu and ameiurus.usu.edu. > > If I want to scan mail for mail.dept.usu.edu, I go to that DNS record and > add > > mail.dept.usu.edu in mx 10 noturus.usu.edu > mail.dept.usu.edu in mx 10 ameiurus.usu.edu > > This has been working flawlessly for some time. I think what happens is mail > gets delivered to the MailScanner machines, they recognize themselves as MX > hosts and then forward the scanned mail to the A record for the target. > > Now I need to do some magic for a server move. I have a host, > someserver.usu.edu, that wants mail scanned and delivered to another box > which will host mail but someserver.usu.edu still has other functions so it > need to keep this name in its a record. I thought I could accomplish this by > adding entries to /etc/hosts on the mailscanners like > > 172.17.1.33 someserver.usu.edu > > So that when noturus or ameiurus looked up someserver.usu.edu they would use > the entry from the hosts file and unwittingly deliver mail to the new > server. But, sendmail seems intent on ignoring the /etc/hosts file. I have > changed /etc/resolv.conf, /etc/nsswitch.conf, /etc/host.conf and > /etc/mail/services.switch so that all these point to files first, then dns > but it still isn't working. The ping command works as expected, checking > /etc/hosts and using the IP address from the file. Can someone tell me if > what I want to do is possible and if so, how do I get sendmail to behave > this way? As we move more mailservers to use MailScanner this is going to > come up again and I need a way to solve it. > > This is Redhat 7.3, MailScanner 4.11-1 and sendmail 8.11.6-15. > > Thanks, > > jbh -- Ewald Beekman, Security Engineer, Academic Medical Center, dept. ADB/ICT Computer & Network Services, The Netherlands ## Your mind-mint is: God help the troubadour who tries to be a star. The more that you try to find success, the more that you will fail. -- Phil Ochs, on the Second System Effect From joe at QITC.CO.UK Tue Jan 14 18:13:22 2003 From: joe at QITC.CO.UK (Joe Quinn) Date: Thu Jan 12 21:16:58 2006 Subject: mail not being scanned after reboot althought MailScanner was running References: <5.2.0.9.2.20030113221706.02ba8b20@imap.ecs.soton.ac.uk> <001d01c2bb56$8656eb20$0f01a8c0@kudos> <5.2.0.9.2.20030114164348.02850980@imap.ecs.soton.ac.uk> <007c01c2bbee$4a9bf2e0$2d30c3c1@T20> Message-ID: <00d701c2bbf8$a004fc40$2d30c3c1@T20> All fixed now! :-) Joe Quinn, QITC Internet Solutions (joe@qitc.co.uk) Cisco re-seller, Cobalt Sapphire Partner. www.qitc.net/stocklist Web Site Hosting, Server Hosting, Co-location. Tel: (UK) +44 776 737 1234 From mike at CAMAROSS.NET Tue Jan 14 18:16:16 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:16:58 2006 Subject: mail not being scanned after reboot althought MailScanner was running In-Reply-To: <00d701c2bbf8$a004fc40$2d30c3c1@T20> Message-ID: <00d401c2bbf9$083950e0$9801a8c0@home.middlefinger.net> Solution for anyone that might have the same problem in the future? -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Joe Quinn Sent: Tuesday, January 14, 2003 12:13 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: mail not being scanned after reboot althought MailScanner was running All fixed now! :-) Joe Quinn, QITC Internet Solutions (joe@qitc.co.uk) Cisco re-seller, Cobalt Sapphire Partner. www.qitc.net/stocklist Web Site Hosting, Server Hosting, Co-location. Tel: (UK) +44 776 737 1234 From sholland at SUMSYS.COM Tue Jan 14 18:10:34 2003 From: sholland at SUMSYS.COM (Stephen Holland) Date: Thu Jan 12 21:16:58 2006 Subject: Document on How to Message-ID: <5CA24BCF0A68504C8A3F2AA3E526F0150CC89A@ssitransfer2.summit.local> Has anyone created a document on how to setup MailScanner on RedHat 7.3 with Spamassassin and Razor? 1) I have Sendmail running as an SMTP relay, but I was wondering how it check the RBL's or how do I know it is working. Does it work with the default install? I.e. "Spam List = ORDB-RBL Infinite-Monkeys # MAPS-RBL+ costs money (except .ac.uk)" 2) What do I need to do besides turn on Spamassassin in the Mailscanner.conf file to get the heuristic spam scanning to work? I know I have very basic question, but I have read and read and can not seem to find a document on how to integrate everything. Thank you much Stephen -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030114/4b7fdae3/attachment.html From joe at QITC.CO.UK Tue Jan 14 18:50:52 2003 From: joe at QITC.CO.UK (Joe Quinn) Date: Thu Jan 12 21:16:58 2006 Subject: mail not being scanned after reboot althought MailScanner was running References: <00d401c2bbf9$083950e0$9801a8c0@home.middlefinger.net> Message-ID: <010901c2bbfd$dd113e50$2d30c3c1@T20> > Solution for anyone that might have the same problem in the future? As Julian suggested, at the bottom of the page titled; "MailScanner Installation Guide - Linux RPM" Sort of RTFM but adapted slightly for the RaQ :-) /etc/rc.d/init.d/sendmail stop chkconfig sendmail off chkconfig --level 2345 MailScanner on /etc/rc.d/init.d/MailScanner start Cheers everyone and thanks for the input, learning all the time! Joe www.qitc.net From mailscanner at ecs.soton.ac.uk Tue Jan 14 19:03:40 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:58 2006 Subject: Document on How to In-Reply-To: <5CA24BCF0A68504C8A3F2AA3E526F0150CC89A@ssitransfer2.summit .local> Message-ID: <5.2.0.9.2.20030114190058.00b038d8@imap.ecs.soton.ac.uk> At 18:10 14/01/2003, you wrote: >Has anyone created a document on how to setup MailScanner on RedHat 7.3 >with Spamassassin and Razor? Basically, you unpack the MailScanner rpm tarball and run install.sh. Note down the commands output at the end of the installation procedure so you know how to enable it once you have SA installed. Then download and install SpamAssassin. I don't use Razor myself (and never have) so I'll leave the answer to that bit to others. >1) I have Sendmail running as an SMTP relay, but I was wondering how >it check the RBLs or how do I know it is working. Does it work with the >default install? I.e. Spam List = ORDB-RBL Infinite-Monkeys # MAPS-RBL+ >costs money (except .ac.uk) Yes. >2) What do I need to do besides turn on Spamassassin in the >Mailscanner.conf file to get the heuristic spam scanning to work? Nothing. >I know I have very basic question, but I have read and read and can not >seem to find a document on how to integrate everything. Everyone has to start somewhere :) -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From sholland at SUMSYS.COM Tue Jan 14 19:13:15 2003 From: sholland at SUMSYS.COM (Stephen Holland) Date: Thu Jan 12 21:16:58 2006 Subject: Document on How to Message-ID: <5CA24BCF0A68504C8A3F2AA3E526F0150C977D@ssitransfer2.summit.local> Thank you for your kindness. -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: Tuesday, January 14, 2003 2:04 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Document on How to At 18:10 14/01/2003, you wrote: >Has anyone created a document on how to setup MailScanner on RedHat 7.3 >with Spamassassin and Razor? Basically, you unpack the MailScanner rpm tarball and run install.sh. Note down the commands output at the end of the installation procedure so you know how to enable it once you have SA installed. Then download and install SpamAssassin. I don't use Razor myself (and never have) so I'll leave the answer to that bit to others. >1) I have Sendmail running as an SMTP relay, but I was wondering how >it check the RBLs or how do I know it is working. Does it work with the >default install? I.e. Spam List = ORDB-RBL Infinite-Monkeys # MAPS-RBL+ >costs money (except .ac.uk) Yes. >2) What do I need to do besides turn on Spamassassin in the >Mailscanner.conf file to get the heuristic spam scanning to work? Nothing. >I know I have very basic question, but I have read and read and can not >seem to find a document on how to integrate everything. Everyone has to start somewhere :) -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From johannes at DSP.DE Tue Jan 14 19:24:32 2003 From: johannes at DSP.DE (Johannes) Date: Thu Jan 12 21:16:58 2006 Subject: Installation on SuSe 7.1 Message-ID: Hi, I just tried to install MailScanner on my SuSE 7.1 installation. Semms to work fine as Mailscanner starts correct, but when it tries to start the sendmail deamon I get Error Messages: mail2:~ # rcMailScanner start Initializing sendmail and MailScanner/usr/sbin/sendmail: illegal option -- A startproc: exit status of /usr/sbin/sendmail: 64 /usr/sbin/sendmail: illegal option -- A startproc: exit status of /usr/sbin/sendmail: 64 done mail2:~ # But I have got 5 Instances of Mailscanner running after trying to start it: 19914 ? S 0:00 perl - I/usr/lib/MailScanner /usr/sbin/MailScanner /et 19915 ? S 0:00 perl - I/usr/lib/MailScanner /usr/sbin/MailScanner /et 19916 ? S 0:00 perl - I/usr/lib/MailScanner /usr/sbin/MailScanner /et 19917 ? S 0:00 perl - I/usr/lib/MailScanner /usr/sbin/MailScanner /et 19918 ? S 0:00 perl - I/usr/lib/MailScanner /usr/sbin/MailScanner /et 19919 ? S 0:00 perl - I/usr/lib/MailScanner /usr/sbin/MailScanner /et 19920 pts/0 R 0:00 ps ax mail2:~ # check_MailScanner MailScanner running with pid 19914 19915 19916 19917 19918 19919 mail2:~ # Only the Sendmal deamon semms not to start... whats wrong with my Installation? Any Suggestions? I have the SuSE 8.0 RPM installed, any Problems with that on SuSE 7.1? Is There a RPM for SuSE 7.1? I also tried the source RPM, without success... Greets Johannes From mailscanner at ecs.soton.ac.uk Tue Jan 14 19:39:15 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:58 2006 Subject: Installation on SuSe 7.1 In-Reply-To: Message-ID: <5.2.0.9.2.20030114193717.02caf148@imap.ecs.soton.ac.uk> The SuSE RPM only works with 8.x, not 7.1. Take a look at /etc/init.d/MailScanner and remove sendmail command-line options that it doesn't like. I'm afraid I haven't got a 7.x machine to develop it on. At 19:24 14/01/2003, you wrote: >Hi, I just tried to install MailScanner on my SuSE 7.1 installation. Semms >to work fine as Mailscanner starts correct, but when it tries to start the >sendmail deamon I get Error Messages: > >mail2:~ # rcMailScanner start >Initializing sendmail and MailScanner/usr/sbin/sendmail: illegal option -- A >startproc: exit status of /usr/sbin/sendmail: 64 >/usr/sbin/sendmail: illegal option -- A >startproc: exit status of /usr/sbin/sendmail: 64 > done >mail2:~ # > >But I have got 5 Instances of Mailscanner running after trying to start it: > > >19914 ? S 0:00 perl - >I/usr/lib/MailScanner /usr/sbin/MailScanner /et >19915 ? S 0:00 perl - >I/usr/lib/MailScanner /usr/sbin/MailScanner /et >19916 ? S 0:00 perl - >I/usr/lib/MailScanner /usr/sbin/MailScanner /et >19917 ? S 0:00 perl - >I/usr/lib/MailScanner /usr/sbin/MailScanner /et >19918 ? S 0:00 perl - >I/usr/lib/MailScanner /usr/sbin/MailScanner /et >19919 ? S 0:00 perl - >I/usr/lib/MailScanner /usr/sbin/MailScanner /et >19920 pts/0 R 0:00 ps ax >mail2:~ # check_MailScanner >MailScanner running with pid 19914 19915 19916 19917 19918 19919 >mail2:~ # > >Only the Sendmal deamon semms not to start... > >whats wrong with my Installation? Any Suggestions? > >I have the SuSE 8.0 RPM installed, any Problems with that on SuSE 7.1? Is >There a RPM for SuSE 7.1? I also tried the source RPM, without success... > >Greets Johannes -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mime at GMX.DE Tue Jan 14 20:16:04 2003 From: mime at GMX.DE (Michael Meyer) Date: Thu Jan 12 21:16:58 2006 Subject: Installation on SuSe 7.1 In-Reply-To: References: Message-ID: <20030114201604.GC9798@mime.dyndns.org> Johannes wrote: > Hi, I just tried to install MailScanner on my SuSE 7.1 installation. Semms > to work fine as Mailscanner starts correct, but when it tries to start the > sendmail deamon I get Error Messages: > > mail2:~ # rcMailScanner start > Initializing sendmail and MailScanner/usr/sbin/sendmail: illegal option -- A > startproc: exit status of /usr/sbin/sendmail: 64 > /usr/sbin/sendmail: illegal option -- A > startproc: exit status of /usr/sbin/sendmail: 64 remove any '-A' from '/etc/sysconfig/MailScanner' and from '/etc/init.d/Mailscanner'. then: ,-----[ /etc/init.d/Mailscanner ] | if test "$SMTPD_LISTEN_REMOTE" != "yes" ; then | SENDMAIL_IN_ARGS="-O DaemonPortOptions=Addr=127.0.0.1 | $SENDMAIL_IN_ARGS" `-----| change 'DaemonPortOptions=Addr=127.0.0.1' to whatever you needed. eg to 'DaemonPortOptions=Addr=0.0.0.0'. change msppid in '/etc/init.d/Mailscanner' to 'msppid=/var/run/sm-client.pid' or whatever, because there is no 'clientmqueue' in SuSE 7.1. i hope i didn't forget something. that's _my_ way to get it work under 7.1. > But I have got 5 Instances of Mailscanner running after trying to start it: [...] > I/usr/lib/MailScanner /usr/sbin/MailScanner /et > 19920 pts/0 R 0:00 ps ax > mail2:~ # check_MailScanner > MailScanner running with pid 19914 19915 19916 19917 19918 19919 > > Only the Sendmal deamon semms not to start... > > whats wrong with my Installation? Any Suggestions? > > I have the SuSE 8.0 RPM installed, any Problems with that on SuSE 7.1? Is > There a RPM for SuSE 7.1? I also tried the source RPM, without success... there is no RPM for SuSE <8.0. there are a few differences between SuSE <8.0 and <=8.0. but with a little bit of work it is possible to get it work. sorry for my bad english. micha From c.bates at COMNET.CO.NZ Tue Jan 14 21:11:06 2003 From: c.bates at COMNET.CO.NZ (Craig Bates) Date: Thu Jan 12 21:16:58 2006 Subject: freeBSD problems continue Message-ID: <200301151011.06326.c.bates@comnet.co.nz> Hi all, Good to see there is now a FreeBSD howto and better support:) I have recently installed MailScanner 4.11-1 on two machines, one is a P4 with 1GB RAM, another is an older box with 128MB RAM. I'm still having the problem of mailscanner processes dying as I described late last year. I'm back from summer vacation and need to get this problem fixed. The problem is on both machines and seems worse in MailScanner 4.11. In the past I could just restart mailscanner every hour or so and then the problem would go away. The new version sometimes complains on startup about being unable to compile. A reboot fixes this problem. The problem is purely time dependent, not volume dependent. The P4 doesn't have any mail going through it and has the same problems as the older box that processes large quantaties of mail. I'm running FreeBSD4.7 with Perl 5.00503, f-prot, Spam Assassin 2.43, razor 2.22. I'm going to try turning off spam assassin and f-prot in the mailscanner conf file and see if this makes any difference. The next thing would be to build another box with only Mailscanner and see what happens. Does anybody have any other ideas I could try? Is it possible to have the mailscanner parent process write to the syslog if it notices one of its children are missing or if it can't start a child? Thanks Craig From mailscanner at ecs.soton.ac.uk Tue Jan 14 22:00:34 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:58 2006 Subject: freeBSD problems continue In-Reply-To: <200301151011.06326.c.bates@comnet.co.nz> Message-ID: <5.2.0.9.2.20030114215938.02991e88@imap.ecs.soton.ac.uk> At 21:11 14/01/2003, you wrote: >Hi all, > >Good to see there is now a FreeBSD howto and better support:) > >I have recently installed MailScanner 4.11-1 on two machines, one is a P4 >with >1GB RAM, another is an older box with 128MB RAM. > >I'm still having the problem of mailscanner processes dying as I described >late last year. I'm back from summer vacation and need to get this problem >fixed. The problem is on both machines and seems worse in MailScanner 4.11. >In the past I could just restart mailscanner every hour or so and then the >problem would go away. The new version sometimes complains on startup about >being unable to compile. A reboot fixes this problem. > >The problem is purely time dependent, not volume dependent. The P4 doesn't >have any mail going through it and has the same problems as the older box >that processes large quantaties of mail. > > >I'm running FreeBSD4.7 with Perl 5.00503, f-prot, Spam Assassin 2.43, razor >2.22. > >I'm going to try turning off spam assassin and f-prot in the mailscanner conf >file and see if this makes any difference. The next thing would be to build >another box with only Mailscanner and see what happens. > >Does anybody have any other ideas I could try? In the main MailScanner script, there are 3 consecutive calls to "close". Comment them out and you might see an error on the console when it dies. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Tue Jan 14 21:58:11 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:58 2006 Subject: Maximum Filename Length In-Reply-To: <2739ECF7268CD0118F50080009DCC9F00156DB10@pebble.bsa.ca.gov > Message-ID: <5.2.0.9.2.20030114215639.029450a8@imap.ecs.soton.ac.uk> If you need a quick fix for this before I release the next version, I can give you one now. Turned out to be a simpler fix than I thought (I like it when it works like that :-) Involves replacing 3 files. At 15:16 14/01/2003, you wrote: >I'm trying to write a rule in filename.rules.conf that will block all >attachments over a certain number of characters (in this case, 100). >However, I've been unsuccessful. I've tried > >deny .{100,} Filename over 100 characters Filename over 100 characters > >and > >deny ^.{100,}$ Filename over 100 characters Filename over 100 >characters > >neither of which work (the e-mail just goes through normally). I'm not an >expert at regular expressions, so maybe I just didn't write it properly. >This entry is the first entry in the file, there are tabs between all of the >fields, and I have rebooted the server between changes, but I when I sent >through an attachment with a filename over 100 characters, it goes through >without being blocked. Other rules I have written work as expected. > >What should I do to get the functionality I want? > >Jeremy Evans >Information Systems Analyst >California State Auditor >916-445-0255 phone >916-322-7801 fax -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From Kevin.Steil at JMFAMILY.COM Tue Jan 14 22:19:12 2003 From: Kevin.Steil at JMFAMILY.COM (Kevin Steil) Date: Thu Jan 12 21:16:58 2006 Subject: unscribe Message-ID: Kevin Steil Manager of Network Engineering JM Famliy Enterprises, Inc. 954-596-3834 From admin at thenamegame.com Tue Jan 14 23:29:10 2003 From: admin at thenamegame.com (Michael Szabados) Date: Thu Jan 12 21:16:58 2006 Subject: unsubscribe Message-ID: <00bc01c2bc24$bd5e65c0$6501a8c0@thenamegame.com> Michael Szabados -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030114/e83f2b06/attachment.html From cmiller at TIGERBYTE.COM Tue Jan 14 23:34:20 2003 From: cmiller at TIGERBYTE.COM (Clint Miller) Date: Thu Jan 12 21:16:58 2006 Subject: whitelist problems Message-ID: <200301141734.20993.cmiller@tigerbyte.com> We have some people that don't want us to screen for junk mail. So listed them in MailScanners whitelist. Well if a SPAM comes through and has one of the recipents in the whitelist then it delievers it to everyone on the SPAM's recipent list. Anyway around that? Maybe a different place to list my customers that don't want their spam screened? Thanks! -- Clint Miller From smhickel at CHARTERMI.NET Wed Jan 15 00:59:50 2003 From: smhickel at CHARTERMI.NET (Steve Hickel) Date: Thu Jan 12 21:16:58 2006 Subject: Whitelist seems not to work? In-Reply-To: <5.2.0.9.2.20030114085329.028fe678@imap.ecs.soton.ac.uk> References: <5.2.0.9.2.20030113184729.01a916f0@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030113184729.01a916f0@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030114085329.028fe678@imap.ecs.soton.ac.uk> Message-ID: <1042592389.1843.4.camel@steve.hickel.info> All, I have set domains in my whitelist and they appear not to be allowed and are still filtered. I double checked the mailscanner.conf for the reference to the file and I put these changes in the whitelist.conf file under rules. Any thoughts as to what I should be looking for? Also, How do I restart mailscanner without having to reboot the linux box? I did a restart once and Mailscanner didn't work until I reinstalled it. Plus when I make changes to my .confs, do they get overwritten on an update? Thanks, Steve -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030114/c1b6ac93/attachment.bin From zabriskw at ITECH.NET Wed Jan 15 01:49:27 2003 From: zabriskw at ITECH.NET (Kris Zabriskie) Date: Thu Jan 12 21:16:58 2006 Subject: Whitelist seems not to work? References: <5.2.0.9.2.20030113184729.01a916f0@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030113184729.01a916f0@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030114085329.028fe678@imap.ecs.soton.ac.uk> <1042592389.1843.4.camel@steve.hickel.info> Message-ID: <000801c2bc38$56e872e0$0200a8c0@gottekno25> Steve, If you type ps ax | grep MailScanner it will show all the PIDS for MailScanner. You should probably see roughly 5 instances running. Type kill -9 pid and it will kill the MailScanner processes. Once you have killed all of them, go to /opt/MailScanner/bin/check_mailscanner and it will relaunch MailScanner. What does your spam.whitelist.rules say? ----- Original Message ----- From: "Steve Hickel" To: Sent: Tuesday, January 14, 2003 7:59 PM Subject: Re: Whitelist seems not to work? From smhickel at CHARTERMI.NET Wed Jan 15 03:49:54 2003 From: smhickel at CHARTERMI.NET (Steve Hickel) Date: Thu Jan 12 21:16:58 2006 Subject: Whitelist seems not to work? In-Reply-To: <000801c2bc38$56e872e0$0200a8c0@gottekno25> References: <5.2.0.9.2.20030113184729.01a916f0@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030113184729.01a916f0@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030114085329.028fe678@imap.ecs.soton.ac.uk> <1042592389.1843.4.camel@steve.hickel.info> <000801c2bc38$56e872e0$0200a8c0@gottekno25> Message-ID: <1042602593.4717.5.camel@steve.hickel.info> Thanks for the reply. This is what I get when I do the p s ax thing: 1909 ? S 0:11 /usr/bin/perl -I/usr/lib/MailScanner /user/sbin/MailScanner 4853 ? Z 0:00 [MailScanner ] check_mailscanner is in the /usr/sbin/subdirectory I can't get at my whitelist rules right now but we put in from: *@computerworld.com and it doesn't let it through. It keeps capturing it as spam. When I can get a copy of it, I will post it. Thanks, Steve On Tue, 2003-01-14 at 20:49, Kris Zabriskie wrote: > Steve, > If you type ps ax | grep MailScanner it will show all the PIDS for > MailScanner. You should probably see roughly 5 instances running. Type > kill -9 pid and it will kill the MailScanner processes. Once you have > killed all of them, go to /opt/MailScanner/bin/check_mailscanner and it will > relaunch MailScanner. > > What does your spam.whitelist.rules say? > > ----- Original Message ----- > From: "Steve Hickel" > To: > Sent: Tuesday, January 14, 2003 7:59 PM > Subject: Re: Whitelist seems not to work? -- Steve Hickel -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030114/432247db/attachment.bin From David.While at UCE.AC.UK Wed Jan 15 08:43:09 2003 From: David.While at UCE.AC.UK (David While) Date: Thu Jan 12 21:16:58 2006 Subject: Whitelist seems not to work? Message-ID: You don't say what OS you are using but if you use RedHat then to restart MailScanner (assuming its already running) simply do service MailScanner reload If its not running then you can do service MailScanner start regarding your conf files - if you use the rpm to upgrade MailScanner then your conf files will not be overwritten - the package will create the new conf files with extension .rpmnew - you can then look for differences between you existing and new files. ----------------------------------------------------------------- David While Technical Development Manager Faculty of Computing, Information & English University of Central England Tel: 0121 331 6211 Steve Hickel cc: Sent by: Subject: Re: Whitelist seems not to work? MailScanner mailing list 15/01/2003 00:59 Please respond to MailScanner mailing list All, I have set domains in my whitelist and they appear not to be allowed and are still filtered. I double checked the mailscanner.conf for the reference to the file and I put these changes in the whitelist.conf file under rules. Any thoughts as to what I should be looking for? Also, How do I restart mailscanner without having to reboot the linux box? I did a restart once and Mailscanner didn't work until I reinstalled it. Plus when I make changes to my .confs, do they get overwritten on an update? Thanks, Steve (See attached file: signature.asc) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/octet-stream Size: 196 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030115/91bc9217/signature.obj From johannes at DSP.DE Wed Jan 15 09:00:20 2003 From: johannes at DSP.DE (Johannes) Date: Thu Jan 12 21:16:58 2006 Subject: Installation on SuSe 7.1 Message-ID: Hi micha, zhanks for your advice! But i?ve got some more Question... >remove any '-A' from '/etc/sysconfig/MailScanner' and from >'/etc/init.d/Mailscanner'. > >then: > >,-----[ /etc/init.d/Mailscanner ] >| if test "$SMTPD_LISTEN_REMOTE" != "yes" ; then >| SENDMAIL_IN_ARGS="-O DaemonPortOptions=Addr=127.0.0.1 >| $SENDMAIL_IN_ARGS" >`-----| > >change 'DaemonPortOptions=Addr=127.0.0.1' to whatever you needed. eg >to 'DaemonPortOptions=Addr=0.0.0.0'. I?am not shure about that Option, what does it mean? Do i have to add the IP-Adress of the MailServer itself? Or is it a Dummy Adress? If it is, wouldn?t be 127.0.0.1 be fine? > >change msppid in '/etc/init.d/Mailscanner' to >'msppid=/var/run/sm-client.pid' or whatever, because there is no >'clientmqueue' in SuSE 7.1. Is that the way to figure out the Process ID of the Sendmail Deamon? I?ve got two senmail Files in /var/run, the one is sendmail.pid itself, the other is sendmail/control.pid. I ain?t got any sendmail client ID... So it ?s probably the 'msppid=/var/run/sendmail.pid' I have to add, right? > >i hope i didn't forget something. that's _my_ way to get it work >under 7.1. > >> I have the SuSE 8.0 RPM installed, any Problems with that on SuSE 7.1? Is >> There a RPM for SuSE 7.1? I also tried the source RPM, without success... > >there is no RPM for SuSE <8.0. there are a few differences between >SuSE <8.0 and <=8.0. but with a little bit of work it is possible to >get it work. > I thought that it is something with the Configuration in SuSE >8 which ist diffrent to SuSE<8... What a pitty... >sorry for my bad english. Oh, thats OK, mine isn?t any better... ;-)) >micha johannes From johannes at DSP.DE Wed Jan 15 09:12:08 2003 From: johannes at DSP.DE (No Name Available) Date: Thu Jan 12 21:16:58 2006 Subject: Installation on SuSe 7.1 Message-ID: Hmm, nearly knew it, but i gave it a try with the 8.0 rpm... :-) But thanks for INfo, some more Question: If removing the -A command-line Option in /etc/init.d/MailScanner is it working right then? what does the A mean anyway? How does senmail know how which mailqueue to process? As far as I understood sendmail is still getting the mail on port 25 but isnt processing it to the lokal mailboxes or the internet, but putting it in an extra mqueue. There mailscanner looks for incoming mails and is processing these to the mailboxes or the internet after checking for spam etc, right? But where is this behavior configured? Johannes On Tue, 14 Jan 2003 19:39:15 +0000, Julian Field wrote: >The SuSE RPM only works with 8.x, not 7.1. >Take a look at /etc/init.d/MailScanner and remove sendmail command-line >options that it doesn't like. >I'm afraid I haven't got a 7.x machine to develop it on. > >At 19:24 14/01/2003, you wrote: >>Hi, I just tried to install MailScanner on my SuSE 7.1 installation. Semms >>to work fine as Mailscanner starts correct, but when it tries to start the >>sendmail deamon I get Error Messages: >> >>mail2:~ # rcMailScanner start >>Initializing sendmail and MailScanner/usr/sbin/sendmail: illegal option -- A >>startproc: exit status of /usr/sbin/sendmail: 64 >>/usr/sbin/sendmail: illegal option -- A >>startproc: exit status of /usr/sbin/sendmail: 64 >> done >>mail2:~ # >> >>But I have got 5 Instances of Mailscanner running after trying to start it: >> >> >>19914 ? S 0:00 perl - >>I/usr/lib/MailScanner /usr/sbin/MailScanner /et >>19915 ? S 0:00 perl - >>I/usr/lib/MailScanner /usr/sbin/MailScanner /et >>19916 ? S 0:00 perl - >>I/usr/lib/MailScanner /usr/sbin/MailScanner /et >>19917 ? S 0:00 perl - >>I/usr/lib/MailScanner /usr/sbin/MailScanner /et >>19918 ? S 0:00 perl - >>I/usr/lib/MailScanner /usr/sbin/MailScanner /et >>19919 ? S 0:00 perl - >>I/usr/lib/MailScanner /usr/sbin/MailScanner /et >>19920 pts/0 R 0:00 ps ax >>mail2:~ # check_MailScanner >>MailScanner running with pid 19914 19915 19916 19917 19918 19919 >>mail2:~ # >> >>Only the Sendmal deamon semms not to start... >> >>whats wrong with my Installation? Any Suggestions? >> >>I have the SuSE 8.0 RPM installed, any Problems with that on SuSE 7.1? Is >>There a RPM for SuSE 7.1? I also tried the source RPM, without success... >> >>Greets Johannes > >-- >Julian Field >www.MailScanner.info >MailScanner thanks transtec Computers for their support From johannes at DSP.DE Wed Jan 15 09:12:08 2003 From: johannes at DSP.DE (No Name Available) Date: Thu Jan 12 21:16:58 2006 Subject: Installation on SuSe 7.1 Message-ID: Hmm, nearly knew it, but i gave it a try with the 8.0 rpm... :-) But thanks for INfo, some more Question: If removing the -A command-line Option in /etc/init.d/MailScanner is it working right then? what does the A mean anyway? How does senmail know how which mailqueue to process? As far as I understood sendmail is still getting the mail on port 25 but isnt processing it to the lokal mailboxes or the internet, but putting it in an extra mqueue. There mailscanner looks for incoming mails and is processing these to the mailboxes or the internet after checking for spam etc, right? But where is this behavior configured? Johannes On Tue, 14 Jan 2003 19:39:15 +0000, Julian Field wrote: >The SuSE RPM only works with 8.x, not 7.1. >Take a look at /etc/init.d/MailScanner and remove sendmail command-line >options that it doesn't like. >I'm afraid I haven't got a 7.x machine to develop it on. > >At 19:24 14/01/2003, you wrote: >>Hi, I just tried to install MailScanner on my SuSE 7.1 installation. Semms >>to work fine as Mailscanner starts correct, but when it tries to start the >>sendmail deamon I get Error Messages: >> >>mail2:~ # rcMailScanner start >>Initializing sendmail and MailScanner/usr/sbin/sendmail: illegal option -- A >>startproc: exit status of /usr/sbin/sendmail: 64 >>/usr/sbin/sendmail: illegal option -- A >>startproc: exit status of /usr/sbin/sendmail: 64 >> done >>mail2:~ # >> >>But I have got 5 Instances of Mailscanner running after trying to start it: >> >> >>19914 ? S 0:00 perl - >>I/usr/lib/MailScanner /usr/sbin/MailScanner /et >>19915 ? S 0:00 perl - >>I/usr/lib/MailScanner /usr/sbin/MailScanner /et >>19916 ? S 0:00 perl - >>I/usr/lib/MailScanner /usr/sbin/MailScanner /et >>19917 ? S 0:00 perl - >>I/usr/lib/MailScanner /usr/sbin/MailScanner /et >>19918 ? S 0:00 perl - >>I/usr/lib/MailScanner /usr/sbin/MailScanner /et >>19919 ? S 0:00 perl - >>I/usr/lib/MailScanner /usr/sbin/MailScanner /et >>19920 pts/0 R 0:00 ps ax >>mail2:~ # check_MailScanner >>MailScanner running with pid 19914 19915 19916 19917 19918 19919 >>mail2:~ # >> >>Only the Sendmal deamon semms not to start... >> >>whats wrong with my Installation? Any Suggestions? >> >>I have the SuSE 8.0 RPM installed, any Problems with that on SuSE 7.1? Is >>There a RPM for SuSE 7.1? I also tried the source RPM, without success... >> >>Greets Johannes > >-- >Julian Field >www.MailScanner.info >MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Wed Jan 15 10:02:38 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:58 2006 Subject: whitelist problems In-Reply-To: <200301141734.20993.cmiller@tigerbyte.com> Message-ID: <5.2.0.9.2.20030115095915.02902cd8@imap.ecs.soton.ac.uk> At 23:34 14/01/2003, you wrote: >We have some people that don't want us to screen for junk mail. So >listed them in MailScanners whitelist. Well if a SPAM comes through >and has one of the recipents in the whitelist then it delievers it >to everyone on the SPAM's recipent list. Anyway around that? Maybe >a different place to list my customers that don't want their spam >screened? In my experience very little spam has multiple recipients in 1 message these days. MailScanner doesn't split messages up into multiple copies of the same message (I really don't like generating mail if at all possible). So if a message is whitelisted for 1 recipient, then it is whitelisted for all recipients of that message. There isn't any easy way around this, other than to deliver their spam and strip out the subject line tag with procmail once it has been delivered to them. That's pretty simple though. You can still screen their mail for spam, you just need to make it look like you didn't :-) -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Wed Jan 15 10:11:23 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:58 2006 Subject: Installation on SuSe 7.1 In-Reply-To: Message-ID: <5.2.0.9.2.20030115100639.029527a0@imap.ecs.soton.ac.uk> At 09:12 15/01/2003, you wrote: >If removing the -A command-line Option in /etc/init.d/MailScanner is it >working right then? what does the A mean anyway? How does senmail know how >which mailqueue to process? Does SuSE 7.x have a sendmail version recent enough to support the clientmqueue? If not, then it's nice and simple and the MailScanner tar installation guide will help you set up the init.d script correctly. Sounds like I need to setup a SuSE 7 box to get this sorted properly. >As far as I understood sendmail is still getting the mail on port 25 but >isnt processing it to the lokal mailboxes or the internet, but putting it >in an extra mqueue. There mailscanner looks for incoming mails and is >processing these to the mailboxes or the internet after checking for spam >etc, right? Once MailScanner has processed the messages, it doesn't deliver them directly itself but just puts them in an outgoing queue (/var/spool/mqueue) and tells sendmail they are awaiting delivery. >But where is this behavior configured? Take a look at http://www.sng.ecs.soton.ac.uk/mailscanner/install/sendmail.shtml as you might find it helps you understand what is needed. >Johannes > >On Tue, 14 Jan 2003 19:39:15 +0000, Julian Field > wrote: > > >The SuSE RPM only works with 8.x, not 7.1. > >Take a look at /etc/init.d/MailScanner and remove sendmail command-line > >options that it doesn't like. > >I'm afraid I haven't got a 7.x machine to develop it on. > > > >At 19:24 14/01/2003, you wrote: > >>Hi, I just tried to install MailScanner on my SuSE 7.1 installation. Semms > >>to work fine as Mailscanner starts correct, but when it tries to start the > >>sendmail deamon I get Error Messages: > >> > >>mail2:~ # rcMailScanner start > >>Initializing sendmail and MailScanner/usr/sbin/sendmail: illegal option -- > A > >>startproc: exit status of /usr/sbin/sendmail: 64 > >>/usr/sbin/sendmail: illegal option -- A > >>startproc: exit status of /usr/sbin/sendmail: 64 > >> >done > >>mail2:~ # > >> > >>But I have got 5 Instances of Mailscanner running after trying to start >it: > >> > >> > >>19914 ? S 0:00 perl - > >>I/usr/lib/MailScanner /usr/sbin/MailScanner /et > >>19915 ? S 0:00 perl - > >>I/usr/lib/MailScanner /usr/sbin/MailScanner /et > >>19916 ? S 0:00 perl - > >>I/usr/lib/MailScanner /usr/sbin/MailScanner /et > >>19917 ? S 0:00 perl - > >>I/usr/lib/MailScanner /usr/sbin/MailScanner /et > >>19918 ? S 0:00 perl - > >>I/usr/lib/MailScanner /usr/sbin/MailScanner /et > >>19919 ? S 0:00 perl - > >>I/usr/lib/MailScanner /usr/sbin/MailScanner /et > >>19920 pts/0 R 0:00 ps ax > >>mail2:~ # check_MailScanner > >>MailScanner running with pid 19914 19915 19916 19917 19918 19919 > >>mail2:~ # > >> > >>Only the Sendmal deamon semms not to start... > >> > >>whats wrong with my Installation? Any Suggestions? > >> > >>I have the SuSE 8.0 RPM installed, any Problems with that on SuSE 7.1? Is > >>There a RPM for SuSE 7.1? I also tried the source RPM, without success... > >> > >>Greets Johannes > > > >-- > >Julian Field > >www.MailScanner.info > >MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscannerlist at TNJINFL.COM Wed Jan 15 11:46:49 2003 From: mailscannerlist at TNJINFL.COM (James Pifer) Date: Thu Jan 12 21:16:58 2006 Subject: [OT] rsync script Message-ID: <1042631210.20734.6.camel@tweety.tnjinfl.com> Hope you don't mind a somewhat off topic question... Can someone using rsync to transfer mrtg data to another machine share their rsync script? I'm trying to write one but have never used rsync before and having some trouble. I think it's close, but I'm missing something. I'm getting an error that says: The remote path must start with a module name not a / Not finding the correct way to do it on rsync's website, although I'm sure I'm just not seeing it. Any assistance is appreciated. James From s.kelly at ayrcoll.ac.uk Wed Jan 15 11:53:28 2003 From: s.kelly at ayrcoll.ac.uk (Shane Kelly) Date: Thu Jan 12 21:16:58 2006 Subject: Suse 8.1 rpm install Message-ID: <200301151153.28255.s.kelly@ayrcoll.ac.uk> MailScanner 4-11.1 suse rpm Suse Linux 8.1 Sendmail 8.12.6 perl 5.8.0 spamassassin not installed. Notes: Suse was installed from scratch using manual install, minimum config with sendmail added after succesful install, as was gcc, binutils,make, patch etc. Instructions from http://www.sng.ecs.soton.ac.uk/mailscanner/install/linux.shtml were followed. Mailscanner.conf and reports were edited to suit this site. Results: Syntax error in MailScanner script file (line 67) - two semi-colons missing - (add them yourself) Use chkconfig -s sendmail off to turn off sendmail Use chkconfig -s MailScanner on to turn on MailScanner Use chkconfig -l to see if is on or off. Hey Presto, one working email exchanger with av scanning. Optional: comment out all references to SENDMAIL_CLIENT_ARGS in MailScanner script, along with any references to $msppid (and the rc-status calls immediately after them). This - http://www.sendmail.org/secure-install.html will tell why (or why not) you should do this - basically if you do not have users 'homed' on this server, then you can do this and it won't break anything, (I think!) otherwise leave it standard. Overall, as a long time user of MailScanner, (4-11.1 replaced 3-12.?) I think Julian deserves a medal for his untiring efforts, his good humour (MailScanner contains some of the politest error messages I have ever seen!), his attention to detail and his responsiveness to user requests. I have always advocated MailScanner against commercial programs, and with the 4 series and its configurability, I will continue to advocate its use on any occasion that I can. Thank you, Julian. Regards, Shane Kelly. -- Network Infrastructure Manager Ayr College +44 (01292) 265184 =========================== Opinions expressed by me are mine. Ayr College can get their own. =========================== From mailscanner at ecs.soton.ac.uk Wed Jan 15 12:12:37 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:58 2006 Subject: Suse 8.1 rpm install In-Reply-To: <200301151153.28255.s.kelly@ayrcoll.ac.uk> Message-ID: <5.2.0.9.2.20030115121055.02e7b760@imap.ecs.soton.ac.uk> At 11:53 15/01/2003, you wrote: >MailScanner 4-11.1 suse rpm >Suse Linux 8.1 >Sendmail 8.12.6 >perl 5.8.0 >spamassassin not installed. > >Notes: Suse was installed from scratch using manual install, minimum config >with sendmail added after succesful install, as was gcc, binutils,make, patch >etc. > >Instructions from >http://www.sng.ecs.soton.ac.uk/mailscanner/install/linux.shtml >were followed. > >Mailscanner.conf and reports were edited to suit this site. > >Results: > Syntax error in MailScanner script file (line 67) - two semi-colons > missing - >(add them yourself) I've already fixed this for the next release :) >Use chkconfig -s sendmail off to turn off sendmail >Use chkconfig -s MailScanner on to turn on MailScanner >Use chkconfig -l to see if is on or off. Don't chkconfig sendmail off chkconfig MailScanner on chkconfig --list | grep work as well though? >Hey Presto, one working email exchanger with av scanning. > >Optional: comment out all references to SENDMAIL_CLIENT_ARGS in MailScanner >script, along with any references to $msppid (and the rc-status calls >immediately after them). This - http://www.sendmail.org/secure-install.html >will tell why (or why not) you should do this - basically if you do not have >users 'homed' on this server, then you can do this and it won't break >anything, (I think!) otherwise leave it standard. > > >Overall, as a long time user of MailScanner, (4-11.1 replaced 3-12.?) I think >Julian deserves a medal for his untiring efforts, his good humour >(MailScanner contains some of the politest error messages I have ever seen!), >his attention to detail and his responsiveness to user requests. Thanks! >I have always advocated MailScanner against commercial programs, and with the >4 series and its configurability, I will continue to advocate its use on any >occasion that I can. > >Thank you, Julian. It's a pleasure. Have you added a comment to the "guest book" on the web site yet? -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From s.kelly at ayrcoll.ac.uk Wed Jan 15 12:47:37 2003 From: s.kelly at ayrcoll.ac.uk (Shane Kelly) Date: Thu Jan 12 21:16:58 2006 Subject: Suse 8.1 rpm install In-Reply-To: <5.2.0.9.2.20030115121055.02e7b760@imap.ecs.soton.ac.uk> References: <5.2.0.9.2.20030115121055.02e7b760@imap.ecs.soton.ac.uk> Message-ID: <200301151247.37152.s.kelly@ayrcoll.ac.uk> On Wednesday 15 January 2003 12:12 pm, Julian Field wrote: > At 11:53 15/01/2003, you wrote: > >MailScanner 4-11.1 suse rpm > >Suse Linux 8.1 > >Sendmail 8.12.6 > >perl 5.8.0 > >spamassassin not installed. -- snip --------- > > I've already fixed this for the next release :) Great - many thanks > > >Use chkconfig -s sendmail off to turn off sendmail > >Use chkconfig -s MailScanner on to turn on MailScanner > >Use chkconfig -l to see if is on or off. > > Don't > chkconfig sendmail off > chkconfig MailScanner on > chkconfig --list | grep > work as well though? You are, of course correct - my typing at fault when I used them - i get that a lot :-/ > > >Hey Presto, one working email exchanger with av scanning. > > > >Optional: comment out all references to SENDMAIL_CLIENT_ARGS in > > MailScanner script, along with any references to $msppid (and the > > rc-status calls immediately after them). This - > > http://www.sendmail.org/secure-install.html will tell why (or why not) > > you should do this - basically if you do not have users 'homed' on this > > server, then you can do this and it won't break anything, (I think!) > > otherwise leave it standard. > > > > > >Overall, as a long time user of MailScanner, (4-11.1 replaced 3-12.?) I > > think Julian deserves a medal for his untiring efforts, his good humour > > (MailScanner contains some of the politest error messages I have ever > > seen!), his attention to detail and his responsiveness to user requests. > > Thanks! You are welcome. > >I have always advocated MailScanner against commercial programs, and with > > the 4 series and its configurability, I will continue to advocate its use > > on any occasion that I can. > > > >Thank you, Julian. > > It's a pleasure. > Have you added a comment to the "guest book" on the web site yet? Done. Regards, Shane -- Network Infrastructure Manager Ayr College +44 (01292) 265184 =========================== Opinions expressed by me are mine. Ayr College can get their own. =========================== From mime at GMX.DE Wed Jan 15 12:39:35 2003 From: mime at GMX.DE (Michael Meyer) Date: Thu Jan 12 21:16:58 2006 Subject: Installation on SuSe 7.1 In-Reply-To: References: Message-ID: <20030115123935.GA14093@mime.dyndns.org> Johannes wrote: > >change 'DaemonPortOptions=Addr=127.0.0.1' to whatever you needed. eg > >to 'DaemonPortOptions=Addr=0.0.0.0'. > > I?am not shure about that Option, what does it mean? Do i have to add the > IP-Adress of the MailServer itself? Or is it a Dummy Adress? If it is, > wouldn?t be 127.0.0.1 be fine? on which device(s) should sendmail listen. if you only need sendmail as a lokal daemon, 127.0.0.1 will be fine. if you like, you can change it to 0.0.0.0, what means that sendmail will listen on _all_ available devices. > >change msppid in '/etc/init.d/Mailscanner' to > >'msppid=/var/run/sm-client.pid' or whatever, because there is no > >'clientmqueue' in SuSE 7.1. > > Is that the way to figure out the Process ID of the Sendmail Deamon? I?ve > got two senmail Files in /var/run, the one is sendmail.pid itself, the > other is sendmail/control.pid. I ain?t got any sendmail client ID... So it > ?s probably the 'msppid=/var/run/sendmail.pid' I have to add, right? no the PID is given by 'srvpid'. i think you can ignore 'msppid' without any problems. > I thought that it is something with the Configuration in SuSE >8 which ist > diffrent to SuSE<8... What a pitty... SuSE >=8.0 is going more LSB conform. > >sorry for my bad english. > > Oh, thats OK, mine isn?t any better... ;-)) as long as we understand us ... :) micha From Denis.Beauchemin at USHERBROOKE.CA Wed Jan 15 13:37:32 2003 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:16:58 2006 Subject: [OT] rsync script In-Reply-To: <1042631210.20734.6.camel@tweety.tnjinfl.com> References: <1042631210.20734.6.camel@tweety.tnjinfl.com> Message-ID: <1042637852.30515.143.camel@dbeauchemin.si.usherbrooke.ca> James, On our Web server we fetch the MRTG data every 5 minutes this way: from root's crontab: 2-59/5 * * * * su - mrtg -c "/usr/bin/rsync -az --exclude=index.html -e ssh machine1:/var/www/html/mailscanner-mrtg/* /home/www/www1/htdocs/mrtgstats/machine1" 2-59/5 * * * * su - mrtg -c "/usr/bin/rsync -az --exclude=index.html -e ssh machine2:/var/www/html/mailscanner-mrtg/* /home/www/www1/htdocs/mrtgstats/machine2" You will probably have to adjust the paths. All systems must have an mrtg user and they have to trust one another for this SSH transfer to work. Exchange of public keys between the machines and the Web server is the way to go. We do not transfer the index.html page because on the Web server the things are in different directories to we built new index.html pages on the Web server and we don't want to overwrite them with the transfert. Hope this helps. Denis Le mer 15/01/2003 ? 06:46, James Pifer a ?crit : > Hope you don't mind a somewhat off topic question... > > Can someone using rsync to transfer mrtg data to another machine share > their rsync script? I'm trying to write one but have never used rsync > before and having some trouble. I think it's close, but I'm missing > something. I'm getting an error that says: > The remote path must start with a module name not a / > > Not finding the correct way to do it on rsync's website, although I'm > sure I'm just not seeing it. > > Any assistance is appreciated. > James -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x2252 F: 819.821.8045 From mailscanner at ecs.soton.ac.uk Wed Jan 15 15:12:57 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:58 2006 Subject: Adding a mail header... In-Reply-To: <2847814731.1042538122@Callisto> References: <5.2.0.9.2.20030114085329.028fe678@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030114085329.028fe678@imap.ecs.soton.ac.uk> Message-ID: <5.2.0.9.2.20030115151145.04ac33c8@imap.ecs.soton.ac.uk> At 14:55 14/01/2003, you wrote: >--On Tuesday, January 14, 2003 8:55 AM +0000 Julian Field > wrote: > >>At 22:05 13/01/2003, you wrote: >>>So, what I would like is to have a line like the following added to >>>emails that are touched by MailScanner: >>> >>> X-MailScanner-Information: >> >>Do you want this in messages which MailScanner was configured not to scan >>as well as those it did scan? >>Or do you want it only in messages which MailScanner was configured to >>scan? >> >>What does anyone else want? > >My guess is that if MailScanner is doing any checks of any kind, that it >should stick in the header. Even if we configured all the checks to be >off (what, that would be Spam Checking, Spam Assassin, Virus Scanning, >Filename Checking, Blacklist Lookups, anything else?), which means that >MailScanner is just moving messages from the input queue to the output >queue, that we should still have the header inserted. If we didn't want >that, we could comment out the "Information Header" config option and be >done with it. Done. Will be in the next version. It is simple to disable if you don't want it (after all, how many users actually see X- headers these days?). >You know, I am surprised that you don't have an X-MailScanner-Version >header line in there. :-) > >Anyways, I have been pleased with the ease of use for MailScanner, and >feel I still have a lot to learn about it. We are still fighting a lot >of performance issues on our server, and we are still tracking it down. >The server supports about 2000 concurrent users logging in and checking >their email, and doing mail processing with spam/virus checking turned >on just throws the server over the edge. Of course, it doesn't help >when we are delivering close to 50,000 emails in an hours worth of time >either :-) > >Scott >-- >+-----------------------------------------------------------------------+ > Scott W. Adkins http://www.cns.ohiou.edu/~sadkins/ > UNIX Systems Engineer mailto:adkinss@ohio.edu > ICQ 7626282 Work (740)593-9478 Fax (740)593-1944 >+-----------------------------------------------------------------------+ > PGP Public Key available at > http://www.cns.ohiou.edu/~sadkins/pgp/ -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Wed Jan 15 15:13:55 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:16:58 2006 Subject: Setting up Black & Whitelists by domain In-Reply-To: <5.2.0.9.2.20030112162449.0269ec00@imap.ecs.soton.ac.uk> References: <5.2.0.9.2.20030112151646.02531500@imap.ecs.soton.ac.uk> <5C0296D26910694BB9A9BBFC577E7AB0A4ACFF@pascal.priv.bmrb.co .uk> Message-ID: <5.2.0.9.2.20030115151318.02ef52b8@imap.ecs.soton.ac.uk> I have just fixed a couple of bugs, here's a re-release of CustomConfig.pm. At 16:33 12/01/2003, you wrote: >Okay, I've moved the directories to be > /etc/MailScanner/spam.bydomain/whitelist >and > /etc/MailScanner/spam.bydomain/blacklist >but otherwise it is pretty much as I said in my previous posting (included >at the bottom of this message). > >The patch to CustomConfig.pm I have attached has *not* been tested. So give >it a go and see if it works. If you know some perl, please find all the >bugs and mail me the corrections :-) >If it works (or once it works after you have found all the bugs for me) >then feel free to use it. > >To use it, you will need to set these in your MailScanner.conf file: > >Is Definitely Not Spam = &ByDomainSpamWhitelist >Is Definitely Spam = &ByDomainSpamBlacklist > >At 15:35 12/01/2003, you wrote: >>Currently you will have to write some custom function to do it for you. >>Shouldn't be too hard to do, especially if it's only a simple (but possibly >>long) ruleset for each domain. If each black/white-listed address is either >>a complete address or a domain name (so no "*" characters anywhere), then >>the end result will be very fast too. >> >>Thinking further, we have a dir "/opt/bydomain" which contains 2 >>subdirectories, "blacklist" and "whitelist". >>Each of those directories contains a file named after each domain. So for >>"example.com" there will be /opt/bydomain/whitelist/example.com and >>/opt/bydomain/blacklist/example.com. >>Each of the example.com files can contain entries of the form >> user@address.spam.com >>and >> address.spam.com >>and that's all. Keeping it restricted to this makes life a lot easier later. >> >>I'll get back to the list shortly about this, it's probably worth me >>writing an implementation of this as it is going to be a common requirement. >>-- >>Julian Field >>www.M