From gsmithe at OFALLON90.NET Sun Jun 1 03:28:06 2003 From: gsmithe at OFALLON90.NET (Gary Smithe) Date: Thu Jan 12 21:18:20 2006 Subject: redhat 9 n00b problem Message-ID: -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: Sat 5/31/2003 3:36 PM To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Re: redhat 9 n00b problem At 21:15 31/05/2003, you wrote: >Hi all, > This is my first posting to a mailing list, so please excuse any > errs I make... > >I have stock RH9, MailScanner-4.20-3, and SpamAssassin-2.55, >postfix-1.1.11-11. This box will be a relay for an internal M$Exchange box. > >When I installed RH9, I installed postfix and spamassassin. RH9 >apparently sets up postfix chrooted, so I followed the MailScanner >document for setting up MS with postfix, using the MailScanner rpm >file. All seemed to go fine. I changed some postfix stuff to get >relaying going, and that works fine. I'm not getting any odd messages in >/var/log/maillog (I think...). Check that when you changed the postfix setup, you did a service MailScanner restart on not "service postfix restart". - I restart things via their scripts in init.d, and yes, I did restart MailScanner (I even removed the link to rc3.d for postfix). > >Anyway, I have two main issues: > >1.- MS seems to be scanning, but is not marking up the subject header: I'm >currently testing it by "sending mail" via telnet. I have my >Mailscanner.conf file set to yes for "Spam Modify Subject" nad {Spam?}for >the text. >Here's the full transaction from /var/log/maillog: > > >May 31 14:35:53 mail1 postfix/smtpd[11554]: connect from >MV1-24.217.77.228.charter-stl.com[24.217.77.228] >May 31 14:36:43 mail1 postfix/smtpd[11554]: 0891D4BB4E: >client=MV1-24.217.77.228.charter-stl.com[24.217.77.228] >May 31 14:36:43 mail1 postfix/cleanup[11555]: 0891D4BB4E: >message-id=<20030531193643.0891D4BB4E@mail1.ofallon90.net> >May 31 14:36:43 mail1 postfix/nqmgr[9716]: 0891D4BB4E: >from=, size=686, nrcpt=1 (queue >active) >May 31 14:36:43 mail1 postfix/nqmgr[9716]: 0891D4BB4E: >to=, relay=none, delay=0, status=deferred (deferred >transport) >May 31 14:36:43 mail1 MailScanner[9804]: New Batch: Scanning 1 messages, >877 bytes >May 31 14:36:43 mail1 MailScanner[9804]: Spam Checks: Starting >May 31 14:36:49 mail1 MailScanner[9804]: Message 0891D4BB4E from >[24.217.77.228] (not_a_user@not_a_machine_fake_domain.dom) to >ofallon90.net is spam, SpamAssassin (score=8.3, required 5, >ALL_CAPS_HEADER, GUARANTEE, LINES_OF_YELLING, NO_MX_FOR_FROM, >NO_REAL_NAME, SPAM_PHRASE_02_03, SUBJ_ALL_CAPS, UPPERCASE_75_100) >May 31 14:36:49 mail1 MailScanner[9804]: Spam Checks: Found 1 spam messages >May 31 14:36:49 mail1 MailScanner[9804]: Spam Actions: message 0891D4BB4E >actions are deliver >May 31 14:36:49 mail1 MailScanner[9804]: Virus and Content Scanning: Starting >May 31 14:36:49 mail1 MailScanner[9804]: Filename Checks: Allowing >msg-9804-1.txt >May 31 14:36:49 mail1 postfix/nqmgr[9786]: 9D3BEAF5B2: >from=, size=1028, nrcpt=1 (queue >active) >May 31 14:36:49 mail1 MailScanner[9804]: Uninfected: Delivered 1 messages >May 31 14:36:49 mail1 postfix/smtp[11563]: 9D3BEAF5B2: >to=, relay=216.124.194.5[216.124.194.5], delay=6, >status=sent (250 2.6.0 <20030531193643.0891D4BB4E@mail1.ofallon90.net> >Queued mail for delivery) > >When I get the mail, however, the subject line is intact, exactly as I >sent it (i.e. no "{Spam?}" text) We cannot tell what is wrong without the relevant section of the MailScanner.conf file. You have a mistake there somewhere, it works for everyone else. - Well, I hate posting the entire MailScanner.conf file. I can assure you that the obvious things are set to "yes" that would enable the above. Is there any section in particular you want me to post, or just include the whole thing? > 2 - anything that is truly spam we don't want to go to users (i.e. > delete), but we'd like a copy to go to a designated account (i.e. > forward) so we can review to make sure it IS spam. If I specify forward > AND delete for spam actions (or high scoring spam actions) , maillog > states the only action as forward, and hence the user gets the message > too. Is it possible to perform the actions I'm asking it? Are you sure the user really gets the message? Could it just be missing from the log? Yes, the user (me) gets the message, and as above, it is unmarked as spam. Should I try the whole shebang from scratch (i.e. not use any rpms?). I figured since RedHat 9 includes postfix and Spamassassin that everything would be smoother, but I'm thinking that would be flawed. I agree that it seems to be a conf problem, but I've looked the darn thing over so many times... > > >Thanks, > >Gary -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Sun Jun 1 12:14:26 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:20 2006 Subject: redhat 9 n00b problem In-Reply-To: Message-ID: <5.2.1.1.2.20030601121003.02452dc8@imap.ecs.soton.ac.uk> At 03:28 01/06/2003, you wrote: > > > -----Original Message----- > From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > Sent: Sat 5/31/2003 3:36 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Cc: > Subject: Re: redhat 9 n00b problem > > > > At 21:15 31/05/2003, you wrote: > >Hi all, > > This is my first posting to a mailing list, so please > excuse any > > errs I make... > > > >I have stock RH9, MailScanner-4.20-3, and SpamAssassin-2.55, > >postfix-1.1.11-11. This box will be a relay for an internal > M$Exchange box. > > > >When I installed RH9, I installed postfix and spamassassin. RH9 > >apparently sets up postfix chrooted, so I followed the MailScanner > >document for setting up MS with postfix, using the MailScanner rpm > >file. All seemed to go fine. I changed some postfix stuff to get > >relaying going, and that works fine. I'm not getting any odd > messages in > >/var/log/maillog (I think...). > > Check that when you changed the postfix setup, you did a > service MailScanner restart > on not "service postfix restart". > > - I restart things via their scripts in init.d, and yes, I did > restart MailScanner (I even removed the link to rc3.d for postfix). The tidy way to remove the rc*.d links is with chkconfig postfix off > > > > > > >Anyway, I have two main issues: > > > >1.- MS seems to be scanning, but is not marking up the subject > header: I'm > >currently testing it by "sending mail" via telnet. I have my > >Mailscanner.conf file set to yes for "Spam Modify Subject" nad > {Spam?}for > >the text. > >Here's the full transaction from /var/log/maillog: > > > > > >May 31 14:35:53 mail1 postfix/smtpd[11554]: connect from > >MV1-24.217.77.228.charter-stl.com[24.217.77.228] > >May 31 14:36:43 mail1 postfix/smtpd[11554]: 0891D4BB4E: > >client=MV1-24.217.77.228.charter-stl.com[24.217.77.228] > >May 31 14:36:43 mail1 postfix/cleanup[11555]: 0891D4BB4E: > >message-id=<20030531193643.0891D4BB4E@mail1.ofallon90.net> > >May 31 14:36:43 mail1 postfix/nqmgr[9716]: 0891D4BB4E: > >from=, size=686, > nrcpt=1 (queue > >active) > >May 31 14:36:43 mail1 postfix/nqmgr[9716]: 0891D4BB4E: > >to=, relay=none, delay=0, status=deferred > (deferred > >transport) > >May 31 14:36:43 mail1 MailScanner[9804]: New Batch: Scanning 1 > messages, > >877 bytes > >May 31 14:36:43 mail1 MailScanner[9804]: Spam Checks: Starting > >May 31 14:36:49 mail1 MailScanner[9804]: Message 0891D4BB4E from > >[24.217.77.228] (not_a_user@not_a_machine_fake_domain.dom) to > >ofallon90.net is spam, SpamAssassin (score=8.3, required 5, > >ALL_CAPS_HEADER, GUARANTEE, LINES_OF_YELLING, NO_MX_FOR_FROM, > >NO_REAL_NAME, SPAM_PHRASE_02_03, SUBJ_ALL_CAPS, UPPERCASE_75_100) > >May 31 14:36:49 mail1 MailScanner[9804]: Spam Checks: Found 1 > spam messages > >May 31 14:36:49 mail1 MailScanner[9804]: Spam Actions: message > 0891D4BB4E > >actions are deliver > >May 31 14:36:49 mail1 MailScanner[9804]: Virus and Content > Scanning: Starting > >May 31 14:36:49 mail1 MailScanner[9804]: Filename Checks: Allowing > >msg-9804-1.txt > >May 31 14:36:49 mail1 postfix/nqmgr[9786]: 9D3BEAF5B2: > >from=, size=1028, > nrcpt=1 (queue > >active) > >May 31 14:36:49 mail1 MailScanner[9804]: Uninfected: Delivered 1 > messages > >May 31 14:36:49 mail1 postfix/smtp[11563]: 9D3BEAF5B2: > >to=, relay=216.124.194.5[216.124.194.5], > delay=6, > >status=sent (250 > 2.6.0 <20030531193643.0891D4BB4E@mail1.ofallon90.net> > >Queued mail for delivery) > > > >When I get the mail, however, the subject line is intact, > exactly as I > >sent it (i.e. no "{Spam?}" text) > > > > We cannot tell what is wrong without the relevant section of the > MailScanner.conf file. You have a mistake there somewhere, it > works for > everyone else. > > - Well, I hate posting the entire MailScanner.conf file. I can > assure you that the obvious things are set to "yes" that would enable the > above. Is there any section in particular you want me to post, or just > include the whole thing? You can always post it to me off-list. > > > 2 - anything that is truly spam we don't want to go to users (i.e. > > delete), but we'd like a copy to go to a designated account (i.e. > > forward) so we can review to make sure it IS spam. If I > specify forward > > AND delete for spam actions (or high scoring spam actions) , > maillog > > states the only action as forward, and hence the user gets the > message > > too. Is it possible to perform the actions I'm asking it? > > Are you sure the user really gets the message? Could it just be > missing > from the log? > > Yes, the user (me) gets the message, and as above, it is unmarked > as spam. > > Should I try the whole shebang from scratch (i.e. not use any > rpms?). I figured since RedHat 9 includes postfix and Spamassassin that > everything would be smoother, but I'm thinking that would be flawed. I > agree that it seems to be a conf problem, but I've looked the darn thing > over so many times... Definitely use the RPMs, it makes things a lot simpler. But the one exception is SpamAssassin. Remove the SA rpm (with rpm -e) and build and install from source. And I don't know what mailer you are using, but please can you configure it to quote text correctly. There is currently no difference between your additional content and the content you are replying to. Makes it very hard to read your postings. And "n00b" is spelt "newbie". > > > > > > >Thanks, > > > >Gary > > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Sun Jun 1 12:47:10 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:20 2006 Subject: ANNOUNCE: Version 4.21 released Message-ID: <5.2.1.1.2.20030601122421.0248d3f8@imap.ecs.soton.ac.uk> I have just released version 4.21-8 as "stable". Main new features for this release are: - Can now handle non-spam messages with the same options as spam messages. - When using SophosSAVI virus scanner and updating virus definitions very frequently, MailScanner will only be reset when the zip file of definitions actually changes. - Added new "Spam Lists To Reach High Score" setting so that "Spam List" hits can cause a message to be considered to be High Scoring Spam. - Added "Include Scores In SpamAssassin Report" option to allow the inclusion of numerical score values in SpamAssassin reports. - Added "attachment" Spam/Ham action allowing original message to be turned into an RFC822 attachment. Download as usual from www.mailscanner.info Notes: to answer everyone's usual first question, the only RPM to have changed from the previous release is the MailScanner rpm itself. All the other RPMs are the same as 4.20. The entire ChangeLog is this: * New Features and Improvements * - Can now handle non-spam messages with the same options as spam messages. This allows you to archive non-spam separately so you can spot missed spam messages in it and feed them into SpamAssassin or adjust your configuration. Note: bouncing non-spam is not available as it makes no sense. - When using SophosSAVI virus scanner and updating virus definitions very frequently, MailScanner will only be reset when the zip file of definitions actually changes. No reset is done if you downloaded the same set of definitions as you already have. - Added new "Spam Lists To Reach High Score" setting so that "Spam List" hits can cause a message to be considered to be High Scoring Spam. Default is high enough that it won't ever be reached. Setting this to 1 might have uses in setting all Spam List messages to be treated as high scoring. - Added "Include Scores In SpamAssassin Report" option to allow the inclusion of numerical score values in SpamAssassin reports. Default is yes. - Added "attachment" Spam/Ham action allowing original message to be turned into an RFC822 attachment of itself, with a configurable warning file placed at the top of the message. This stops web bugs dead in their tracks. - Added support for 15th virus scanner, Bitdefender. - Now support IPv6 addresses completely. - Cron job will not start MailScanner if it has been stopped manually with the init.d script. This protects you while you are in the middle of upgrading. - SpamAssassin configuration no longer zeros out DCC rules and specifies normal path to dccproc. - McAfee autoupdater script replaced by much better one from Tony Finch. - Better handling of virus scanner lock files when not running as root. - Improved logging and handling of child process exit codes. - Added Hungarian (hu) translation of reports. - Added "Report" to the languages.conf so it can be translated. - Added "inline.spam.warning.txt" to all languages. Needs translating! - Added special keywords "HTML-IFrame" and "HTML-Codebase" to the list of "Silent Viruses" so that senders may not be warned about breaking these rules as they may be mailing lists that don't care anyway. - Improvement to Exim documentation, courtesy of Tony Finch. - Directory cleanup done by "service MailScanner stop" is safer. - Reduced timeout limits for RBL's and Razor in spam.assassin.prefs.conf. - "Spam List" support now supports JANET mirror of MAPS RBL+ with OPS list. - Improvement to Perl modules installation docs. - README.sql-logging now includes correct SQL setup code. * Fixes * - RedHat init.d script works quietly on systems without submit.cf. - F-Secure code for versions before 4.50 fixed. - SophosSAVI no longer reports 1 infection on some systems, when there is actually zero. - Fixed missing Welsh reports. - "Home directory is writable" check not done if not using SpamAssassin. - HTML stripping now available to spam that is not virus-scanned. - f-prot-autoupdate will now work properly on FreeBSD. - Locking problem with Archive Mail fixed when using sendmail on some OS's on which flock() is based on lockf() and/or POSIX locks. - Fixed problem where Sign Cleaned Messages didn't work on messages without a message body. - Postfix support now has extra permissions parameter on "mkdir" calls, solving a syntax error on some versions of Perl. - Postfix support now won't abandon a message because it could not get the SMTP client IP address out of it. Will insert 0.0.0.0 if no IP address could be found. - Postfix will always pick up IP address of locally-generated mail. - Postfix detects hash directory depth more cleanly. - Postfix handles queue files which are still being written. - Postfix bug fixed when processing messages with no body. - Postfix support client IP extraction bug fixed. - Postfix dual recipient lists now handled correctly, so that "original recipients" in 'O' records are managed as well as 'R' records. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From raymond at PROLOCATION.NET Sun Jun 1 13:15:59 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:20 2006 Subject: No subject In-Reply-To: <5.2.1.1.2.20030601122421.0248d3f8@imap.ecs.soton.ac.uk> Message-ID: Hi! I noticed that spamcop.net had a lot of timeouts ... are more people seeing this ? Also, Julian, i didnt see a notice in the changed files for the last release on WIREHUB, some people might be surprised that the entry changed... -> EASYNET ... bye, Raymond. From michele at BLACKNIGHTSOLUTIONS.COM Sun Jun 1 13:35:19 2003 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: BlacknightSolutions) Date: Thu Jan 12 21:18:20 2006 Subject: ANNOUNCE: Version 4.21 released In-Reply-To: <5.2.1.1.2.20030601122421.0248d3f8@imap.ecs.soton.ac.uk> Message-ID: <200306011235.h51CZRF25980@camelot.blacknightsolutions.com> Excellent! We'll be upgrading our installed versions as soon as we get a chance. Thanks again for all your hard work Mr. Michele Neylon Blacknight Solutions http://www.blacknightsolutions.com/ ######################################################### This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance to it is prohibited. From raymond at PROLOCATION.NET Sun Jun 1 13:43:39 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:20 2006 Subject: your mail In-Reply-To: Message-ID: Hi! > I noticed that spamcop.net had a lot of timeouts ... are more people > seeing this ? In addition to this, i cant even resolve bl.spamcop.net I tried on various networks... Bye, Raymond. From raymond at PROLOCATION.NET Sun Jun 1 14:06:30 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:20 2006 Subject: your mail In-Reply-To: Message-ID: Hi! > > I noticed that spamcop.net had a lot of timeouts ... are more people > > seeing this ? > > In addition to this, i cant even resolve bl.spamcop.net > I tried on various networks... This might explain, on their site: SpamCop down for maintenance Please be patient while anunexpected database problem is repaired. SpamCop Mail system is working normally. I disabled it in the checks to avoid delays... Bye, Raymond. From jaearick at COLBY.EDU Sun Jun 1 14:21:37 2003 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:18:20 2006 Subject: your mail In-Reply-To: References: Message-ID: check the spamcop webpage... They are having database problems. I had to remove spamcop from my dnsbl's this morning to get my email moving again. Hope they fix this soon... --- Jeff Earickson On Sun, 1 Jun 2003, Raymond Dijkxhoorn wrote: > Date: Sun, 1 Jun 2003 14:43:39 +0200 > From: Raymond Dijkxhoorn > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: your mail > > Hi! > > > I noticed that spamcop.net had a lot of timeouts ... are more people > > seeing this ? > > In addition to this, i cant even resolve bl.spamcop.net > I tried on various networks... > > Bye, > Raymond. > From mike at ZANKER.ORG Sun Jun 1 15:29:25 2003 From: mike at ZANKER.ORG (Mike Zanker) Date: Thu Jan 12 21:18:20 2006 Subject: ANNOUNCE: Version 4.21 released In-Reply-To: <5.2.1.1.2.20030601122421.0248d3f8@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030601122421.0248d3f8@imap.ecs.soton.ac.uk> Message-ID: <25671546.1054481365@jemima.zanker.org> On 01 June 2003 12:47 +0100 Julian Field wrote: > I have just released version 4.21-8 as "stable". I upgraded using the RPM and it barfed upon starting because /var/spool/MailScanner/incoming was missing. Shouldn't this get created during installation? Mike. From mailscanner at ecs.soton.ac.uk Sun Jun 1 15:37:43 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:20 2006 Subject: ANNOUNCE: Version 4.21 released In-Reply-To: <25671546.1054481365@jemima.zanker.org> References: <5.2.1.1.2.20030601122421.0248d3f8@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030601122421.0248d3f8@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030601153552.027b7b28@imap.ecs.soton.ac.uk> At 15:29 01/06/2003, you wrote: >On 01 June 2003 12:47 +0100 Julian Field >wrote: > >>I have just released version 4.21-8 as "stable". > >I upgraded using the RPM and it barfed upon starting because >/var/spool/MailScanner/incoming was missing. Shouldn't this get created >during installation? Yes, it should be. Can you just try upgrading again, in case it's a one-off problem. Do a rpm -Uvh --force mailscanner*rpm and see if it complains again. I'm trying to make it intelligent so that if you have set the permissions and ownership on this directory to be correct for your MTA, then it doesn't over-write it during installation. What version of what OS are you using? -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From MWeiner at AG.COM Sun Jun 1 15:43:45 2003 From: MWeiner at AG.COM (MW Mike Weiner (5028)) Date: Thu Jan 12 21:18:20 2006 Subject: ANNOUNCE: Version 4.21 released Message-ID: Would it be appropriate to use the RPM to upgrade an existing 4.20 install that was done via tarball?? And if so, what "gotchas" should i be looking out for? Things are running pretty well, but it seems that there are some "features" in 4.21 that i can use. I used the install.sh script for the installation of 4.20 out of the tarball, which i have appeneded to this message, in case anyone wondered where things were installed in the previous version. In other words, i am not using the PREFIX of /opt for this install, rather the directories as spelled out in the attached install.sh script provided with 4.20. I just want to make sure the RPM will not break whats already working!! Any help would be greatly appreciated. Michael Weiner --- $cat install.sh #!/bin/sh echo if [ -x /bin/rpmbuild ]; then RPMBUILD=/bin/rpmbuild elif [ -x /usr/bin/rpmbuild ]; then RPMBUILD=/usr/bin/rpmbuild elif [ -x /bin/rpm ]; then RPMBUILD=/bin/rpm elif [ -x /usr/bin/rpm ]; then RPMBUILD=/usr/bin/rpm else echo I cannot find any rpm or rpmbuild command on your path. echo Please check you are definitely using an RPM-based system. echo If you are, then please install the RPMs called rpm and echo rpm-build, then try running this script again. echo exit 1 fi echo if [ -x /bin/patch -o -x /usr/bin/patch ]; then echo Good. You have the patch command. else echo You need to install the patch command from your Linux distribution. echo Once you have done that, please try running this script again. exit 1 fi # Check that /usr/src/redhat exists echo if [ -d /usr/src/redhat ]; then echo Good, you have /usr/src/redhat in place. RPMROOT=/usr/src/redhat elif [ -d /usr/src/RPM ]; then echo Okay, you have /usr/src/RPM. RPMROOT=/usr/src/RPM elif [ -d /usr/src/packages ]; then echo Okay, you have /usr/src/packages. RPMROOT=/usr/src/packages else echo Your /usr/src/redhat, /usr/src/RPM or /usr/src/packages echo tree is missing. echo If you have access to an RPM called rpm-build echo install it first and come back and try again. echo exit 1 fi # Ensure that the RPM macro # %_unpackaged_files_terminate_build 1 # is set. Otherwise package building will fail. echo if grep -qs '%_unpackaged_files_terminate_build[ ][ ]*0' ~/.rpmmacros then echo Good, unpackaged files will not break the build process. else echo Writing a .rpmmacros file in your home directory to stop echo unpackaged files breaking the build process. echo You can delete it once MailScanner is installed if you want to. echo '%_unpackaged_files_terminate_build 0' >> ~/.rpmmacros echo sleep 10 fi # Check they don't have 2 Perl installations, this will cause all sorts # of grief later. echo if [ \! "x$1" = "xignore-perl" ] ; then if [ -x /usr/bin/perl -a -f /usr/local/bin/perl -a -x /usr/local/bin/perl ] ; then echo You appear to have 2 versions of Perl installed, echo the normal one in /usr/bin and one in /usr/local. echo This often happens if you have used CPAN to install modules. echo I strongly advise you remove all traces of perl from echo within /usr/local and then run this script again. echo echo If you do not want to do that, and really want to continue, echo then you will need to run this script as echo ' ./install.sh ignore-perl' echo exit 1 else echo Good, you appear to only have 1 copy of Perl installed. fi fi # Check to see if they want to ignore dependencies in the final # MailScanner RPM install. if [ "x$1" = "xnodeps" -o "x$2" = "xnodeps" ] then NODEPS='--nodeps' else NODEPS= fi # Check that they aren't on a RaQ3 with a broken copy of Perl 5.005003. if [ -d /usr/lib/perl5/5.00503/i386-linux/CORE ]; then echo echo I think you are running Perl 5.00503. echo Ensuring that you have all the header files that are needed echo to build HTML-Parser which is used by both MailScanner and echo SpamAssassin. touch /usr/lib/perl5/5.00503/i386-linux/CORE/opnames.h touch /usr/lib/perl5/5.00503/i386-linux/CORE/perlapi.h touch /usr/lib/perl5/5.00503/i386-linux/CORE/utf8.h touch /usr/lib/perl5/5.00503/i386-linux/CORE/warnings.h fi # Check that they aren't missing pod2text but have pod2man. if [ -x /usr/bin/pod2man -a \! -x /usr/bin/podtext ] ; then echo echo You appear to have pod2man but not pod2text. echo Creating pod2text for you. fi # Check they have the development tools installed on SuSE if [ -f /etc/SuSE-release -o -f /etc/redhat-release ]; then echo echo I think you are running on RedHat Linux or SuSE Linux. GCC=gcc if [ -f /etc/redhat-release ] && fgrep -q ' 6.' /etc/redhat-release ; then # RedHat used egcs in RedHat 6 and not gcc GCC=egcs fi if rpm -q binutils glibc-devel $GCC make >/dev/null 2>&1 ; then echo Good, you appear to have the basic development tools installed. sleep 5 else echo You must have the following RPM packages installed before echo you try and do anything else: echo ' binutils glibc-devel' $GCC 'make' echo You are missing at least 1 of these. echo Please install them all echo '(Read the manuals if you do not know how to do this).' echo Then come back and run this install.sh script again. echo exit 1 fi fi # Check they have an up to date copy of ExtUtils::MakeMaker or else they # will start generating duff Makefiles. echo if ./CheckModuleVersion ExtUtils::MakeMaker 6.05; then echo Good, your version of ExtUtils::MakeMaker is up to date else echo Your copy of the Perl module ExtUtils::MakeMaker is out of date. echo If you try to use an old one, it will generate bad code for the echo rest of this, and possibly make a mess of your Perl installation. echo echo Please install a new one. You can do this very easily with the echo command: echo ' ./Update-MakeMaker.sh' echo and then come back and run this install.sh script again. echo exit 1 fi echo echo This script will pause for a few seconds after each major step, echo so do not worry if it appears to stop for a while. echo If you want it to stop so you can scroll back through the output echo then press Ctrl-S to stop the output and Ctrl-Q to start it again. echo sleep 10 echo echo If this fails due to dependency checks, and you wish to ignore echo these problems, you can run echo ' ./install.sh nodeps' sleep 5 echo echo Rebuilding all the Perl RPMs for your version of Perl echo sleep 5 while read MODNAME MODFILE VERS BUILD ARC do # If the module version is already installed, go onto the next one # (unless it is MIME-tools which is always rebuilt. if ./CheckModuleVersion ${MODNAME} ${VERS} ; then echo Oh good, module ${MODNAME} version ${VERS} is already installed. echo sleep 5 else FILEPREFIX=perl-${MODFILE}-${VERS}-${BUILD} echo Attempting to build and install ${FILEPREFIX} if [ -f ${FILEPREFIX}.src.rpm ]; then $RPMBUILD --rebuild ${FILEPREFIX}.src.rpm sleep 10 echo echo echo else echo Missing file ${FILEPREFIX}.src.rpm. Are you in the right directory\? sleep 10 echo fi if [ -f ${RPMROOT}/RPMS/${ARC}/${FILEPREFIX}.${ARC}.rpm ]; then echo echo Do not worry too much about errors from the next command. echo It is quite likely that some of the Perl modules are echo already installed on your system. echo echo The important ones are HTML-Parser and MIME-tools. echo sleep 10 rpm -Uvh ${NODEPS} ${RPMROOT}/RPMS/${ARC}/${FILEPREFIX}.${ARC}.rpm sleep 10 echo echo echo else echo Missing file ${RPMROOT}/RPMS/${ARC}/${FILEPREFIX}.${ARC}.rpm. echo Maybe it did not build correctly\? sleep 10 echo fi fi done << EOF IsABundle IO-stringy 2.108 1 noarch MIME::Base64 MIME-Base64 2.12 1 i386 IsABundle TimeDate 1.1301 2 noarch IsABundle MailTools 1.50 1 noarch File::Spec File-Spec 0.82 1 noarch File::Temp File-Temp 0.12 1 noarch HTML::Tagset HTML-Tagset 3.03 1 noarch HTML::Parser HTML-Parser 3.26 2 i386 IsABundle MIME-tools 5.411 pl4.2 noarch Convert::TNEF Convert-TNEF 0.17 1 noarch EOF echo echo Installing tnef decoder echo rpm -Uvh tnef*i386.rpm echo echo Now to install MailScanner itself. echo if [ -d /usr/local/MailScanner ] ; then echo echo echo Please remember to kill all the old mailscanner version 3 echo processes before you start the new version. echo fi rpm -Uvh ${NODEPS} mailscanner*noarch.rpm echo Please do not forget to kill your MailScanner version 3 processes echo before starting version 4. From MWeiner at ag.com Sun Jun 1 15:43:45 2003 From: MWeiner at ag.com (MW Mike Weiner (5028)) Date: Thu Jan 12 21:18:20 2006 Subject: ANNOUNCE: Version 4.21 released Message-ID: Would it be appropriate to use the RPM to upgrade an existing 4.20 install that was done via tarball?? And if so, what "gotchas" should i be looking out for? Things are running pretty well, but it seems that there are some "features" in 4.21 that i can use. I used the install.sh script for the installation of 4.20 out of the tarball, which i have appeneded to this message, in case anyone wondered where things were installed in the previous version. In other words, i am not using the PREFIX of /opt for this install, rather the directories as spelled out in the attached install.sh script provided with 4.20. I just want to make sure the RPM will not break whats already working!! Any help would be greatly appreciated. Michael Weiner --- $cat install.sh #!/bin/sh echo if [ -x /bin/rpmbuild ]; then RPMBUILD=/bin/rpmbuild elif [ -x /usr/bin/rpmbuild ]; then RPMBUILD=/usr/bin/rpmbuild elif [ -x /bin/rpm ]; then RPMBUILD=/bin/rpm elif [ -x /usr/bin/rpm ]; then RPMBUILD=/usr/bin/rpm else echo I cannot find any rpm or rpmbuild command on your path. echo Please check you are definitely using an RPM-based system. echo If you are, then please install the RPMs called rpm and echo rpm-build, then try running this script again. echo exit 1 fi echo if [ -x /bin/patch -o -x /usr/bin/patch ]; then echo Good. You have the patch command. else echo You need to install the patch command from your Linux distribution. echo Once you have done that, please try running this script again. exit 1 fi # Check that /usr/src/redhat exists echo if [ -d /usr/src/redhat ]; then echo Good, you have /usr/src/redhat in place. RPMROOT=/usr/src/redhat elif [ -d /usr/src/RPM ]; then echo Okay, you have /usr/src/RPM. RPMROOT=/usr/src/RPM elif [ -d /usr/src/packages ]; then echo Okay, you have /usr/src/packages. RPMROOT=/usr/src/packages else echo Your /usr/src/redhat, /usr/src/RPM or /usr/src/packages echo tree is missing. echo If you have access to an RPM called rpm-build echo install it first and come back and try again. echo exit 1 fi # Ensure that the RPM macro # %_unpackaged_files_terminate_build 1 # is set. Otherwise package building will fail. echo if grep -qs '%_unpackaged_files_terminate_build[ ][ ]*0' ~/.rpmmacros then echo Good, unpackaged files will not break the build process. else echo Writing a .rpmmacros file in your home directory to stop echo unpackaged files breaking the build process. echo You can delete it once MailScanner is installed if you want to. echo '%_unpackaged_files_terminate_build 0' >> ~/.rpmmacros echo sleep 10 fi # Check they don't have 2 Perl installations, this will cause all sorts # of grief later. echo if [ \! "x$1" = "xignore-perl" ] ; then if [ -x /usr/bin/perl -a -f /usr/local/bin/perl -a -x /usr/local/bin/perl ] ; then echo You appear to have 2 versions of Perl installed, echo the normal one in /usr/bin and one in /usr/local. echo This often happens if you have used CPAN to install modules. echo I strongly advise you remove all traces of perl from echo within /usr/local and then run this script again. echo echo If you do not want to do that, and really want to continue, echo then you will need to run this script as echo ' ./install.sh ignore-perl' echo exit 1 else echo Good, you appear to only have 1 copy of Perl installed. fi fi # Check to see if they want to ignore dependencies in the final # MailScanner RPM install. if [ "x$1" = "xnodeps" -o "x$2" = "xnodeps" ] then NODEPS='--nodeps' else NODEPS= fi # Check that they aren't on a RaQ3 with a broken copy of Perl 5.005003. if [ -d /usr/lib/perl5/5.00503/i386-linux/CORE ]; then echo echo I think you are running Perl 5.00503. echo Ensuring that you have all the header files that are needed echo to build HTML-Parser which is used by both MailScanner and echo SpamAssassin. touch /usr/lib/perl5/5.00503/i386-linux/CORE/opnames.h touch /usr/lib/perl5/5.00503/i386-linux/CORE/perlapi.h touch /usr/lib/perl5/5.00503/i386-linux/CORE/utf8.h touch /usr/lib/perl5/5.00503/i386-linux/CORE/warnings.h fi # Check that they aren't missing pod2text but have pod2man. if [ -x /usr/bin/pod2man -a \! -x /usr/bin/podtext ] ; then echo echo You appear to have pod2man but not pod2text. echo Creating pod2text for you. fi # Check they have the development tools installed on SuSE if [ -f /etc/SuSE-release -o -f /etc/redhat-release ]; then echo echo I think you are running on RedHat Linux or SuSE Linux. GCC=gcc if [ -f /etc/redhat-release ] && fgrep -q ' 6.' /etc/redhat-release ; then # RedHat used egcs in RedHat 6 and not gcc GCC=egcs fi if rpm -q binutils glibc-devel $GCC make >/dev/null 2>&1 ; then echo Good, you appear to have the basic development tools installed. sleep 5 else echo You must have the following RPM packages installed before echo you try and do anything else: echo ' binutils glibc-devel' $GCC 'make' echo You are missing at least 1 of these. echo Please install them all echo '(Read the manuals if you do not know how to do this).' echo Then come back and run this install.sh script again. echo exit 1 fi fi # Check they have an up to date copy of ExtUtils::MakeMaker or else they # will start generating duff Makefiles. echo if ./CheckModuleVersion ExtUtils::MakeMaker 6.05; then echo Good, your version of ExtUtils::MakeMaker is up to date else echo Your copy of the Perl module ExtUtils::MakeMaker is out of date. echo If you try to use an old one, it will generate bad code for the echo rest of this, and possibly make a mess of your Perl installation. echo echo Please install a new one. You can do this very easily with the echo command: echo ' ./Update-MakeMaker.sh' echo and then come back and run this install.sh script again. echo exit 1 fi echo echo This script will pause for a few seconds after each major step, echo so do not worry if it appears to stop for a while. echo If you want it to stop so you can scroll back through the output echo then press Ctrl-S to stop the output and Ctrl-Q to start it again. echo sleep 10 echo echo If this fails due to dependency checks, and you wish to ignore echo these problems, you can run echo ' ./install.sh nodeps' sleep 5 echo echo Rebuilding all the Perl RPMs for your version of Perl echo sleep 5 while read MODNAME MODFILE VERS BUILD ARC do # If the module version is already installed, go onto the next one # (unless it is MIME-tools which is always rebuilt. if ./CheckModuleVersion ${MODNAME} ${VERS} ; then echo Oh good, module ${MODNAME} version ${VERS} is already installed. echo sleep 5 else FILEPREFIX=perl-${MODFILE}-${VERS}-${BUILD} echo Attempting to build and install ${FILEPREFIX} if [ -f ${FILEPREFIX}.src.rpm ]; then $RPMBUILD --rebuild ${FILEPREFIX}.src.rpm sleep 10 echo echo echo else echo Missing file ${FILEPREFIX}.src.rpm. Are you in the right directory\? sleep 10 echo fi if [ -f ${RPMROOT}/RPMS/${ARC}/${FILEPREFIX}.${ARC}.rpm ]; then echo echo Do not worry too much about errors from the next command. echo It is quite likely that some of the Perl modules are echo already installed on your system. echo echo The important ones are HTML-Parser and MIME-tools. echo sleep 10 rpm -Uvh ${NODEPS} ${RPMROOT}/RPMS/${ARC}/${FILEPREFIX}.${ARC}.rpm sleep 10 echo echo echo else echo Missing file ${RPMROOT}/RPMS/${ARC}/${FILEPREFIX}.${ARC}.rpm. echo Maybe it did not build correctly\? sleep 10 echo fi fi done << EOF IsABundle IO-stringy 2.108 1 noarch MIME::Base64 MIME-Base64 2.12 1 i386 IsABundle TimeDate 1.1301 2 noarch IsABundle MailTools 1.50 1 noarch File::Spec File-Spec 0.82 1 noarch File::Temp File-Temp 0.12 1 noarch HTML::Tagset HTML-Tagset 3.03 1 noarch HTML::Parser HTML-Parser 3.26 2 i386 IsABundle MIME-tools 5.411 pl4.2 noarch Convert::TNEF Convert-TNEF 0.17 1 noarch EOF echo echo Installing tnef decoder echo rpm -Uvh tnef*i386.rpm echo echo Now to install MailScanner itself. echo if [ -d /usr/local/MailScanner ] ; then echo echo echo Please remember to kill all the old mailscanner version 3 echo processes before you start the new version. echo fi rpm -Uvh ${NODEPS} mailscanner*noarch.rpm echo Please do not forget to kill your MailScanner version 3 processes echo before starting version 4. From jfalgout at CO.JEFFERSON.CO.US Sun Jun 1 15:58:32 2003 From: jfalgout at CO.JEFFERSON.CO.US (Jeff Falgout) Date: Thu Jan 12 21:18:20 2006 Subject: No subject Message-ID: >>> raymond@PROLOCATION.NET 06/01/03 6:15 AM >>> >Hi! >I noticed that spamcop.net had a lot of timeouts ... >are more people >seeing this ? Yup! From jfalgout at CO.JEFFERSON.CO.US Sun Jun 1 16:05:44 2003 From: jfalgout at CO.JEFFERSON.CO.US (Jeff Falgout) Date: Thu Jan 12 21:18:20 2006 Subject: Spamcop down for maintenance Message-ID: >>> raymond@PROLOCATION.NET 06/01/03 6:15 AM >>> >Hi! >I noticed that spamcop.net had a lot of timeouts ... >are more people >seeing this ? SpamCop down for maintenance Update 8:01am Pacific: Still working, 85%. Please be patient while anunexpected database problem is repaired. SpamCop Mail system is working normally. http://www.julianhaight.com/spamcop_down.shtml? From MWeiner at AG.COM Sun Jun 1 16:16:56 2003 From: MWeiner at AG.COM (MW Mike Weiner (5028)) Date: Thu Jan 12 21:18:20 2006 Subject: ANNOUNCE: Version 4.21 released Message-ID: D'UH, i am sorry, after a bit more review, it does appear that the install.sh script does an RPM install .. missed that before (lack of caffeine dyslexia). But i do see a potential issue, reminds me of what redhat did to the mysql installs. The original RPMS were mailscanner, and the new ones are MailScanner - my last experience with RedHat-MySQL was similar (redhat packages were mysql and MySQL's were MySQL and that caused some rpm -Uvvh problems). I just want to be sure i dont break an already working "production" install. Thanks Michael Weiner From MWeiner at ag.com Sun Jun 1 16:16:56 2003 From: MWeiner at ag.com (MW Mike Weiner (5028)) Date: Thu Jan 12 21:18:20 2006 Subject: ANNOUNCE: Version 4.21 released Message-ID: D'UH, i am sorry, after a bit more review, it does appear that the install.sh script does an RPM install .. missed that before (lack of caffeine dyslexia). But i do see a potential issue, reminds me of what redhat did to the mysql installs. The original RPMS were mailscanner, and the new ones are MailScanner - my last experience with RedHat-MySQL was similar (redhat packages were mysql and MySQL's were MySQL and that caused some rpm -Uvvh problems). I just want to be sure i dont break an already working "production" install. Thanks Michael Weiner From mike at ZANKER.ORG Sun Jun 1 16:26:58 2003 From: mike at ZANKER.ORG (Mike Zanker) Date: Thu Jan 12 21:18:20 2006 Subject: ANNOUNCE: Version 4.21 released In-Reply-To: <5.2.1.1.2.20030601153552.027b7b28@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030601122421.0248d3f8@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030601122421.0248d3f8@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030601153552.027b7b28@imap.ecs.soton.ac.uk> Message-ID: <29124718.1054484818@jemima.zanker.org> On 01 June 2003 15:37 +0100 Julian Field wrote: > Yes, it should be. > Can you just try upgrading again, in case it's a one-off problem. Do a > rpm -Uvh --force mailscanner*rpm > and see if it complains again. I'm trying to make it intelligent so > that if you have set the permissions and ownership on this directory > to be correct for your MTA, then it doesn't over-write it during > installation. OK, thanks - it worked fine second time around. > What version of what OS are you using? Red Hat Enterprise Linux ES 2.1 (which is based on 7.2, I believe). The permissions on /var/spool/MailScanner are drwxr-xr-x 4 root root 4096 Jun 1 16:21 MailScanner/ Mike. From mailscanner at ecs.soton.ac.uk Sun Jun 1 16:34:09 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:20 2006 Subject: ANNOUNCE: Version 4.21 released In-Reply-To: Message-ID: <5.2.1.1.2.20030601163146.0246a5c8@imap.ecs.soton.ac.uk> At 16:16 01/06/2003, you wrote: >D'UH, i am sorry, after a bit more review, it does appear that the >install.sh script does an RPM install .. missed that before (lack of >caffeine dyslexia). > >But i do see a potential issue, reminds me of what redhat did to the mysql >installs. The original RPMS were mailscanner, and the new ones are >MailScanner - my last experience with RedHat-MySQL was similar (redhat >packages were mysql and MySQL's were MySQL and that caused some rpm -Uvvh >problems). I just want to be sure i dont break an already working >"production" install. The RPM of MailScanner itself has all lowercase in the name, and always has. All the distributions of MailScanner are tarballs, but the Linux dists are full of RPMs. >Thanks >Michael Weiner -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From hunter at userfriendly.net Sun Jun 1 17:33:17 2003 From: hunter at userfriendly.net (Michael Weiner) Date: Thu Jan 12 21:18:20 2006 Subject: ANNOUNCE: Version 4.21 released In-Reply-To: <5.2.1.1.2.20030601163146.0246a5c8@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030601163146.0246a5c8@imap.ecs.soton.ac.uk> Message-ID: <1054485196.2373.33.camel@nomad.userfriendly.net> Did the upgrade, and all is well :-) And i see the feature for treating nonspam, i LOVE it, makes working and training Bayes a lot easier. THANKS is extended to the entire MS Teat for all their hard work. Michael Weiner -- On Sun, 2003-06-01 at 11:34, Julian Field wrote: > The RPM of MailScanner itself has all lowercase in the name, and always has. > > All the distributions of MailScanner are tarballs, but the Linux dists are > full of RPMs. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030601/781f4624/attachment.bin From raymond at PROLOCATION.NET Sun Jun 1 18:56:00 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:20 2006 Subject: your mail In-Reply-To: Message-ID: Hi! > > I noticed that spamcop.net had a lot of timeouts ... are more people > > seeing this ? > > In addition to this, i cant even resolve bl.spamcop.net > I tried on various networks... Update 10:47am Pacific: System repaired, everything should be back to normal. If you still see this page when loading spamcop, try clearing your cache. Bye, Raymond. From mailscanner at ecs.soton.ac.uk Mon Jun 2 10:08:32 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:20 2006 Subject: ANNOUNCE: Version 4.21 released In-Reply-To: <5.2.1.1.2.20030601122421.0248d3f8@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030602100655.04c37dd0@imap.ecs.soton.ac.uk> I've just posted 4.21-9. The *only* change to the code is to fix 1 bug in the new "attachment" spam action. So if you already have downloaded 4.21-8, then don't bother with 4.21-9 unless you are going to be using the new "attachment" spam action before the 1st of July. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From JEN at AH.DK Mon Jun 2 10:49:55 2003 From: JEN at AH.DK (Jan Elmqvist Nielsen) Date: Thu Jan 12 21:18:20 2006 Subject: Kaspersky 4.0 Message-ID: Has anyone experience with Kaspersky 4.0 for Linux together with mailscanner 4.21? My installation dosn't scan mail attachment if there are .zip or .822 files If the attachment is a .exe it is caught by kaspersky If I run kavscanner it cached the virus in .zip and .822 files I have try to copy ther defunix.prf from /opt/avp/etc to /usr/lib/mailscanner/kaspersky.prf without any luck I have a Kaspersky 3.0 installation which are working fine together with mailscanner 4.21! /Jan From JEN at AH.DK Mon Jun 2 11:06:13 2003 From: JEN at AH.DK (Jan Elmqvist Nielsen) Date: Thu Jan 12 21:18:20 2006 Subject: Vedr.: Kaspersky 4.0 Message-ID: If the attachment is .exe it is not caught p? kaspersky! It was mailscanner rules! >>> JEN@AH.DK 02-06-2003 11:49:55 >>> Has anyone experience with Kaspersky 4.0 for Linux together with mailscanner 4.21? My installation dosn't scan mail attachment if there are .zip or .822 files If the attachment is a .exe it is caught by kaspersky If I run kavscanner it cached the virus in .zip and .822 files I have try to copy ther defunix.prf from /opt/avp/etc to /usr/lib/mailscanner/kaspersky.prf without any luck I have a Kaspersky 3.0 installation which are working fine together with mailscanner 4.21! /Jan From derek at CSOLVE.NET Mon Jun 2 13:28:29 2003 From: derek at CSOLVE.NET (Derek Buttineau) Date: Thu Jan 12 21:18:20 2006 Subject: SQL Logging In-Reply-To: <5.2.1.1.2.20030530231151.03d0b5b0@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030530231151.03d0b5b0@imap.ecs.soton.ac.uk> Message-ID: <3EDB42ED.8030809@csolve.net> Yeah, running on FreeBSD, however the module is installed and works fine on its own. I wrote a small script to test the same process as the CustomConfig.pm module is doing and it works like a charm and on the same server, it just won't work within the confines of the layout. Derek Julian Field wrote: > Are you running on BSD by any chance? > If so, there is a known problem with Perl up to and including 5.8.0 with > the IO::File module. If you download and try to build the IO::File > module, > you will find it won't compile :-( > > From lbergman at wtxs.net Mon Jun 2 13:33:44 2003 From: lbergman at wtxs.net (Lewis Bergman) Date: Thu Jan 12 21:18:20 2006 Subject: Fwd: F-Prot Antivirus - Changed versions of UNIX products In-Reply-To: References: Message-ID: <200306020733.49643.lbergman@wtxs.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday 31 May 2003 02:07 pm, Gerry Doris wrote: > Sorry for the top posting but it seemed that it would be lost at the > bottom. > > I checked the F-Prot website and there wasn't a mention of this. Do you > know if they will continue to permit free use of their product for > home/personal use? Don't know anything. I received this as a registered user of the small enterprise deal. And of course, according to the letter, they are ditching that license. Nothing about what the price will be. Just an ominous note about a discount. Which to me means more money being demanded. We shall see if it is reasonable. - -- Lewis Bergman Texas Communications 4309 Maple St. Abilene, TX 79602-8044 915-695-6962 ext 115 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+20QtpT00mQjG01gRAtwOAKCEgu4WvqZ6+DCdJdfz8tb7bE7RnACgjUNN Q0m3x2hi2epUKmDl/de/5I4= =y1PR -----END PGP SIGNATURE----- From David.Sullivan at BARNET.AC.UK Mon Jun 2 13:25:25 2003 From: David.Sullivan at BARNET.AC.UK (David Sullivan) Date: Thu Jan 12 21:18:20 2006 Subject: minor isse with sophos-autoupdate script In-Reply-To: <3EDB3F9D.3050507@itss.nerc.ac.uk> Message-ID: On 2 Jun 2003 at 13:14, Ron Campbell wrote: > We had a few instance of Sobig-C which got through this morning ! > > Sophos sent out an alert at 3:54 am. I have this arranged (via a mail > alias) to run sophos-autoupdate immediately. However, we did not > detect any Sobig-C viruses until after 8 am (when MS was automatically > restarted, as happens every 4 hours). > > Perhaps sophos-autoupdate should restart MS ? > If you're running sophos in the "normal" mode this shouldn't be necessary at all since it executes sweep each time it scans a batch of messages (picking up on whatever ides are present at the time when it is executed). This is probably not the case if you're running sophossavi if my understanding of how it works is cirrect but I couldn't say for sure since we don't use this yet. Incidentally Sophos seem to have taken longer than usual on getting this virus update out (which also occurred with another e-mail worm several weeks back) Symantec had an update and advisory for Sobig-C yesterday and we were certainly blocking pif attachments of this all of yesterday. Regards. David. ============================================================== This communication may contain privileged or confidential information which is for the exclusive use of the intended recipient. If you are not the intended recipient, please note that you may not distribute or use this communication or the information it contains. If this e-mail has reached you in error, please delete it and any attachment. Internet communications are not secure and Barnet College does not accept legal responsibility for the content of this message. Any views or opinions expressed are those of the author and not necessarily those of Barnet College. Please note that Barnet College reserves the right to monitor the source/destinations of all incoming or outgoing e-mail communications. ============================================================== From rc at ITSS.NERC.AC.UK Mon Jun 2 13:14:21 2003 From: rc at ITSS.NERC.AC.UK (Ron Campbell) Date: Thu Jan 12 21:18:20 2006 Subject: minor isse with sophos-autoupdate script Message-ID: <3EDB3F9D.3050507@itss.nerc.ac.uk> We had a few instance of Sobig-C which got through this morning ! Sophos sent out an alert at 3:54 am. I have this arranged (via a mail alias) to run sophos-autoupdate immediately. However, we did not detect any Sobig-C viruses until after 8 am (when MS was automatically restarted, as happens every 4 hours). Perhaps sophos-autoupdate should restart MS ? Cheers ... Ron From mailscanner at LISTS.COM.AR Mon Jun 2 13:52:50 2003 From: mailscanner at LISTS.COM.AR (Mariano Absatz) Date: Thu Jan 12 21:18:20 2006 Subject: ANNOUNCE: Version 4.21 released In-Reply-To: <5.2.1.1.2.20030602100655.04c37dd0@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030601122421.0248d3f8@imap.ecs.soton.ac.uk> Message-ID: <3EDB1E72.22559.481952B0@localhost> Hi Julian, I guess I screwed last version of ZMailer.pm I sent you... I had added only one of the patches, so 4.21-9 still has a ZMailer bug (my fault, obviously). You should add the following patch to it. Just in case, I'm attaching the completely patched ZMailer.pm... hope this makes it into 4.22 :-) *** ZMailer.pm.ORI Mon Jun 2 09:44:42 2003 --- ZMailer.pm Mon Jun 2 09:45:07 2003 *************** *** 274,279 **** --- 274,284 ---- $message->{from} = lc($from); $FROMFound = 1; # We have found the sender } + if ($Line =~ /^channel error/) { + $from = ""; + $message->{from} = lc($from); + $FROMFound = 1; # We have found the (NULL) sender + } if ($Line =~ /^rcvdfrom /i) { $ip = $Line; #chomp $ip; El 2 Jun 2003 a las 10:08, Julian Field escribi?: > I've just posted 4.21-9. > The *only* change to the code is to fix 1 bug in the new "attachment" spam > action. > So if you already have downloaded 4.21-8, then don't bother with 4.21-9 > unless you are going to be using the new "attachment" spam action before > the 1st of July. -- Mariano Absatz El Baby ---------------------------------------------------------- Here I am! Now what are your other two wishes? -------------- next part -------------- A non-text attachment was scrubbed... Name: ZMailer.pm.NEW Type: application/octet-stream Size: 26592 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030602/ac7b5818/ZMailer.pm.obj From dean.plant at ROKE.CO.UK Mon Jun 2 13:58:08 2003 From: dean.plant at ROKE.CO.UK (Plant, Dean) Date: Thu Jan 12 21:18:20 2006 Subject: Disclaimer problem Message-ID: <76C92FBBFB58D411AE760090271ED41805B33A34@rsys002a.roke.co.uk> I have upgraded to v4.21-9 but mail still goes out without being signed when I have an attachment but no message body text. Below is shows the header of a mail which is not signed Return-Path: Received: from rsys000x.roke.co.uk (193.118.201.103) by mk-cpfrontend.uk.tiscali.com (6.7.018) id 3ED7738504402501 for dean_plant@lineone.net; Mon, 2 Jun 2003 13:41:01 +0100 Received: from rsys002a.roke.co.uk (rsys002a.roke.co.uk [193.118.192.251]) by rsys000x.roke.co.uk (8.12.8/8.12.8) with ESMTP id h52CjOQ5004085 for ; Mon, 2 Jun 2003 13:45:24 +0100 Received: by rsys002a.roke.co.uk with Internet Mail Service (5.5.2653.19) id ; Mon, 2 Jun 2003 13:44:16 +0100 Message-ID: <76C92FBBFB58D411AE760090271ED41805B33A33@rsys002a.roke.co.uk> From: "Plant, Dean" To: "Dean Plant Lineone (E-mail)" Subject: Date: Mon, 2 Jun 2003 13:44:15 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: image/jpeg; name="fluorescence6.jpg" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="fluorescence6.jpg" X-MailScanner: Found to be clean And this header shows mail which is correctly signed. Return-Path: Received: from rsys000x.roke.co.uk (193.118.201.103) by mk-cpfrontend.uk.tiscali.com (6.7.018) id 3ED765CA042FB1B4 for dean_plant@lineone.net; Mon, 2 Jun 2003 13:00:51 +0100 Received: from rsys002a.roke.co.uk (rsys002a.roke.co.uk [193.118.192.251]) by rsys000x.roke.co.uk (8.12.8/8.12.8) with ESMTP id h52C5sO9003378 for ; Mon, 2 Jun 2003 13:05:54 +0100 Received: by rsys002a.roke.co.uk with Internet Mail Service (5.5.2653.19) id ; Mon, 2 Jun 2003 13:04:47 +0100 Message-ID: <76C92FBBFB58D411AE760090271ED41805B33A31@rsys002a.roke.co.uk> From: "Plant, Dean" To: "Dean Plant Lineone (E-mail)" Subject: Date: Mon, 2 Jun 2003 13:04:47 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/mixed; boundary="----_=_NextPart_000_01C328FF.28639AF6" X-MailScanner: Found to be clean -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: 30 May 2003 09:32 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Disclaimer problem At 08:39 30/05/2003, you wrote: >Hello, > >I am currently evaluating MailScanner and have come across a small problem >regarding signing of mail. I have added a disclaimer to all out going mail >using a ruleset but have noticed that any mail that has an attachment but >does not have any body text does not get signed. All other mail is signed >correctly. > >I have upgraded to the latest version and started with an new >MailScanner.conf but the problem persists. > >I am using Redhat8/Sendmail/F-prot. > >Does anyone have any idea's as to what I may be doing wrong. > >Thanks in advance. > >Dean Plant Try applying this patch to /usr/lib/MailScanner/MailScanner/Message.pm. Read the man page for the "patch" command if you don't know how to drive it, saves you doing it by hand :) It appears to work okay for me, and will be in the next stable release (due this weekend). --- Message.pm 2003-05-30 09:09:21.000000000 +0100 +++ Message.pm.new2 2003-05-30 09:24:43.000000000 +0100 @@ -1447,6 +1447,7 @@ # If multipart, try to sign our first part if ($top->is_multipart) { + my $sigcounter = 0; # JKF Signed and encrypted multiparts must not be touched. # JKF Instead put the sig in the epilogue. Breaks the RFC # JKF but in a harmless way. @@ -1456,18 +1457,33 @@ @signature = map { "$_\n" } split(/\n/, $signature); unshift @signature, "\n"; $top->epilogue(\@signature); - return; + return 1; } - $this->SignCleanEntity($top->parts(0)); - $this->SignCleanEntity($top->parts(1)) + $sigcounter += $this->SignCleanEntity($top->parts(0)); + $sigcounter += $this->SignCleanEntity($top->parts(1)) if $top->head and $top->effective_type =~ /multipart\/alternative/i; - return; + + if ($sigcounter == 0) { + # If we haven't signed anything by now, it must be a multipart + # message containing only things we can't sign. So add a text/plain + # section on the front and sign that. + my $text = $this->ReadVirusWarning('inlinetextsig') . "\n\n"; + my $newpart = build MIME::Entity + Type => 'text/plain', + Disposition => 'inline', + Data => $text, + Encoding => 'quoted-printable', + Top => 0; + $top->add_part($newpart, 0); + $sigcounter = 1; + } + return $sigcounter; } $MimeType = $top->head->mime_type if $top->head; - return unless $MimeType =~ m{text/}i; # Won't sign non-text message. + return 0 unless $MimeType =~ m{text/}i; # Won't sign non-text message. # Won't sign attachments. - return if $top->head->mime_attr('content-disposition') =~ /attachment/i; + return 0 if $top->head->mime_attr('content-disposition') =~ /attachment/i; # Get body data as array of newline-terminated lines $top->bodyhandle or return undef; @@ -1489,6 +1505,9 @@ $io->print("\n$signature\n"); } $io->close; + + # We signed something + return 1; } -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support -------------- next part -------------- Registered Office: Roke Manor Research Ltd, Siemens House, Oldbury, Bracknell, Berkshire. RG12 8FZ The information contained in this e-mail and any attachments is confidential to Roke Manor Research Ltd and must not be passed to any third party without permission. This communication is for information only and shall not create or change any contractual relationship. From dot at DOTAT.AT Mon Jun 2 14:01:07 2003 From: dot at DOTAT.AT (Tony Finch) Date: Thu Jan 12 21:18:20 2006 Subject: Exim+MailScanner - not always queuing mail on "in" side In-Reply-To: Message-ID: Tim Bishop wrote: > >I'm running MailScanner with Exim on FreeBSD. This isn't strictly a >MailScanner problem, but I suspect it's related to the way I've set Exim >up to work with MailScanner. Yes. >The problem is that occasionally (but not always) locally generated >messages such as cron output don't get deferred by the incoming exim. >From my understanding of Exim it seems that it's ignored the queue_only, >then tried to defer it. Then, for some reason, it's decided to fail >the message. This is probably because the hints database for the incoming exim says that addresses have been failing for such a long time that they bounce immediately. You need to check that the spool directory configurations for the incoming and outgoing exims are correct and that they are being run with the correct commands, and check that /var/spool/exim_incoming/db is empty (as it should be if the queue_only option is working). Tony. -- f.a.n.finch http://dotat.at/ CAPE WRATH TO RATTRAY HEAD INCLUDING ORKNEY: MAINLY SOUTHEAST TO SOUTH OR SOUTHWEST 4 OR 5 BUT VARIABLE 2 OR 3 FOR A TIME IN THE NORTH AND WEST. THUNDERY RAIN AT FIRST WITH MIST OR FOG PATCHES, MAINLY FAIR LATER. MODERATE OR POOR BECOMING MAINLY GOOD. SLIGHT TO MODERATE. From mailscanner at ecs.soton.ac.uk Mon Jun 2 13:47:59 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:20 2006 Subject: minor isse with sophos-autoupdate script In-Reply-To: <3EDB3F9D.3050507@itss.nerc.ac.uk> Message-ID: <5.2.0.9.2.20030602134615.04e24280@imap.ecs.soton.ac.uk> At 13:14 02/06/2003, you wrote: >We had a few instance of Sobig-C which got through this morning ! > >Sophos sent out an alert at 3:54 am. I have this arranged (via a mail >alias) to run sophos-autoupdate immediately. However, we did not detect >any Sobig-C viruses until after 8 am (when MS was automatically >restarted, as happens every 4 hours). > >Perhaps sophos-autoupdate should restart MS ? If using "sophos" rather than "sophossavi", then the command-line scanner is run separately for each batch of messages. So there isn't anything to restart, the new IDE files will get picked up immediately. If you are using "sophossavi" then MailScanner will notice that the Sophos files have been modified and will restart immediately. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From moffelist at AMAGERKOLLEGIET.DK Mon Jun 2 16:09:05 2003 From: moffelist at AMAGERKOLLEGIET.DK (=?iso-8859-1?q?Rasmus_B=F8g_Hansen?=) Date: Thu Jan 12 21:18:20 2006 Subject: Exim+MailScanner - not always queuing mail on "in" side In-Reply-To: (Tony Finch's message of "Mon, 2 Jun 2003 14:01:07 +0100") References: Message-ID: <87y90kldny.fsf@grignard.amagerkollegiet.dk> Tony Finch writes: > Tim Bishop wrote: >> >>I'm running MailScanner with Exim on FreeBSD. This isn't strictly a >>MailScanner problem, but I suspect it's related to the way I've set Exim >>up to work with MailScanner. > > Yes. > >>The problem is that occasionally (but not always) locally generated >>messages such as cron output don't get deferred by the incoming exim. >>From my understanding of Exim it seems that it's ignored the queue_only, >>then tried to defer it. Then, for some reason, it's decided to fail >>the message. > > This is probably because the hints database for the incoming exim says > that addresses have been failing for such a long time that they bounce > immediately. You need to check that the spool directory configurations > for the incoming and outgoing exims are correct and that they are being > run with the correct commands, and check that /var/spool/exim_incoming/db > is empty (as it should be if the queue_only option is working). I have the same problem. The files in the db directory does not exist - but show up after some time. Could they appear due to this: root@gere:/etc# grep incoming /etc/cron.daily/exim exim_tidydb /var/spool/exim_incoming retry >/dev/null exim_tidydb /var/spool/exim_incoming wait-remote_smtp >/dev/null root@gere:/etc# This is Debian Woody with MailScanner 3.27.1-1 and exim 3.35-1. /Rasmus -- -- [ Rasmus "M?ffe" B?g Hansen ] --------------------------------------- Just install Windows. It will crash once a day, and your hardware will no longer be the poblem. ----------------------------------[ moffe at amagerkollegiet dot dk ] -- From tim-lists at BISHNET.NET Mon Jun 2 16:01:59 2003 From: tim-lists at BISHNET.NET (Tim Bishop) Date: Thu Jan 12 21:18:20 2006 Subject: Exim+MailScanner - not always queuing mail on "in" side In-Reply-To: References: Message-ID: <20030602150159.GB13592@carrick.bishnet.net> On Mon, Jun 02, 2003 at 02:01:07PM +0100, Tony Finch wrote: > Tim Bishop wrote: > > >The problem is that occasionally (but not always) locally generated > >messages such as cron output don't get deferred by the incoming exim. > >From my understanding of Exim it seems that it's ignored the queue_only, > >then tried to defer it. Then, for some reason, it's decided to fail > >the message. > > This is probably because the hints database for the incoming exim says > that addresses have been failing for such a long time that they bounce > immediately. You need to check that the spool directory configurations > for the incoming and outgoing exims are correct and that they are being > run with the correct commands, and check that /var/spool/exim_incoming/db > is empty (as it should be if the queue_only option is working). I did have a retry file in the exim.in/db directory - which was causing the bouncing. However, I think I know how this got there. Cron on FreeBSD runs sendmail (well, exim) with the -odi flag, which causes a second exim process to attempt delivery - even with the queue_only option switched on. Turning off this flag seems to have gone part way to fixing this... but it's still not entirely happy. It'd be nice if exim had a queue_only_always flag which would make it queue every time, and not permit anything else. Tim. -- Tim Bishop http://www.bishnet.net/tim PGP Key: 0x5AE7D984 From FCaen at CI.LAKEWOOD.WA.US Mon Jun 2 16:29:55 2003 From: FCaen at CI.LAKEWOOD.WA.US (Francois Caen) Date: Thu Jan 12 21:18:20 2006 Subject: New F-Prot Message-ID: Well, the new F-Prot line-up is up on f-prot.com Question is, which one to use with Mailscanner? The AV for Mail Servers seems to be overkill with its own daemon. The workstation version at $29 seems to be sufficient! Any comments? --------------------------------------------- Francois Caen Network Information Systems Engineer - Webmaster City of Lakewood, WA (253) 512-2269 NOTICE: The Information contained in this transmission is privileged and confidential. It is intended for the use of the individual or entity named above. If the reader of this message is not the intended addressee or other legitimate recipient, the reader is hereby notified that any consideration, dissemination or duplication of this communication is strictly prohibited. If the addressee has received this communication in error, please return it to the above address by mail and notify this office by telephone. City of Lakewood From mailscanner at ecs.soton.ac.uk Mon Jun 2 16:45:29 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:20 2006 Subject: New F-Prot In-Reply-To: Message-ID: <5.2.0.9.2.20030602164413.04339ba8@imap.ecs.soton.ac.uk> At 16:29 02/06/2003, you wrote: >Well, the new F-Prot line-up is up on f-prot.com > >Question is, which one to use with Mailscanner? The AV for Mail Servers >seems to be overkill with its own daemon. The workstation version at $29 >seems to be sufficient! From what I can see the only functionality you need is provided by the workstation edition. Can someone extract a copy of the licence from them and mail it to me, so I can whether they have anything to say on the subject of scanning mail attachments with it. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From lbergman at wtxs.net Mon Jun 2 16:55:33 2003 From: lbergman at wtxs.net (Lewis Bergman) Date: Thu Jan 12 21:18:20 2006 Subject: New F-Prot In-Reply-To: References: Message-ID: <200306021055.36753.lbergman@wtxs.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday 02 June 2003 10:29 am, Francois Caen wrote: > Well, the new F-Prot line-up is up on f-prot.com > > Question is, which one to use with Mailscanner? The AV for Mail Servers > seems to be overkill with its own daemon. The workstation version at $29 > seems to be sufficient! > > Any comments? Yes. Here is the biggest difference. $1920 for 500 mailboxes. For a price quote for a license for more than 500 mailboxes of F-Prot Antivirus for Linux Mail Servers, please contact our sales department. Looks like the license strategy of one low server fee is history. Time to take another look at Sophos again. - -- Lewis Bergman Texas Communications 4309 Maple St. Abilene, TX 79602-8044 915-695-6962 ext 115 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+23N4pT00mQjG01gRAqa+AJ9V6C/tWDQWpdV6+zz88y3w+8cn2QCdFsmM siC2WCwpk/XazQykFdUGc/A= =Ayku -----END PGP SIGNATURE----- From Kevin.Spicer at BMRB.CO.UK Mon Jun 2 16:58:12 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:18:20 2006 Subject: New F-Prot Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0A4AD96@pascal.priv.bmrb.co.uk> Its good to see that they've kept the personal version free for 'personal workstations' ( a bit of a grey area that since my personal workstation at home happens to also be a proxy server, file server, print server, web server for my home network!) Their mail solution seems a bit pricy at $1920 (based on 500 users) for something that seems to be a script which hooks into procmail. They also appear to be offering a .so file with the server version - I wonder if we'll see a perl wrapper API for that (like with SophosSavi)? > At 16:29 02/06/2003, you wrote: > >Well, the new F-Prot line-up is up on f-prot.com > > > >Question is, which one to use with Mailscanner? The AV for > Mail Servers > >seems to be overkill with its own daemon. The workstation > version at $29 > >seems to be sufficient! > > From what I can see the only functionality you need is > provided by the > workstation edition. > > Can someone extract a copy of the licence from them and mail > it to me, so I > can whether they have anything to say on the subject of scanning mail > attachments with it. > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From mailscanner at ecs.soton.ac.uk Mon Jun 2 17:17:45 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:20 2006 Subject: New F-Prot In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0A4AD96@pascal.priv.bmrb.co .uk> Message-ID: <5.2.0.9.2.20030602171518.04ee1d78@imap.ecs.soton.ac.uk> At 16:58 02/06/2003, you wrote: >Its good to see that they've kept the personal version free for 'personal >workstations' ( a bit of a grey area that since my personal workstation at >home happens to also be a proxy server, file server, print server, web >server for my home network!) > >Their mail solution seems a bit pricy at $1920 (based on 500 users) for >something that seems to be a script which hooks into procmail. > >They also appear to be offering a .so file with the server version - I >wonder if we'll see a perl wrapper API for that (like with SophosSavi)? The .so file is actually only a frontend for open() and a couple of other calls. It catches these calls and connects to the scanning *daemon* to ask it to do the scanning, before falling into the standard system open() call. It isn't actually the same thing as SophosSAVI at all. I hoped it would be like SophosSAVI, but I read the docs half an hour ago and it's no help at all. Might as well call the daemon myself. > > At 16:29 02/06/2003, you wrote: > > >Well, the new F-Prot line-up is up on f-prot.com > > > > > >Question is, which one to use with Mailscanner? The AV for > > Mail Servers > > >seems to be overkill with its own daemon. The workstation > > version at $29 > > >seems to be sufficient! > > > > From what I can see the only functionality you need is > > provided by the > > workstation edition. > > > > Can someone extract a copy of the licence from them and mail > > it to me, so I > > can whether they have anything to say on the subject of scanning mail > > attachments with it. > > -- > > Julian Field > > www.MailScanner.info > > MailScanner thanks transtec Computers for their support > > > > > >BMRB International >http://www.bmrb.co.uk >+44 (0)20 8566 5000 >_________________________________________________________________ >This message (and any attachment) is intended only for the >recipient and may contain confidential and/or privileged >material. If you have received this in error, please contact the >sender and delete this message immediately. Disclosure, copying >or other action taken in respect of this email or in >reliance on it is prohibited. BMRB International Limited >accepts no liability in relation to any personal emails, or >content of any email which does not directly relate to our >business. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Mon Jun 2 17:15:14 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:20 2006 Subject: New F-Prot In-Reply-To: <200306021055.36753.lbergman@wtxs.net> References: Message-ID: <5.2.0.9.2.20030602171438.042d92a0@imap.ecs.soton.ac.uk> At 16:55 02/06/2003, you wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >On Monday 02 June 2003 10:29 am, Francois Caen wrote: > > Well, the new F-Prot line-up is up on f-prot.com > > > > Question is, which one to use with Mailscanner? The AV for Mail Servers > > seems to be overkill with its own daemon. The workstation version at $29 > > seems to be sufficient! > > > > Any comments? >Yes. Here is the biggest difference. >$1920 for 500 mailboxes. >For a price quote for a license for more than 500 mailboxes of F-Prot >Antivirus for Linux Mail Servers, please contact our sales department. However, the "Mail Server" version isn't actually what you want, you just want to scan files. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From raymond at PROLOCATION.NET Mon Jun 2 17:29:11 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:20 2006 Subject: New F-Prot In-Reply-To: <5.2.0.9.2.20030602171438.042d92a0@imap.ecs.soton.ac.uk> Message-ID: Hi! > >For a price quote for a license for more than 500 mailboxes of F-Prot > >Antivirus for Linux Mail Servers, please contact our sales department. > > However, the "Mail Server" version isn't actually what you want, you just > want to scan files. Jesuz, a clueless droid made their new webpage :) For Linix / BSD Mail Servers we offer Linix haha. However the F-Prot Antivirus for Linux Workstations should do: F-Prot Antivirus for Linux Workstations therefore provides the same best of breed features as found throughout the F-Prot product line. It contains the F-Prot Antivirus Command-line Scanner and the F-prot Antivirus Updater. Thats the command line scanner. And it comes for just 29 USD :) Cool. Their pricing tool is nuts btw, one workstation is 29 and 2 x = 75 ? I'll order 10 seperate ones i think hahahaha. Its that i KNOW their product is good :) smile ... Bye, Raymond. From raymond at PROLOCATION.NET Mon Jun 2 17:30:01 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:20 2006 Subject: New F-Prot In-Reply-To: <5.2.0.9.2.20030602164413.04339ba8@imap.ecs.soton.ac.uk> Message-ID: Hi! > From what I can see the only functionality you need is provided by the > workstation edition. > > Can someone extract a copy of the licence from them and mail it to me, so I > can whether they have anything to say on the subject of scanning mail > attachments with it. Its plain files we scan. We dont scan mail do we ? =)) Bye, Raymond. From FCaen at CI.LAKEWOOD.WA.US Mon Jun 2 17:40:35 2003 From: FCaen at CI.LAKEWOOD.WA.US (Francois Caen) Date: Thu Jan 12 21:18:20 2006 Subject: New F-Prot Message-ID: -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > However, the "Mail Server" version isn't actually what you want, you just want to scan files. Yep. Especially if you run MS/F-Prot in front of an actual mailbox server (Exchange,...) and you have no mailboxes on the MS machine itself. Per-mailbox licensing is just ridiculous for proxies. --------------------------------------------- Francois Caen Network Information Systems Engineer - Webmaster City of Lakewood, WA (253) 512-2269 NOTICE: The Information contained in this transmission is privileged and confidential. It is intended for the use of the individual or entity named above. If the reader of this message is not the intended addressee or other legitimate recipient, the reader is hereby notified that any consideration, dissemination or duplication of this communication is strictly prohibited. If the addressee has received this communication in error, please return it to the above address by mail and notify this office by telephone. City of Lakewood From FCaen at CI.LAKEWOOD.WA.US Mon Jun 2 17:42:58 2003 From: FCaen at CI.LAKEWOOD.WA.US (Francois Caen) Date: Thu Jan 12 21:18:20 2006 Subject: New F-Prot Message-ID: -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > Can someone extract a copy of the licence from them and mail it to me, > so I can whether they have anything to say on the subject of scanning > mail attachments with it. I just emailed their sales folks asking for a license. I will let you know if/when I get a response. --------------------------------------------- Francois Caen Network Information Systems Engineer - Webmaster City of Lakewood, WA (253) 512-2269 NOTICE: The Information contained in this transmission is privileged and confidential. It is intended for the use of the individual or entity named above. If the reader of this message is not the intended addressee or other legitimate recipient, the reader is hereby notified that any consideration, dissemination or duplication of this communication is strictly prohibited. If the addressee has received this communication in error, please return it to the above address by mail and notify this office by telephone. City of Lakewood From cparker at SWATGEAR.COM Mon Jun 2 17:41:51 2003 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:18:20 2006 Subject: Safe to upgrade SpamAssassin? Message-ID: <001BD19C96E6E64E8750D72C2EA0ECEE1AE082@ati-ex-01.ati.local> Hello. I'm pretty new to MailScanner (I really like it so far) so I'm surveying the list about whether or not I can upgrade SpamAssassin. Currently I'm using SA 2.31, MS 4.20-3, on RH 8. I'd like to upgrade SA to the latest version (2.55). Aside from downloading the rpm and installing is there anything else I should do? And is there anything I should look out for? Thanks, Chris. From raymond at PROLOCATION.NET Mon Jun 2 17:55:24 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:20 2006 Subject: Safe to upgrade SpamAssassin? In-Reply-To: <001BD19C96E6E64E8750D72C2EA0ECEE1AE082@ati-ex-01.ati.local> Message-ID: Hi! > I'm pretty new to MailScanner (I really like it so far) so I'm > surveying the list about whether or not I can upgrade SpamAssassin. > Currently I'm using SA 2.31, MS 4.20-3, on RH 8. I'd like to upgrade SA > to the latest version (2.55). > > Aside from downloading the rpm and installing is there anything else I > should do? And is there anything I should look out for? You have to install spamassassin via CPAN. Install Mail::SpamAssassin Dont use the RPM's to avoid trouble. Bye, Raymond. From cparker at SWATGEAR.COM Mon Jun 2 18:15:55 2003 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:18:20 2006 Subject: Safe to upgrade SpamAssassin? Message-ID: <001BD19C96E6E64E8750D72C2EA0ECEE2B7BC3@ati-ex-01.ati.local> Raymond Dijkxhoorn wrote: > > I'm pretty new to MailScanner (I really like it so far) so I'm > > surveying the list about whether or not I can upgrade SpamAssassin. > > Currently I'm using SA 2.31, MS 4.20-3, on RH 8. I'd like to > > upgrade SA to the latest version (2.55). > > > > Aside from downloading the rpm and installing is there anything > > else I should do? And is there anything I should look out for? > > You have to install spamassassin via CPAN. > Install Mail::SpamAssassin > > Dont use the RPM's to avoid trouble. Ok, I think I can do that. One last bit of clarification though, does it cause a problem that the initial install of SA was done via RPM? Thanks, Chris. From mailscanner at ecs.soton.ac.uk Mon Jun 2 18:19:07 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:20 2006 Subject: Safe to upgrade SpamAssassin? In-Reply-To: <001BD19C96E6E64E8750D72C2EA0ECEE2B7BC3@ati-ex-01.ati.local > Message-ID: <5.2.1.1.2.20030602181810.02858b40@imap.ecs.soton.ac.uk> At 18:15 02/06/2003, you wrote: >Raymond Dijkxhoorn wrote: > > > > I'm pretty new to MailScanner (I really like it so far) so I'm > > > surveying the list about whether or not I can upgrade SpamAssassin. > > > Currently I'm using SA 2.31, MS 4.20-3, on RH 8. I'd like to > > > upgrade SA to the latest version (2.55). > > > > > > Aside from downloading the rpm and installing is there anything > > > else I should do? And is there anything I should look out for? > > > > You have to install spamassassin via CPAN. > > Install Mail::SpamAssassin > > > > Dont use the RPM's to avoid trouble. > >Ok, I think I can do that. One last bit of clarification though, does it >cause a problem that the initial install of SA was done via RPM? Delete the RPM before you start installing the new version. I can't remember the capitalisation used in the RPM, but one of these will do it: rpm -e spamassassin rpm -e SpamAssassin -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From raymond at PROLOCATION.NET Mon Jun 2 18:24:29 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:21 2006 Subject: Safe to upgrade SpamAssassin? In-Reply-To: <5.2.1.1.2.20030602181810.02858b40@imap.ecs.soton.ac.uk> Message-ID: Hi! > >Ok, I think I can do that. One last bit of clarification though, does it > >cause a problem that the initial install of SA was done via RPM? > Delete the RPM before you start installing the new version. I can't > remember the capitalisation used in the RPM, but one of these will do it: > rpm -e spamassassin > rpm -e SpamAssassin grep spam /var/log/rpmpkgs =) On one of my older boxes i had: [raymond@fallback log]$ grep spam /var/log/rpmpkgs spamassassin-2.53-1.i386.rpm spamassassin-tools-2.53-1.i386.rpm Bye, Raymond. From cparker at SWATGEAR.COM Mon Jun 2 18:31:01 2003 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:18:21 2006 Subject: Safe to upgrade SpamAssassin? Message-ID: <001BD19C96E6E64E8750D72C2EA0ECEE2B7BC6@ati-ex-01.ati.local> Julian Field wrote: > > > > Aside from downloading the rpm and installing is there anything > > > > else I should do? And is there anything I should look out for? > > > > > > You have to install spamassassin via CPAN. > > > Install Mail::SpamAssassin > > > > > > Dont use the RPM's to avoid trouble. > > > > Ok, I think I can do that. One last bit of clarification though, > > does it cause a problem that the initial install of SA was done via > > RPM? > > Delete the RPM before you start installing the new version. I can't > remember the capitalisation used in the RPM, but one of these will do > it: rpm -e spamassassin > rpm -e SpamAssassin I'll give it a shot and let everyone know how it goes. Thanks, Chris. From mbowman at UDCOM.COM Mon Jun 2 18:55:57 2003 From: mbowman at UDCOM.COM (Matthew Bowman) Date: Thu Jan 12 21:18:21 2006 Subject: New F-Prot Message-ID: Hello F-Prot are doing what Sophos have been doing - charging by mailbox. This is not suitable for an ISP with a Mail Gateway that has no mailboxes. Like ourselves. So is it the general opinon that all one has to purchase is the workstation version at $29 per Mail Gateway ? Matthew Bowman -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030602/bd1b47d6/attachment.html From lbergman at wtxs.net Mon Jun 2 19:12:05 2003 From: lbergman at wtxs.net (Lewis Bergman) Date: Thu Jan 12 21:18:21 2006 Subject: New F-Prot In-Reply-To: References: Message-ID: <200306021312.10504.lbergman@wtxs.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday 02 June 2003 12:55 pm, Matthew Bowman wrote: > Hello > > F-Prot are doing what Sophos have been doing - charging by mailbox. This > is not suitable for an ISP with a Mail Gateway that has no mailboxes. Like > ourselves. So is it the general opinon that all one has to purchase is > the workstation version at $29 per Mail Gateway ? I haven't seen the license. The license, not general opinion, would determine this I would think. - -- Lewis Bergman Texas Communications 4309 Maple St. Abilene, TX 79602-8044 915-695-6962 ext 115 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+25N6pT00mQjG01gRAgcbAJ9IneyL0d26XISf5sa0tW/ef+BnygCfU1Ac Yoc1fXZh8ksSUztkhDCb5YA= =YiHZ -----END PGP SIGNATURE----- From brian at UNEARTHED.ORG Mon Jun 2 19:21:05 2003 From: brian at UNEARTHED.ORG (Brian May) Date: Thu Jan 12 21:18:21 2006 Subject: Upgrade problem... Message-ID: <007801c32933$c27bf3c0$9701020a@brianmay> for some reason after the upgrade to the latest and greatest.. the command: /etc/init.d/MailScanner start starts two instances of sendmail in and out... but if I call: /etc/init.d/MailScanner startin /etc/init.d/MailScanner startout /usr/sbin/check_mailscanner it works fine... which is extremely odd.. since that's what '/etc/init.d/MailScanner start' does... And yes, before I started '/etc/init.d/MailScanner start' I made sure that no rouge copies of sendmail or mailscanner were running... From michele at BLACKNIGHTSOLUTIONS.COM Mon Jun 2 19:26:07 2003 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: BlacknightSolutions) Date: Thu Jan 12 21:18:21 2006 Subject: Upgrade problem... In-Reply-To: <007801c32933$c27bf3c0$9701020a@brianmay> Message-ID: <200306021826.h52IQHp30573@camelot.blacknightsolutions.com> > for some reason after the upgrade to the latest and > greatest.. the command: > > /etc/init.d/MailScanner start > > starts two instances of sendmail in and out... > > but if I call: > /etc/init.d/MailScanner startin > /etc/init.d/MailScanner startout > /usr/sbin/check_mailscanner > > it works fine... which is extremely odd.. since that's what > '/etc/init.d/MailScanner start' does... > > And yes, before I started '/etc/init.d/MailScanner start' I > made sure that no rouge copies of sendmail or mailscanner > were running... > What about the command: service MailScanner restart ? Does that also bork? ######################################################### This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance to it is prohibited. From email at ace.net.au Mon Jun 2 19:28:50 2003 From: email at ace.net.au (Peter Nitschke) Date: Thu Jan 12 21:18:21 2006 Subject: Safe to upgrade SpamAssassin? In-Reply-To: References: Message-ID: <200306030358500848.00B35541@smtp1.ace.net.au> I used the source RPM and it has worked just fine on both RH7.3 and RH9 Peter *********** REPLY SEPARATOR *********** On 2/06/2003 at 6:55 PM Raymond Dijkxhoorn wrote: >Hi! > >> I'm pretty new to MailScanner (I really like it so far) so I'm >> surveying the list about whether or not I can upgrade SpamAssassin. >> Currently I'm using SA 2.31, MS 4.20-3, on RH 8. I'd like to upgrade SA >> to the latest version (2.55). >> >> Aside from downloading the rpm and installing is there anything else I >> should do? And is there anything I should look out for? > >You have to install spamassassin via CPAN. >Install Mail::SpamAssassin > >Dont use the RPM's to avoid trouble. > >Bye, >Raymond. From brian at UNEARTHED.ORG Mon Jun 2 19:44:14 2003 From: brian at UNEARTHED.ORG (Brian May) Date: Thu Jan 12 21:18:21 2006 Subject: Upgrade problem... References: <200306021826.h52IQHp30573@camelot.blacknightsolutions.com> Message-ID: <00b701c32938$ede87dd0$9701020a@brianmay> Must have been something else that was mucking stuff up.. service MailScanner restart and /etc/init.d/MailScanner restart (which I assume is the exact same thing) work fine now.. *shrug* Brian ----- Original Message ----- From: "Michele Neylon :: BlacknightSolutions" To: Sent: Monday, June 02, 2003 11:26 AM Subject: Re: Upgrade problem... > for some reason after the upgrade to the latest and > greatest.. the command: > > /etc/init.d/MailScanner start > > starts two instances of sendmail in and out... > > but if I call: > /etc/init.d/MailScanner startin > /etc/init.d/MailScanner startout > /usr/sbin/check_mailscanner > > it works fine... which is extremely odd.. since that's what > '/etc/init.d/MailScanner start' does... > > And yes, before I started '/etc/init.d/MailScanner start' I > made sure that no rouge copies of sendmail or mailscanner > were running... > What about the command: service MailScanner restart ? Does that also bork? ######################################################### This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance to it is prohibited. From cparker at SWATGEAR.COM Mon Jun 2 20:32:14 2003 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:18:21 2006 Subject: Safe to upgrade SpamAssassin? Message-ID: <001BD19C96E6E64E8750D72C2EA0ECEE2B7BC9@ati-ex-01.ati.local> Chris W. Parker <> wrote: > I'll give it a shot and let everyone know how it goes. The CPAN thing didn't work. It continuously timed out when trying to connect to ftp.cpan.org. So I tried rebuilding the source rpm, that didn't work either*. Then I just downloaded the i386.rpm and installed that. As far as I know it's installed and working. How can I verify what version of SA is being used? Thanks, Chris. * Probably user error. From mailscanner at ecs.soton.ac.uk Mon Jun 2 20:45:22 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:21 2006 Subject: Safe to upgrade SpamAssassin? In-Reply-To: <001BD19C96E6E64E8750D72C2EA0ECEE2B7BC9@ati-ex-01.ati.local > Message-ID: <5.2.1.1.2.20030602204155.023901f0@imap.ecs.soton.ac.uk> At 20:32 02/06/2003, you wrote: >Chris W. Parker <> wrote: > > > I'll give it a shot and let everyone know how it goes. > >The CPAN thing didn't work. It continuously timed out when trying to >connect to ftp.cpan.org. So I tried rebuilding the source rpm, that didn't >work either*. Then I just downloaded the i386.rpm and installed that. As >far as I know it's installed and working. How can I verify what version of >SA is being used? The problem with the i386.rpm is that on many versions of many OS's it gets the paths wrong and won't actually work. If you are lucky, then perl use Mail::SpamAssassin; print $Mail::SpamAssassin::VERSION . "\n"; (then press Ctrl-D and it will print the version number). >Thanks, >Chris. > >* Probably user error. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From cparker at SWATGEAR.COM Mon Jun 2 20:54:28 2003 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:18:21 2006 Subject: Safe to upgrade SpamAssassin? Message-ID: <001BD19C96E6E64E8750D72C2EA0ECEE2B7BCA@ati-ex-01.ati.local> Julian Field wrote: > At 20:32 02/06/2003, you wrote: > > Chris W. Parker <> wrote: > > > > > I'll give it a shot and let everyone know how it goes. > > > > The CPAN thing didn't work. It continuously timed out when trying to > > connect to ftp.cpan.org. So I tried rebuilding the source rpm, that > > didn't work either*. Then I just downloaded the i386.rpm and > > installed that. As far as I know it's installed and working. How > > can I verify what version of SA is being used? > > The problem with the i386.rpm is that on many versions of many OS's > it gets the paths wrong and won't actually work. If you are lucky, > then perl use Mail::SpamAssassin; > print $Mail::SpamAssassin::VERSION . "\n"; > (then press Ctrl-D and it will print the version number). Says 2.55. Does that indicate all is well? Chris. From cparker at SWATGEAR.COM Mon Jun 2 20:59:20 2003 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:18:21 2006 Subject: SpamAssassin timed out and was killed... box too slow? Message-ID: <001BD19C96E6E64E8750D72C2EA0ECEE1AE087@ati-ex-01.ati.local> Hello. We have relatively low email traffic (approx. 450/day on work days) and I receive quite a few of these in my /var/log/maillog: May 17 04:03:08 filter MailScanner[3324]: SpamAssassin timed out and was killed, consecutive failure 1 of 20 Does this mean my computer is too slow? It's a 200mhz pentium!!! :) I can imagine that it IS too slow, but I just want to make sure it's not a configuration problem. Do you think increasing the timeout would help or would that make it worse? Thaks, Chris. From kevins at BMRB.CO.UK Mon Jun 2 21:10:37 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:21 2006 Subject: SpamAssassin timed out and was killed... box too slow? In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0011756CA@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB0011756CA@pascal.priv.bmrb.co.uk> Message-ID: <1054584637.4655.9.camel@bach.kevinspicer.co.uk> >On Mon, 2003-06-02 at 20:59, Chris W. Parker wrote: Hello. We have relatively low email traffic (approx. 450/day on work days) and I receive quite a few of these in my /var/log/maillog: >May 17 04:03:08 filter MailScanner[3324]: SpamAssassin timed out and >was killed, consecutive failure 1 of 20 >Does this mean my computer is too slow? It's a 200mhz pentium!!! Probably not - more likely this was an RBL which failed to respond in a timely fashion. It probably a good idea to tweak the SpamAssassin Timeout in MailScanner.conf to 40s (if its not there already) as some internal SpamAssassin timeouts are 30s. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From mailscanner at ecs.soton.ac.uk Mon Jun 2 21:14:54 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:21 2006 Subject: SpamAssassin timed out and was killed... box too slow? In-Reply-To: <001BD19C96E6E64E8750D72C2EA0ECEE1AE087@ati-ex-01.ati.local > Message-ID: <5.2.1.1.2.20030602211319.0254b960@imap.ecs.soton.ac.uk> At 20:59 02/06/2003, you wrote: >Hello. > >We have relatively low email traffic (approx. 450/day on work days) and I >receive quite a few of these in my /var/log/maillog: > >May 17 04:03:08 filter MailScanner[3324]: SpamAssassin timed out and was >killed, consecutive failure 1 of 20 > >Does this mean my computer is too slow? It's a 200mhz pentium!!! :) I can >imagine that it IS too slow, but I just want to make sure it's not a >configuration problem. Do you think increasing the timeout would help or >would that make it worse? In MailScanner.conf, set the SpamAssassin timeout to 40 seconds. SA has internal 30 second timeouts, hence the 40 seconds. The other thing to try is skip_rbl_checks 1 in spam.assassin.prefs.conf to see if it is RBL checks that are timing out. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From cparker at SWATGEAR.COM Mon Jun 2 21:14:49 2003 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:18:21 2006 Subject: SpamAssassin timed out and was killed... box too slow? Message-ID: <001BD19C96E6E64E8750D72C2EA0ECEE2B7BCC@ati-ex-01.ati.local> Kevin Spicer wrote: > > On Mon, 2003-06-02 at 20:59, Chris W. Parker wrote: > > Hello. > > We have relatively low email traffic (approx. 450/day on work days) > and I receive quite a few of these in my /var/log/maillog: > > > May 17 04:03:08 filter MailScanner[3324]: SpamAssassin timed out and > > was killed, consecutive failure 1 of 20 > > > Does this mean my computer is too slow? It's a 200mhz pentium!!! > > Probably not - more likely this was an RBL which failed to respond in > a timely fashion. It probably a good idea to tweak the SpamAssassin > Timeout in MailScanner.conf to 40s (if its not there already) as some > internal SpamAssassin timeouts are 30s. Actually I've got RBL checking turned off and my SA timeout is already set at 60s. Any other ideas? Chris. From mailscanner at ecs.soton.ac.uk Mon Jun 2 21:12:59 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:21 2006 Subject: Safe to upgrade SpamAssassin? In-Reply-To: <001BD19C96E6E64E8750D72C2EA0ECEE2B7BCA@ati-ex-01.ati.local > Message-ID: <5.2.1.1.2.20030602211234.04178e58@imap.ecs.soton.ac.uk> At 20:54 02/06/2003, you wrote: >Julian Field wrote: > > > At 20:32 02/06/2003, you wrote: > > > Chris W. Parker <> wrote: > > > > > > > I'll give it a shot and let everyone know how it goes. > > > > > > The CPAN thing didn't work. It continuously timed out when trying to > > > connect to ftp.cpan.org. So I tried rebuilding the source rpm, that > > > didn't work either*. Then I just downloaded the i386.rpm and > > > installed that. As far as I know it's installed and working. How > > > can I verify what version of SA is being used? > > > > The problem with the i386.rpm is that on many versions of many OS's > > it gets the paths wrong and won't actually work. If you are lucky, > > then perl use Mail::SpamAssassin; > > print $Mail::SpamAssassin::VERSION . "\n"; > > (then press Ctrl-D and it will print the version number). > >Says 2.55. Does that indicate all is well? Sounds promising :) -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mikea at MIKEA.ATH.CX Mon Jun 2 21:17:32 2003 From: mikea at MIKEA.ATH.CX (mikea) Date: Thu Jan 12 21:18:21 2006 Subject: SpamAssassin timed out and was killed... box too slow? In-Reply-To: <001BD19C96E6E64E8750D72C2EA0ECEE1AE087@ati-ex-01.ati.local>; from cparker@SWATGEAR.COM on Mon, Jun 02, 2003 at 12:59:20PM -0700 References: <001BD19C96E6E64E8750D72C2EA0ECEE1AE087@ati-ex-01.ati.local> Message-ID: <20030602151732.A35280@mikea.ath.cx> On Mon, Jun 02, 2003 at 12:59:20PM -0700, Chris W. Parker wrote: > Hello. > We have relatively low email traffic (approx. 450/day on work days) > and I receive quite a few of these in my /^/> /var/log/maillog: > May 17 04:03:08 filter MailScanner[3324]: SpamAssassin timed out and > was killed, consecutive failure 1 of 20 > Does this mean my computer is too slow? It's a 200mhz pentium!!! :) > I can imagine that it IS too slow, but I just want to make sure it's > not a configuration problem. Do you think increasing the timeout > would help or would that make it worse? It more probably means that sometimes the first attempt to check some IP address or machine name in a DNSbl is timing out. If you see things like : consecutive failure 1 of 20 : consecutive failure 2 of 20 : consecutive failure 3 of 20 : consecutive failure 4 of 20 : ... : consecutive failure 20 of 20 then you have a problem and need to fix it. If the box isn't keeping up with incoming mail, than that can be a problem, too, and you may want to review your DNSbl configuration. But it you're just seeing the occasional "failure 1 of 20" and the box is keepnig up, things probably are OK. As to box speed, that's not really a consideration: my 233 MHz P-III keeps up nicely with about about 6K inbound mails each workday, of which about 20 to 25% are spam on any given workday. it's memory size that's the worst constraint, with swap device speed being next in my experience. CPU speed is way down on the list. -- Mike Andrews mikea@mikea.ath.cx Tired old sysadmin since 1964 From jase at SENSIS.COM Mon Jun 2 21:22:59 2003 From: jase at SENSIS.COM (Desai, Jason) Date: Thu Jan 12 21:18:21 2006 Subject: SpamAssassin timed out and was killed... box to o slow? Message-ID: > > > On Mon, 2003-06-02 at 20:59, Chris W. Parker wrote: > > > > Hello. > > > > We have relatively low email traffic (approx. 450/day on work days) > > and I receive quite a few of these in my /var/log/maillog: > > > > > May 17 04:03:08 filter MailScanner[3324]: SpamAssassin > timed out and > > > was killed, consecutive failure 1 of 20 > > > > > Does this mean my computer is too slow? It's a 200mhz pentium!!! > > > > Probably not - more likely this was an RBL which failed to > respond in > > a timely fashion. It probably a good idea to tweak the SpamAssassin > > Timeout in MailScanner.conf to 40s (if its not there > already) as some > > internal SpamAssassin timeouts are 30s. > > Actually I've got RBL checking turned off and my SA timeout > is already set at 60s. > > Any other ideas? > > > Chris. You can try turning off bayes checking in spam assassin by setting use_bayes 0 in spam.assasin.prefs.conf Jason From mailscanner at ecs.soton.ac.uk Mon Jun 2 21:23:03 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:21 2006 Subject: SpamAssassin timed out and was killed... box too slow? In-Reply-To: <001BD19C96E6E64E8750D72C2EA0ECEE2B7BCC@ati-ex-01.ati.local > Message-ID: <5.2.1.1.2.20030602211938.04172c88@imap.ecs.soton.ac.uk> At 21:14 02/06/2003, you wrote: >Kevin Spicer wrote: > > > > On Mon, 2003-06-02 at 20:59, Chris W. Parker wrote: > > > > Hello. > > > > We have relatively low email traffic (approx. 450/day on work days) > > and I receive quite a few of these in my /var/log/maillog: > > > > > May 17 04:03:08 filter MailScanner[3324]: SpamAssassin timed out and > > > was killed, consecutive failure 1 of 20 > > > > > Does this mean my computer is too slow? It's a 200mhz pentium!!! > > > > Probably not - more likely this was an RBL which failed to respond in > > a timely fashion. It probably a good idea to tweak the SpamAssassin > > Timeout in MailScanner.conf to 40s (if its not there already) as some > > internal SpamAssassin timeouts are 30s. > >Actually I've got RBL checking turned off and my SA timeout is already set >at 60s. > >Any other ideas? Kill all the MailScanner processes (some of them will take several seconds to die, let them get on with it). Edit /etc/MailScanner/MailScanner.conf. Set Debug = yes Set Debug SpamAssassin = yes Wait until you have a few messages collected in /var/spool/mqueue.in. Then run "check_MailScanner". It should spew output about SpamAssassin, during which it will hopefully pause, waiting for something to happen. The output when it pauses should hopefully give you some clue about why it is timing out. It will run 1 batch of messages and then quit. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From kevins at BMRB.CO.UK Mon Jun 2 21:26:37 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:21 2006 Subject: SpamAssassin timed out and was killed... box too slow? In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0011756CE@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB0011756CE@pascal.priv.bmrb.co.uk> Message-ID: <1054585598.4655.15.camel@bach.kevinspicer.co.uk> >Actually I've got RBL checking turned off and my SA timeout is already >set at 60s. >Any other ideas? Well, IIRC SA does some lookups anyway (even with rbls turned off), not to mention any of the razor, pyzor, dcc checks you may or may not be using. Anyway its nothing to worry about if its just the occasional message. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From moffelist at AMAGERKOLLEGIET.DK Mon Jun 2 21:32:59 2003 From: moffelist at AMAGERKOLLEGIET.DK (=?iso-8859-1?q?Rasmus_B=F8g_Hansen?=) Date: Thu Jan 12 21:18:21 2006 Subject: Exim+MailScanner - not always queuing mail on "in" side In-Reply-To: <20030602150159.GB13592@carrick.bishnet.net> (Tim Bishop's message of "Mon, 2 Jun 2003 16:01:59 +0100") References: <20030602150159.GB13592@carrick.bishnet.net> Message-ID: <871xyckyo4.fsf@grignard.amagerkollegiet.dk> Tim Bishop writes: > I did have a retry file in the exim.in/db directory - which was > causing the bouncing. However, I think I know how this got there. > > Cron on FreeBSD runs sendmail (well, exim) with the -odi flag, which > causes a second exim process to attempt delivery - even with the > queue_only option switched on. Turning off this flag seems to have > gone part way to fixing this... but it's still not entirely happy. How do you turn off -odi? It seems that one must recompile cron to do this - but of course, cron on Debian Linux may be different... /Rasmus -- -- [ Rasmus "M?ffe" B?g Hansen ] --------------------------------------- Defense?? What am I to defend?? Am I in war?? ----------------------------------[ moffe at amagerkollegiet dot dk ] -- From cparker at SWATGEAR.COM Mon Jun 2 21:53:03 2003 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:18:21 2006 Subject: SpamAssassin timed out and was killed... box too slow? Message-ID: <001BD19C96E6E64E8750D72C2EA0ECEE1AE088@ati-ex-01.ati.local> Kevin Spicer wrote: > > Actually I've got RBL checking turned off and my SA timeout is > > already set at 60s. > > > Any other ideas? > > Well, IIRC SA does some lookups anyway (even with rbls turned off), > not to mention any of the razor, pyzor, dcc checks you may or may not > be using. Anyway its nothing to worry about if its just the > occasional message. I would agree except that I think it happens more than occasionally. Let me ask this question, even though it seems to time out frequently the consecutive failure count usually doesn't go past one. Here is an example, a few lines from my log. (i modified each line to try and shorten it as much as I could.) (These are all from today.) Jun 2 12:23:03 MS[nn]: SA timed out and was killed, consecutive failure 1 of 20 Jun 2 12:23:36 MS[nn]: SA timed out and was killed, consecutive failure 1 of 20 Jun 2 12:46:38 MS[nn]: SA timed out and was killed, consecutive failure 1 of 20 Jun 2 12:48:21 MS[nn]: SA timed out and was killed, consecutive failure 1 of 20 Jun 2 13:16:31 MS[nn]: SA timed out and was killed, consecutive failure 1 of 20 Jun 2 13:16:36 MS[nn]: SA timed out and was killed, consecutive failure 1 of 20 Jun 2 13:16:36 MS[nn]: SA timed out and was killed, consecutive failure 1 of 20 Jun 2 13:27:05 MS[nn]: SA timed out and was killed, consecutive failure 1 of 20 Jun 2 13:29:03 MS[nn]: SA timed out and was killed, consecutive failure 2 of 20 Jun 2 13:33:22 MS[nn]: SA timed out and was killed, consecutive failure 2 of 20 Jun 2 13:35:12 MS[nn]: SA timed out and was killed, consecutive failure 2 of 20 Jun 2 13:42:31 MS[nn]: SA timed out and was killed, consecutive failure 3 of 20 Does the consecutive failure count get reset every few minutes or something? Otherwise I don't understand why the number stays at 1 so much. It looks like it is well on it's way to 20 but the last timeout only shows 3. It seems to me that if the count went to 20 all the time it would indicate that the box is indeed too slow. Thanks, Chris. From Andrew.Magnusson at COCC.COM Mon Jun 2 21:59:58 2003 From: Andrew.Magnusson at COCC.COM (Magnusson, Andrew) Date: Thu Jan 12 21:18:21 2006 Subject: MailScanner delivering blocked attachments? Message-ID: We've got two email gateways, both running MailScanner 4.20-3. This afternoon we had a strange occurrence: an .exe (banned attachment) was tagged by the outside gateway as banned, yet still delivered to the inside gateway with the attachment intact. (See log snippets.) THEN, as this user is apparently nonexistent, the bounce message, with attachment intact, passed back through the internal gateway! This time, however, the attachment was stripped. Any idea why this might have happened? Never seen this before; all other EXEs and other banned filetypes have been dropped with no problem. External gateway ("1.1.1.2"): Jun 2 15:58:30 external-smtp sendmail[29916]: h52JwT829916: from=, size=10272, class=0, nrcpts=1, msgid=<4F043329520A7A4D997C792418D9E552010991CC@osgood.yyy.com>, proto=SMTP, daemon=MTA, relay=mail.yyy.com [000.000.000.000] Jun 2 15:58:30 external-smtp sendmail[29916]: h52JwT829916: to=, delay=00:00:01, mailer=esmtp, pri=40272, stat=queued Jun 2 15:58:33 external-smtp MailScanner[18247]: Saved entire message to /var/spool/MailScanner/quarantine/20030602/h52JwT829916 Jun 2 15:58:33 external-smtp MailScanner[18247]: Saved infected "REPAIR.EXE" to /var/spool/MailScanner/quarantine/20030602/h52JwT829916 Jun 2 15:59:33 external-smtp sendmail[29990]: h52JwT829916: to=, delay=00:01:04, xdelay=00:00:00, mailer=esmtp, pri=130272, relay=[1.1.1.1] [1.1.1.1], dsn=2.0.0, stat=Sent (h52JxX5j021222 Message accepted for delivery) Internal gateway ("1.1.1.1"): Jun 2 15:59:33 smtp sendmail[21222]: h52JxX5j021222: from=, size=1977, class=0, nrcpts=1, msgid=<4F043329520A7A4D997C792418D9E552010991CC@osgood.yyy.com>, proto=ESMTP, daemon=MTA, relay=external-smtp.cocci.com [1.1.1.2] Jun 2 15:59:33 smtp sendmail[21222]: h52JxX5j021222: to=, delay=00:00:00, mailer=esmtp, pri=31029, stat=queued Jun 2 15:59:35 smtp MailScanner[21082]: Saved entire message to /var/spool/MailScanner/quarantine/20030602/h52JxX5j021222 Jun 2 15:59:35 smtp MailScanner[21082]: Saved infected "REPAIR.EXE" to /var/spool/MailScanner/quarantine/20030602/h52JxX5j021222 Jun 2 16:00:52 smtp sendmail[21488]: h52JxX5j021222: to=, delay=00:01:19, xdelay=00:00:00, mailer=esmtp, pri=121029, relay=[2.2.2.2] [2.2.2.2], dsn=2.0.0, stat=Sent (Ok) Then, on the internal: Jun 2 16:00:53 smtp sendmail[21520]: h52K0r5f021520: from=<>, size=2793, class=0, nrcpts=1, msgid=, proto=SMTP, daemon=MTA, relay=[2.2.2.2] Jun 2 16:00:53 smtp sendmail[21520]: h52K0r5f021520: to=, delay=00:00:00, mailer=relay, pri=30430, stat=queued Jun 2 16:00:54 smtp MailScanner[20490]: Saved entire message to /var/spool/MailScanner/quarantine/20030602/h52K0r5f021520 Jun 2 16:00:54 smtp MailScanner[20490]: Saved infected "REPAIR.EXE" to /var/spool/MailScanner/quarantine/20030602/h52K0r5f021520 Jun 2 16:01:38 smtp sendmail[21721]: h52K0r5f021520: to=, delay=00:00:45, xdelay=00:00:00, mailer=relay, pri=120430, relay=[1.1.1.2] [1.1.1.2], dsn=2.0.0, stat=Sent (h52K1c830645 Message accepted for delivery) Andrew Magnusson Internet Product Analyst COCC 1-877-678-0444 extension 640 *** This message originates from COCC, Inc. If the reader of this message, regardless of the address or routing, is not an intended recipient, you are hereby notified that you have received this transmittal in error and any review; use, distribution, dissemination or copying is strictly prohibited. If you have received this message in error, please delete this e-mail and all files transmitted with it from your system and immediately notify COCC, Inc. by sending reply e-mail to the sender of this message. Thank you. *** From mikea at MIKEA.ATH.CX Mon Jun 2 22:00:58 2003 From: mikea at MIKEA.ATH.CX (mikea) Date: Thu Jan 12 21:18:21 2006 Subject: SpamAssassin timed out and was killed... box too slow? In-Reply-To: <001BD19C96E6E64E8750D72C2EA0ECEE1AE088@ati-ex-01.ati.local>; from cparker@SWATGEAR.COM on Mon, Jun 02, 2003 at 01:53:03PM -0700 References: <001BD19C96E6E64E8750D72C2EA0ECEE1AE088@ati-ex-01.ati.local> Message-ID: <20030602160058.A35731@mikea.ath.cx> On Mon, Jun 02, 2003 at 01:53:03PM -0700, Chris W. Parker wrote: > Kevin Spicer wrote: > > > > Actually I've got RBL checking turned off and my SA timeout is > > > already set at 60s. > > > > > Any other ideas? > > > > Well, IIRC SA does some lookups anyway (even with rbls turned off), > > not to mention any of the razor, pyzor, dcc checks you may or may not > > be using. Anyway its nothing to worry about if its just the > > occasional message. > > I would agree except that I think it happens more than occasionally. Let me ask this question, even though it seems to time out frequently the consecutive failure count usually doesn't go past one. Here is an example, a few lines from my log. (i modified each line to try and shorten it as much as I could.) (These are all from today.) > > Jun 2 12:23:03 MS[nn]: SA timed out and was killed, consecutive failure 1 of 20 > Jun 2 12:23:36 MS[nn]: SA timed out and was killed, consecutive failure 1 of 20 > Jun 2 12:46:38 MS[nn]: SA timed out and was killed, consecutive failure 1 of 20 > Jun 2 12:48:21 MS[nn]: SA timed out and was killed, consecutive failure 1 of 20 > Jun 2 13:16:31 MS[nn]: SA timed out and was killed, consecutive failure 1 of 20 > Jun 2 13:16:36 MS[nn]: SA timed out and was killed, consecutive failure 1 of 20 > Jun 2 13:16:36 MS[nn]: SA timed out and was killed, consecutive failure 1 of 20 > Jun 2 13:27:05 MS[nn]: SA timed out and was killed, consecutive failure 1 of 20 > Jun 2 13:29:03 MS[nn]: SA timed out and was killed, consecutive failure 2 of 20 > Jun 2 13:33:22 MS[nn]: SA timed out and was killed, consecutive failure 2 of 20 > Jun 2 13:35:12 MS[nn]: SA timed out and was killed, consecutive failure 2 of 20 > Jun 2 13:42:31 MS[nn]: SA timed out and was killed, consecutive failure 3 of 20 > > Does the consecutive failure count get reset every few minutes or something? Otherwise I don't understand why the number stays at 1 so much. It looks like it is well on it's way to 20 but the last timeout only shows 3. > > It seems to me that if the count went to 20 all the time it would indicate that the box is indeed too slow. The [nn] is the process ID for the process that is timing out. Every time MS starts a new MS process, the timer restarts. It would be nice if you would wrap your lines somewhere around 65 to 75 characters, possibly excepting quoted or copied lines such as maillog entries, so that they don't wind up looking like this, because not everyone can read terribly long lines with the same degree of ease, and indeed some people can't read them at all. OK? Thanks. -- Mike Andrews mikea@mikea.ath.cx Tired old sysadmin since 1964 From mailscanner at ecs.soton.ac.uk Mon Jun 2 22:00:41 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:21 2006 Subject: SpamAssassin timed out and was killed... box too slow? In-Reply-To: <001BD19C96E6E64E8750D72C2EA0ECEE1AE088@ati-ex-01.ati.local > Message-ID: <5.2.1.1.2.20030602220000.041548b8@imap.ecs.soton.ac.uk> At 21:53 02/06/2003, you wrote: >Kevin Spicer wrote: > > > > Actually I've got RBL checking turned off and my SA timeout is > > > already set at 60s. > > > > > Any other ideas? > > > > Well, IIRC SA does some lookups anyway (even with rbls turned off), > > not to mention any of the razor, pyzor, dcc checks you may or may not > > be using. Anyway its nothing to worry about if its just the > > occasional message. > >I would agree except that I think it happens more than occasionally. Let >me ask this question, even though it seems to time out frequently the >consecutive failure count usually doesn't go past one. Here is an example, >a few lines from my log. (i modified each line to try and shorten it as >much as I could.) (These are all from today.) > >Jun 2 12:23:03 MS[nn]: SA timed out and was killed, consecutive failure 1 >of 20 >Jun 2 12:23:36 MS[nn]: SA timed out and was killed, consecutive failure 1 >of 20 >Jun 2 12:46:38 MS[nn]: SA timed out and was killed, consecutive failure 1 >of 20 >Jun 2 12:48:21 MS[nn]: SA timed out and was killed, consecutive failure 1 >of 20 >Jun 2 13:16:31 MS[nn]: SA timed out and was killed, consecutive failure 1 >of 20 >Jun 2 13:16:36 MS[nn]: SA timed out and was killed, consecutive failure 1 >of 20 >Jun 2 13:16:36 MS[nn]: SA timed out and was killed, consecutive failure 1 >of 20 >Jun 2 13:27:05 MS[nn]: SA timed out and was killed, consecutive failure 1 >of 20 >Jun 2 13:29:03 MS[nn]: SA timed out and was killed, consecutive failure 2 >of 20 >Jun 2 13:33:22 MS[nn]: SA timed out and was killed, consecutive failure 2 >of 20 >Jun 2 13:35:12 MS[nn]: SA timed out and was killed, consecutive failure 2 >of 20 >Jun 2 13:42:31 MS[nn]: SA timed out and was killed, consecutive failure 3 >of 20 > >Does the consecutive failure count get reset every few minutes or >something? Otherwise I don't understand why the number stays at 1 so much. >It looks like it is well on it's way to 20 but the last timeout only shows 3. > >It seems to me that if the count went to 20 all the time it would indicate >that the box is indeed too slow. Was the value of "nn" always the same? If not, then it is all different independent MailScanner processes timing out. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Mon Jun 2 22:05:52 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:21 2006 Subject: MailScanner delivering blocked attachments? In-Reply-To: Message-ID: <5.2.1.1.2.20030602220529.0418ce48@imap.ecs.soton.ac.uk> Has anyone else seen this happening? At 21:59 02/06/2003, you wrote: >We've got two email gateways, both running MailScanner 4.20-3. This >afternoon we had a strange occurrence: an .exe (banned attachment) was >tagged by the outside gateway as banned, yet still delivered to the inside >gateway with the attachment intact. (See log snippets.) THEN, as this user >is apparently nonexistent, the bounce message, with attachment intact, >passed back through the internal gateway! This time, however, the attachment >was stripped. > >Any idea why this might have happened? Never seen this before; all other >EXEs and other banned filetypes have been dropped with no problem. > >External gateway ("1.1.1.2"): > >Jun 2 15:58:30 external-smtp sendmail[29916]: h52JwT829916: >from=, size=10272, class=0, nrcpts=1, >msgid=<4F043329520A7A4D997C792418D9E552010991CC@osgood.yyy.com>, proto=SMTP, >daemon=MTA, relay=mail.yyy.com [000.000.000.000] >Jun 2 15:58:30 external-smtp sendmail[29916]: h52JwT829916: >to=, delay=00:00:01, mailer=esmtp, pri=40272, stat=queued >Jun 2 15:58:33 external-smtp MailScanner[18247]: Saved entire message to >/var/spool/MailScanner/quarantine/20030602/h52JwT829916 >Jun 2 15:58:33 external-smtp MailScanner[18247]: Saved infected >"REPAIR.EXE" to /var/spool/MailScanner/quarantine/20030602/h52JwT829916 >Jun 2 15:59:33 external-smtp sendmail[29990]: h52JwT829916: >to=, delay=00:01:04, xdelay=00:00:00, mailer=esmtp, pri=130272, >relay=[1.1.1.1] [1.1.1.1], dsn=2.0.0, stat=Sent (h52JxX5j021222 Message >accepted for delivery) > >Internal gateway ("1.1.1.1"): > >Jun 2 15:59:33 smtp sendmail[21222]: h52JxX5j021222: from=, >size=1977, class=0, nrcpts=1, >msgid=<4F043329520A7A4D997C792418D9E552010991CC@osgood.yyy.com>, >proto=ESMTP, daemon=MTA, relay=external-smtp.cocci.com [1.1.1.2] >Jun 2 15:59:33 smtp sendmail[21222]: h52JxX5j021222: to=, >delay=00:00:00, mailer=esmtp, pri=31029, stat=queued >Jun 2 15:59:35 smtp MailScanner[21082]: Saved entire message to >/var/spool/MailScanner/quarantine/20030602/h52JxX5j021222 >Jun 2 15:59:35 smtp MailScanner[21082]: Saved infected "REPAIR.EXE" to >/var/spool/MailScanner/quarantine/20030602/h52JxX5j021222 >Jun 2 16:00:52 smtp sendmail[21488]: h52JxX5j021222: to=, >delay=00:01:19, xdelay=00:00:00, mailer=esmtp, pri=121029, relay=[2.2.2.2] >[2.2.2.2], dsn=2.0.0, stat=Sent (Ok) > >Then, on the internal: > >Jun 2 16:00:53 smtp sendmail[21520]: h52K0r5f021520: from=<>, size=2793, >class=0, nrcpts=1, msgid=, proto=SMTP, >daemon=MTA, relay=[2.2.2.2] >Jun 2 16:00:53 smtp sendmail[21520]: h52K0r5f021520: to=, >delay=00:00:00, mailer=relay, pri=30430, stat=queued >Jun 2 16:00:54 smtp MailScanner[20490]: Saved entire message to >/var/spool/MailScanner/quarantine/20030602/h52K0r5f021520 >Jun 2 16:00:54 smtp MailScanner[20490]: Saved infected "REPAIR.EXE" to >/var/spool/MailScanner/quarantine/20030602/h52K0r5f021520 >Jun 2 16:01:38 smtp sendmail[21721]: h52K0r5f021520: to=, >delay=00:00:45, xdelay=00:00:00, mailer=relay, pri=120430, relay=[1.1.1.2] >[1.1.1.2], dsn=2.0.0, stat=Sent (h52K1c830645 Message accepted for delivery) > >Andrew Magnusson >Internet Product Analyst >COCC >1-877-678-0444 extension 640 > > > >*** This message originates from COCC, Inc. > >If the reader of this message, regardless of the address or routing, is >not an intended recipient, you are hereby notified that you have received >this transmittal in error and any review; use, distribution, dissemination >or copying is strictly prohibited. If you have received this message in >error, please delete this e-mail and all files transmitted with it from >your system and immediately notify COCC, Inc. by sending reply e-mail to >the sender of this message. > >Thank you. *** -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From tim-lists at BISHNET.NET Mon Jun 2 22:20:29 2003 From: tim-lists at BISHNET.NET (Tim Bishop) Date: Thu Jan 12 21:18:21 2006 Subject: Exim+MailScanner - not always queuing mail on "in" side In-Reply-To: <871xyckyo4.fsf@grignard.amagerkollegiet.dk> References: <20030602150159.GB13592@carrick.bishnet.net> <871xyckyo4.fsf@grignard.amagerkollegiet.dk> Message-ID: <20030602212029.GA17784@carrick.bishnet.net> On Mon, Jun 02, 2003 at 10:32:59PM +0200, Rasmus B?g Hansen wrote: > Tim Bishop writes: > > > I did have a retry file in the exim.in/db directory - which was > > causing the bouncing. However, I think I know how this got there. > > > > Cron on FreeBSD runs sendmail (well, exim) with the -odi flag, which > > causes a second exim process to attempt delivery - even with the > > queue_only option switched on. Turning off this flag seems to have > > gone part way to fixing this... but it's still not entirely happy. > > How do you turn off -odi? It seems that one must recompile cron to do > this - but of course, cron on Debian Linux may be different... That's what I did - it was slightly annoying to had to do so. I changed MAILARGS in: /usr/src/usr.sbin/cron/cron/config.h Hardly ideal - but it does at least work. This sort of thing really should be configurable at runtime. Tim. -- Tim Bishop http://www.bishnet.net/tim PGP Key: 0x5AE7D984 From tim-lists at BISHNET.NET Mon Jun 2 22:24:58 2003 From: tim-lists at BISHNET.NET (Tim Bishop) Date: Thu Jan 12 21:18:21 2006 Subject: SpamAssassin timed out and was killed... box too slow? In-Reply-To: <20030602160058.A35731@mikea.ath.cx> References: <001BD19C96E6E64E8750D72C2EA0ECEE1AE088@ati-ex-01.ati.local> <20030602160058.A35731@mikea.ath.cx> Message-ID: <20030602212458.GB17784@carrick.bishnet.net> On Mon, Jun 02, 2003 at 04:00:58PM -0500, mikea wrote: > > It would be nice if you would wrap your lines somewhere around 65 > to 75 characters, possibly excepting quoted or copied lines such > as maillog entries, so that they don't wind up looking like this, > because not everyone can read terribly long lines with the same > degree of ease, and indeed some people can't read them at all. OK? > Thanks. I'd say nearer 75 to 80 characters (fits my terminal then :-). However, when it comes to pasting log lines, etc, it's often easier to read when it is on one line. Any sensible mail client will line wrap to something the user has defined (even if it's just the size of the window). Tim. -- Tim Bishop http://www.bishnet.net/tim PGP Key: 0x5AE7D984 From newsletters at PCSITES.COM Tue Jun 3 05:37:15 2003 From: newsletters at PCSITES.COM (Richard Ahlquist) Date: Thu Jan 12 21:18:21 2006 Subject: MS-SA Individual User Prefs? Message-ID: Is it possible to use individual spamassassin settings files for each user when calling it from MailScanner? I currently have my system setup running MS and SA(spamd) seperately and SA for only one of my email accounts(gets about 400 spams a day). Not everyone wants SA but I want to be able to see some decent stats. I'd like to just turn on SA in MS and disable SA for those users who dont want it. Any suggestions? From tim-lists at BISHNET.NET Tue Jun 3 08:25:30 2003 From: tim-lists at BISHNET.NET (Tim Bishop) Date: Thu Jan 12 21:18:21 2006 Subject: Exim+MailScanner - not always queuing mail on "in" side In-Reply-To: <20030602150159.GB13592@carrick.bishnet.net> References: <20030602150159.GB13592@carrick.bishnet.net> Message-ID: <20030603072530.GH17784@carrick.bishnet.net> On Mon, Jun 02, 2003 at 04:01:59PM +0100, Tim Bishop wrote: > On Mon, Jun 02, 2003 at 02:01:07PM +0100, Tony Finch wrote: > > Tim Bishop wrote: > > > > >The problem is that occasionally (but not always) locally generated > > >messages such as cron output don't get deferred by the incoming exim. > > >From my understanding of Exim it seems that it's ignored the queue_only, > > >then tried to defer it. Then, for some reason, it's decided to fail > > >the message. > > > > This is probably because the hints database for the incoming exim says > > that addresses have been failing for such a long time that they bounce > > immediately. You need to check that the spool directory configurations > > for the incoming and outgoing exims are correct and that they are being > > run with the correct commands, and check that /var/spool/exim_incoming/db > > is empty (as it should be if the queue_only option is working). > > I did have a retry file in the exim.in/db directory - which was > causing the bouncing. However, I think I know how this got there. And this morning it has magically returned. :/ I suppose a cron job could deal with this, but I'd prefer a tidier solution really. Tim. -- Tim Bishop http://www.bishnet.net/tim PGP Key: 0x5AE7D984 From tim-lists at BISHNET.NET Tue Jun 3 08:42:04 2003 From: tim-lists at BISHNET.NET (Tim Bishop) Date: Thu Jan 12 21:18:21 2006 Subject: MS and sa-learn Message-ID: <20030603074204.GI17784@carrick.bishnet.net> How do people use sa-learn with mailscanner? In my setup the bayesian files are in /var/spool/MailScanner somewhere, and not writeable by normal users. So I can't easily have users run sa-learn. Any thoughts? Tim. -- Tim Bishop http://www.bishnet.net/tim PGP Key: 0x5AE7D984 From moffelist at AMAGERKOLLEGIET.DK Tue Jun 3 09:08:37 2003 From: moffelist at AMAGERKOLLEGIET.DK (=?iso-8859-1?q?Rasmus_B=F8g_Hansen?=) Date: Thu Jan 12 21:18:21 2006 Subject: Exim+MailScanner - not always queuing mail on "in" side In-Reply-To: <20030603072530.GH17784@carrick.bishnet.net> (Tim Bishop's message of "Tue, 3 Jun 2003 08:25:30 +0100") References: <20030602150159.GB13592@carrick.bishnet.net> <20030603072530.GH17784@carrick.bishnet.net> Message-ID: <87el2bwpkq.fsf@grignard.amagerkollegiet.dk> Tim Bishop writes: >> I did have a retry file in the exim.in/db directory - which was >> causing the bouncing. However, I think I know how this got there. > > And this morning it has magically returned. :/ Mine did too. However there are no addresses in the files. > I suppose a cron job could deal with this, but I'd prefer a tidier > solution really. As per the mailscanner instructions, I have "exim_tidydb /var/spool/exim_incoming retry >/dev/null" in cron.daily. Running these jobs manually make the files appear. Can they safely be omitted from cron.daily? They do not seem to make any sense to me, as there should be no database in the incoming queue to tidy up... /Rasmus -- -- [ Rasmus "M?ffe" B?g Hansen ] --------------------------------------- Life is that property, which a being will lose as a result of falling out of a cold and mysterious cave 30 miles above ground level. - HitchHikers Guide to the Galaxy, Douglas Adams ----------------------------------[ moffe at amagerkollegiet dot dk ] -- From moffelist at AMAGERKOLLEGIET.DK Tue Jun 3 09:16:50 2003 From: moffelist at AMAGERKOLLEGIET.DK (=?iso-8859-1?q?Rasmus_B=F8g_Hansen?=) Date: Thu Jan 12 21:18:21 2006 Subject: MS and sa-learn In-Reply-To: <20030603074204.GI17784@carrick.bishnet.net> (Tim Bishop's message of "Tue, 3 Jun 2003 08:42:04 +0100") References: <20030603074204.GI17784@carrick.bishnet.net> Message-ID: <87adczwp71.fsf@grignard.amagerkollegiet.dk> Tim Bishop writes: > How do people use sa-learn with mailscanner? In my setup the bayesian > files are in /var/spool/MailScanner somewhere, and not writeable by > normal users. So I can't easily have users run sa-learn. > > Any thoughts? I run sa-learn on quarantined messages, which are clearly spam. Just a few days ago, I took all read mailboxes and ran them through sa-learn as ham - however this is a place with only few people, so it was pretty easy to have them agree doing so. /Rasmus -- -- [ Rasmus "M?ffe" B?g Hansen ] --------------------------------------- [...]but more than 5,000 known bugs from Windows 95 still exist in Windows 98, because Microsoft views bug fixes as unprofitable. -- osdata.com ----------------------------------[ moffe at amagerkollegiet dot dk ] -- From mailscanner at ecs.soton.ac.uk Tue Jun 3 08:34:32 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:21 2006 Subject: MS-SA Individual User Prefs? In-Reply-To: Message-ID: <5.2.0.9.2.20030603083328.042933a8@imap.ecs.soton.ac.uk> At 05:37 03/06/2003, you wrote: >Is it possible to use individual spamassassin settings files for each user >when calling it from MailScanner? I currently have my system setup running >MS and SA(spamd) seperately and SA for only one of my email accounts(gets >about 400 spams a day). Not everyone wants SA but I want to be able to see >some decent stats. > >I'd like to just turn on SA in MS and disable SA for those users who dont >want it. > >Any suggestions? Take a look at "rulesets". These will do just what you need. See /etc/MailScanner/rules. Also, if you want to read the settings from a database or something like that, see the "Custom Functions" in /usr/lib/MailScanner/MailScanner/CustomConfig.pm. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From dot at DOTAT.AT Tue Jun 3 10:01:37 2003 From: dot at DOTAT.AT (Tony Finch) Date: Thu Jan 12 21:18:21 2006 Subject: Exim+MailScanner - not always queuing mail on "in" side In-Reply-To: References: <20030602150159.GB13592@carrick.bishnet.net> <20030603072530.GH17784@carrick.bishnet.net> <20030603072530.GH17784@carrick.bishnet.net> Message-ID: =?iso-8859-1?q?Rasmus_B=F8g_Hansen?= wrote: > >As per the mailscanner instructions, I have=20 >"exim_tidydb /var/spool/exim_incoming retry >/dev/null" in >cron.daily. Running these jobs manually make the files appear. Can >they safely be omitted from cron.daily? They do not seem to make any >sense to me, as there should be no database in the incoming queue to >tidy up... Yes. I think I left that in my revised Exim installation guide for reasons of safety, but experience seems to have shown that it hides a problem... Tony. -- f.a.n.finch http://dotat.at/ ARDNAMURCHAN POINT TO CAPE WRATH INCLUDING THE OUTER HEBRIDES: SOUTHEAST TO SOUTH 4 OR 5 GRADUALLY VEERING SOUTH TO SOUTHWEST 4 OR 5 LOCALLY 6 WEATHER: RATHER CLOUDY, OCCASIONAL SHOWERS, CLOUDY WITH RAIN LATER. GOOD FALLING MODERATE IN SHOWERS OR RAIN. MODERATE LATER MODERATE TO ROUGH. From dot at DOTAT.AT Tue Jun 3 10:03:17 2003 From: dot at DOTAT.AT (Tony Finch) Date: Thu Jan 12 21:18:21 2006 Subject: MS-SA Individual User Prefs? In-Reply-To: Message-ID: Richard Ahlquist wrote: > >Is it possible to use individual spamassassin settings files for each user >when calling it from MailScanner? No. >I'd like to just turn on SA in MS and disable SA for those users who dont >want it. Use a MailScanner ruleset. Tony. -- f.a.n.finch http://dotat.at/ COLWYN BAY TO THE MULL OF GALLOWAY INCLUDING THE ISLE OF MAN: SOUTHEAST 3 OR 4 INCREASING 5 OR 6, LOCALLY 7 LATER VEERING SOUTH 4 OR 5 THEN BACKING SOUTHEAST 3 OR 4. FAIR AT FIRST, RAIN OR SHOWERS FOR A TIME, FAIR AGAIN BY EVENING. GOOD BECOMING MODERATE FOR A TIME. SLIGHT TO MODERATE, LOCALLY MODERATE TO ROUGH. From nejc.skoberne at guest.arnes.si Tue Jun 3 10:26:13 2003 From: nejc.skoberne at guest.arnes.si (Nejc Skoberne) Date: Thu Jan 12 21:18:21 2006 Subject: MS-SA Individual User Prefs? In-Reply-To: <5.2.0.9.2.20030603083328.042933a8@imap.ecs.soton.ac.uk> References: <5.2.0.9.2.20030603083328.042933a8@imap.ecs.soton.ac.uk> Message-ID: <1339754712.20030603112613@guest.arnes.si> Zdravo. V=PI*r^2*l = 0.000000015 m^3 m=V*ro=0.000000015m^3*7800kg/m^3=0.000117kg =~ 0.117g =~ 0.12g. -- Nejc Skoberne Grajska ulica 5 SI-5220 Tolmin E-mail: nejc.skoberne@guest.arnes.si From dean.plant at ROKE.CO.UK Tue Jun 3 10:54:30 2003 From: dean.plant at ROKE.CO.UK (Plant, Dean) Date: Thu Jan 12 21:18:21 2006 Subject: Disclaimer problem Message-ID: <76C92FBBFB58D411AE760090271ED41805B33A3F@rsys002a.roke.co.uk> Julian, I still find that mail goes through unsigned with version 4.21-9 when there is no body text and an attachment. The only exception is if the attachment is a text file. Is there anything I may have setup incorrectly. Thanks Dean Plant. -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: 30 May 2003 09:32 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Disclaimer problem At 08:39 30/05/2003, you wrote: >Hello, > >I am currently evaluating MailScanner and have come across a small problem >regarding signing of mail. I have added a disclaimer to all out going mail >using a ruleset but have noticed that any mail that has an attachment but >does not have any body text does not get signed. All other mail is signed >correctly. > >I have upgraded to the latest version and started with an new >MailScanner.conf but the problem persists. > >I am using Redhat8/Sendmail/F-prot. > >Does anyone have any idea's as to what I may be doing wrong. > >Thanks in advance. > >Dean Plant Try applying this patch to /usr/lib/MailScanner/MailScanner/Message.pm. Read the man page for the "patch" command if you don't know how to drive it, saves you doing it by hand :) It appears to work okay for me, and will be in the next stable release (due this weekend). --- Message.pm 2003-05-30 09:09:21.000000000 +0100 +++ Message.pm.new2 2003-05-30 09:24:43.000000000 +0100 @@ -1447,6 +1447,7 @@ # If multipart, try to sign our first part if ($top->is_multipart) { + my $sigcounter = 0; # JKF Signed and encrypted multiparts must not be touched. # JKF Instead put the sig in the epilogue. Breaks the RFC # JKF but in a harmless way. @@ -1456,18 +1457,33 @@ @signature = map { "$_\n" } split(/\n/, $signature); unshift @signature, "\n"; $top->epilogue(\@signature); - return; + return 1; } - $this->SignCleanEntity($top->parts(0)); - $this->SignCleanEntity($top->parts(1)) + $sigcounter += $this->SignCleanEntity($top->parts(0)); + $sigcounter += $this->SignCleanEntity($top->parts(1)) if $top->head and $top->effective_type =~ /multipart\/alternative/i; - return; + + if ($sigcounter == 0) { + # If we haven't signed anything by now, it must be a multipart + # message containing only things we can't sign. So add a text/plain + # section on the front and sign that. + my $text = $this->ReadVirusWarning('inlinetextsig') . "\n\n"; + my $newpart = build MIME::Entity + Type => 'text/plain', + Disposition => 'inline', + Data => $text, + Encoding => 'quoted-printable', + Top => 0; + $top->add_part($newpart, 0); + $sigcounter = 1; + } + return $sigcounter; } $MimeType = $top->head->mime_type if $top->head; - return unless $MimeType =~ m{text/}i; # Won't sign non-text message. + return 0 unless $MimeType =~ m{text/}i; # Won't sign non-text message. # Won't sign attachments. - return if $top->head->mime_attr('content-disposition') =~ /attachment/i; + return 0 if $top->head->mime_attr('content-disposition') =~ /attachment/i; # Get body data as array of newline-terminated lines $top->bodyhandle or return undef; @@ -1489,6 +1505,9 @@ $io->print("\n$signature\n"); } $io->close; + + # We signed something + return 1; } -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support -------------- next part -------------- Registered Office: Roke Manor Research Ltd, Siemens House, Oldbury, Bracknell, Berkshire. RG12 8FZ The information contained in this e-mail and any attachments is confidential to Roke Manor Research Ltd and must not be passed to any third party without permission. This communication is for information only and shall not create or change any contractual relationship. From mailscanner at ecs.soton.ac.uk Tue Jun 3 11:13:23 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:21 2006 Subject: MS and sa-learn In-Reply-To: <20030603074204.GI17784@carrick.bishnet.net> Message-ID: <5.2.0.9.2.20030603111100.07575930@imap.ecs.soton.ac.uk> At 08:42 03/06/2003, you wrote: >How do people use sa-learn with mailscanner? In my setup the bayesian >files are in /var/spool/MailScanner somewhere, and not writeable by >normal users. So I can't easily have users run sa-learn. > >Any thoughts? Create a "spam" and a "notspam" email address, and have people bounce/redirect (you can't do it in Outlook) wrongly tagged mail into them. Then have a cron job which picks up the mailboxes and runs them through sa-learn. I have published a script to do this on this list several times already and can't be bothered to do it again :-) -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From raymond at PROLOCATION.NET Tue Jun 3 10:48:12 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:21 2006 Subject: Safe to upgrade SpamAssassin? In-Reply-To: <200306030358500848.00B35541@smtp1.ace.net.au> Message-ID: Hi! > I used the source RPM and it has worked just fine on both RH7.3 and RH9 To avoid trouble, dont use them. There are various weird quircs reported. If it works for ou, fine, but i'd rather use the CPAN version. Bye, Raymond. From raymond at PROLOCATION.NET Tue Jun 3 10:49:16 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:21 2006 Subject: Safe to upgrade SpamAssassin? In-Reply-To: <001BD19C96E6E64E8750D72C2EA0ECEE2B7BC9@ati-ex-01.ati.local> Message-ID: Hi! > > I'll give it a shot and let everyone know how it goes. > > The CPAN thing didn't work. It continuously timed out when trying to > connect to ftp.cpan.org. So I tried rebuilding the source rpm, that > didn't work either*. Then I just downloaded the i386.rpm and installed > that. As far as I know it's installed and working. How can I verify what > version of SA is being used? You can configure CPAN, so it uses a different server. spamassassin -V will report the version Bye, Raymond. From newsletters at PCSITES.COM Tue Jun 3 12:35:15 2003 From: newsletters at PCSITES.COM (Richard Ahlquist) Date: Thu Jan 12 21:18:21 2006 Subject: MS-SA Individual User Prefs? Message-ID: On Tue, 3 Jun 2003 08:34:32 +0100, Julian Field wrote: >At 05:37 03/06/2003, you wrote: >>Is it possible to use individual spamassassin settings files for each user >>when calling it from MailScanner? I currently have my system setup running >>MS and SA(spamd) seperately and SA for only one of my email accounts(gets >>about 400 spams a day). Not everyone wants SA but I want to be able to see >>some decent stats. >> >>I'd like to just turn on SA in MS and disable SA for those users who dont >>want it. >> >>Any suggestions? > >Take a look at "rulesets". These will do just what you need. See >/etc/MailScanner/rules. > >Also, if you want to read the settings from a database or something like >that, see the "Custom Functions" in >/usr/lib/MailScanner/MailScanner/CustomConfig.pm. >-- >Julian Field >www.MailScanner.info >MailScanner thanks transtec Computers for their support Ok, so if I am reading this right I would probably want something like; in MailScanner.conf Use SpamAssassin = /etc/MailScanner/rules/spamassassin.use.rules and in the spamassassin.use.rules file To: myspamaccount@mydomain.com yes Is that correct? From maxsec at TOTALISE.CO.UK Tue Jun 3 12:58:47 2003 From: maxsec at TOTALISE.CO.UK (Martin Hepworth) Date: Thu Jan 12 21:18:21 2006 Subject: MIME::Pasrser errors.. In-Reply-To: <3ED9149B.5010207@totalise.co.uk> References: <5.2.0.9.2.20030528160133.042fd540@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030528160133.042fd540@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030528193245.025141a0@imap.ecs.soton.ac.uk> <3ED9149B.5010207@totalise.co.uk> Message-ID: <3EDC8D77.7060508@totalise.co.uk> Julian Ok back on this task now (had to install a web based email system yesterday).. So done a little googling and it seems the IO:File might be a little more picky about spaces in BSD than Linux. I've got no idea how Mailscanner does its stuff from the Miailscanner script as I'm 1) crap^Winexperienced at perl 2) not found a good reason to learn perl yet:-) So where abouts does'/opt/Mailscanner/bin/Mailscanner' do the actual scanning, I can see it damonising itself and creating children etc but I stuffed if i can figure out where it's creating tmp files, calling RBL's etc.... -- martin Martin Hepworth wrote: > Ohh deep joy > > I'll see if I can get any head way from the London perl mongers...So > much for portability with Perl then :-( > > -- > Martin > > Julian Field wrote: > >> I'm seeing exactly the same behaviour on a BSD box with Perl 5.8.0 on it. >> It claims to have the latest IO::File as well, but even running as >> root.wheel it still produces the same error you are getting. >> >> I can't see the problem. I didn't really want to have to dig into the >> innards of IO::File :-( >> >> If you find a cure, please let me know! >> >> At 16:14 28/05/2003, you wrote: >> >>> Julian >>> >>> well I tried with Run As User = root and group = wheel and it still >>> complains. What's the second most commons reason :-) >>> >>> Right now I'm upping to Perl 5.8 from 5.6.1 and will see if that makes >>> any difference.. >>> >>> -- >>> martin >>> >>> Julian Field wrote: >>> >>>> These usually turn out to be incorrect permissions problems. >>>> If there was a single reason which caused this to happen, I would >>>> re-write >>>> the error message, but I have yet to find 1 cause of it. >>>> Check your configuration and permissions *very* carefully. >>>> >>>> At 15:18 28/05/2003, you wrote: >>>> >>>>> Hi all >>>>> >>>>> well back again after a break of a couple of years... >>>>> >>>>> OK I'm trying to install MS 4.20 from the freeBSD port recently >>>>> announced on the mailing list. This is on a freeBSD 5.0 box and after >>>>> tweeking with postfix etc i've to the stage where MS is seeing the >>>>> inbound traffic trying to deal with. However I'm getting the following >>>>> errors.... >>>>> >>>>> >>>>> May 28 15:12:45 soloman MailScanner[97693]: MailScanner E-Mail Virus >>>>> Scanner version 4.20-3 starting... >>>>> May 28 15:12:45 soloman MailScanner[97693]: Using locktype = flock >>>>> May 28 15:12:45 soloman MailScanner[97693]: New Batch: Scanning 4 >>>>> messages, 4826 bytes >>>>> May 28 15:12:46 soloman MailScanner[97693]: Cannot parse >>>>> /var/spool/MailScanner/incoming/97693/19DC0175D45.header and , >>>>> MIME::Parser: can't open tmpfile: Invalid argument >>>>> May 28 15:12:46 soloman MailScanner[97693]: Cannot parse >>>>> /var/spool/MailScanner/incoming/97693/0BFE2175D70.header and , >>>>> MIME::Parser: can't open tmpfile: Invalid argument >>>>> May 28 15:12:46 soloman MailScanner[97693]: Cannot parse >>>>> /var/spool/MailScanner/incoming/97693/AFFFF175D4E.header and , >>>>> MIME::Parser: can't open tmpfile: Invalid argument >>>>> May 28 15:12:46 soloman MailScanner[97693]: Cannot parse >>>>> /var/spool/MailScanner/incoming/97693/24B0E175D3B.header and , >>>>> MIME::Parser: can't open tmpfile: Invalid argument >>>>> >>>>> >>>>> I saw that someone else got the same errors with fBSD 5.0 back in >>>>> march, >>>>> but I couldn't a solution to it.. >>>>> >>>>> Any idea how is was solved - assuming it was.. >>>>> >>>>> -- >>>>> martin >>>>> (at home) >>>> >>>> >>>> >>>> >>>> -- >>>> Julian Field >>>> www.MailScanner.info >>>> MailScanner thanks transtec Computers for their support >> >> >> >> -- >> Julian Field >> www.MailScanner.info >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support From j.figueira at mail.pt Tue Jun 3 13:00:53 2003 From: j.figueira at mail.pt (J. Figueira) Date: Thu Jan 12 21:18:21 2006 Subject: Huge delay delivering mail Message-ID: <200306031201.h53C10S22931@ori.rl.ac.uk> Hello, I've installed mailscanner some time ago, (and I am quite happy with it ;) ). The problem is that it takes too long between receiving the mail message and delivering it to the recipient. At first I thought it could be the batch mode. I configured it to scan all the messages at the moment they arrive. It still takes a lot of time to deliver... any tips or ideas? thank you jfigueira -- Adira já ao Net Dialup Light. Acesso profissional gratuito. NovisNet, a Internet de quem trabalha. http://www.novisnet.pt From mailscanner at ecs.soton.ac.uk Tue Jun 3 13:57:20 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:21 2006 Subject: MS-SA Individual User Prefs? In-Reply-To: Message-ID: <5.2.0.9.2.20030603135638.0430f760@imap.ecs.soton.ac.uk> At 12:35 03/06/2003, you wrote: >On Tue, 3 Jun 2003 08:34:32 +0100, Julian Field > wrote: > > >At 05:37 03/06/2003, you wrote: > >>Is it possible to use individual spamassassin settings files for each user > >>when calling it from MailScanner? I currently have my system setup running > >>MS and SA(spamd) seperately and SA for only one of my email accounts(gets > >>about 400 spams a day). Not everyone wants SA but I want to be able to see > >>some decent stats. > >> > >>I'd like to just turn on SA in MS and disable SA for those users who dont > >>want it. > >> > >>Any suggestions? > > > >Take a look at "rulesets". These will do just what you need. See > >/etc/MailScanner/rules. > > > >Also, if you want to read the settings from a database or something like > >that, see the "Custom Functions" in > >/usr/lib/MailScanner/MailScanner/CustomConfig.pm. > >-- > >Julian Field > >www.MailScanner.info > >MailScanner thanks transtec Computers for their support > >Ok, so if I am reading this right I would probably want something like; >in MailScanner.conf >Use SpamAssassin = /etc/MailScanner/rules/spamassassin.use.rules > >and in the spamassassin.use.rules file >To: myspamaccount@mydomain.com yes > >Is that correct? Yes. In addition, it is always a good idea to include the "default" setting as well, which in your case will probably be this: FromOrTo: default no -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Tue Jun 3 13:59:26 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:21 2006 Subject: Huge delay delivering mail In-Reply-To: <200306031201.h53C10S22931@ori.rl.ac.uk> Message-ID: <5.2.0.9.2.20030603135814.0785aaf8@imap.ecs.soton.ac.uk> At 13:00 03/06/2003, you wrote: >Hello, > >I've installed mailscanner some time ago, (and I am quite happy with it ;) >). The problem is that it takes too long between receiving the mail message >and delivering it to the recipient. > >At first I thought it could be the batch mode. I configured it to scan all >the messages at the moment they arrive. It still takes a lot of time to >deliver... > >any tips or ideas? Check the "Sendmail" and "Sendmail2" settings. Particularly if you aren't using sendmail as your MTA. If these are wrong, it can end up waiting until the next queue run happens before delivering your messages. On a lightly loaded system, the latency through MailScanner should be 1 or 2 seconds. Anything much longer than that is wrong. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From MWeiner at AG.COM Tue Jun 3 14:40:45 2003 From: MWeiner at AG.COM (MW Mike Weiner (5028)) Date: Thu Jan 12 21:18:21 2006 Subject: NDR delivery Message-ID: Julian - I have a somewhat silly question. OK, here is the scoop. I have a domain, bmarts.com that is going through the MailScanner box before being forwarded to an exchange server. That is all working beautifully. What I want to do is take all the truly non-deliverable email addresses (those that don't have real users behind it) and send those to /dev/null, while still delivering to the valid email addresses for that specific domain. Is this best done using the whitelist and blacklists?? Is there a cleaner way to do this? Thanks in advance Michael Weiner From derek at CSOLVE.NET Tue Jun 3 14:57:43 2003 From: derek at CSOLVE.NET (Derek Buttineau) Date: Thu Jan 12 21:18:21 2006 Subject: SQL Logging In-Reply-To: <5.2.1.1.2.20030530231151.03d0b5b0@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030530231151.03d0b5b0@imap.ecs.soton.ac.uk> Message-ID: <3EDCA957.3050709@csolve.net> Just an update on this, moved the included script from using IO::File to use File::Temp and now it's working fine and dandy. :) Still strange though, since I can use IO::File fine outside of the MailScanner environment on the same box. *shrug* Derek Julian Field wrote: > Are you running on BSD by any chance? > If so, there is a known problem with Perl up to and including 5.8.0 with > the IO::File module. If you download and try to build the IO::File > module, > you will find it won't compile :-( > > From mailscanner at ecs.soton.ac.uk Tue Jun 3 15:00:23 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:21 2006 Subject: NDR delivery In-Reply-To: Message-ID: <5.2.0.9.2.20030603144859.0786afa0@imap.ecs.soton.ac.uk> This is the job of the MTA, not MailScanner. If there aren't many users, you could knock up something with a Spam Actions ruleset and a Non Spam Actions ruleset (set the default to "delete" and create explicit "deliver" rules for the users who actually exist). At 14:40 03/06/2003, you wrote: >Julian - > >I have a somewhat silly question. OK, here is the scoop. I have a domain, >bmarts.com that is going through the MailScanner box before being forwarded >to an exchange server. That is all working beautifully. What I want to do is >take all the truly non-deliverable email addresses (those that don't have >real users behind it) and send those to /dev/null, while still delivering to >the valid email addresses for that specific domain. Is this best done using >the whitelist and blacklists?? Is there a cleaner way to do this? > >Thanks in advance >Michael Weiner -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From MWeiner at AG.COM Tue Jun 3 15:21:01 2003 From: MWeiner at AG.COM (MW Mike Weiner (5028)) Date: Thu Jan 12 21:18:21 2006 Subject: NDR delivery Message-ID: Can you possibly give me a hint or a place to start?? Meaning, where would I find the Nonspam/Spam Action ruleset?? Michael -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: Tuesday, June 03, 2003 10:00 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: NDR delivery This is the job of the MTA, not MailScanner. If there aren't many users, you could knock up something with a Spam Actions ruleset and a Non Spam Actions ruleset (set the default to "delete" and create explicit "deliver" rules for the users who actually exist). From zabriskw at ITECH.NET Tue Jun 3 15:21:28 2003 From: zabriskw at ITECH.NET (Kris Zabriskie) Date: Thu Jan 12 21:18:21 2006 Subject: MailScanner and SpamAssassin Message-ID: <000501c329db$6c701fd0$0c02a8c0@itech.dom> I am running MailScanner and SpamAssassin, and am VERY pleased with the results! All though, I have noticed a problem, which is probably something in my configuration. Every once and awhile some spam will come through with a rating of 19 or 21, which is well above the limit I have set at 5. If you look in the header it looks like this: X-Priority: 1 X-MSMail-Priority: High X-MailScanner-Information: Please contact the ISP for more information X-MailScanner: Found to be clean X-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (score=19.5, required 5, ALL_NATURAL, BANG_EXERCISE, BAYES_90, CLICK_BELOW_CAPS, DATE_IN_PAST_06_12, DRASTIC_REDUCED, FORGED_MUA_OUTLOOK, FROM_HAS_MIXED_NUMS, HTML_40_50, HTML_FONT_BIG, HTML_FONT_COLOR_BLUE, HTML_FONT_COLOR_RED, HTML_LINK_CLICK_CAPS, HTML_LINK_CLICK_HERE, MANY_EXCLAMATIONS, MIME_HTML_ONLY, MISSING_MIMEOLE, MLM, X_MSMAIL_PRIORITY_HIGH, X_PRIORITY_HIGH) Obviously it is getting through because it is whitelisted. I dont have these guys whitelisted anywhere though. Can someone please point me in the right direction? Any help, as always, will be GREATLY appreciated. Thanks! From mbowman at UDCOM.COM Tue Jun 3 15:22:02 2003 From: mbowman at UDCOM.COM (Matthew Bowman) Date: Thu Jan 12 21:18:21 2006 Subject: MailScanner and SpamAssassin Message-ID: If they are not in your MS whitelist are they in your SA autowhitelist db ? Matthew Kris Zabriskie Sent by: MailScanner mailing list 06/03/2003 10:21 AM Please respond to MailScanner mailing list To: MAILSCANNER@JISCMAIL.AC.UK cc: Subject: MailScanner and SpamAssassin I am running MailScanner and SpamAssassin, and am VERY pleased with the results! All though, I have noticed a problem, which is probably something in my configuration. Every once and awhile some spam will come through with a rating of 19 or 21, which is well above the limit I have set at 5. If you look in the header it looks like this: X-Priority: 1 X-MSMail-Priority: High X-MailScanner-Information: Please contact the ISP for more information X-MailScanner: Found to be clean X-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (score=19.5, required 5, ALL_NATURAL, BANG_EXERCISE, BAYES_90, CLICK_BELOW_CAPS, DATE_IN_PAST_06_12, DRASTIC_REDUCED, FORGED_MUA_OUTLOOK, FROM_HAS_MIXED_NUMS, HTML_40_50, HTML_FONT_BIG, HTML_FONT_COLOR_BLUE, HTML_FONT_COLOR_RED, HTML_LINK_CLICK_CAPS, HTML_LINK_CLICK_HERE, MANY_EXCLAMATIONS, MIME_HTML_ONLY, MISSING_MIMEOLE, MLM, X_MSMAIL_PRIORITY_HIGH, X_PRIORITY_HIGH) Obviously it is getting through because it is whitelisted. I dont have these guys whitelisted anywhere though. Can someone please point me in the right direction? Any help, as always, will be GREATLY appreciated. Thanks! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030603/0f43b8e6/attachment.html From dwinkler at ALGORITHMICS.COM Tue Jun 3 15:24:06 2003 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:18:21 2006 Subject: MailScanner and SpamAssassin Message-ID: <06EE2C86D3DAD5119A6C0060943F3C97055E6FBC@tormail1.algorithmics.com> Check out the auto whitelisting feature of Spam Assassin. Generally a good idead to turn this off in MailScanner config... SpamAssassin Auto Whitelist = no -----Original Message----- From: Kris Zabriskie [mailto:zabriskw@itech.net] Sent: Tuesday, June 03, 2003 10:21 AM To: MAILSCANNER@jiscmail.ac.uk Subject: MailScanner and SpamAssassin I am running MailScanner and SpamAssassin, and am VERY pleased with the results! All though, I have noticed a problem, which is probably something in my configuration. Every once and awhile some spam will come through with a rating of 19 or 21, which is well above the limit I have set at 5. If you look in the header it looks like this: X-Priority: 1 X-MSMail-Priority: High X-MailScanner-Information: Please contact the ISP for more information X-MailScanner: Found to be clean X-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (score=19.5, required 5, ALL_NATURAL, BANG_EXERCISE, BAYES_90, CLICK_BELOW_CAPS, DATE_IN_PAST_06_12, DRASTIC_REDUCED, FORGED_MUA_OUTLOOK, FROM_HAS_MIXED_NUMS, HTML_40_50, HTML_FONT_BIG, HTML_FONT_COLOR_BLUE, HTML_FONT_COLOR_RED, HTML_LINK_CLICK_CAPS, HTML_LINK_CLICK_HERE, MANY_EXCLAMATIONS, MIME_HTML_ONLY, MISSING_MIMEOLE, MLM, X_MSMAIL_PRIORITY_HIGH, X_PRIORITY_HIGH) Obviously it is getting through because it is whitelisted. I dont have these guys whitelisted anywhere though. Can someone please point me in the right direction? Any help, as always, will be GREATLY appreciated. Thanks! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030603/c21d12d3/attachment.html From zabriskw at ITECH.NET Tue Jun 3 15:28:42 2003 From: zabriskw at ITECH.NET (Kris Zabriskie) Date: Thu Jan 12 21:18:21 2006 Subject: MailScanner and SpamAssassin References: <06EE2C86D3DAD5119A6C0060943F3C97055E6FBC@tormail1.algorithmics.com> Message-ID: <000a01c329dc$6edff1e0$0c02a8c0@itech.dom> RE: MailScanner and SpamAssassinDerek, Thanks for your help. I double checked my MailScanner.conf file and SpamAssassin Auto Whitelist = no is set! Thanks for your time! ----- Original Message ----- From: Derek Winkler To: MAILSCANNER@JISCMAIL.AC.UK Sent: Tuesday, June 03, 2003 10:24 AM Subject: Re: MailScanner and SpamAssassin Check out the auto whitelisting feature of Spam Assassin. Generally a good idead to turn this off in MailScanner config... SpamAssassin Auto Whitelist = no -----Original Message----- From: Kris Zabriskie [mailto:zabriskw@itech.net] Sent: Tuesday, June 03, 2003 10:21 AM To: MAILSCANNER@jiscmail.ac.uk Subject: MailScanner and SpamAssassin I am running MailScanner and SpamAssassin, and am VERY pleased with the results! All though, I have noticed a problem, which is probably something in my configuration. Every once and awhile some spam will come through with a rating of 19 or 21, which is well above the limit I have set at 5. If you look in the header it looks like this: X-Priority: 1 X-MSMail-Priority: High X-MailScanner-Information: Please contact the ISP for more information X-MailScanner: Found to be clean X-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (score=19.5, required 5, ALL_NATURAL, BANG_EXERCISE, BAYES_90, CLICK_BELOW_CAPS, DATE_IN_PAST_06_12, DRASTIC_REDUCED, FORGED_MUA_OUTLOOK, FROM_HAS_MIXED_NUMS, HTML_40_50, HTML_FONT_BIG, HTML_FONT_COLOR_BLUE, HTML_FONT_COLOR_RED, HTML_LINK_CLICK_CAPS, HTML_LINK_CLICK_HERE, MANY_EXCLAMATIONS, MIME_HTML_ONLY, MISSING_MIMEOLE, MLM, X_MSMAIL_PRIORITY_HIGH, X_PRIORITY_HIGH) Obviously it is getting through because it is whitelisted. I dont have these guys whitelisted anywhere though. Can someone please point me in the right direction? Any help, as always, will be GREATLY appreciated. Thanks! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030603/44fdd2dc/attachment.html From zabriskw at ITECH.NET Tue Jun 3 15:30:15 2003 From: zabriskw at ITECH.NET (Kris Zabriskie) Date: Thu Jan 12 21:18:21 2006 Subject: MailScanner and SpamAssassin References: Message-ID: <001101c329dc$a6758750$0c02a8c0@itech.dom> Mathew, I have Auto Whitelisting by SpamAssasin disabled. Just out of curiosity, where would the SA autowhitelist db be located? Thanks for your time! I do appreciate the help! ----- Original Message ----- From: Matthew Bowman To: MAILSCANNER@JISCMAIL.AC.UK Sent: Tuesday, June 03, 2003 10:22 AM Subject: Re: MailScanner and SpamAssassin If they are not in your MS whitelist are they in your SA autowhitelist db ? Matthew Kris Zabriskie Sent by: MailScanner mailing list 06/03/2003 10:21 AM Please respond to MailScanner mailing list To: MAILSCANNER@JISCMAIL.AC.UK cc: Subject: MailScanner and SpamAssassin I am running MailScanner and SpamAssassin, and am VERY pleased with the results! All though, I have noticed a problem, which is probably something in my configuration. Every once and awhile some spam will come through with a rating of 19 or 21, which is well above the limit I have set at 5. If you look in the header it looks like this: X-Priority: 1 X-MSMail-Priority: High X-MailScanner-Information: Please contact the ISP for more information X-MailScanner: Found to be clean X-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (score=19.5, required 5, ALL_NATURAL, BANG_EXERCISE, BAYES_90, CLICK_BELOW_CAPS, DATE_IN_PAST_06_12, DRASTIC_REDUCED, FORGED_MUA_OUTLOOK, FROM_HAS_MIXED_NUMS, HTML_40_50, HTML_FONT_BIG, HTML_FONT_COLOR_BLUE, HTML_FONT_COLOR_RED, HTML_LINK_CLICK_CAPS, HTML_LINK_CLICK_HERE, MANY_EXCLAMATIONS, MIME_HTML_ONLY, MISSING_MIMEOLE, MLM, X_MSMAIL_PRIORITY_HIGH, X_PRIORITY_HIGH) Obviously it is getting through because it is whitelisted. I dont have these guys whitelisted anywhere though. Can someone please point me in the right direction? Any help, as always, will be GREATLY appreciated. Thanks! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030603/24ce796b/attachment.html From dwinkler at ALGORITHMICS.COM Tue Jun 3 15:30:19 2003 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:18:21 2006 Subject: MailScanner and SpamAssassin Message-ID: <06EE2C86D3DAD5119A6C0060943F3C97055E6FBE@tormail1.algorithmics.com> Did you check their envelope address versus the whitelist? We had a spammer faking their envelope address as someone on our whitelist. -----Original Message----- From: Kris Zabriskie [mailto:zabriskw@itech.net] Sent: Tuesday, June 03, 2003 10:21 AM To: MAILSCANNER@jiscmail.ac.uk Subject: MailScanner and SpamAssassin I am running MailScanner and SpamAssassin, and am VERY pleased with the results! All though, I have noticed a problem, which is probably something in my configuration. Every once and awhile some spam will come through with a rating of 19 or 21, which is well above the limit I have set at 5. If you look in the header it looks like this: X-Priority: 1 X-MSMail-Priority: High X-MailScanner-Information: Please contact the ISP for more information X-MailScanner: Found to be clean X-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (score=19.5, required 5, ALL_NATURAL, BANG_EXERCISE, BAYES_90, CLICK_BELOW_CAPS, DATE_IN_PAST_06_12, DRASTIC_REDUCED, FORGED_MUA_OUTLOOK, FROM_HAS_MIXED_NUMS, HTML_40_50, HTML_FONT_BIG, HTML_FONT_COLOR_BLUE, HTML_FONT_COLOR_RED, HTML_LINK_CLICK_CAPS, HTML_LINK_CLICK_HERE, MANY_EXCLAMATIONS, MIME_HTML_ONLY, MISSING_MIMEOLE, MLM, X_MSMAIL_PRIORITY_HIGH, X_PRIORITY_HIGH) Obviously it is getting through because it is whitelisted. I dont have these guys whitelisted anywhere though. Can someone please point me in the right direction? Any help, as always, will be GREATLY appreciated. Thanks! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030603/26819dc7/attachment.html From mbowman at UDCOM.COM Tue Jun 3 15:31:16 2003 From: mbowman at UDCOM.COM (Matthew Bowman) Date: Thu Jan 12 21:18:21 2006 Subject: MailScanner and SpamAssassin Message-ID: In my install its /root/.spamassassin/auto-whitelist.db Do a locate auto-whitelist.db on your server that should confirm its location (which maybe different to mine) Matthew Kris Zabriskie Sent by: MailScanner mailing list 06/03/2003 10:30 AM Please respond to MailScanner mailing list To: MAILSCANNER@JISCMAIL.AC.UK cc: Subject: Re: MailScanner and SpamAssassin Mathew, I have Auto Whitelisting by SpamAssasin disabled. Just out of curiosity, where would the SA autowhitelist db be located? Thanks for your time! I do appreciate the help! ----- Original Message ----- From: Matthew Bowman To: MAILSCANNER@JISCMAIL.AC.UK Sent: Tuesday, June 03, 2003 10:22 AM Subject: Re: MailScanner and SpamAssassin If they are not in your MS whitelist are they in your SA autowhitelist db ? Matthew Kris Zabriskie Sent by: MailScanner mailing list 06/03/2003 10:21 AM Please respond to MailScanner mailing list To: MAILSCANNER@JISCMAIL.AC.UK cc: Subject: MailScanner and SpamAssassin I am running MailScanner and SpamAssassin, and am VERY pleased with the results! All though, I have noticed a problem, which is probably something in my configuration. Every once and awhile some spam will come through with a rating of 19 or 21, which is well above the limit I have set at 5. If you look in the header it looks like this: X-Priority: 1 X-MSMail-Priority: High X-MailScanner-Information: Please contact the ISP for more information X-MailScanner: Found to be clean X-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (score=19.5, required 5, ALL_NATURAL, BANG_EXERCISE, BAYES_90, CLICK_BELOW_CAPS, DATE_IN_PAST_06_12, DRASTIC_REDUCED, FORGED_MUA_OUTLOOK, FROM_HAS_MIXED_NUMS, HTML_40_50, HTML_FONT_BIG, HTML_FONT_COLOR_BLUE, HTML_FONT_COLOR_RED, HTML_LINK_CLICK_CAPS, HTML_LINK_CLICK_HERE, MANY_EXCLAMATIONS, MIME_HTML_ONLY, MISSING_MIMEOLE, MLM, X_MSMAIL_PRIORITY_HIGH, X_PRIORITY_HIGH) Obviously it is getting through because it is whitelisted. I dont have these guys whitelisted anywhere though. Can someone please point me in the right direction? Any help, as always, will be GREATLY appreciated. Thanks! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030603/26f179ea/attachment.html From mailscanner at ecs.soton.ac.uk Tue Jun 3 15:32:50 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:21 2006 Subject: NDR delivery In-Reply-To: Message-ID: <5.2.0.9.2.20030603153238.043ffb38@imap.ecs.soton.ac.uk> Please read the docs in /etc/MailScanner/rules. At 15:21 03/06/2003, you wrote: >Can you possibly give me a hint or a place to start?? Meaning, where would I >find the Nonspam/Spam Action ruleset?? > >Michael >-----Original Message----- >From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] >Sent: Tuesday, June 03, 2003 10:00 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: NDR delivery > >This is the job of the MTA, not MailScanner. >If there aren't many users, you could knock up something with a Spam >Actions ruleset and a Non Spam Actions ruleset (set the default to "delete" >and create explicit "deliver" rules for the users who actually exist). -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From zabriskw at ITECH.NET Tue Jun 3 15:47:16 2003 From: zabriskw at ITECH.NET (Kris Zabriskie) Date: Thu Jan 12 21:18:22 2006 Subject: MailScanner and SpamAssassin References: <06EE2C86D3DAD5119A6C0060943F3C97055E6FBE@tormail1.algorithmics.com> Message-ID: <000801c329df$06f919a0$0c02a8c0@itech.dom> RE: MailScanner and SpamAssassinYes. None of it matches anything in the spam.whitelist.rules file. It is a funny thing! ----- Original Message ----- From: Derek Winkler To: MAILSCANNER@JISCMAIL.AC.UK Sent: Tuesday, June 03, 2003 10:30 AM Subject: Re: MailScanner and SpamAssassin Did you check their envelope address versus the whitelist? We had a spammer faking their envelope address as someone on our whitelist. -----Original Message----- From: Kris Zabriskie [mailto:zabriskw@itech.net] Sent: Tuesday, June 03, 2003 10:21 AM To: MAILSCANNER@jiscmail.ac.uk Subject: MailScanner and SpamAssassin I am running MailScanner and SpamAssassin, and am VERY pleased with the results! All though, I have noticed a problem, which is probably something in my configuration. Every once and awhile some spam will come through with a rating of 19 or 21, which is well above the limit I have set at 5. If you look in the header it looks like this: X-Priority: 1 X-MSMail-Priority: High X-MailScanner-Information: Please contact the ISP for more information X-MailScanner: Found to be clean X-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (score=19.5, required 5, ALL_NATURAL, BANG_EXERCISE, BAYES_90, CLICK_BELOW_CAPS, DATE_IN_PAST_06_12, DRASTIC_REDUCED, FORGED_MUA_OUTLOOK, FROM_HAS_MIXED_NUMS, HTML_40_50, HTML_FONT_BIG, HTML_FONT_COLOR_BLUE, HTML_FONT_COLOR_RED, HTML_LINK_CLICK_CAPS, HTML_LINK_CLICK_HERE, MANY_EXCLAMATIONS, MIME_HTML_ONLY, MISSING_MIMEOLE, MLM, X_MSMAIL_PRIORITY_HIGH, X_PRIORITY_HIGH) Obviously it is getting through because it is whitelisted. I dont have these guys whitelisted anywhere though. Can someone please point me in the right direction? Any help, as always, will be GREATLY appreciated. Thanks! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030603/dc31c28a/attachment.html From MWeiner at AG.COM Tue Jun 3 15:47:41 2003 From: MWeiner at AG.COM (MW Mike Weiner (5028)) Date: Thu Jan 12 21:18:22 2006 Subject: NDR delivery Message-ID: Thanks, been looking at that and staring for sometime trying to see how the heck MS will use that to decide delivery options. If I understand you correctly, I would need to set the default delivery option in the white and black lists to delete, and add the deliverable users to the whitelist and NDRs in wildcard format to the blacklist. Here is the snippet from my conf file: # Spam Whitelist: # Make this point to a ruleset, and anything in that ruleset whose value # is "yes" will *never* be marked as spam. # This can also be the filename of a ruleset. #Is Definitely Not Spam = no Is Definitely Not Spam = /etc/MailScanner/rules/spam.whitelist.rules # Spam Blacklist: # Make this point to a ruleset, and anything in that ruleset whose value # is "yes" will *always* be marked as spam. # This can also be the filename of a ruleset. # Is Definitely Spam = no Is Definitely Spam = /etc/MailScanner/rules/blacklist.rules And snippet from the spam.whitelist.rules # This is where you can build a Spam WhiteList # Addresses matching in here, with the value # "yes" will never be marked as spam. # Set "Is Definitely Not Spam = /opt/MailScanner/etc/rules/whitelist.rules". # Set addresses to be whitelisted using rules such as From: 152.78. yes #From: 130.246. yes FromOrTo: default no <-- set this to delete?!?!? And add the valid deliverable users here? Then what about the blacklist.rules file?!? I am somewhat confused at this point. Probably due to lack of caffeine dyslexia Thanks as always! Michael Weiner -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: Tuesday, June 03, 2003 10:33 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: NDR delivery Please read the docs in /etc/MailScanner/rules. At 15:21 03/06/2003, you wrote: >Can you possibly give me a hint or a place to start?? Meaning, where would I >find the Nonspam/Spam Action ruleset?? > >Michael >-----Original Message----- >From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] >Sent: Tuesday, June 03, 2003 10:00 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: NDR delivery > >This is the job of the MTA, not MailScanner. >If there aren't many users, you could knock up something with a Spam >Actions ruleset and a Non Spam Actions ruleset (set the default to "delete" >and create explicit "deliver" rules for the users who actually exist). -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From ryanb at AACRAO.ORG Tue Jun 3 15:53:36 2003 From: ryanb at AACRAO.ORG (Bingham, Ryan) Date: Thu Jan 12 21:18:22 2006 Subject: MailScanner and SpamAssassin Message-ID: Check /usr/share/spamassassin/60_whitelist.cf (or wherever you might have the file) This file contains the default SA whitelist. You can either comment out the hosts you don't want (keep in mind that re-installing or upgrading SA will overwrite this file), or I believe you can override these settings with the following entry in your spamassassin.prefs.conf file: unwhitelist_from add@ress.com Julian can confirm if this setting will work in work in spamassassin.prefs.conf. Ryan -----Original Message----- From: Kris Zabriskie [mailto:zabriskw@ITECH.NET] Sent: Tuesday, June 03, 2003 10:47 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MailScanner and SpamAssassin Yes.? None of it matches anything in the spam.whitelist.rules file.? It is a funny thing! ? ? ----- Original Message ----- From: Derek Winkler To: MAILSCANNER@JISCMAIL.AC.UK Sent: Tuesday, June 03, 2003 10:30 AM Subject: Re: MailScanner and SpamAssassin Did you check their envelope address versus the whitelist? We had a spammer faking their envelope address as someone on our whitelist. -----Original Message----- From: Kris Zabriskie [mailto:zabriskw@itech.net] Sent: Tuesday, June 03, 2003 10:21 AM To: MAILSCANNER@jiscmail.ac.uk Subject: MailScanner and SpamAssassin I am running MailScanner and SpamAssassin, and am VERY pleased with the results!? All though, I have noticed a problem, which is probably something in my configuration.? Every once and awhile some spam will come through with a rating of 19 or 21, which is well above the limit I have set at 5.? If you look in the header it looks like this: X-Priority: 1 X-MSMail-Priority: High X-MailScanner-Information: Please contact the ISP for more information X-MailScanner: Found to be clean X-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (score=19.5, ??????? required 5, ALL_NATURAL, BANG_EXERCISE, BAYES_90, CLICK_BELOW_CAPS, ??????? DATE_IN_PAST_06_12, DRASTIC_REDUCED, FORGED_MUA_OUTLOOK, ??????? FROM_HAS_MIXED_NUMS, HTML_40_50, HTML_FONT_BIG, HTML_FONT_COLOR_BLUE, ??????? HTML_FONT_COLOR_RED, HTML_LINK_CLICK_CAPS, HTML_LINK_CLICK_HERE, ??????? MANY_EXCLAMATIONS, MIME_HTML_ONLY, MISSING_MIMEOLE, MLM, ??????? X_MSMAIL_PRIORITY_HIGH, X_PRIORITY_HIGH) Obviously it is getting through because it is whitelisted.? I dont have these guys whitelisted anywhere though.? Can someone please point me in the right direction?? Any help, as always, will be GREATLY appreciated.? Thanks! From nik at BU.EDU Tue Jun 3 16:45:13 2003 From: nik at BU.EDU (Nik Conwell) Date: Thu Jan 12 21:18:22 2006 Subject: Different per user actions on single e-mail with multiple recipients? Message-ID: Question: does MailScanner have the infrastructure to handle different operations at the user level on the same piece of e-mail? Say the server gets a single piece of e-mail with 2 recipients, can recipient1 have a different threshold and tagging than recipient2? If recipient1 has a threshold that tags the e-mail as spam (and changes the subject), but recipient2 doesn't, this would require the qf/df pair (sendmail environment) to be cloned, one for recipient1 (which would have the subject changed) and another for recipient2 (subject left alone). I've looked through the source (4.21-9) and it doesn't look like MailScanner can handle situations like this, but I wanted to double check with the experts. Thanks for any advice. -nik From mbowman at UDCOM.COM Tue Jun 3 17:03:52 2003 From: mbowman at UDCOM.COM (Matthew Bowman) Date: Thu Jan 12 21:18:22 2006 Subject: Different per user actions on single e-mail with multiple recipients? Message-ID: Hello Nik You could setup a ruleset via Within mailscanner.conf Required SpamAssassin Score = 4 e.g. Required SpamAssassin Score = /etc/MailScanner/rules/address.threshold.rules Then within the rules file To: recipient1@domain.tld 4 To: recipient2@domain.tld 5 Then reload MailScanner So if both recipients got an email with a score of 4.1 recipient2 would get it untagged... As I understand it you can either use the domain or the address within this ruleset? HTH Matthew Nik Conwell Sent by: MailScanner mailing list 06/03/2003 11:45 AM Please respond to MailScanner mailing list To: MAILSCANNER@JISCMAIL.AC.UK cc: Subject: Different per user actions on single e-mail with multiple recipients? Question: does MailScanner have the infrastructure to handle different operations at the user level on the same piece of e-mail? Say the server gets a single piece of e-mail with 2 recipients, can recipient1 have a different threshold and tagging than recipient2? If recipient1 has a threshold that tags the e-mail as spam (and changes the subject), but recipient2 doesn't, this would require the qf/df pair (sendmail environment) to be cloned, one for recipient1 (which would have the subject changed) and another for recipient2 (subject left alone). I've looked through the source (4.21-9) and it doesn't look like MailScanner can handle situations like this, but I wanted to double check with the experts. Thanks for any advice. -nik -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030603/642bc177/attachment.html From dot at DOTAT.AT Tue Jun 3 17:20:12 2003 From: dot at DOTAT.AT (Tony Finch) Date: Thu Jan 12 21:18:22 2006 Subject: Different per user actions on single e-mail with multiple recipients? In-Reply-To: Message-ID: Nik Conwell wrote: > >Question: does MailScanner have the infrastructure to handle different >operations at the user level on the same piece of e-mail? No. Your understanding of how it works is correct. (We do spam filtering at the user end, based on the score header that MailScanner adds.) Tony. -- f.a.n.finch http://dotat.at/ HEBRIDES BAILEY: SOUTHEASTERLY 4 OR 5, OCCASIONALLY 6, BECOMING CYCLONIC 6 OR 7 FOR A TIME. SHOWERS THEN RAIN. GOOD BECOMING MODERATE. From mailscanner at ecs.soton.ac.uk Tue Jun 3 18:14:04 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:22 2006 Subject: Different per user actions on single e-mail with multiple recipients? In-Reply-To: References: Message-ID: <5.2.1.1.2.20030603180859.03d10368@imap.ecs.soton.ac.uk> At 17:20 03/06/2003, you wrote: >Nik Conwell wrote: > >Question: does MailScanner have the infrastructure to handle different > >operations at the user level on the same piece of e-mail? > >No. Your understanding of how it works is correct. (We do spam filtering >at the user end, based on the score header that MailScanner adds.) It's a design decision I made when I first started writing MailScanner. Splitting a message up into the minimal number of copies of itself is not trivial to do, and I didn't want MailScanner to be creating mail either (other than simple report messages whose headers are not important). Few spam or virused messages have multiple recipients, and only a small fraction of them would ever actually need to be handled differently. So it was a great saving in complexity against what I always reckoned was a very small benefit. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From MWeiner at AG.COM Tue Jun 3 18:42:17 2003 From: MWeiner at AG.COM (MW Mike Weiner (5028)) Date: Thu Jan 12 21:18:22 2006 Subject: NDR delivery Message-ID: OK, I have in the MailScanner.conf the following: Spam Actions = delete store /etc/MailScanner/spam.whitelist.rules However MS complains loudly that there is a syntax error in my config and refuses to start up correctly. What is the proper syntax here to delete all spam BUT what I tell it in the whitelist rules file?!? Thanks Michael -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: Tuesday, June 03, 2003 10:33 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: NDR delivery Please read the docs in /etc/MailScanner/rules. From jaearick at COLBY.EDU Tue Jun 3 19:06:35 2003 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:18:22 2006 Subject: another syslog tweak, please Message-ID: Julian, Can the syslog output of mailscanner be modified to tell us who the message is (or would be, if deleted) delivered to? For instance, with MS 4-20.3 my syslog shows for a spam message: Jun 3 13:38:00 emerald MailScanner[18296]: Message h53HbmP0028363 from 63.251.6.73 (mailbot@buzzcast.com) to colby.edu is spam, SpamAssassin (score=7.7, required 4, ASCII_FORM_ENTRY, FOR_FREE, HTML_60_70, HTML_COMMENT_8BITS, HTML_FONT_BIG, HTML_FONT_COLOR_RED, HTML_FONT_FACE_BAD, HTML_FONT_FACE_ODD, MIME_HTML_ONLY, PLING_PLING, TO_ADDRESS_EQ_REAL) Could this line also show the recipient, ie: Jun 3 13:38:00 emerald MailScanner[18296]: Message h53HbmP0028363 from 63.251.6.73 (mailbot@buzzcast.com) to colby.edu (joeblow@colby.edu) is spam, ^^^^^^^^^^^^^^^^^^^ SpamAssassin (score=7.7, required 4, ASCII_FORM_ENTRY, FOR_FREE, HTML_60_70, HTML_COMMENT_8BITS, HTML_FONT_BIG, HTML_FONT_COLOR_RED, HTML_FONT_FACE_BAD, HTML_FONT_FACE_ODD, MIME_HTML_ONLY, PLING_PLING, TO_ADDRESS_EQ_REAL) This would help in syslog analysis... Thanks. ----------------------------------- Jeff A. Earickson, Ph.D Senior UNIX Sysadmin and Email Guru Information Technology Services Colby College, 4214 Mayflower Hill, Waterville ME, 04901-8842 phone: 207-872-3659 (fax = 3076) ----------------------------------- From Cleveland at MAIL.WINNEFOX.ORG Tue Jun 3 19:22:15 2003 From: Cleveland at MAIL.WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:18:22 2006 Subject: Upgraded SpamAssassin, now it's not working with MS Message-ID: <84CFA712F666B44A94CE6BE116BAF4B0B4E94D@mail.winnefox.org> Hello, I'm very slowly but surely upgrading. So far, I've upgraded SpamAssassin to 2.55. Since I've done that, it seems spamassassin isn't working any more. Do I need to upgrade my version of MailScanner to get it to "See" the new spamassassin? -- Jody Cleveland (cleveland@mail.winnefox.org) From mailscanner at ecs.soton.ac.uk Tue Jun 3 19:34:43 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:22 2006 Subject: Upgraded SpamAssassin, now it's not working with MS In-Reply-To: <84CFA712F666B44A94CE6BE116BAF4B0B4E94D@mail.winnefox.org> Message-ID: <5.2.1.1.2.20030603193233.027a49d8@imap.ecs.soton.ac.uk> At 19:22 03/06/2003, you wrote: >Hello, > >I'm very slowly but surely upgrading. So far, I've upgraded SpamAssassin >to 2.55. Since I've done that, it seems spamassassin isn't working any >more. Do I need to upgrade my version of MailScanner to get it to "See" >the new spamassassin? How did you do the upgrade? If it was using the RPM, then I'm not surprised. By definition the RPM distro of SpamAssassin cannot work on all versions. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From Cleveland at MAIL.WINNEFOX.ORG Tue Jun 3 19:39:05 2003 From: Cleveland at MAIL.WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:18:22 2006 Subject: Upgraded SpamAssassin, now it's not working with MS Message-ID: <84CFA712F666B44A94CE6BE116BAF4B0B4E94F@mail.winnefox.org> > How did you do the upgrade? If it was using the RPM, then I'm > not surprised. By definition the RPM distro of SpamAssassin > cannot work on all versions. Yeah, it was the 2.55 rpm. Which, when I run it by itself works great. Jody From raymond at PROLOCATION.NET Tue Jun 3 18:45:14 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:22 2006 Subject: Upgraded SpamAssassin, now it's not working with MS In-Reply-To: <84CFA712F666B44A94CE6BE116BAF4B0B4E94F@mail.winnefox.org> Message-ID: Hi! > > How did you do the upgrade? If it was using the RPM, then I'm > > not surprised. By definition the RPM distro of SpamAssassin > > cannot work on all versions. > > Yeah, it was the 2.55 rpm. Which, when I run it by itself works great. Please deinstall the RPM (rpm -e 's) and install via CPAN. There was a posting about this earlier this week about it. perl -MCPAN -e shell CPAN> install Mail::SpamAssassin Bye, Raymond. From nik at BU.EDU Tue Jun 3 19:42:46 2003 From: nik at BU.EDU (Nik Conwell) Date: Thu Jan 12 21:18:22 2006 Subject: Different per user actions on single e-mail with multiple recipients? In-Reply-To: <5.2.1.1.2.20030603180859.03d10368@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030603180859.03d10368@imap.ecs.soton.ac.uk> Message-ID: On Tue, 3 Jun 2003, Julian Field wrote: > At 17:20 03/06/2003, you wrote: > >No. Your understanding of how it works is correct. (We do spam filtering > >at the user end, based on the score header that MailScanner adds.) Interesting - although we have many endpoint systems that would have to implement the filtering / subject tagging. > Splitting a message up into the minimal number of copies of itself is not > trivial to do, and I didn't want MailScanner to be creating mail either Indeed; scary since it would be replicating parts of sendmail, so subject to subtle and not so subtle changes later. Many thanks to all for helping me out with this. It's back to the drawing board for me... Thanks again. -nik From Cleveland at MAIL.WINNEFOX.ORG Tue Jun 3 19:44:34 2003 From: Cleveland at MAIL.WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:18:22 2006 Subject: Upgraded SpamAssassin, now it's not working with MS Message-ID: <84CFA712F666B44A94CE6BE116BAF4B0B4E951@mail.winnefox.org> > Please deinstall the RPM (rpm -e 's) and install via > CPAN. There was a posting about this earlier this week about it. Is there anything I need to do with MailScanner? Jody From dh at UPTIME.AT Tue Jun 3 19:59:51 2003 From: dh at UPTIME.AT (David) Date: Thu Jan 12 21:18:22 2006 Subject: another syslog tweak, please In-Reply-To: Message-ID: <8E333B98-95F5-11D7-9787-000393920D6C@uptime.at> On Dienstag, Juni 3, 2003, at 08:06 Uhr, Jeff A. Earickson wrote: > Julian, > > Can the syslog output of mailscanner be modified to tell us > who the message is (or would be, if deleted) delivered to? > For instance, with MS 4-20.3 my syslog shows for a spam message: I do not know which MTA you use, but with Sendmail simply analyze the ID given -d - we may race and we may run, but we can not undo what has been done. -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 186 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030603/8c709312/PGP.bin From mailscanner at ecs.soton.ac.uk Tue Jun 3 19:58:29 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:22 2006 Subject: Upgraded SpamAssassin, now it's not working with MS In-Reply-To: <84CFA712F666B44A94CE6BE116BAF4B0B4E951@mail.winnefox.org> Message-ID: <5.2.1.1.2.20030603195539.03d57670@imap.ecs.soton.ac.uk> At 19:44 03/06/2003, you wrote: > > Please deinstall the RPM (rpm -e 's) and install via > > CPAN. There was a posting about this earlier this week about it. > >Is there anything I need to do with MailScanner? Use a nice recent version of MailScanner. There are all sorts of locking problems that have to be solved to support SpamAssassin 2.5x and its Bayes database, and I have only written these since SpamAssassin 2.5 settled down. If you use an old MailScanner with SpamAssassin 2.5 and you use the Bayes code, I can't guarantee the integrity of your Bayes db files when nasty things happen. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From Cleveland at MAIL.WINNEFOX.ORG Tue Jun 3 20:13:27 2003 From: Cleveland at MAIL.WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:18:22 2006 Subject: Upgraded SpamAssassin, now it's not working with MS Message-ID: <84CFA712F666B44A94CE6BE116BAF4B0B4E955@mail.winnefox.org> > Use a nice recent version of MailScanner. There are all sorts > of locking problems that have to be solved to support > SpamAssassin 2.5x and its Bayes database, and I have only > written these since SpamAssassin 2.5 settled down. If you use > an old MailScanner with SpamAssassin 2.5 and you use the > Bayes code, I can't guarantee the integrity of your Bayes db > files when nasty things happen. Ok, just so I get this straight when I do this tomorrow morning, I download latest version, run install.sh, then run upgrade_mailscanner_conf? Jody From mailscanner at ecs.soton.ac.uk Tue Jun 3 20:17:00 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:22 2006 Subject: Upgraded SpamAssassin, now it's not working with MS In-Reply-To: <84CFA712F666B44A94CE6BE116BAF4B0B4E955@mail.winnefox.org> Message-ID: <5.2.1.1.2.20030603201429.03d2c0c0@imap.ecs.soton.ac.uk> At 20:13 03/06/2003, you wrote: > > Use a nice recent version of MailScanner. There are all sorts > > of locking problems that have to be solved to support > > SpamAssassin 2.5x and its Bayes database, and I have only > > written these since SpamAssassin 2.5 settled down. If you use > > an old MailScanner with SpamAssassin 2.5 and you use the > > Bayes code, I can't guarantee the integrity of your Bayes db > > files when nasty things happen. > >Ok, just so I get this straight when I do this tomorrow morning, I >download latest version, run install.sh, then run >upgrade_mailscanner_conf? Yep. When you run upgrade_MailScanner_conf (note the capitalisation), it will suggest a suitable command-line to you. When you run that, it will tell you what it has done; read this carefully. And check that /var/spool/MailScanner/incoming has been correctly created, with the right ownership. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From jaearick at COLBY.EDU Tue Jun 3 20:29:12 2003 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:18:22 2006 Subject: another syslog tweak, please In-Reply-To: References: Message-ID: Julian, Doh! I remember the reason you don't do this, multiple recipients. Never mind... --- Jeff On Tue, 3 Jun 2003, Jeff A. Earickson wrote: > Date: Tue, 3 Jun 2003 14:06:35 -0400 > From: Jeff A. Earickson > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: another syslog tweak, please > > Julian, > > Can the syslog output of mailscanner be modified to tell us > who the message is (or would be, if deleted) delivered to? > For instance, with MS 4-20.3 my syslog shows for a spam message: > > Jun 3 13:38:00 emerald MailScanner[18296]: Message h53HbmP0028363 from > 63.251.6.73 (mailbot@buzzcast.com) to colby.edu is spam, SpamAssassin > (score=7.7, required 4, ASCII_FORM_ENTRY, FOR_FREE, HTML_60_70, > HTML_COMMENT_8BITS, HTML_FONT_BIG, HTML_FONT_COLOR_RED, HTML_FONT_FACE_BAD, > HTML_FONT_FACE_ODD, MIME_HTML_ONLY, PLING_PLING, TO_ADDRESS_EQ_REAL) > > Could this line also show the recipient, ie: > > Jun 3 13:38:00 emerald MailScanner[18296]: Message h53HbmP0028363 from > 63.251.6.73 (mailbot@buzzcast.com) to colby.edu (joeblow@colby.edu) is spam, > ^^^^^^^^^^^^^^^^^^^ > SpamAssassin (score=7.7, required 4, ASCII_FORM_ENTRY, FOR_FREE, HTML_60_70, > HTML_COMMENT_8BITS, HTML_FONT_BIG, HTML_FONT_COLOR_RED, HTML_FONT_FACE_BAD, > HTML_FONT_FACE_ODD, MIME_HTML_ONLY, PLING_PLING, TO_ADDRESS_EQ_REAL) > > This would help in syslog analysis... Thanks. > > ----------------------------------- > Jeff A. Earickson, Ph.D > Senior UNIX Sysadmin and Email Guru > Information Technology Services > Colby College, 4214 Mayflower Hill, > Waterville ME, 04901-8842 > phone: 207-872-3659 (fax = 3076) > ----------------------------------- > From Cleveland at MAIL.WINNEFOX.ORG Tue Jun 3 20:35:57 2003 From: Cleveland at MAIL.WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:18:22 2006 Subject: Upgraded SpamAssassin, now it's not working with MS Message-ID: <84CFA712F666B44A94CE6BE116BAF4B0B4E956@mail.winnefox.org> > Yep. When you run upgrade_MailScanner_conf (note the > capitalisation), it will suggest a suitable command-line to > you. When you run that, it will tell you what it has done; > read this carefully. And check that > /var/spool/MailScanner/incoming has been correctly created, > with the right ownership. Sorry for all the basic questions. Is there anything I need to backup first? Jody From mailscanner at ecs.soton.ac.uk Tue Jun 3 20:41:26 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:22 2006 Subject: Upgraded SpamAssassin, now it's not working with MS In-Reply-To: <84CFA712F666B44A94CE6BE116BAF4B0B4E956@mail.winnefox.org> Message-ID: <5.2.1.1.2.20030603204058.0252c110@imap.ecs.soton.ac.uk> At 20:35 03/06/2003, you wrote: > > Yep. When you run upgrade_MailScanner_conf (note the > > capitalisation), it will suggest a suitable command-line to > > you. When you run that, it will tell you what it has done; > > read this carefully. And check that > > /var/spool/MailScanner/incoming has been correctly created, > > with the right ownership. > >Sorry for all the basic questions. Is there anything I need to backup >first? Always a good idea to backup /etc/MailScanner first. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From cparker at SWATGEAR.COM Tue Jun 3 20:47:16 2003 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:18:22 2006 Subject: MailScanner cron job? Message-ID: <001BD19C96E6E64E8750D72C2EA0ECEE1AE08E@ati-ex-01.ati.local> Hello. I've got a Pentium 200mhz machine with 64 megs of ram and I notice that the computer gets REALLY REALLY slow from about 11am to 2pm or thereabouts. Here is an example of how bad it is... [cparker@filter ~/public_html/reports]$ uptime 12:29pm up 18 days, 21:19, 1 user, load average: 10.32, 10.39, 8.96 Isn't that rediculous? The most email we've received in one day was approximately 490. That's oh about 0.34027 emails a minute! Anything going on with mailscanner by default around this time that would slow it down so much? Thanks, Chris. From raymond at PROLOCATION.NET Tue Jun 3 20:53:08 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:22 2006 Subject: MailScanner cron job? In-Reply-To: <001BD19C96E6E64E8750D72C2EA0ECEE1AE08E@ati-ex-01.ati.local> Message-ID: Hi! > [cparker@filter ~/public_html/reports]$ uptime > 12:29pm up 18 days, 21:19, 1 user, load average: 10.32, 10.39, 8.96 > > Isn't that rediculous? Whats more running on that box besided mailscanner ? I had a old Compaq running a long time, Pentium Pro 200, little bit more ram btw, but that pushed out a few thousand messages a day. > Anything going on with mailscanner by default around this time that > would slow it down so much? No, most likely your mail itself peaks those times. Run stats like mailscanner-mrtg to see what your box is doing. I think however that the RAM is the problem. Bye, Raymond. From sanjay.patel at REXWIRE.COM Tue Jun 3 21:07:34 2003 From: sanjay.patel at REXWIRE.COM (Sanjay Patel) Date: Thu Jan 12 21:18:22 2006 Subject: Forwarding spam to FTC Message-ID: <00c801c32a0b$c5c2a320$d601a8c0@Laptop1> This might be a bit of topic for here. But has anyone actually configured their Mailscanner to forward all spam to FTC's spam receiving mailbox? uce@ftc.gov This box was referenced in a article on FTC's site http://www.ftc.gov/opa/1998/07/dozen.htm Sanjay K. Patel From dwinkler at ALGORITHMICS.COM Tue Jun 3 21:13:54 2003 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:18:22 2006 Subject: Forwarding spam to FTC Message-ID: <06EE2C86D3DAD5119A6C0060943F3C97055E6FC4@tormail1.algorithmics.com> Are they doing anything more with them than classifying them and producing brochures? They're only getting 1,000 a day, we can soon change that. -----Original Message----- From: Sanjay Patel [mailto:sanjay.patel@rexwire.com] Sent: Tuesday, June 03, 2003 4:08 PM To: MAILSCANNER@jiscmail.ac.uk Subject: Forwarding spam to FTC This might be a bit of topic for here. But has anyone actually configured their Mailscanner to forward all spam to FTC's spam receiving mailbox? uce@ftc.gov This box was referenced in a article on FTC's site http://www.ftc.gov/opa/1998/07/dozen.htm Sanjay K. Patel -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030603/7668b66a/attachment.html From brian at UNEARTHED.ORG Tue Jun 3 21:16:03 2003 From: brian at UNEARTHED.ORG (Brian May) Date: Thu Jan 12 21:18:22 2006 Subject: Forwarding spam to FTC References: <00c801c32a0b$c5c2a320$d601a8c0@Laptop1> Message-ID: <002401c32a0d$742159b0$9701020a@brianmay> First off... you don't want to to that... NEVER automagically forward spam to an outside address unless you are 1000% positive the email is in fact, spam. I save all of my spam in a mbox style format and run handlespam.pl by Theo Van Dinter , http://www.kluge.net/~felicity/random/handlespam.txt from the file: # ** strip out my X-Reject headers for all processing except archiving # ** report the message ala 'spamassassin -r' to Razor, DCC, Pyzor, and # (if available) the Bayes classifier # ** if the message was relayed through a third-party (there are more than 1 # "Received:" headers,) do an open-relay check of that server. if the # server is an open-relay, report them to various open relay databases. # Need my "testrelay" script for this, so off by default. # ** if the sending server doesn't have a proper lookup, block their class C # network. this is a little extreme, I know, but the majority of spam is # either relayed through someone who has no clue, or is directly from # someone without a clue. any decently managed network will have proper # DNS setup for their hosts. # ** report the message to spamcop # ** report the message to the FTC # ** move the message to a spam archive for later referencing # ** if the message wasn't caught by spamassassin (SA), bounce to the # spamassassin-sightings mailing list. (No "X-Spam-Status: Yes" header) # This list is actually defunct now, so the feature is off by default. # ** if the message is a bounce from majordomo (for "X-Spam-Flag: YES"), # then unbounce the message before processing. # Incoming mail is scanned via SpamAssassin. Mail that is determined # to be spam is saved into "spam-work". I then periodically go through # and take all actual spam and move it into a folder I call "hs". A cron # job then runs this script over "hs" to handle the reporting process. # Output from handlespam is sent to me via cron, so I can easily see what # was handled, and I can easily cut/paste into my sendmail accessdb. I've been using it for almost a year now.. works awesome.. Brian ----- Original Message ----- From: "Sanjay Patel" To: Sent: Tuesday, June 03, 2003 1:07 PM Subject: Forwarding spam to FTC This might be a bit of topic for here. But has anyone actually configured their Mailscanner to forward all spam to FTC's spam receiving mailbox? uce@ftc.gov This box was referenced in a article on FTC's site http://www.ftc.gov/opa/1998/07/dozen.htm Sanjay K. Patel From brian at UNEARTHED.ORG Tue Jun 3 21:19:23 2003 From: brian at UNEARTHED.ORG (Brian May) Date: Thu Jan 12 21:18:22 2006 Subject: Forwarding spam to FTC References: <06EE2C86D3DAD5119A6C0060943F3C97055E6FC4@tormail1.algorithmics.com> Message-ID: <002501c32a0d$75dfab80$9701020a@brianmay> RE: Forwarding spam to FTConly 1000 a day? Damn.. I'm 1/5th of their trafic... Brian ----- Original Message ----- From: Derek Winkler To: MAILSCANNER@JISCMAIL.AC.UK Sent: Tuesday, June 03, 2003 1:13 PM Subject: Re: Forwarding spam to FTC Are they doing anything more with them than classifying them and producing brochures? They're only getting 1,000 a day, we can soon change that. -----Original Message----- From: Sanjay Patel [mailto:sanjay.patel@rexwire.com] Sent: Tuesday, June 03, 2003 4:08 PM To: MAILSCANNER@jiscmail.ac.uk Subject: Forwarding spam to FTC This might be a bit of topic for here. But has anyone actually configured their Mailscanner to forward all spam to FTC's spam receiving mailbox? uce@ftc.gov This box was referenced in a article on FTC's site http://www.ftc.gov/opa/1998/07/dozen.htm Sanjay K. Patel -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030603/98eb5627/attachment.html From vnarayan at HAVERFORD.EDU Tue Jun 3 20:55:24 2003 From: vnarayan at HAVERFORD.EDU (Vasantha Narayanan) Date: Thu Jan 12 21:18:22 2006 Subject: SpamAssassin timed out and was killed... box too slow? In-Reply-To: <001BD19C96E6E64E8750D72C2EA0ECEE1AE087@ati-ex-01.ati.local > Message-ID: <5.1.0.14.0.20030603153509.02bd48b8@popmail.haverford.edu> Did you find a solution yet? I'm having the same problem. My time outs are set as per the suggestion on the list. I was not successful in running lint. But when I run it in debug, the only notable error is "unix passed to setlogsock, but path not available at /opt/MailScanner/lib/MailScanner/Log.pm line 62". I do not know how significan this is. When I run spamassassin, the mail scanning becomes very slow. A lot of mail gets accumulated in the incoming queue waiting to get scanned. The load an the system gets very high as well. Of course, I keep getting the following errors: Jun 3 15:39:45 nisc4 MailScanner[3585]: SpamAssassin timed out and was killed, consecutive failure 1 of 20 Jun 3 15:40:06 nisc4 MailScanner[3619]: SpamAssassin timed out and was killed, consecutive failure 1 of 20 Jun 3 15:40:11 nisc4 MailScanner[3698]: SpamAssassin timed out and was killed, consecutive failure 1 of 20 Jun 3 15:41:15 nisc4 MailScanner[3606]: SpamAssassin timed out and was killed, consecutive failure 1 of 20 Jun 3 15:41:17 nisc4 MailScanner[3576]: SpamAssassin timed out and was killed, consecutive failure 2 of 20 Jun 3 15:41:18 nisc4 MailScanner[3642]: SpamAssassin timed out and was killed, consecutive failure 1 of 20 Thanks. Vasantha At 12:59 PM 6/2/2003 -0700, you wrote: >Hello. > >We have relatively low email traffic (approx. 450/day on work days) and I >receive quite a few of these in my /var/log/maillog: > >May 17 04:03:08 filter MailScanner[3324]: SpamAssassin timed out and was >killed, consecutive failure 1 of 20 > >Does this mean my computer is too slow? It's a 200mhz pentium!!! :) I can >imagine that it IS too slow, but I just want to make sure it's not a >configuration problem. Do you think increasing the timeout would help or >would that make it worse? > > >Thaks, >Chris. VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV Vasantha Narayanan Networking and Systems email: vnarayan@haverford.edu Haverford College, PA Phone: 610-896-1110 From kevins at BMRB.CO.UK Tue Jun 3 21:23:48 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:22 2006 Subject: MailScanner cron job? In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB001175710@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB001175710@pascal.priv.bmrb.co.uk> Message-ID: <1054671829.12669.20.camel@bach.kevinspicer.co.uk> >Whats more running on that box besided mailscanner ? I had a old Compaq >running a long time, Pentium Pro 200, little bit more ram btw, but that >pushed out a few thousand messages a day. Similar experiences here, have pushed serveral thousand mesasges per day through a low spec machine, but again with more ram than 64M > I think however that the RAM is the problem. Me too, you can reduce your ram usage by reducing the number of MailScanner children (in MS.conf), turning off Bayes & autowhitelisting in SA may help (although autowhitelisting should be off anyway). Don't put the mailscanner work directory in tmpfs if you're short of ram (almost certainly disk IO isn't your problem). BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From smhickel at CHARTERMI.NET Tue Jun 3 21:24:01 2003 From: smhickel at CHARTERMI.NET (Steve Hickel) Date: Thu Jan 12 21:18:22 2006 Subject: Sendmail in TOP Message-ID: <200306032024.h53KO1H20024@chartermi.net> All, I upgraded to MailScanner 4.21 but now have all these sendmails going? Any thoughts? I did the service sendmail stop and the chkconfig thing. Steve 9831 root 15 0 11004 5816 5464 S 25.0 4.6 0:58 MailScanner 10103 root 15 0 1068 1068 860 R 1.3 0.8 0:01 top 9960 root 15 0 3012 2804 2232 S 0.5 2.2 0:00 sendmail 10460 root 15 0 3004 3004 2096 S 0.5 2.3 0:00 sendmail 10738 root 15 0 2836 2836 2044 S 0.5 2.2 0:00 sendmail 9801 root 15 0 2384 2024 1900 S 0.0 1.6 0:00 sendmail 9806 smmsp 16 0 2132 1720 1712 S 0.0 1.3 0:00 sendmail 9813 root 16 0 2224 1776 1776 S 0.0 1.4 0:00 sendmail 9815 root 15 0 2932 2724 2164 S 0.0 2.1 0:00 sendmail 9960 root 15 0 2932 2764 2228 S 0.0 2.1 0:00 sendmail 10017 root 15 0 2848 2736 2104 S 0.0 2.1 0:00 sendmail 10044 root 15 0 2708 2708 1996 S 0.0 2.1 0:00 sendmail 10084 root 15 0 2936 2936 2064 S 0.0 2.3 0:00 sendmail From sanjay.patel at REXWIRE.COM Tue Jun 3 21:25:23 2003 From: sanjay.patel at REXWIRE.COM (Sanjay Patel) Date: Thu Jan 12 21:18:22 2006 Subject: Forwarding spam to FTC In-Reply-To: <002501c32a0d$75dfab80$9701020a@brianmay> Message-ID: <00cd01c32a0e$430b0410$d601a8c0@Laptop1> my main goal was to let FTC what a real problem spam really is. As we all know Government lives in a sheltered world. I think if a few 100 of us start forwarding spam to them as they request they might get a better idea what spam problem is. -Sanjay -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Brian May Sent: Tuesday, June 03, 2003 4:19 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Forwarding spam to FTC only 1000 a day? Damn.. I'm 1/5th of their trafic... Brian ----- Original Message ----- From: Derek Winkler To: MAILSCANNER@JISCMAIL.AC.UK Sent: Tuesday, June 03, 2003 1:13 PM Subject: Re: Forwarding spam to FTC Are they doing anything more with them than classifying them and producing brochures? They're only getting 1,000 a day, we can soon change that. -----Original Message----- From: Sanjay Patel [mailto:sanjay.patel@rexwire.com] Sent: Tuesday, June 03, 2003 4:08 PM To: MAILSCANNER@jiscmail.ac.uk Subject: Forwarding spam to FTC This might be a bit of topic for here. But has anyone actually configured their Mailscanner to forward all spam to FTC's spam receiving mailbox? uce@ftc.gov This box was referenced in a article on FTC's site http://www.ftc.gov/opa/1998/07/dozen.htm Sanjay K. Patel From kevins at BMRB.CO.UK Tue Jun 3 21:31:59 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:22 2006 Subject: Sendmail in TOP In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB001175717@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB001175717@pascal.priv.bmrb.co.uk> Message-ID: <1054672319.12669.26.camel@bach.kevinspicer.co.uk> >On Tue, 2003-06-03 at 21:24, Steve Hickel wrote: >All, >I upgraded to MailScanner 4.21 but now have all these sendmails going? >Any thoughts? I did the service sendmail stop and the chkconfig thing. Probably you've done this but... service MailScanner stop service sendmail stop [Wait a while to make sure the processes die] ps -elf | grep sendmail [kill any sendmail processes] ps -elf | grep sendmail [to check] service MailScanner start Now if you've still got loads of sendmails running odds are they are being called by MailScanner to deliver mail or are children of the other sendmail processes. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From FCaen at CI.LAKEWOOD.WA.US Tue Jun 3 21:48:30 2003 From: FCaen at CI.LAKEWOOD.WA.US (Francois Caen) Date: Thu Jan 12 21:18:22 2006 Subject: Forwarding spam to FTC Message-ID: -----Original Message----- From: Sanjay Patel [mailto:sanjay.patel@REXWIRE.COM] > As we all know Government lives in a sheltered world. That's a rather broad statement. We're government and we use MS + Spam Assassin :-) --------------------------------------------- Francois Caen Network Information Systems Engineer - Webmaster City of Lakewood, WA (253) 512-2269 NOTICE: The Information contained in this transmission is privileged and confidential. It is intended for the use of the individual or entity named above. If the reader of this message is not the intended addressee or other legitimate recipient, the reader is hereby notified that any consideration, dissemination or duplication of this communication is strictly prohibited. If the addressee has received this communication in error, please return it to the above address by mail and notify this office by telephone. City of Lakewood From brian at UNEARTHED.ORG Tue Jun 3 21:43:06 2003 From: brian at UNEARTHED.ORG (Brian May) Date: Thu Jan 12 21:18:22 2006 Subject: Forwarding spam to FTC References: <00cd01c32a0e$430b0410$d601a8c0@Laptop1> Message-ID: <004901c32a12$9ac16790$9701020a@brianmay> You also have to remember that the 1,000 emails was a figure from 1998... I read the press release after I replied to your message... so its been a good 5 years... I'm sure they are seeing a LOT more than 1000 a day.. ----- Original Message ----- From: "Sanjay Patel" To: Sent: Tuesday, June 03, 2003 1:25 PM Subject: Re: Forwarding spam to FTC my main goal was to let FTC what a real problem spam really is. As we all know Government lives in a sheltered world. I think if a few 100 of us start forwarding spam to them as they request they might get a better idea what spam problem is. -Sanjay -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Brian May Sent: Tuesday, June 03, 2003 4:19 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Forwarding spam to FTC only 1000 a day? Damn.. I'm 1/5th of their trafic... Brian ----- Original Message ----- From: Derek Winkler To: MAILSCANNER@JISCMAIL.AC.UK Sent: Tuesday, June 03, 2003 1:13 PM Subject: Re: Forwarding spam to FTC Are they doing anything more with them than classifying them and producing brochures? They're only getting 1,000 a day, we can soon change that. -----Original Message----- From: Sanjay Patel [mailto:sanjay.patel@rexwire.com] Sent: Tuesday, June 03, 2003 4:08 PM To: MAILSCANNER@jiscmail.ac.uk Subject: Forwarding spam to FTC This might be a bit of topic for here. But has anyone actually configured their Mailscanner to forward all spam to FTC's spam receiving mailbox? uce@ftc.gov This box was referenced in a article on FTC's site http://www.ftc.gov/opa/1998/07/dozen.htm Sanjay K. Patel From sailer at BNL.GOV Tue Jun 3 21:55:31 2003 From: sailer at BNL.GOV (Tim Sailer) Date: Thu Jan 12 21:18:22 2006 Subject: Forwarding spam to FTC In-Reply-To: References: Message-ID: <20030603205531.GC26546@bnl.gov> On Tue, Jun 03, 2003 at 01:48:30PM -0700, Francois Caen wrote: > -----Original Message----- > From: Sanjay Patel [mailto:sanjay.patel@REXWIRE.COM] > > > As we all know Government lives in a sheltered world. > > That's a rather broad statement. We're government and we use MS + Spam > Assassin :-) Us too! Tim -- Tim Sailer Brookhaven National Laboratory (631) 344-3001 From sanjay.patel at REXWIRE.COM Tue Jun 3 21:59:24 2003 From: sanjay.patel at REXWIRE.COM (Sanjay Patel) Date: Thu Jan 12 21:18:22 2006 Subject: Forwarding spam to FTC In-Reply-To: Message-ID: <00d501c32a13$03cc1f00$d601a8c0@Laptop1> I was referring the national government whom FTC is a part of. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Francois Caen Sent: Tuesday, June 03, 2003 4:49 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Forwarding spam to FTC -----Original Message----- From: Sanjay Patel [mailto:sanjay.patel@REXWIRE.COM] > As we all know Government lives in a sheltered world. That's a rather broad statement. We're government and we use MS + Spam Assassin :-) --------------------------------------------- Francois Caen Network Information Systems Engineer - Webmaster City of Lakewood, WA (253) 512-2269 NOTICE: The Information contained in this transmission is privileged and confidential. It is intended for the use of the individual or entity named above. If the reader of this message is not the intended addressee or other legitimate recipient, the reader is hereby notified that any consideration, dissemination or duplication of this communication is strictly prohibited. If the addressee has received this communication in error, please return it to the above address by mail and notify this office by telephone. City of Lakewood From cparker at SWATGEAR.COM Tue Jun 3 22:51:10 2003 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:18:22 2006 Subject: MailScanner has taken over my computer (or so it seems) Message-ID: <001BD19C96E6E64E8750D72C2EA0ECEE2B7BDB@ati-ex-01.ati.local> Hello. I sent an email to the list a few hours ago but it's yet to come back to me so I'm sending it again. (I think the reason it hasn't come back is because the computer is so bogged down it cannot process the mails.) Currently I've got about 200 emails in the queue waiting to be processed. I've tried shutting down mailscanner, shutting down sendmail, as well as killing all sendmail/mailscanner processes. After everything has been killed and the box stops accessing the HD 30 seconds or so later all the processes start back up again and I'm back in h3ll fighting the MailScanner demon. (Not to say that MailScanner does not work well, but maybe on this computer it's too much for it and/or maybe I've got it configured wrong. [Likely.]) If you kind people could send all your replies to cparker@wrack.org and not reply to this email address (as it will probably just sit in the queue) I would really appreciate it. What I need to know is why the computer (for the past 3-4 hours) continuously accesses the harddrive until all mailscanner processes have been killed. As soon as I kill the last mailscanner process, the hard drive stop going nuts and things pretty much back to normal. Thanks and I hope to hear from someone soon (at cparker@wrack.org and not this email address). Chris. From hunter at userfriendly.net Tue Jun 3 22:58:03 2003 From: hunter at userfriendly.net (Michael Weiner) Date: Thu Jan 12 21:18:22 2006 Subject: NDR delivery In-Reply-To: <5.2.0.9.2.20030603144859.0786afa0@imap.ecs.soton.ac.uk> References: <5.2.0.9.2.20030603144859.0786afa0@imap.ecs.soton.ac.uk> Message-ID: <1054677478.2373.49.camel@nomad.userfriendly.net> I am still unsure what the syntax of the deliver rules will look like. I can set the Spam and Nonspam Action rulesets up to delet eby default, butt where do the delivery rules go, and what format would they take? Thanks Michael Weinre -- On Tue, 2003-06-03 at 10:00, Julian Field wrote: > This is the job of the MTA, not MailScanner. > If there aren't many users, you could knock up something with a Spam > Actions ruleset and a Non Spam Actions ruleset (set the default to "delete" > and create explicit "deliver" rules for the users who actually exist). -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030603/960ea38e/attachment.bin From cparker at SWATGEAR.COM Tue Jun 3 23:20:40 2003 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:18:22 2006 Subject: MailScanner has taken over my computer (or so it seems) Message-ID: <001BD19C96E6E64E8750D72C2EA0ECEE2B7BDC@ati-ex-01.ati.local> For some strange reason/miracle everything is back to normal and in probably less than one minute all my queued mail came through all at once. The last change I made was to take the MailScanner child processes down from 5 to 1. Before I made the change to the .conf file I killed everything and shut everything down. After I did that (along with changing the file) I restarted mailscanner and now it's humming along. Sorry for the trouble, but if anyone knows what's happening I'd truly appreciate a heads up. Thanks, Chris. From cparker at SWATGEAR.COM Tue Jun 3 23:28:06 2003 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:18:22 2006 Subject: SpamAssassin timed out and was killed... box too slow? Message-ID: <001BD19C96E6E64E8750D72C2EA0ECEE1AE090@ati-ex-01.ati.local> Vasantha Narayanan wrote: > Did you find a solution yet? No I did not. > I'm having the same problem. I feel your pain. :( Chris. From mike at CAMAROSS.NET Tue Jun 3 23:37:31 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:18:22 2006 Subject: SpamAssassin timed out and was killed... box too slow? In-Reply-To: <001BD19C96E6E64E8750D72C2EA0ECEE1AE090@ati-ex-01.ati.local> Message-ID: <00b001c32a20$b8481e40$6701a8c0@home.middlefinger.net> What kind of horsepower does your box have? OS? Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Chris W. Parker Sent: Tuesday, June 03, 2003 5:28 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: SpamAssassin timed out and was killed... box too slow? Vasantha Narayanan wrote: > Did you find a solution yet? No I did not. > I'm having the same problem. I feel your pain. :( Chris. From cparker at SWATGEAR.COM Tue Jun 3 23:43:05 2003 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:18:22 2006 Subject: SpamAssassin timed out and was killed... box too slow? Message-ID: <001BD19C96E6E64E8750D72C2EA0ECEE2B7BE1@ati-ex-01.ati.local> Mike Kercher wrote: > What kind of horsepower does your box have? OS? Redhat 8, 200mhz Pentium with 64mb ram. From mike at CAMAROSS.NET Tue Jun 3 23:45:17 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:18:22 2006 Subject: SpamAssassin timed out and was killed... box too slow? In-Reply-To: <001BD19C96E6E64E8750D72C2EA0ECEE2B7BE1@ati-ex-01.ati.local> Message-ID: <00b101c32a21$ce6fb2e0$6701a8c0@home.middlefinger.net> Do you have some more RAM you could throw at that machine? What other services are you also running on there? -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Chris W. Parker Sent: Tuesday, June 03, 2003 5:43 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: SpamAssassin timed out and was killed... box too slow? Mike Kercher wrote: > What kind of horsepower does your box have? OS? Redhat 8, 200mhz Pentium with 64mb ram. From cparker at SWATGEAR.COM Tue Jun 3 23:51:57 2003 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:18:22 2006 Subject: MailScanner cron job? Message-ID: <001BD19C96E6E64E8750D72C2EA0ECEE1AE091@ati-ex-01.ati.local> Kevin Spicer wrote: > > Whats more running on that box besided mailscanner ? I had a old > > Compaq running a long time, Pentium Pro 200, little bit more ram > > btw, but that pushed out a few thousand messages a day. > > Similar experiences here, have pushed serveral thousand mesasges per > day through a low spec machine, but again with more ram than 64M It also runs MySQL, Apache, MRTG, vsftp. MySQL and Apache are being used for some projects I'm working on at the moment. They get VERY little use. But I understand that they can use a good amount of memory when you've only got 64. MRTG monitors about 10 different things every 5 minutes. vsftp is used to upload/download web stuff. > > I think however that the RAM is the problem. We have one other computer lying around that's not being used which should be substantially faster than this one. The only thing left to do is get permission to use it. > Me too, you can reduce your ram usage by reducing the number of > MailScanner children (in MS.conf), turning off Bayes & > autowhitelisting in SA may help (although autowhitelisting should be > off anyway). Bayes is by default turned off (iirc) as well as autowhitelisting and I have not turned them on. To be sure I checked and they are indeed off. > Don't put the mailscanner work directory in tmpfs if you're short of > ram (almost certainly disk IO isn't your problem). I don't know what you mean by this. Could you instruct me a little further? Thanks, Chris. From mike at CAMAROSS.NET Tue Jun 3 23:53:14 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:18:22 2006 Subject: MailScanner cron job? In-Reply-To: <001BD19C96E6E64E8750D72C2EA0ECEE1AE091@ati-ex-01.ati.local> Message-ID: <00b501c32a22$eb4f8e20$6701a8c0@home.middlefinger.net> Shee0t...just TAKE the machine :) tmpfs is a ramdrive. Some people move their /var/spool/MailScanner/incoming to a ramdrive to speed up processing. Less disk I/O = more speed. Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Chris W. Parker Sent: Tuesday, June 03, 2003 5:52 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MailScanner cron job? Kevin Spicer wrote: > > Whats more running on that box besided mailscanner ? I had a old > > Compaq running a long time, Pentium Pro 200, little bit more ram > > btw, but that pushed out a few thousand messages a day. > > Similar experiences here, have pushed serveral thousand mesasges per > day through a low spec machine, but again with more ram than 64M It also runs MySQL, Apache, MRTG, vsftp. MySQL and Apache are being used for some projects I'm working on at the moment. They get VERY little use. But I understand that they can use a good amount of memory when you've only got 64. MRTG monitors about 10 different things every 5 minutes. vsftp is used to upload/download web stuff. > > I think however that the RAM is the problem. We have one other computer lying around that's not being used which should be substantially faster than this one. The only thing left to do is get permission to use it. > Me too, you can reduce your ram usage by reducing the number of > MailScanner children (in MS.conf), turning off Bayes & > autowhitelisting in SA may help (although autowhitelisting should be > off anyway). Bayes is by default turned off (iirc) as well as autowhitelisting and I have not turned them on. To be sure I checked and they are indeed off. > Don't put the mailscanner work directory in tmpfs if you're short of > ram (almost certainly disk IO isn't your problem). I don't know what you mean by this. Could you instruct me a little further? Thanks, Chris. From j.figueira at mail.pt Wed Jun 4 00:10:13 2003 From: j.figueira at mail.pt (J. Figueira) Date: Thu Jan 12 21:18:22 2006 Subject: Huge delay delivering mail Message-ID: <200306032310.h53NAES31233@ori.rl.ac.uk> Hi again, For what I've seen I suspect it's sendmail2 that isn't being called... Does this make sense? The mail usually takes up to 10 minutes and more to be delivered (this is the largest delay I've registered). I suppose it's when sendmail queue is flushed, like you said... Any tips on what might be wrong? thank you Figueira > At 13:00 03/06/2003, you wrote: > >Hello, > > > >I've installed mailscanner some time ago, (and I am quite happy with it ;) > >). The problem is that it takes too long between receiving the mail message > >and delivering it to the recipient. > > > >At first I thought it could be the batch mode. I configured it to scan all > >the messages at the moment they arrive. It still takes a lot of time to > >deliver... > > > >any tips or ideas? > > Check the "Sendmail" and "Sendmail2" settings. Particularly if you aren't > using sendmail as your MTA. If these are wrong, it can end up waiting until > the next queue run happens before delivering your messages. > > On a lightly loaded system, the latency through MailScanner should be 1 or > 2 seconds. Anything much longer than that is wrong. > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > -- Adira já ao Net Dialup Light. Acesso profissional gratuito. NovisNet, a Internet de quem trabalha. http://www.novisnet.pt From Steve at swaney.com Wed Jun 4 03:54:01 2003 From: Steve at swaney.com (Stephen Swaney) Date: Thu Jan 12 21:18:22 2006 Subject: Attachment feature in MailScanner 4.21-9 In-Reply-To: References: <20030602150159.GB13592@carrick.bishnet.net> <20030603072530.GH17784@carrick.bishnet.net> <20030603072530.GH17784@carrick.bishnet.net> Message-ID: <1054695241.27182.98.camel@speedy> If you haven't tried the attachment feature in the latest version of MailScanner - DO! Our users love it. No more nasty images or offensive messages. It's nice to get some kudos from the users for a change. It's believe it's worth an upgrade just for this feature. My upgrades to RH 7 and RH 8 and RH 9 systems were absolutely painless. This doesn't mean you shouldn't test first, just that the updates on my systems went well. Steve Stephen Swaney President Fortress Systems, Ltd. Steve.Swaney@fsl.com Phone: 202 352-3262 U.S. Toll Free Phone and Fax: 877 746-6636 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030603/9a4593cc/attachment.html From forrie at FORRIE.COM Wed Jun 4 07:19:15 2003 From: forrie at FORRIE.COM (Forrest Aldrich) Date: Thu Jan 12 21:18:22 2006 Subject: Forwarding spam to FTC In-Reply-To: <00d501c32a13$03cc1f00$d601a8c0@Laptop1> References: Message-ID: <6.0.0.9.2.20030604021706.01e40cd8@192.168.1.1> At 04:59 PM 6/3/2003, you wrote: >I was referring the national government whom FTC is a part of. [ ... ] I wouldn't expect the FTC to handle anything other than a high-profile case -- they can't possibly have the resources to do that (read: goverment salaries, limited resources). Not necessarily their fault :-) Regarding the script at http://www.kluge.net/~felicity/random/handlespam.txt This seems very useful and could be modified. I actually posted a message elsewhere asking if someone had made such a beast - I'm spending way too much time forwarding spam to RICOCHET and RAZOR-REPORT. However, there are times where RICOCHET cannot get complete info through XWhois (perl) and crashes -- sometimes it's pretty obviously a parsing error and you must manually submit --- so an error condition would need to be added to this one. Forrest From raymond at PROLOCATION.NET Wed Jun 4 07:33:57 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:22 2006 Subject: New f-prot Message-ID: Hi! New versions are out it seems: Mirrored ftp.f-prot.com F-PROT mirror (ftp.f-prot.com:/pub -> /home/ftp/pub/Antivirus/ftp.f-prot.com) ftp.f-prot.com F-PROT mirror @ 4 Jun 103 02:31 Got bsd/MD5SUMS 388 1 Got bsd/fp-freebsd-ws-4.0.0.tar.gz.md5 61 1 Got bsd/fp-freebsd-ws.tar.gz.md5 55 0 Got bsd/fp-netbsd-ws-4.0.0.tar.gz.md5 60 1 Got bsd/fp-netbsd-ws.tar.gz.md5 54 0 Got bsd/fp-openbsd-ws-4.0.0.tar.gz.md5 61 1 Got bsd/fp-openbsd-ws.tar.gz.md5 55 1 Got bsd/fp-openbsd-ws-4.0.0.tar.gz 1980310 8 Got bsd/fp-netbsd-ws-4.0.0.tar.gz 1979358 8 Got bsd/fp-freebsd-ws-4.0.0.tar.gz 1979215 9 Got linux/fp-linux-ws.rpm.md5 50 0 Got linux/fp-linux-ws.tar.gz.md5 53 1 Got linux/fp-linux-ws_4.0.0-1_i386.deb.md5 63 0 Got linux/MD5SUMS 380 1 Got linux/fp-linux-ws-4.0.0-1.i386.rpm.md5 63 1 Got linux/fp-linux-ws-4.0.0.tar.gz.md5 59 0 Got linux/fp-linux-ws.deb.md5 50 1 Got linux/fp-linux-ws-4.0.0-1.i386.rpm 2158049 9 Got linux/fp-linux-ws-4.0.0.tar.gz 2169796 9 Got linux/fp-linux-ws_4.0.0-1_i386.deb 2155482 8 Did anyone try yet if the wrapper still works on the new version ? Bye, Raymond. From tim-lists at BISHNET.NET Wed Jun 4 08:28:26 2003 From: tim-lists at BISHNET.NET (Tim Bishop) Date: Thu Jan 12 21:18:22 2006 Subject: New f-prot In-Reply-To: References: Message-ID: <20030604072826.GD30883@carrick.bishnet.net> On Wed, Jun 04, 2003 at 08:33:57AM +0200, Raymond Dijkxhoorn wrote: > New versions are out it seems: > > ... > > Did anyone try yet if the wrapper still works on the new version ? Not yet, I was sort of hoping someone else would :) Tim. -- Tim Bishop http://www.bishnet.net/tim PGP Key: 0x5AE7D984 From raymond at PROLOCATION.NET Wed Jun 4 09:54:35 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:22 2006 Subject: New f-prot In-Reply-To: <20030604072826.GD30883@carrick.bishnet.net> Message-ID: Hi! > > Did anyone try yet if the wrapper still works on the new version ? > > Not yet, I was sort of hoping someone else would :) Seems to work just fine, the program version is different but the scanning engine is about the same version. See: [root@vmx01 f-prot]# ./f-prot /etc/passwd Virus scanning report - 4 June 2003 @ 10:37 F-PROT ANTIVIRUS Program version: 3.13 Engine version: 3.13.1 VIRUS SIGNATURE FILES SIGN.DEF created 31 May 2003 SIGN2.DEF created 31 May 2003 MACRO.DEF created 2 June 2003 Search: /etc/passwd Action: Report only Files: Attempt to identify files Switches: Results of virus scanning: Files: 1 MBRs: 0 Boot sectors: 0 Objects scanned: 1 Time: 0:00 No viruses or suspicious files/boot sectors were found. [root@vmx01 f-prot]# [root@vmx01 f-prot]# ./f-prot /etc/passwd Virus scanning report - 4 June 2003 @ 10:37 F-PROT ANTIVIRUS Program version: 4.0.0 Engine version: 3.13.3 VIRUS SIGNATURE FILES SIGN.DEF created 31 May 2003 SIGN2.DEF created 31 May 2003 MACRO.DEF created 2 June 2003 Search: /etc/passwd Action: Report only Files: Attempt to identify files Switches: Results of virus scanning: Files: 1 MBRs: 0 Boot sectors: 0 Objects scanned: 1 Time: 0:00 No viruses or suspicious files/boot sectors were found. [root@vmx01 f-prot]# Output is identical. I have it running on one of my relays now, so far so good. I also had a look on the license.html thats included in the package, seems nothing different from the old version. Bye, Raymond. From dot at DOTAT.AT Wed Jun 4 09:51:09 2003 From: dot at DOTAT.AT (Tony Finch) Date: Thu Jan 12 21:18:22 2006 Subject: MailScanner cron job? In-Reply-To: Message-ID: "Chris W. Parker" wrote: > >I've got a Pentium 200mhz machine with 64 megs of ram and I notice that = >the computer gets REALLY REALLY slow from about 11am to 2pm or = >thereabouts. Here is an example of how bad it is... > >[cparker@filter ~/public_html/reports]$ uptime > 12:29pm up 18 days, 21:19, 1 user, load average: 10.32, 10.39, 8.96 > >Isn't that rediculous? You probably have a Max Children setting that's too high. Unlike Apache (whose child worker processes don't do anything when the machine is idle, and will happily page out), MailScanner is continuously active scanning the incoming queue for new messages. Also unlike Apache, MailScanner's child processes are big and don't share much of their memory -- on my setup each child uses 20MB. I would run with Max Children = 2 on your machine. Tony. -- f.a.n.finch http://dotat.at/ FAIR ISLE: SOUTHEASTERLY 5 OR 6 BECOMING VARIABLE 3 OR 4. RAIN AT TIMES. MODERATE WITH FOG PATCHES BECOMING GOOD. From raymond at PROLOCATION.NET Wed Jun 4 10:26:42 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:22 2006 Subject: New f-prot In-Reply-To: Message-ID: Hi! > > Not yet, I was sort of hoping someone else would :) > > Seems to work just fine, the program version is different but the scanning > engine is about the same version. Seems safe to install :) Jun 4 11:21:06 vmx01 sendmail[27985]: h549L6gv027985: to=, delay=00:00:00, mailer=smtp, pri=30454, stat=queued Jun 4 11:21:07 vmx01 MailScanner[27724]: New Batch: Scanning 1 messages, 331025 bytes Jun 4 11:21:07 vmx01 MailScanner[27724]: Spam Checks: Starting Jun 4 11:21:10 vmx01 MailScanner[27724]: Virus and Content Scanning: Starting Jun 4 11:21:10 vmx01 MailScanner[27724]: /var/spool/MailScanner/incoming/27724/h549L6gv027985/test.zip->Gaq.scr Infection: W32/Klez.H@mm Jun 4 11:21:10 vmx01 MailScanner[27724]: Virus Scanning: F-Prot found virus W32/Klez.H@mm Jun 4 11:21:10 vmx01 MailScanner[27724]: /var/spool/MailScanner/incoming/27724/h549L6gv027985/test.zip->Hacker.scr Infection: W32/Lentin.H@mm Jun 4 11:21:10 vmx01 MailScanner[27724]: Virus Scanning: F-Prot found virus W32/Lentin.H@mm Jun 4 11:21:10 vmx01 MailScanner[27724]: /var/spool/MailScanner/incoming/27724/h549L6gv027985/test.zip->Movie_0074.mpeg.pif Infection: W32/Sobig.A@mm Jun 4 11:21:10 vmx01 MailScanner[27724]: Virus Scanning: F-Prot found virus W32/Sobig.A@mm Jun 4 11:21:11 vmx01 MailScanner[27724]: /var/spool/MailScanner/incoming/27724/h549L6gv027985/test.zip->picacu.exe Infection: W32/Klez.H@mm Jun 4 11:21:11 vmx01 MailScanner[27724]: Virus Scanning: F-Prot found virus W32/Klez.H@mm Jun 4 11:21:11 vmx01 MailScanner[27724]: /var/spool/MailScanner/incoming/27724/h549L6gv027985/test.zip->xx.scr Infection: W32/Ganda.A@mm Jun 4 11:21:11 vmx01 MailScanner[27724]: Virus Scanning: F-Prot found virus W32/Ganda.A@mm Jun 4 11:21:11 vmx01 MailScanner[27724]: Virus Scanning: F-Prot found 5 infections Jun 4 11:21:11 vmx01 MailScanner[27724]: Autodetected 2 CPUs. Starting 2 threads. Jun 4 11:21:11 vmx01 MailScanner[27724]: /var/spool/MailScanner/incoming/27724/./h549L6gv027985/test.zip: Worm/Klez.H FOUND Jun 4 11:21:11 vmx01 MailScanner[27724]: Virus Scanning: ClamAV found 1 infections Jun 4 11:21:11 vmx01 MailScanner[27724]: Virus Scanning: Found 1 viruses Jun 4 11:21:11 vmx01 MailScanner[27724]: Saved infected "test.zip" to /var/spool/MailScanner/quarantine/20030604/h549L6gv027985 I have to test with a tmpfs install also, since this is scanning on plain disk, but i dont think any problems will arive there since its the same engine. Bye, Raymond. From mailscanner at ecs.soton.ac.uk Wed Jun 4 10:56:53 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:22 2006 Subject: Huge delay delivering mail In-Reply-To: <200306032310.h53NAES31233@ori.rl.ac.uk> Message-ID: <5.2.1.1.2.20030604105618.026d1c30@imap.ecs.soton.ac.uk> What are the settings from the top of your MailScanner.conf (pretty much up to and including the Sendmail2 setting). At 00:10 04/06/2003, you wrote: >Hi again, > >For what I've seen I suspect it's sendmail2 that isn't being called... Does >this make sense? > >The mail usually takes up to 10 minutes and more to be delivered (this is the >largest delay I've registered). I suppose it's when sendmail queue is flushed, >like you said... > >Any tips on what might be wrong? > >thank you >Figueira > > > > At 13:00 03/06/2003, you wrote: > > >Hello, > > > > > >I've installed mailscanner some time ago, (and I am quite happy with it ;) > > >). The problem is that it takes too long between receiving the mail > message > > >and delivering it to the recipient. > > > > > >At first I thought it could be the batch mode. I configured it to scan all > > >the messages at the moment they arrive. It still takes a lot of time to > > >deliver... > > > > > >any tips or ideas? > > > > Check the "Sendmail" and "Sendmail2" settings. Particularly if you aren't > > using sendmail as your MTA. If these are wrong, it can end up waiting > until > > the next queue run happens before delivering your messages. > > > > On a lightly loaded system, the latency through MailScanner should be 1 or > > 2 seconds. Anything much longer than that is wrong. > > -- > > Julian Field > > www.MailScanner.info > > MailScanner thanks transtec Computers for their support > > >-- >Adira j? ao Net Dialup Light. Acesso profissional gratuito. >NovisNet, a Internet de quem trabalha. http://www.novisnet.pt -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Wed Jun 4 10:50:19 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:22 2006 Subject: NDR delivery In-Reply-To: <1054677478.2373.49.camel@nomad.userfriendly.net> References: <5.2.0.9.2.20030603144859.0786afa0@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030603144859.0786afa0@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030604104802.027e46a8@imap.ecs.soton.ac.uk> At 22:58 03/06/2003, you wrote: >I am still unsure what the syntax of the deliver rules will look like. I >can set the Spam and Nonspam Action rulesets up to delet eby default, >butt where do the delivery rules go, and what format would they take? You could set all 3 of the "Actions" settings to the same rules file to start with. Make it look like this: FromOrTo: default delete FromOrTo: user1 deliver FromOrTo: user2 deliver Then it will delete all mail for anyone other than user1 and user2. >Thanks >Michael Weinre >-- >On Tue, 2003-06-03 at 10:00, Julian Field wrote: > > This is the job of the MTA, not MailScanner. > > If there aren't many users, you could knock up something with a Spam > > Actions ruleset and a Non Spam Actions ruleset (set the default to "delete" > > and create explicit "deliver" rules for the users who actually exist). > -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From Cleveland at MAIL.WINNEFOX.ORG Wed Jun 4 13:57:39 2003 From: Cleveland at MAIL.WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:18:22 2006 Subject: Upgraded SpamAssassin, now it's not working with MS Message-ID: <84CFA712F666B44A94CE6BE116BAF4B0B4E958@mail.winnefox.org> Hello, > Please deinstall the RPM (rpm -e 's) and install via > CPAN. There was a posting about this earlier this week about it. > > perl -MCPAN -e shell > > CPAN> install Mail::SpamAssassin Ok, I did that. It removed fine, and seemed to install fine. My question now is, how do I start it since it's no longer a service? I did a search for spamd and it found it in /var/lock. Also, how do I get it to start automatically? Will MailScanner take care of that? Jody From raymond at PROLOCATION.NET Wed Jun 4 14:00:07 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:22 2006 Subject: Upgraded SpamAssassin, now it's not working with MS In-Reply-To: <84CFA712F666B44A94CE6BE116BAF4B0B4E958@mail.winnefox.org> Message-ID: Hi! > > CPAN> install Mail::SpamAssassin > > Ok, I did that. It removed fine, and seemed to install fine. My question > now is, how do I start it since it's no longer a service? I did a search > for spamd and it found it in /var/lock. Also, how do I get it to start > automatically? Will MailScanner take care of that? You do exactly NOTHING :) Disable the deamons that were running (spamd ect ect). MS will pic it up automaticly once configured. Bye, Raymond. From Cleveland at MAIL.WINNEFOX.ORG Wed Jun 4 14:14:45 2003 From: Cleveland at MAIL.WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:18:22 2006 Subject: Upgraded SpamAssassin, now it's not working with MS Message-ID: <84CFA712F666B44A94CE6BE116BAF4B0B4E959@mail.winnefox.org> > You do exactly NOTHING :) Disable the deamons that were > running (spamd ect ect). MS will pic it up automaticly once > configured. Cool. Ok, I've got SpamAssassin upgraded, I downloaded MailScanner 4.21-9, ran install.sh and then ran the upgrade_MailScanner_conf file in etc/MailScanner. Is there anything else I need to do before running service MailScanner start? Thank you all for your patience and help. Jody From rgrignon at INPHACT.COM Wed Jun 4 14:38:01 2003 From: rgrignon at INPHACT.COM (rgrignon@INPHACT.COM) Date: Thu Jan 12 21:18:22 2006 Subject: Attachment feature in MailScanner 4.21-9 Message-ID: Where was the option to turn that on. I was reading about it but didn't notice the change in the config file. Thanks, Rob -----Original Message----- From: Stephen Swaney [mailto:Steve@SWANEY.COM] Sent: Tuesday, June 03, 2003 9:54 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Attachment feature in MailScanner 4.21-9 If you haven't tried the attachment feature in the latest version of MailScanner - DO! Our users love it. No more nasty images or offensive messages. It's nice to get some kudos from the users for a change. It's believe it's worth an upgrade just for this feature. My upgrades to RH 7 and RH 8 and RH 9 systems were absolutely painless. This doesn't mean you shouldn't test first, just that the updates on my systems went well. Steve Stephen Swaney President Fortress Systems, Ltd. Steve.Swaney@fsl.com Phone: 202 352-3262 U.S. Toll Free Phone and Fax: 877 746-6636 -- This message has been scanned and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030604/8373bb53/attachment.html From rgrignon at INPHACT.COM Wed Jun 4 14:40:12 2003 From: rgrignon at INPHACT.COM (rgrignon@INPHACT.COM) Date: Thu Jan 12 21:18:22 2006 Subject: MailScanner delivering blocked attachments? Message-ID: This happened to me as well. It was the "microsoft" virus. The .exe went into the quarantine but was also delivered to the client. I have upgraded since.... Rob -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: Monday, June 02, 2003 4:06 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MailScanner delivering blocked attachments? Has anyone else seen this happening? At 21:59 02/06/2003, you wrote: >We've got two email gateways, both running MailScanner 4.20-3. This >afternoon we had a strange occurrence: an .exe (banned attachment) was >tagged by the outside gateway as banned, yet still delivered to the inside >gateway with the attachment intact. (See log snippets.) THEN, as this user >is apparently nonexistent, the bounce message, with attachment intact, >passed back through the internal gateway! This time, however, the attachment >was stripped. > >Any idea why this might have happened? Never seen this before; all other >EXEs and other banned filetypes have been dropped with no problem. > >External gateway ("1.1.1.2"): > >Jun 2 15:58:30 external-smtp sendmail[29916]: h52JwT829916: >from=, size=10272, class=0, nrcpts=1, >msgid=<4F043329520A7A4D997C792418D9E552010991CC@osgood.yyy.com>, proto=SMTP, >daemon=MTA, relay=mail.yyy.com [000.000.000.000] >Jun 2 15:58:30 external-smtp sendmail[29916]: h52JwT829916: >to=, delay=00:00:01, mailer=esmtp, pri=40272, stat=queued >Jun 2 15:58:33 external-smtp MailScanner[18247]: Saved entire message to >/var/spool/MailScanner/quarantine/20030602/h52JwT829916 >Jun 2 15:58:33 external-smtp MailScanner[18247]: Saved infected >"REPAIR.EXE" to /var/spool/MailScanner/quarantine/20030602/h52JwT829916 >Jun 2 15:59:33 external-smtp sendmail[29990]: h52JwT829916: >to=, delay=00:01:04, xdelay=00:00:00, mailer=esmtp, pri=130272, >relay=[1.1.1.1] [1.1.1.1], dsn=2.0.0, stat=Sent (h52JxX5j021222 Message >accepted for delivery) > >Internal gateway ("1.1.1.1"): > >Jun 2 15:59:33 smtp sendmail[21222]: h52JxX5j021222: from=, >size=1977, class=0, nrcpts=1, >msgid=<4F043329520A7A4D997C792418D9E552010991CC@osgood.yyy.com>, >proto=ESMTP, daemon=MTA, relay=external-smtp.cocci.com [1.1.1.2] >Jun 2 15:59:33 smtp sendmail[21222]: h52JxX5j021222: to=, >delay=00:00:00, mailer=esmtp, pri=31029, stat=queued >Jun 2 15:59:35 smtp MailScanner[21082]: Saved entire message to >/var/spool/MailScanner/quarantine/20030602/h52JxX5j021222 >Jun 2 15:59:35 smtp MailScanner[21082]: Saved infected "REPAIR.EXE" to >/var/spool/MailScanner/quarantine/20030602/h52JxX5j021222 >Jun 2 16:00:52 smtp sendmail[21488]: h52JxX5j021222: to=, >delay=00:01:19, xdelay=00:00:00, mailer=esmtp, pri=121029, relay=[2.2.2.2] >[2.2.2.2], dsn=2.0.0, stat=Sent (Ok) > >Then, on the internal: > >Jun 2 16:00:53 smtp sendmail[21520]: h52K0r5f021520: from=<>, size=2793, >class=0, nrcpts=1, msgid=, proto=SMTP, >daemon=MTA, relay=[2.2.2.2] >Jun 2 16:00:53 smtp sendmail[21520]: h52K0r5f021520: to=, >delay=00:00:00, mailer=relay, pri=30430, stat=queued >Jun 2 16:00:54 smtp MailScanner[20490]: Saved entire message to >/var/spool/MailScanner/quarantine/20030602/h52K0r5f021520 >Jun 2 16:00:54 smtp MailScanner[20490]: Saved infected "REPAIR.EXE" to >/var/spool/MailScanner/quarantine/20030602/h52K0r5f021520 >Jun 2 16:01:38 smtp sendmail[21721]: h52K0r5f021520: to=, >delay=00:00:45, xdelay=00:00:00, mailer=relay, pri=120430, relay=[1.1.1.2] >[1.1.1.2], dsn=2.0.0, stat=Sent (h52K1c830645 Message accepted for delivery) > >Andrew Magnusson >Internet Product Analyst >COCC >1-877-678-0444 extension 640 > > > >*** This message originates from COCC, Inc. > >If the reader of this message, regardless of the address or routing, is >not an intended recipient, you are hereby notified that you have received >this transmittal in error and any review; use, distribution, dissemination >or copying is strictly prohibited. If you have received this message in >error, please delete this e-mail and all files transmitted with it from >your system and immediately notify COCC, Inc. by sending reply e-mail to >the sender of this message. > >Thank you. *** -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support -- This message has been scanned and is believed to be clean. From Steve at swaney.com Wed Jun 4 14:52:26 2003 From: Steve at swaney.com (Stephen Swaney) Date: Thu Jan 12 21:18:23 2006 Subject: Attachment feature in MailScanner 4.21-9 In-Reply-To: References: Message-ID: <1054734746.10031.174.camel@speedy> It's in MailScanner.conf _______________________________________________ # This is a list of actions to take when a message is spam. # It can be any combination of the following: # deliver - deliver the message as normal # delete - delete the message # store - store the message in the quarantine # bounce - send a rejection message back to the sender # forward user@domain.com - forward a copy of the message to user@domain.com # striphtml - convert all in-line HTML content to plain text. # You need to specify "deliver" as well for the # message to reach the original recipient. # attachment - Convert the original message into an attachment # of the message. This means the user has to take # an extra step to open the spam, and stops "web # bugs" very effectively. # # Note that the bounce message is created in such a way as to stop it # bouncing back to your site. # # This can also be the filename of a ruleset. #Spam Actions = store forward anonymous@ecs.soton.ac.uk bounce Spam Actions = attachment deliver _______________________________________________ Just configure the Spam Actions as shown above Works like a charm. Steve On Wed, 2003-06-04 at 09:38, rgrignon@INPHACT.COM wrote: > Where was the option to turn that on. I was reading about it but > didn't notice the change in the config file. > > Thanks, > Rob > > -----Original Message----- > From: Stephen Swaney [mailto:Steve@SWANEY.COM] > Sent: Tuesday, June 03, 2003 9:54 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Attachment feature in MailScanner 4.21-9 > > > If you haven't tried the attachment feature in the latest > version of MailScanner - DO! > > Our users love it. No more nasty images or offensive messages. > It's nice to get some kudos from the users for a change. > > It's believe it's worth an upgrade just for this feature. My > upgrades to RH 7 and RH 8 and RH 9 systems were absolutely > painless. This doesn't mean you shouldn't test first, just > that the updates on my systems went well. > > Steve > Stephen Swaney > President > Fortress Systems, Ltd. > Steve.Swaney@fsl.com > Phone: 202 352-3262 > U.S. Toll Free Phone and Fax: 877 746-6636 > -- > This message has been scanned and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030604/14d91326/attachment.html From mailscanner at ecs.soton.ac.uk Wed Jun 4 15:02:05 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:23 2006 Subject: Upgraded SpamAssassin, now it's not working with MS In-Reply-To: <84CFA712F666B44A94CE6BE116BAF4B0B4E959@mail.winnefox.org> Message-ID: <5.2.0.9.2.20030604150131.04ee5e78@imap.ecs.soton.ac.uk> At 14:14 04/06/2003, you wrote: > > You do exactly NOTHING :) Disable the deamons that were > > running (spamd ect ect). MS will pic it up automaticly once > > configured. > >Cool. Ok, I've got SpamAssassin upgraded, I downloaded MailScanner >4.21-9, ran install.sh and then ran the upgrade_MailScanner_conf file in >etc/MailScanner. > >Is there anything else I need to do before running service MailScanner >start? Just in case the cron job misbehaved (it shouldn't now), do a "service MailScanner stop" first. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Wed Jun 4 15:04:10 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:23 2006 Subject: MailScanner delivering blocked attachments? In-Reply-To: Message-ID: <5.2.0.9.2.20030604150322.043b8e78@imap.ecs.soton.ac.uk> Check that you have all 4 security patches applied to your MIME-tools installation. It's one of these that fixed this problem (a very long time ago). You may have all the patches on 1 scanner and not on the other one. At 14:40 04/06/2003, you wrote: >This happened to me as well. It was the "microsoft" virus. The .exe went >into the quarantine but was also delivered to the client. > >I have upgraded since.... > >Rob > >-----Original Message----- >From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] >Sent: Monday, June 02, 2003 4:06 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: MailScanner delivering blocked attachments? > > >Has anyone else seen this happening? > >At 21:59 02/06/2003, you wrote: > >We've got two email gateways, both running MailScanner 4.20-3. This > >afternoon we had a strange occurrence: an .exe (banned attachment) was > >tagged by the outside gateway as banned, yet still delivered to the inside > >gateway with the attachment intact. (See log snippets.) THEN, as this user > >is apparently nonexistent, the bounce message, with attachment intact, > >passed back through the internal gateway! This time, however, the >attachment > >was stripped. > > > >Any idea why this might have happened? Never seen this before; all other > >EXEs and other banned filetypes have been dropped with no problem. > > > >External gateway ("1.1.1.2"): > > > >Jun 2 15:58:30 external-smtp sendmail[29916]: h52JwT829916: > >from=, size=10272, class=0, nrcpts=1, > >msgid=<4F043329520A7A4D997C792418D9E552010991CC@osgood.yyy.com>, >proto=SMTP, > >daemon=MTA, relay=mail.yyy.com [000.000.000.000] > >Jun 2 15:58:30 external-smtp sendmail[29916]: h52JwT829916: > >to=, delay=00:00:01, mailer=esmtp, pri=40272, stat=queued > >Jun 2 15:58:33 external-smtp MailScanner[18247]: Saved entire message to > >/var/spool/MailScanner/quarantine/20030602/h52JwT829916 > >Jun 2 15:58:33 external-smtp MailScanner[18247]: Saved infected > >"REPAIR.EXE" to /var/spool/MailScanner/quarantine/20030602/h52JwT829916 > >Jun 2 15:59:33 external-smtp sendmail[29990]: h52JwT829916: > >to=, delay=00:01:04, xdelay=00:00:00, mailer=esmtp, >pri=130272, > >relay=[1.1.1.1] [1.1.1.1], dsn=2.0.0, stat=Sent (h52JxX5j021222 Message > >accepted for delivery) > > > >Internal gateway ("1.1.1.1"): > > > >Jun 2 15:59:33 smtp sendmail[21222]: h52JxX5j021222: from=, > >size=1977, class=0, nrcpts=1, > >msgid=<4F043329520A7A4D997C792418D9E552010991CC@osgood.yyy.com>, > >proto=ESMTP, daemon=MTA, relay=external-smtp.cocci.com [1.1.1.2] > >Jun 2 15:59:33 smtp sendmail[21222]: h52JxX5j021222: to=, > >delay=00:00:00, mailer=esmtp, pri=31029, stat=queued > >Jun 2 15:59:35 smtp MailScanner[21082]: Saved entire message to > >/var/spool/MailScanner/quarantine/20030602/h52JxX5j021222 > >Jun 2 15:59:35 smtp MailScanner[21082]: Saved infected "REPAIR.EXE" to > >/var/spool/MailScanner/quarantine/20030602/h52JxX5j021222 > >Jun 2 16:00:52 smtp sendmail[21488]: h52JxX5j021222: to=, > >delay=00:01:19, xdelay=00:00:00, mailer=esmtp, pri=121029, relay=[2.2.2.2] > >[2.2.2.2], dsn=2.0.0, stat=Sent (Ok) > > > >Then, on the internal: > > > >Jun 2 16:00:53 smtp sendmail[21520]: h52K0r5f021520: from=<>, size=2793, > >class=0, nrcpts=1, msgid=, proto=SMTP, > >daemon=MTA, relay=[2.2.2.2] > >Jun 2 16:00:53 smtp sendmail[21520]: h52K0r5f021520: to=, > >delay=00:00:00, mailer=relay, pri=30430, stat=queued > >Jun 2 16:00:54 smtp MailScanner[20490]: Saved entire message to > >/var/spool/MailScanner/quarantine/20030602/h52K0r5f021520 > >Jun 2 16:00:54 smtp MailScanner[20490]: Saved infected "REPAIR.EXE" to > >/var/spool/MailScanner/quarantine/20030602/h52K0r5f021520 > >Jun 2 16:01:38 smtp sendmail[21721]: h52K0r5f021520: to=, > >delay=00:00:45, xdelay=00:00:00, mailer=relay, pri=120430, relay=[1.1.1.2] > >[1.1.1.2], dsn=2.0.0, stat=Sent (h52K1c830645 Message accepted for >delivery) > > > >Andrew Magnusson > >Internet Product Analyst > >COCC > >1-877-678-0444 extension 640 > > > > > > > >*** This message originates from COCC, Inc. > > > >If the reader of this message, regardless of the address or routing, is > >not an intended recipient, you are hereby notified that you have received > >this transmittal in error and any review; use, distribution, dissemination > >or copying is strictly prohibited. If you have received this message in > >error, please delete this e-mail and all files transmitted with it from > >your system and immediately notify COCC, Inc. by sending reply e-mail to > >the sender of this message. > > > >Thank you. *** > >-- >Julian Field >www.MailScanner.info >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support > >-- >This message has been scanned and is believed to be clean. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From Cleveland at MAIL.WINNEFOX.ORG Wed Jun 4 15:14:41 2003 From: Cleveland at MAIL.WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:18:23 2006 Subject: Upgraded SpamAssassin, now it's not working with MS Message-ID: <84CFA712F666B44A94CE6BE116BAF4B0B4E95C@mail.winnefox.org> > Just in case the cron job misbehaved (it shouldn't now), do a > "service MailScanner stop" first. Ahhh... Everything seems to be working fine. I noticed that the email headers show the version number of SA. Is there a way to have it show the MS version also? Jody From rgrignon at INPHACT.COM Wed Jun 4 15:24:43 2003 From: rgrignon at INPHACT.COM (rgrignon@INPHACT.COM) Date: Thu Jan 12 21:18:23 2006 Subject: MailScanner delivering blocked attachments? Message-ID: Would this be accomplished by making sure I have the most current MIME::Tools package? Thanks, Rob -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: Wednesday, June 04, 2003 9:04 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MailScanner delivering blocked attachments? Check that you have all 4 security patches applied to your MIME-tools installation. It's one of these that fixed this problem (a very long time ago). You may have all the patches on 1 scanner and not on the other one. At 14:40 04/06/2003, you wrote: >This happened to me as well. It was the "microsoft" virus. The .exe went >into the quarantine but was also delivered to the client. > >I have upgraded since.... > >Rob > >-----Original Message----- >From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] >Sent: Monday, June 02, 2003 4:06 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: MailScanner delivering blocked attachments? > > >Has anyone else seen this happening? > >At 21:59 02/06/2003, you wrote: > >We've got two email gateways, both running MailScanner 4.20-3. This > >afternoon we had a strange occurrence: an .exe (banned attachment) was > >tagged by the outside gateway as banned, yet still delivered to the inside > >gateway with the attachment intact. (See log snippets.) THEN, as this user > >is apparently nonexistent, the bounce message, with attachment intact, > >passed back through the internal gateway! This time, however, the >attachment > >was stripped. > > > >Any idea why this might have happened? Never seen this before; all other > >EXEs and other banned filetypes have been dropped with no problem. > > > >External gateway ("1.1.1.2"): > > > >Jun 2 15:58:30 external-smtp sendmail[29916]: h52JwT829916: > >from=, size=10272, class=0, nrcpts=1, > >msgid=<4F043329520A7A4D997C792418D9E552010991CC@osgood.yyy.com>, >proto=SMTP, > >daemon=MTA, relay=mail.yyy.com [000.000.000.000] > >Jun 2 15:58:30 external-smtp sendmail[29916]: h52JwT829916: > >to=, delay=00:00:01, mailer=esmtp, pri=40272, stat=queued > >Jun 2 15:58:33 external-smtp MailScanner[18247]: Saved entire message to > >/var/spool/MailScanner/quarantine/20030602/h52JwT829916 > >Jun 2 15:58:33 external-smtp MailScanner[18247]: Saved infected > >"REPAIR.EXE" to /var/spool/MailScanner/quarantine/20030602/h52JwT829916 > >Jun 2 15:59:33 external-smtp sendmail[29990]: h52JwT829916: > >to=, delay=00:01:04, xdelay=00:00:00, mailer=esmtp, >pri=130272, > >relay=[1.1.1.1] [1.1.1.1], dsn=2.0.0, stat=Sent (h52JxX5j021222 Message > >accepted for delivery) > > > >Internal gateway ("1.1.1.1"): > > > >Jun 2 15:59:33 smtp sendmail[21222]: h52JxX5j021222: from=, > >size=1977, class=0, nrcpts=1, > >msgid=<4F043329520A7A4D997C792418D9E552010991CC@osgood.yyy.com>, > >proto=ESMTP, daemon=MTA, relay=external-smtp.cocci.com [1.1.1.2] > >Jun 2 15:59:33 smtp sendmail[21222]: h52JxX5j021222: to=, > >delay=00:00:00, mailer=esmtp, pri=31029, stat=queued > >Jun 2 15:59:35 smtp MailScanner[21082]: Saved entire message to > >/var/spool/MailScanner/quarantine/20030602/h52JxX5j021222 > >Jun 2 15:59:35 smtp MailScanner[21082]: Saved infected "REPAIR.EXE" to > >/var/spool/MailScanner/quarantine/20030602/h52JxX5j021222 > >Jun 2 16:00:52 smtp sendmail[21488]: h52JxX5j021222: to=, > >delay=00:01:19, xdelay=00:00:00, mailer=esmtp, pri=121029, relay=[2.2.2.2] > >[2.2.2.2], dsn=2.0.0, stat=Sent (Ok) > > > >Then, on the internal: > > > >Jun 2 16:00:53 smtp sendmail[21520]: h52K0r5f021520: from=<>, size=2793, > >class=0, nrcpts=1, msgid=, proto=SMTP, > >daemon=MTA, relay=[2.2.2.2] > >Jun 2 16:00:53 smtp sendmail[21520]: h52K0r5f021520: to=, > >delay=00:00:00, mailer=relay, pri=30430, stat=queued > >Jun 2 16:00:54 smtp MailScanner[20490]: Saved entire message to > >/var/spool/MailScanner/quarantine/20030602/h52K0r5f021520 > >Jun 2 16:00:54 smtp MailScanner[20490]: Saved infected "REPAIR.EXE" to > >/var/spool/MailScanner/quarantine/20030602/h52K0r5f021520 > >Jun 2 16:01:38 smtp sendmail[21721]: h52K0r5f021520: to=, > >delay=00:00:45, xdelay=00:00:00, mailer=relay, pri=120430, relay=[1.1.1.2] > >[1.1.1.2], dsn=2.0.0, stat=Sent (h52K1c830645 Message accepted for >delivery) > > > >Andrew Magnusson > >Internet Product Analyst > >COCC > >1-877-678-0444 extension 640 > > > > > > > >*** This message originates from COCC, Inc. > > > >If the reader of this message, regardless of the address or routing, is > >not an intended recipient, you are hereby notified that you have received > >this transmittal in error and any review; use, distribution, dissemination > >or copying is strictly prohibited. If you have received this message in > >error, please delete this e-mail and all files transmitted with it from > >your system and immediately notify COCC, Inc. by sending reply e-mail to > >the sender of this message. > > > >Thank you. *** > >-- >Julian Field >www.MailScanner.info >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support > >-- >This message has been scanned and is believed to be clean. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support -- This message has been scanned and is believed to be clean. From dot at DOTAT.AT Wed Jun 4 16:00:32 2003 From: dot at DOTAT.AT (Tony Finch) Date: Thu Jan 12 21:18:23 2006 Subject: MailScanner talk Message-ID: The readers of this list might be interested in a talk that I gave to many of Cambridge University's computer support staff about our MailScanner setup. Apart from the Cambridge-specific information, there's a fair amount about our local policy and how it was formulated. http://www-uxsup.csx.cam.ac.uk/~fanf2/hermes/doc/talks/2003-05-techlinks/ Tony. -- f.a.n.finch http://dotat.at/ FITZROY: WESTERLY BACKING SOUTHERLY 5 OR 6, BUT 3 OR 4 IN SOUTH. RAIN OR SHOWERS. MODERATE OR GOOD. From raymond at PROLOCATION.NET Wed Jun 4 16:15:57 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:23 2006 Subject: MailScanner talk In-Reply-To: Message-ID: Hi! > The readers of this list might be interested in a talk that I gave > to many of Cambridge University's computer support staff about our > MailScanner setup. Apart from the Cambridge-specific information, > there's a fair amount about our local policy and how it was > formulated. > > http://www-uxsup.csx.cam.ac.uk/~fanf2/hermes/doc/talks/2003-05-techlinks/ Funny pics. :) Bye, Raymond. From mailscanner at ecs.soton.ac.uk Wed Jun 4 15:25:21 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:23 2006 Subject: Upgraded SpamAssassin, now it's not working with MS In-Reply-To: <84CFA712F666B44A94CE6BE116BAF4B0B4E95C@mail.winnefox.org> Message-ID: <5.2.0.9.2.20030604152434.042b4848@imap.ecs.soton.ac.uk> At 15:14 04/06/2003, you wrote: > > Just in case the cron job misbehaved (it shouldn't now), do a > > "service MailScanner stop" first. > >Ahhh... Everything seems to be working fine. I noticed that the email >headers show the version number of SA. Not the MailScanner SA headers. Someone somewhere is running SpamAssassin on your mail by some other method. > Is there a way to have it show >the MS version also? No, I don't like giving information away like that. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From vnarayan at HAVERFORD.EDU Wed Jun 4 16:22:50 2003 From: vnarayan at HAVERFORD.EDU (Vasantha Narayanan) Date: Thu Jan 12 21:18:23 2006 Subject: SpamAssassin timed out and was killed... box too slow? In-Reply-To: <00b001c32a20$b8481e40$6701a8c0@home.middlefinger.net> References: <001BD19C96E6E64E8750D72C2EA0ECEE1AE090@ati-ex-01.ati.local> Message-ID: <5.1.0.14.0.20030604111233.0286edf8@popmail.haverford.edu> We've a SunBlade 100 (500 Mhz) with 500 Mem running Solaris 2.8. The machine does nothing other than MailScanning. It is not even a MailServer. The MailScanner itself works perfectly. It is only when I turn on SpamAssassin that the load on the machine gets really high. A lot of mail gets accumulated in the incoming queue waiting to be scanned. I'm running 15 mailscanner processes and it forks and gets doubled whenever I turn on SpamAssassin. Pretty soon the following error shows up in the log: Jun 3 15:57:07 nisc4 MailScanner[5766]: SpamAssassin timed out and was killed, consecutive failure 1 of 20 Jun 3 15:57:41 nisc4 MailScanner[5758]: SpamAssassin timed out and was killed, consecutive failure 1 of 20 Jun 3 15:58:14 nisc4 MailScanner[5750]: SpamAssassin timed out and was killed, consecutive failure 1 of 20 Jun 3 16:00:08 nisc4 MailScanner[5774]: SpamAssassin timed out and was killed, consecutive failure 1 of 20 Have others seen this problem? How have you fixed the problem? We've MailScanner-4.20-3 with SpamAssassin-2.50. The SpamAssassin Timeout is set to 40 and Scanner timeout is set to 10 (that is the default in that version of MailScanner) I'd really appreciate some suggestions. Thanks. Vasantha At 05:37 PM 6/3/2003 -0500, you wrote: >What kind of horsepower does your box have? OS? > >Mike > > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of Chris W. Parker >Sent: Tuesday, June 03, 2003 5:28 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: SpamAssassin timed out and was killed... box too slow? > > >Vasantha Narayanan wrote: > > > Did you find a solution yet? > >No I did not. > > > I'm having the same problem. > >I feel your pain. :( > > > >Chris. VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV Vasantha Narayanan Networking and Systems email: vnarayan@haverford.edu Haverford College, PA Phone: 610-896-1110 From mailscanner at ecs.soton.ac.uk Wed Jun 4 16:20:25 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:23 2006 Subject: MailScanner delivering blocked attachments? In-Reply-To: Message-ID: <5.2.0.9.2.20030604161840.047a91c8@imap.ecs.soton.ac.uk> No. You don't want the most recent MIME-tools packages, they are buggy as hell. You want to stick with 5.411 but check to make sure your system has the 4 security patches applied. What version of what OS are you running? If you used the RPM distribution of MailScanner then all these patches should have been applied automatically. If you are running a non-RPM system then you will have installed MIME-tools by hand and should have applied the patches yourself, as described in the MailScanner documentation. At 15:24 04/06/2003, you wrote: >Would this be accomplished by making sure I have the most current >MIME::Tools package? > >Thanks, > >Rob > >-----Original Message----- >From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] >Sent: Wednesday, June 04, 2003 9:04 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: MailScanner delivering blocked attachments? > > >Check that you have all 4 security patches applied to your MIME-tools >installation. It's one of these that fixed this problem (a very long time >ago). You may have all the patches on 1 scanner and not on the other one. > >At 14:40 04/06/2003, you wrote: > >This happened to me as well. It was the "microsoft" virus. The .exe went > >into the quarantine but was also delivered to the client. > > > >I have upgraded since.... > > > >Rob > > > >-----Original Message----- > >From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > >Sent: Monday, June 02, 2003 4:06 PM > >To: MAILSCANNER@JISCMAIL.AC.UK > >Subject: Re: MailScanner delivering blocked attachments? > > > > > >Has anyone else seen this happening? > > > >At 21:59 02/06/2003, you wrote: > > >We've got two email gateways, both running MailScanner 4.20-3. This > > >afternoon we had a strange occurrence: an .exe (banned attachment) was > > >tagged by the outside gateway as banned, yet still delivered to the >inside > > >gateway with the attachment intact. (See log snippets.) THEN, as this >user > > >is apparently nonexistent, the bounce message, with attachment intact, > > >passed back through the internal gateway! This time, however, the > >attachment > > >was stripped. > > > > > >Any idea why this might have happened? Never seen this before; all other > > >EXEs and other banned filetypes have been dropped with no problem. > > > > > >External gateway ("1.1.1.2"): > > > > > >Jun 2 15:58:30 external-smtp sendmail[29916]: h52JwT829916: > > >from=, size=10272, class=0, nrcpts=1, > > >msgid=<4F043329520A7A4D997C792418D9E552010991CC@osgood.yyy.com>, > >proto=SMTP, > > >daemon=MTA, relay=mail.yyy.com [000.000.000.000] > > >Jun 2 15:58:30 external-smtp sendmail[29916]: h52JwT829916: > > >to=, delay=00:00:01, mailer=esmtp, pri=40272, stat=queued > > >Jun 2 15:58:33 external-smtp MailScanner[18247]: Saved entire message to > > >/var/spool/MailScanner/quarantine/20030602/h52JwT829916 > > >Jun 2 15:58:33 external-smtp MailScanner[18247]: Saved infected > > >"REPAIR.EXE" to /var/spool/MailScanner/quarantine/20030602/h52JwT829916 > > >Jun 2 15:59:33 external-smtp sendmail[29990]: h52JwT829916: > > >to=, delay=00:01:04, xdelay=00:00:00, mailer=esmtp, > >pri=130272, > > >relay=[1.1.1.1] [1.1.1.1], dsn=2.0.0, stat=Sent (h52JxX5j021222 Message > > >accepted for delivery) > > > > > >Internal gateway ("1.1.1.1"): > > > > > >Jun 2 15:59:33 smtp sendmail[21222]: h52JxX5j021222: from=, > > >size=1977, class=0, nrcpts=1, > > >msgid=<4F043329520A7A4D997C792418D9E552010991CC@osgood.yyy.com>, > > >proto=ESMTP, daemon=MTA, relay=external-smtp.cocci.com [1.1.1.2] > > >Jun 2 15:59:33 smtp sendmail[21222]: h52JxX5j021222: to=, > > >delay=00:00:00, mailer=esmtp, pri=31029, stat=queued > > >Jun 2 15:59:35 smtp MailScanner[21082]: Saved entire message to > > >/var/spool/MailScanner/quarantine/20030602/h52JxX5j021222 > > >Jun 2 15:59:35 smtp MailScanner[21082]: Saved infected "REPAIR.EXE" to > > >/var/spool/MailScanner/quarantine/20030602/h52JxX5j021222 > > >Jun 2 16:00:52 smtp sendmail[21488]: h52JxX5j021222: to=, > > >delay=00:01:19, xdelay=00:00:00, mailer=esmtp, pri=121029, >relay=[2.2.2.2] > > >[2.2.2.2], dsn=2.0.0, stat=Sent (Ok) > > > > > >Then, on the internal: > > > > > >Jun 2 16:00:53 smtp sendmail[21520]: h52K0r5f021520: from=<>, size=2793, > > >class=0, nrcpts=1, msgid=, proto=SMTP, > > >daemon=MTA, relay=[2.2.2.2] > > >Jun 2 16:00:53 smtp sendmail[21520]: h52K0r5f021520: to=, > > >delay=00:00:00, mailer=relay, pri=30430, stat=queued > > >Jun 2 16:00:54 smtp MailScanner[20490]: Saved entire message to > > >/var/spool/MailScanner/quarantine/20030602/h52K0r5f021520 > > >Jun 2 16:00:54 smtp MailScanner[20490]: Saved infected "REPAIR.EXE" to > > >/var/spool/MailScanner/quarantine/20030602/h52K0r5f021520 > > >Jun 2 16:01:38 smtp sendmail[21721]: h52K0r5f021520: to=, > > >delay=00:00:45, xdelay=00:00:00, mailer=relay, pri=120430, >relay=[1.1.1.2] > > >[1.1.1.2], dsn=2.0.0, stat=Sent (h52K1c830645 Message accepted for > >delivery) > > > > > >Andrew Magnusson > > >Internet Product Analyst > > >COCC > > >1-877-678-0444 extension 640 > > > > > > > > > > > >*** This message originates from COCC, Inc. > > > > > >If the reader of this message, regardless of the address or routing, is > > >not an intended recipient, you are hereby notified that you have received > > >this transmittal in error and any review; use, distribution, >dissemination > > >or copying is strictly prohibited. If you have received this message in > > >error, please delete this e-mail and all files transmitted with it from > > >your system and immediately notify COCC, Inc. by sending reply e-mail to > > >the sender of this message. > > > > > >Thank you. *** > > > >-- > >Julian Field > >www.MailScanner.info > >Professional Support Services at www.MailScanner.biz > >MailScanner thanks transtec Computers for their support > > > >-- > >This message has been scanned and is believed to be clean. > >-- >Julian Field >www.MailScanner.info >MailScanner thanks transtec Computers for their support > >-- >This message has been scanned and is believed to be clean. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Wed Jun 4 16:21:38 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:23 2006 Subject: MailScanner talk In-Reply-To: References: Message-ID: <5.2.0.9.2.20030604162039.041e2710@imap.ecs.soton.ac.uk> At 16:15 04/06/2003, you wrote: >Hi! > > > The readers of this list might be interested in a talk that I gave > > to many of Cambridge University's computer support staff about our > > MailScanner setup. Apart from the Cambridge-specific information, > > there's a fair amount about our local policy and how it was > > formulated. > > > > http://www-uxsup.csx.cam.ac.uk/~fanf2/hermes/doc/talks/2003-05-techlinks/ > >Funny pics. :) While we're on the subject of "talks", I have put tomorrow's presentation for the JANET CERT conference on the web as well. It's at http://www.sng.ecs.soton.ac.uk/mailscanner/Presentation -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From Denis.Beauchemin at USHERBROOKE.CA Wed Jun 4 16:29:05 2003 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:18:23 2006 Subject: Bayesian training and spam attachment Message-ID: <1054740545.22566.45.camel@dbeauchemin.si.usherbrooke.ca> Hello, I am working on implementing a shared folder to drop spam/ham into to educate the Bayesian filter of SA. If I turn on the "Spam Action = attachment deliver" in MS, will the resulting email be suitable to be fed in sa-learn or will I have to remove the message that was included in the email? Thanks again! Denis -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x2252 F: 819.821.8045 From rgrignon at INPHACT.COM Wed Jun 4 16:32:47 2003 From: rgrignon at INPHACT.COM (rgrignon@INPHACT.COM) Date: Thu Jan 12 21:18:23 2006 Subject: MailScanner delivering blocked attachments? Message-ID: Thanks Julian, I'm running redhat9.0 I installed the recent version through RPM. I did notice quite a few packages were upgraded when I applied the new version. Thanks again, Rob -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: Wednesday, June 04, 2003 10:20 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MailScanner delivering blocked attachments? No. You don't want the most recent MIME-tools packages, they are buggy as hell. You want to stick with 5.411 but check to make sure your system has the 4 security patches applied. What version of what OS are you running? If you used the RPM distribution of MailScanner then all these patches should have been applied automatically. If you are running a non-RPM system then you will have installed MIME-tools by hand and should have applied the patches yourself, as described in the MailScanner documentation. At 15:24 04/06/2003, you wrote: >Would this be accomplished by making sure I have the most current >MIME::Tools package? > >Thanks, > >Rob > >-----Original Message----- >From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] >Sent: Wednesday, June 04, 2003 9:04 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: MailScanner delivering blocked attachments? > > >Check that you have all 4 security patches applied to your MIME-tools >installation. It's one of these that fixed this problem (a very long time >ago). You may have all the patches on 1 scanner and not on the other one. > >At 14:40 04/06/2003, you wrote: > >This happened to me as well. It was the "microsoft" virus. The .exe went > >into the quarantine but was also delivered to the client. > > > >I have upgraded since.... > > > >Rob > > > >-----Original Message----- > >From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > >Sent: Monday, June 02, 2003 4:06 PM > >To: MAILSCANNER@JISCMAIL.AC.UK > >Subject: Re: MailScanner delivering blocked attachments? > > > > > >Has anyone else seen this happening? > > > >At 21:59 02/06/2003, you wrote: > > >We've got two email gateways, both running MailScanner 4.20-3. This > > >afternoon we had a strange occurrence: an .exe (banned attachment) was > > >tagged by the outside gateway as banned, yet still delivered to the >inside > > >gateway with the attachment intact. (See log snippets.) THEN, as this >user > > >is apparently nonexistent, the bounce message, with attachment intact, > > >passed back through the internal gateway! This time, however, the > >attachment > > >was stripped. > > > > > >Any idea why this might have happened? Never seen this before; all other > > >EXEs and other banned filetypes have been dropped with no problem. > > > > > >External gateway ("1.1.1.2"): > > > > > >Jun 2 15:58:30 external-smtp sendmail[29916]: h52JwT829916: > > >from=, size=10272, class=0, nrcpts=1, > > >msgid=<4F043329520A7A4D997C792418D9E552010991CC@osgood.yyy.com>, > >proto=SMTP, > > >daemon=MTA, relay=mail.yyy.com [000.000.000.000] > > >Jun 2 15:58:30 external-smtp sendmail[29916]: h52JwT829916: > > >to=, delay=00:00:01, mailer=esmtp, pri=40272, stat=queued > > >Jun 2 15:58:33 external-smtp MailScanner[18247]: Saved entire message to > > >/var/spool/MailScanner/quarantine/20030602/h52JwT829916 > > >Jun 2 15:58:33 external-smtp MailScanner[18247]: Saved infected > > >"REPAIR.EXE" to /var/spool/MailScanner/quarantine/20030602/h52JwT829916 > > >Jun 2 15:59:33 external-smtp sendmail[29990]: h52JwT829916: > > >to=, delay=00:01:04, xdelay=00:00:00, mailer=esmtp, > >pri=130272, > > >relay=[1.1.1.1] [1.1.1.1], dsn=2.0.0, stat=Sent (h52JxX5j021222 Message > > >accepted for delivery) > > > > > >Internal gateway ("1.1.1.1"): > > > > > >Jun 2 15:59:33 smtp sendmail[21222]: h52JxX5j021222: from=, > > >size=1977, class=0, nrcpts=1, > > >msgid=<4F043329520A7A4D997C792418D9E552010991CC@osgood.yyy.com>, > > >proto=ESMTP, daemon=MTA, relay=external-smtp.cocci.com [1.1.1.2] > > >Jun 2 15:59:33 smtp sendmail[21222]: h52JxX5j021222: to=, > > >delay=00:00:00, mailer=esmtp, pri=31029, stat=queued > > >Jun 2 15:59:35 smtp MailScanner[21082]: Saved entire message to > > >/var/spool/MailScanner/quarantine/20030602/h52JxX5j021222 > > >Jun 2 15:59:35 smtp MailScanner[21082]: Saved infected "REPAIR.EXE" to > > >/var/spool/MailScanner/quarantine/20030602/h52JxX5j021222 > > >Jun 2 16:00:52 smtp sendmail[21488]: h52JxX5j021222: to=, > > >delay=00:01:19, xdelay=00:00:00, mailer=esmtp, pri=121029, >relay=[2.2.2.2] > > >[2.2.2.2], dsn=2.0.0, stat=Sent (Ok) > > > > > >Then, on the internal: > > > > > >Jun 2 16:00:53 smtp sendmail[21520]: h52K0r5f021520: from=<>, size=2793, > > >class=0, nrcpts=1, msgid=, proto=SMTP, > > >daemon=MTA, relay=[2.2.2.2] > > >Jun 2 16:00:53 smtp sendmail[21520]: h52K0r5f021520: to=, > > >delay=00:00:00, mailer=relay, pri=30430, stat=queued > > >Jun 2 16:00:54 smtp MailScanner[20490]: Saved entire message to > > >/var/spool/MailScanner/quarantine/20030602/h52K0r5f021520 > > >Jun 2 16:00:54 smtp MailScanner[20490]: Saved infected "REPAIR.EXE" to > > >/var/spool/MailScanner/quarantine/20030602/h52K0r5f021520 > > >Jun 2 16:01:38 smtp sendmail[21721]: h52K0r5f021520: to=, > > >delay=00:00:45, xdelay=00:00:00, mailer=relay, pri=120430, >relay=[1.1.1.2] > > >[1.1.1.2], dsn=2.0.0, stat=Sent (h52K1c830645 Message accepted for > >delivery) > > > > > >Andrew Magnusson > > >Internet Product Analyst > > >COCC > > >1-877-678-0444 extension 640 > > > > > > > > > > > >*** This message originates from COCC, Inc. > > > > > >If the reader of this message, regardless of the address or routing, is > > >not an intended recipient, you are hereby notified that you have received > > >this transmittal in error and any review; use, distribution, >dissemination > > >or copying is strictly prohibited. If you have received this message in > > >error, please delete this e-mail and all files transmitted with it from > > >your system and immediately notify COCC, Inc. by sending reply e-mail to > > >the sender of this message. > > > > > >Thank you. *** > > > >-- > >Julian Field > >www.MailScanner.info > >Professional Support Services at www.MailScanner.biz > >MailScanner thanks transtec Computers for their support > > > >-- > >This message has been scanned and is believed to be clean. > >-- >Julian Field >www.MailScanner.info >MailScanner thanks transtec Computers for their support > >-- >This message has been scanned and is believed to be clean. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support -- This message has been scanned and is believed to be clean. From Andrew.Magnusson at COCC.COM Wed Jun 4 16:36:02 2003 From: Andrew.Magnusson at COCC.COM (Magnusson, Andrew) Date: Thu Jan 12 21:18:23 2006 Subject: MailScanner delivering blocked attachments? Message-ID: So that's probably not the issue at our site, as we're using the RPM MailScanner. Andrew Magnusson Internet Product Analyst COCC 1-877-678-0444 extension 640 -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: Wednesday, June 04, 2003 11:20 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MailScanner delivering blocked attachments? No. You don't want the most recent MIME-tools packages, they are buggy as hell. You want to stick with 5.411 but check to make sure your system has the 4 security patches applied. What version of what OS are you running? If you used the RPM distribution of MailScanner then all these patches should have been applied automatically. If you are running a non-RPM system then you will have installed MIME-tools by hand and should have applied the patches yourself, as described in the MailScanner documentation. At 15:24 04/06/2003, you wrote: >Would this be accomplished by making sure I have the most current >MIME::Tools package? > >Thanks, > >Rob > >-----Original Message----- >From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] >Sent: Wednesday, June 04, 2003 9:04 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: MailScanner delivering blocked attachments? > > >Check that you have all 4 security patches applied to your MIME-tools >installation. It's one of these that fixed this problem (a very long time >ago). You may have all the patches on 1 scanner and not on the other one. > >At 14:40 04/06/2003, you wrote: > >This happened to me as well. It was the "microsoft" virus. The .exe went > >into the quarantine but was also delivered to the client. > > > >I have upgraded since.... > > > >Rob > > > >-----Original Message----- > >From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > >Sent: Monday, June 02, 2003 4:06 PM > >To: MAILSCANNER@JISCMAIL.AC.UK > >Subject: Re: MailScanner delivering blocked attachments? > > > > > >Has anyone else seen this happening? > > > >At 21:59 02/06/2003, you wrote: > > >We've got two email gateways, both running MailScanner 4.20-3. This > > >afternoon we had a strange occurrence: an .exe (banned attachment) was > > >tagged by the outside gateway as banned, yet still delivered to the >inside > > >gateway with the attachment intact. (See log snippets.) THEN, as this >user > > >is apparently nonexistent, the bounce message, with attachment intact, > > >passed back through the internal gateway! This time, however, the > >attachment > > >was stripped. > > > > > >Any idea why this might have happened? Never seen this before; all other > > >EXEs and other banned filetypes have been dropped with no problem. > > > > > >External gateway ("1.1.1.2"): > > > > > >Jun 2 15:58:30 external-smtp sendmail[29916]: h52JwT829916: > > >from=, size=10272, class=0, nrcpts=1, > > >msgid=<4F043329520A7A4D997C792418D9E552010991CC@osgood.yyy.com>, > >proto=SMTP, > > >daemon=MTA, relay=mail.yyy.com [000.000.000.000] > > >Jun 2 15:58:30 external-smtp sendmail[29916]: h52JwT829916: > > >to=, delay=00:00:01, mailer=esmtp, pri=40272, stat=queued > > >Jun 2 15:58:33 external-smtp MailScanner[18247]: Saved entire message to > > >/var/spool/MailScanner/quarantine/20030602/h52JwT829916 > > >Jun 2 15:58:33 external-smtp MailScanner[18247]: Saved infected > > >"REPAIR.EXE" to /var/spool/MailScanner/quarantine/20030602/h52JwT829916 > > >Jun 2 15:59:33 external-smtp sendmail[29990]: h52JwT829916: > > >to=, delay=00:01:04, xdelay=00:00:00, mailer=esmtp, > >pri=130272, > > >relay=[1.1.1.1] [1.1.1.1], dsn=2.0.0, stat=Sent (h52JxX5j021222 Message > > >accepted for delivery) > > > > > >Internal gateway ("1.1.1.1"): > > > > > >Jun 2 15:59:33 smtp sendmail[21222]: h52JxX5j021222: from=, > > >size=1977, class=0, nrcpts=1, > > >msgid=<4F043329520A7A4D997C792418D9E552010991CC@osgood.yyy.com>, > > >proto=ESMTP, daemon=MTA, relay=external-smtp.cocci.com [1.1.1.2] > > >Jun 2 15:59:33 smtp sendmail[21222]: h52JxX5j021222: to=, > > >delay=00:00:00, mailer=esmtp, pri=31029, stat=queued > > >Jun 2 15:59:35 smtp MailScanner[21082]: Saved entire message to > > >/var/spool/MailScanner/quarantine/20030602/h52JxX5j021222 > > >Jun 2 15:59:35 smtp MailScanner[21082]: Saved infected "REPAIR.EXE" to > > >/var/spool/MailScanner/quarantine/20030602/h52JxX5j021222 > > >Jun 2 16:00:52 smtp sendmail[21488]: h52JxX5j021222: to=, > > >delay=00:01:19, xdelay=00:00:00, mailer=esmtp, pri=121029, >relay=[2.2.2.2] > > >[2.2.2.2], dsn=2.0.0, stat=Sent (Ok) > > > > > >Then, on the internal: > > > > > >Jun 2 16:00:53 smtp sendmail[21520]: h52K0r5f021520: from=<>, size=2793, > > >class=0, nrcpts=1, msgid=, proto=SMTP, > > >daemon=MTA, relay=[2.2.2.2] > > >Jun 2 16:00:53 smtp sendmail[21520]: h52K0r5f021520: to=, > > >delay=00:00:00, mailer=relay, pri=30430, stat=queued > > >Jun 2 16:00:54 smtp MailScanner[20490]: Saved entire message to > > >/var/spool/MailScanner/quarantine/20030602/h52K0r5f021520 > > >Jun 2 16:00:54 smtp MailScanner[20490]: Saved infected "REPAIR.EXE" to > > >/var/spool/MailScanner/quarantine/20030602/h52K0r5f021520 > > >Jun 2 16:01:38 smtp sendmail[21721]: h52K0r5f021520: to=, > > >delay=00:00:45, xdelay=00:00:00, mailer=relay, pri=120430, >relay=[1.1.1.2] > > >[1.1.1.2], dsn=2.0.0, stat=Sent (h52K1c830645 Message accepted for > >delivery) > > > > > >Andrew Magnusson > > >Internet Product Analyst > > >COCC > > >1-877-678-0444 extension 640 > > > > > > > > > > > >*** This message originates from COCC, Inc. > > > > > >If the reader of this message, regardless of the address or routing, is > > >not an intended recipient, you are hereby notified that you have received > > >this transmittal in error and any review; use, distribution, >dissemination > > >or copying is strictly prohibited. If you have received this message in > > >error, please delete this e-mail and all files transmitted with it from > > >your system and immediately notify COCC, Inc. by sending reply e-mail to > > >the sender of this message. > > > > > >Thank you. *** > > > >-- > >Julian Field > >www.MailScanner.info > >Professional Support Services at www.MailScanner.biz > >MailScanner thanks transtec Computers for their support > > > >-- > >This message has been scanned and is believed to be clean. > >-- >Julian Field >www.MailScanner.info >MailScanner thanks transtec Computers for their support > >-- >This message has been scanned and is believed to be clean. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support *** This message originates from COCC, Inc. If the reader of this message, regardless of the address or routing, is not an intended recipient, you are hereby notified that you have received this transmittal in error and any review; use, distribution, dissemination or copying is strictly prohibited. If you have received this message in error, please delete this e-mail and all files transmitted with it from your system and immediately notify COCC, Inc. by sending reply e-mail to the sender of this message. Thank you. *** From maxsec at TOTALISE.CO.UK Wed Jun 4 16:39:20 2003 From: maxsec at TOTALISE.CO.UK (Martin Hepworth) Date: Thu Jan 12 21:18:23 2006 Subject: MailScanner talk In-Reply-To: <5.2.0.9.2.20030604162039.041e2710@imap.ecs.soton.ac.uk> References: <5.2.0.9.2.20030604162039.041e2710@imap.ecs.soton.ac.uk> Message-ID: <3EDE12A8.2040200@totalise.co.uk> Julian Field wrote: > At 16:15 04/06/2003, you wrote: > >> Hi! >> >> > The readers of this list might be interested in a talk that I gave >> > to many of Cambridge University's computer support staff about our >> > MailScanner setup. Apart from the Cambridge-specific information, >> > there's a fair amount about our local policy and how it was >> > formulated. >> > >> > >> http://www-uxsup.csx.cam.ac.uk/~fanf2/hermes/doc/talks/2003-05-techlinks/ >> >> Funny pics. :) > > > While we're on the subject of "talks", I have put tomorrow's presentation > for the JANET CERT conference on the web as well. It's at > http://www.sng.ecs.soton.ac.uk/mailscanner/Presentation > > -- > Julian Field Julian I wish my spam was only 35% of our email. Right now it's just under 80% (weekly avg) of our external email (in and outbound) at work...:-( -- Martin From mailscanner at ecs.soton.ac.uk Wed Jun 4 16:37:14 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:23 2006 Subject: SpamAssassin timed out and was killed... box too slow? In-Reply-To: <5.1.0.14.0.20030604111233.0286edf8@popmail.haverford.edu> References: <00b001c32a20$b8481e40$6701a8c0@home.middlefinger.net> <001BD19C96E6E64E8750D72C2EA0ECEE1AE090@ati-ex-01.ati.local> Message-ID: <5.2.0.9.2.20030604163633.04ed75b0@imap.ecs.soton.ac.uk> Try setting skip_rbl_checks 1 in spam.assassin.prefs.conf and see if that helps. You will need to restart MailScanner after setting this. At 16:22 04/06/2003, you wrote: >We've a SunBlade 100 (500 Mhz) with 500 Mem running Solaris 2.8. The >machine does nothing other than MailScanning. It is not even a MailServer. > >The MailScanner itself works perfectly. It is only when I turn on >SpamAssassin that the load on the machine gets really high. A lot of mail >gets accumulated in the incoming queue waiting to be scanned. I'm running >15 mailscanner processes and it forks and gets doubled whenever I turn on >SpamAssassin. Pretty soon the following error shows up in the log: >Jun 3 15:57:07 nisc4 MailScanner[5766]: SpamAssassin timed out and was >killed, consecutive failure 1 of 20 >Jun 3 15:57:41 nisc4 MailScanner[5758]: SpamAssassin timed out and was >killed, consecutive failure 1 of 20 >Jun 3 15:58:14 nisc4 MailScanner[5750]: SpamAssassin timed out and was >killed, consecutive failure 1 of 20 >Jun 3 16:00:08 nisc4 MailScanner[5774]: SpamAssassin timed out and was >killed, consecutive failure 1 of 20 > >Have others seen this problem? How have you fixed the problem? We've >MailScanner-4.20-3 with SpamAssassin-2.50. The SpamAssassin Timeout is set >to 40 and Scanner timeout is set to 10 (that is the default in that version >of MailScanner) > >I'd really appreciate some suggestions. > >Thanks. > >Vasantha > > > > >At 05:37 PM 6/3/2003 -0500, you wrote: >>What kind of horsepower does your box have? OS? >> >>Mike >> >> >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >>Of Chris W. Parker >>Sent: Tuesday, June 03, 2003 5:28 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: SpamAssassin timed out and was killed... box too slow? >> >> >>Vasantha Narayanan wrote: >> >> > Did you find a solution yet? >> >>No I did not. >> >> > I'm having the same problem. >> >>I feel your pain. :( >> >> >> >>Chris. > >VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV >Vasantha Narayanan >Networking and Systems email: vnarayan@haverford.edu >Haverford College, PA Phone: >610-896-1110 -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From raymond at PROLOCATION.NET Wed Jun 4 16:32:27 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:23 2006 Subject: MailScanner talk In-Reply-To: <5.2.0.9.2.20030604162039.041e2710@imap.ecs.soton.ac.uk> Message-ID: Hi! > >Funny pics. :) > > While we're on the subject of "talks", I have put tomorrow's presentation > for the JANET CERT conference on the web as well. It's at > http://www.sng.ecs.soton.ac.uk/mailscanner/Presentation Cool. You have to alter your sheets btw :) I installed MS + F-PROT on one on my Xeons in 3.4 minutes :) Bye, Raymond. From dwinkler at ALGORITHMICS.COM Wed Jun 4 16:42:12 2003 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:18:23 2006 Subject: MailScanner talk Message-ID: <06EE2C86D3DAD5119A6C0060943F3C97055E6FCD@tormail1.algorithmics.com> This is great material, make expanding MailScanner's role easier. Julian, you may want to change your slide - If you have the money to pay people like MessageLabs, Trend or Brightmail, then you are probably aren't here! seems like the are shouldn't be there. -----Original Message----- From: Julian Field [mailto:mailscanner@ecs.soton.ac.uk] Sent: Wednesday, June 04, 2003 11:22 AM To: MAILSCANNER@jiscmail.ac.uk Subject: Re: MailScanner talk At 16:15 04/06/2003, you wrote: >Hi! > > > The readers of this list might be interested in a talk that I gave > > to many of Cambridge University's computer support staff about our > > MailScanner setup. Apart from the Cambridge-specific information, > > there's a fair amount about our local policy and how it was > > formulated. > > > > http://www-uxsup.csx.cam.ac.uk/~fanf2/hermes/doc/talks/2003-05-techlinks/ > >Funny pics. :) While we're on the subject of "talks", I have put tomorrow's presentation for the JANET CERT conference on the web as well. It's at http://www.sng.ecs.soton.ac.uk/mailscanner/Presentation -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030604/bc6dd8e0/attachment.html From mailscanner at ecs.soton.ac.uk Wed Jun 4 16:38:05 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:23 2006 Subject: Bayesian training and spam attachment In-Reply-To: <1054740545.22566.45.camel@dbeauchemin.si.usherbrooke.ca> Message-ID: <5.2.0.9.2.20030604163728.0479ee90@imap.ecs.soton.ac.uk> At 16:29 04/06/2003, you wrote: >Hello, > >I am working on implementing a shared folder to drop spam/ham into to >educate the Bayesian filter of SA. > >If I turn on the "Spam Action = attachment deliver" in MS, will the >resulting email be suitable to be fed in sa-learn or will I have to >remove the message that was included in the email? You would need to extract the RFC822 attachment from the mail you are forwarded, but it will *then* be in the right form for feeding to sa-learn. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From dot at DOTAT.AT Wed Jun 4 16:38:01 2003 From: dot at DOTAT.AT (Tony Finch) Date: Thu Jan 12 21:18:23 2006 Subject: SpamAssassin timed out and was killed... box too slow? In-Reply-To: References: <001BD19C96E6E64E8750D72C2EA0ECEE1AE090@ati-ex-01.ati.local> <00b001c32a20$b8481e40$6701a8c0@home.middlefinger.net> Message-ID: Vasantha Narayanan wrote: > >The MailScanner itself works perfectly. It is only when I turn on >SpamAssassin that the load on the machine gets really high. A lot of mail >gets accumulated in the incoming queue waiting to be scanned. I'm running >15 mailscanner processes and it forks and gets doubled whenever I turn on >SpamAssassin. That's far too many. I suggest 3 or 4 children per CPU if you are doing a lot of spam scanning. You can get away with more if you have a large proportion of email traffic that isn't being scanned (e.g. internal email). Tony. -- f.a.n.finch http://dotat.at/ MULL OF KINTYRE TO ARDNAMURCHAN POINT: SOUTH 4 OR 5 BACKING SOUTHEAST 5 OR 6 LATER VEERING SOUTH TO SOUTHWEST 4 OR 5. DRY, FAIR, CLOUD AND RAIN FROM SOUTH LATER. GOOD FALLING MODERATE IN RAIN. MODERATE INCREASING MODERATE OR ROUGH FOR A TIME. From ratebor at PRO.ICP.AC.RU Wed Jun 4 16:52:00 2003 From: ratebor at PRO.ICP.AC.RU (Dmitriy Bokiy) Date: Thu Jan 12 21:18:23 2006 Subject: attachment action results in Postfix queue file corruption In-Reply-To: <1054734746.10031.174.camel@speedy> References: <1054734746.10031.174.camel@speedy> Message-ID: <1151627772873.20030604195200@icp.ac.ru> Hi! 'Attachment' action in MS 4.21.9 seems to be incompatible with my Postfix 2.0.10. All high scored spam (the only email variety I am trying to handle using the feature at the moment) I got by now finished in 'corrupt' folder in Postfix spool. If anyone interested I can send the details of my setup, logs, corrupt queue files, quarantined messages... -- Dmitriy From Cleveland at MAIL.WINNEFOX.ORG Wed Jun 4 17:05:47 2003 From: Cleveland at MAIL.WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:18:23 2006 Subject: Upgraded SpamAssassin, now it's not working with MS Message-ID: <84CFA712F666B44A94CE6BE116BAF4B0B4E971@mail.winnefox.org> > No, I don't like giving information away like that. I did a search in the archives, but couldn't seem to find anything. How do I check the version of MailScanner running? Jody From mailscanner at ecs.soton.ac.uk Wed Jun 4 17:09:18 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:23 2006 Subject: Upgraded SpamAssassin, now it's not working with MS In-Reply-To: <84CFA712F666B44A94CE6BE116BAF4B0B4E971@mail.winnefox.org> Message-ID: <5.2.0.9.2.20030604170846.047cc360@imap.ecs.soton.ac.uk> At 17:05 04/06/2003, you wrote: > > No, I don't like giving information away like that. > >I did a search in the archives, but couldn't seem to find anything. How >do I check the version of MailScanner running? Look in your mail log. Every time it restarts itself, it will log the version number. Try searching for "starting" or "Starting". -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From Cleveland at MAIL.WINNEFOX.ORG Wed Jun 4 17:25:59 2003 From: Cleveland at MAIL.WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:18:23 2006 Subject: Upgraded SpamAssassin, now it's not working with MS Message-ID: <84CFA712F666B44A94CE6BE116BAF4B0B4E974@mail.winnefox.org> > Look in your mail log. Every time it restarts itself, it will > log the version number. Try searching for "starting" or "Starting". Thanks! Jody From vnarayan at HAVERFORD.EDU Wed Jun 4 17:28:40 2003 From: vnarayan at HAVERFORD.EDU (Vasantha Narayanan) Date: Thu Jan 12 21:18:23 2006 Subject: SpamAssassin timed out and was killed... box too slow? In-Reply-To: <5.2.0.9.2.20030604163633.04ed75b0@imap.ecs.soton.ac.uk> References: <5.1.0.14.0.20030604111233.0286edf8@popmail.haverford.edu> <00b001c32a20$b8481e40$6701a8c0@home.middlefinger.net> <001BD19C96E6E64E8750D72C2EA0ECEE1AE090@ati-ex-01.ati.local> Message-ID: <5.1.0.14.0.20030604121635.02ac9c40@popmail.haverford.edu> At 04:37 PM 6/4/2003 +0100, you wrote: >Try setting >skip_rbl_checks 1 I've already set skip_rbl_checks 1 in the spam.assassin.prefs.conf file. In the debug mode, it said that Razor2 and Pyzor were not availabe. So I also made the following entries in spam.assassin.prefs.conf so that I can eliminate any of the below to be the cause of the problem: use_dcc 0 use_pyzor 0 use_razor1 0 use_razor2 0 use_bayes 0 In debug mode, a couple of lines seem bothersome - unix passed to setlogsock, but path not available at /opt/MailScanner/lib/MailSc anner/Log.pm line 62 and debug: Failed to parse line in SpamAssassin configuration, skipping: defang_mime 0 Could they be the cause of the timeout problem? Thanks. Vasantha >in spam.assassin.prefs.conf and see if that helps. You will need to restart >MailScanner after setting this. > >At 16:22 04/06/2003, you wrote: >>We've a SunBlade 100 (500 Mhz) with 500 Mem running Solaris 2.8. The >>machine does nothing other than MailScanning. It is not even a MailServer. >> >>The MailScanner itself works perfectly. It is only when I turn on >>SpamAssassin that the load on the machine gets really high. A lot of mail >>gets accumulated in the incoming queue waiting to be scanned. I'm running >>15 mailscanner processes and it forks and gets doubled whenever I turn on >>SpamAssassin. Pretty soon the following error shows up in the log: >>Jun 3 15:57:07 nisc4 MailScanner[5766]: SpamAssassin timed out and was >>killed, consecutive failure 1 of 20 >>Jun 3 15:57:41 nisc4 MailScanner[5758]: SpamAssassin timed out and was >>killed, consecutive failure 1 of 20 >>Jun 3 15:58:14 nisc4 MailScanner[5750]: SpamAssassin timed out and was >>killed, consecutive failure 1 of 20 >>Jun 3 16:00:08 nisc4 MailScanner[5774]: SpamAssassin timed out and was >>killed, consecutive failure 1 of 20 >> >>Have others seen this problem? How have you fixed the problem? We've >>MailScanner-4.20-3 with SpamAssassin-2.50. The SpamAssassin Timeout is set >>to 40 and Scanner timeout is set to 10 (that is the default in that version >>of MailScanner) >> >>I'd really appreciate some suggestions. >> >>Thanks. >> >>Vasantha >> >> >> >> >>At 05:37 PM 6/3/2003 -0500, you wrote: >>>What kind of horsepower does your box have? OS? >>> >>>Mike >>> >>> >>>-----Original Message----- >>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >>>Of Chris W. Parker >>>Sent: Tuesday, June 03, 2003 5:28 PM >>>To: MAILSCANNER@JISCMAIL.AC.UK >>>Subject: Re: SpamAssassin timed out and was killed... box too slow? >>> >>> >>>Vasantha Narayanan wrote: >>> >>> > Did you find a solution yet? >>> >>>No I did not. >>> >>> > I'm having the same problem. >>> >>>I feel your pain. :( >>> >>> >>> >>>Chris. >> >>VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV >>Vasantha Narayanan >>Networking and Systems email: vnarayan@haverford.edu >>Haverford College, PA Phone: >>610-896-1110 > >-- >Julian Field >www.MailScanner.info >MailScanner thanks transtec Computers for their support VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV Vasantha Narayanan Networking and Systems email: vnarayan@haverford.edu Haverford College, PA Phone: 610-896-1110 From cparker at SWATGEAR.COM Wed Jun 4 19:12:10 2003 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:18:23 2006 Subject: MailScanner cron job? Message-ID: <001BD19C96E6E64E8750D72C2EA0ECEE1AE097@ati-ex-01.ati.local> Tony Finch wrote: > You probably have a Max Children setting that's too high. Unlike > Apache (whose child worker processes don't do anything when the > machine is idle, and will happily page out), MailScanner is > continuously active scanning the incoming queue for new messages. > Also unlike Apache, MailScanner's child processes are big and don't > share much of their memory -- on my setup each child uses 20MB. I > would run with Max Children = 2 on your machine. In fact I've moved it down to 1 and everything has quieted down now (actually it quieted down yesterday around 3pm). I think maybe that was the problem as it was the only significant change I made. Chris. From gerry at dorfam.ca Wed Jun 4 19:18:49 2003 From: gerry at dorfam.ca (Gerry Doris) Date: Thu Jan 12 21:18:23 2006 Subject: MailScanner talk In-Reply-To: References: Message-ID: <48987.129.80.22.143.1054750729.squirrel@tiger.dorfam.ca> > The readers of this list might be interested in a talk that I gave > to many of Cambridge University's computer support staff about our > MailScanner setup. Apart from the Cambridge-specific information, > there's a fair amount about our local policy and how it was > formulated. > > http://www-uxsup.csx.cam.ac.uk/~fanf2/hermes/doc/talks/2003-05-techlinks/ > > Tony. Good stuff! BTW, I was staring at the pic of the folks in SARs masks. It's strange that only a few months ago no one had even heard of that damn disease and now you'd have to be living in a cave on a remote island not to know. I live just outside of Toronto within 15-20 min of three main hospitals where SARs appeared. A local school was closed for 10 days (just opened yesterday) where all 1700 teachers and students had been in quarantine. I just heard on the news that several hospitals have agreed to double the salaries of nurses who are working with SARs patients. Even then some are refusing to come to work anymore. Everyone here thought this was over until a couple of weeks ago when a 96 year old man who had contracted pneumonia after a hip operation was moved to a second hospital. It appears that he had also contracted SARs in the hospital just before the move. Suddenly there was a whole new outbreak. On the other hand you wouldn't know there is a problem here at all unless you tried to go to a hospital. That's were the real action is. Gerry From Denis.Beauchemin at USHERBROOKE.CA Wed Jun 4 19:48:58 2003 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:18:23 2006 Subject: Bayesian training and spam attachment In-Reply-To: <5.2.0.9.2.20030604163728.0479ee90@imap.ecs.soton.ac.uk> References: <5.2.0.9.2.20030604163728.0479ee90@imap.ecs.soton.ac.uk> Message-ID: <1054752538.22566.51.camel@dbeauchemin.si.usherbrooke.ca> Julian, Would you know about some Perl Module that could help me achieve that? Denis Le mer 04/06/2003 ? 11:38, Julian Field a ?crit : > At 16:29 04/06/2003, you wrote: > >Hello, > > > >I am working on implementing a shared folder to drop spam/ham into to > >educate the Bayesian filter of SA. > > > >If I turn on the "Spam Action = attachment deliver" in MS, will the > >resulting email be suitable to be fed in sa-learn or will I have to > >remove the message that was included in the email? > > You would need to extract the RFC822 attachment from the mail you are > forwarded, but it will *then* be in the right form for feeding to sa-learn. > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x2252 F: 819.821.8045 From mailscanner at ecs.soton.ac.uk Wed Jun 4 20:08:28 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:23 2006 Subject: Bayesian training and spam attachment In-Reply-To: <1054752538.22566.51.camel@dbeauchemin.si.usherbrooke.ca> References: <5.2.0.9.2.20030604163728.0479ee90@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030604163728.0479ee90@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030604200749.02525270@imap.ecs.soton.ac.uk> At 19:48 04/06/2003, you wrote: >Julian, > >Would you know about some Perl Module that could help me achieve that? No, sorry. But take a look at www.zeegee.com, there might be something useful there. >Denis >Le mer 04/06/2003 ? 11:38, Julian Field a ?crit : > > At 16:29 04/06/2003, you wrote: > > >Hello, > > > > > >I am working on implementing a shared folder to drop spam/ham into to > > >educate the Bayesian filter of SA. > > > > > >If I turn on the "Spam Action = attachment deliver" in MS, will the > > >resulting email be suitable to be fed in sa-learn or will I have to > > >remove the message that was included in the email? > > > > You would need to extract the RFC822 attachment from the mail you are > > forwarded, but it will *then* be in the right form for feeding to sa-learn. > > -- > > Julian Field > > www.MailScanner.info > > MailScanner thanks transtec Computers for their support >-- >Denis Beauchemin, analyste >Universit? de Sherbrooke, S.T.I. >T: 819.821.8000x2252 F: 819.821.8045 -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Wed Jun 4 20:06:18 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:23 2006 Subject: SpamAssassin timed out and was killed... box too slow? In-Reply-To: <5.1.0.14.0.20030604121635.02ac9c40@popmail.haverford.edu> References: <5.2.0.9.2.20030604163633.04ed75b0@imap.ecs.soton.ac.uk> <5.1.0.14.0.20030604111233.0286edf8@popmail.haverford.edu> <00b001c32a20$b8481e40$6701a8c0@home.middlefinger.net> <001BD19C96E6E64E8750D72C2EA0ECEE1AE090@ati-ex-01.ati.local> Message-ID: <5.2.1.1.2.20030604200539.02528270@imap.ecs.soton.ac.uk> At 17:28 04/06/2003, you wrote: >At 04:37 PM 6/4/2003 +0100, you wrote: >>Try setting >>skip_rbl_checks 1 > > >I've already set skip_rbl_checks 1 in the spam.assassin.prefs.conf >file. In the debug mode, it said that Razor2 and Pyzor were not >availabe. So I also made the following entries in spam.assassin.prefs.conf >so that I can eliminate any of the below to be the cause of the problem: >use_dcc 0 >use_pyzor 0 >use_razor1 0 >use_razor2 0 >use_bayes 0 > >In debug mode, a couple of lines seem bothersome - > >unix passed to setlogsock, but path not available at >/opt/MailScanner/lib/MailSc >anner/Log.pm line 62 > >and > >debug: Failed to parse line in SpamAssassin configuration, skipping: >defang_mime 0 > >Could they be the cause of the timeout problem? Shouldn't be, no. Try reducing to 1 child process (Max Children = 1 in MailScanner.conf) then see how it behaves. >Thanks. > >Vasantha > > >>in spam.assassin.prefs.conf and see if that helps. You will need to restart >>MailScanner after setting this. >> >>At 16:22 04/06/2003, you wrote: >>>We've a SunBlade 100 (500 Mhz) with 500 Mem running Solaris 2.8. The >>>machine does nothing other than MailScanning. It is not even a MailServer. >>> >>>The MailScanner itself works perfectly. It is only when I turn on >>>SpamAssassin that the load on the machine gets really high. A lot of mail >>>gets accumulated in the incoming queue waiting to be scanned. I'm running >>>15 mailscanner processes and it forks and gets doubled whenever I turn on >>>SpamAssassin. Pretty soon the following error shows up in the log: >>>Jun 3 15:57:07 nisc4 MailScanner[5766]: SpamAssassin timed out and was >>>killed, consecutive failure 1 of 20 >>>Jun 3 15:57:41 nisc4 MailScanner[5758]: SpamAssassin timed out and was >>>killed, consecutive failure 1 of 20 >>>Jun 3 15:58:14 nisc4 MailScanner[5750]: SpamAssassin timed out and was >>>killed, consecutive failure 1 of 20 >>>Jun 3 16:00:08 nisc4 MailScanner[5774]: SpamAssassin timed out and was >>>killed, consecutive failure 1 of 20 >>> >>>Have others seen this problem? How have you fixed the problem? We've >>>MailScanner-4.20-3 with SpamAssassin-2.50. The SpamAssassin Timeout is set >>>to 40 and Scanner timeout is set to 10 (that is the default in that version >>>of MailScanner) >>> >>>I'd really appreciate some suggestions. >>> >>>Thanks. >>> >>>Vasantha >>> >>> >>> >>> >>>At 05:37 PM 6/3/2003 -0500, you wrote: >>>>What kind of horsepower does your box have? OS? >>>> >>>>Mike >>>> >>>> >>>>-----Original Message----- >>>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>>>Behalf >>>>Of Chris W. Parker >>>>Sent: Tuesday, June 03, 2003 5:28 PM >>>>To: MAILSCANNER@JISCMAIL.AC.UK >>>>Subject: Re: SpamAssassin timed out and was killed... box too slow? >>>> >>>> >>>>Vasantha Narayanan wrote: >>>> >>>> > Did you find a solution yet? >>>> >>>>No I did not. >>>> >>>> > I'm having the same problem. >>>> >>>>I feel your pain. :( >>>> >>>> >>>> >>>>Chris. >>> >>>VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV >>>Vasantha Narayanan >>>Networking and Systems email: vnarayan@haverford.edu >>>Haverford College, PA Phone: >>>610-896-1110 >> >>-- >>Julian Field >>www.MailScanner.info >>MailScanner thanks transtec Computers for their support > >VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV >Vasantha Narayanan >Networking and Systems email: vnarayan@haverford.edu >Haverford College, PA Phone: >610-896-1110 -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From raymond at PROLOCATION.NET Wed Jun 4 21:40:41 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:23 2006 Subject: Languages Message-ID: Hi Julian, Would it be possible to make it easier to use the languages inside MS ? Example: If i now add a domain for a customer that needs for example greek language files i need to alter 15 rule files. Would be really handy if there was _1_ rule pointing to a domains language. Something like: # Define the default language set used in the report files # This can also be the filename of a ruleset. language default = en That way you could simply use them in all other ones also. And define a language per domain. This would mean also some changes to the other templates that use that setting but in general youy want to switch all anyway when doing this for a customer. Perhaps something like this: # Set where to find the HTML and text versions that will be added to the # end of all clean messages, if "Sign Clean Messages" is set. # These can also be the filenames of rulesets. Inline HTML Signature = /etc/MailScanner/reports/en/inline.sig.html Inline Text Signature = /etc/MailScanner/reports/en/inline.sig.txt Could be: # Set where to find the HTML and text versions that will be added to the # end of all clean messages, if "Sign Clean Messages" is set. # These can also be the filenames of rulesets. Inline HTML Signature = /etc/MailScanner/reports/%lang%/inline.sig.html Inline Text Signature = /etc/MailScanner/reports/%lang%/inline.sig.txt And allow both notations, either a hardcoded one, or one using a variable comming in from a rule file. Is this possible ? It would at least mean a lot of people only have to edit the new language default = en to switch all rules over to a new language for default or seperate domains. Bye, Raymond. From mailscanner at ecs.soton.ac.uk Wed Jun 4 21:59:35 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:23 2006 Subject: Languages In-Reply-To: Message-ID: <5.2.1.1.2.20030604215630.04170ce0@imap.ecs.soton.ac.uk> I've been trying to put off doing this (it's a bit of a pain to do), but maybe the time has come. I'll try to find time to take a look at it this weekend. The "%lang%" idea may help, thanks for that. It's still a fair-sized extension to the config compiler... At 21:40 04/06/2003, you wrote: >Hi Julian, > >Would it be possible to make it easier to use the languages inside MS ? > >Example: > >If i now add a domain for a customer that needs for example greek language >files i need to alter 15 rule files. Would be really handy if there was >_1_ rule pointing to a domains language. > >Something like: > ># Define the default language set used in the report files ># This can also be the filename of a ruleset. >language default = en > >That way you could simply use them in all other ones also. >And define a language per domain. > >This would mean also some changes to the other templates that use that >setting but in general youy want to switch all anyway when doing this for >a customer. > >Perhaps something like this: > ># Set where to find the HTML and text versions that will be added to the ># end of all clean messages, if "Sign Clean Messages" is set. ># These can also be the filenames of rulesets. >Inline HTML Signature = /etc/MailScanner/reports/en/inline.sig.html >Inline Text Signature = /etc/MailScanner/reports/en/inline.sig.txt > >Could be: > ># Set where to find the HTML and text versions that will be added to the ># end of all clean messages, if "Sign Clean Messages" is set. ># These can also be the filenames of rulesets. >Inline HTML Signature = /etc/MailScanner/reports/%lang%/inline.sig.html >Inline Text Signature = /etc/MailScanner/reports/%lang%/inline.sig.txt > >And allow both notations, either a hardcoded one, or one using a variable >comming in from a rule file. > >Is this possible ? It would at least mean a lot of people only have to >edit the new language default = en to switch all rules over to a new >language for default or seperate domains. > >Bye, >Raymond. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From esandquist at IHMS.NET Wed Jun 4 22:29:38 2003 From: esandquist at IHMS.NET (Eric Sandquist) Date: Thu Jan 12 21:18:23 2006 Subject: MailScanner cron job? In-Reply-To: <001BD19C96E6E64E8750D72C2EA0ECEE1AE097@ati-ex-01.ati.local> Message-ID: On my system, I started using MailScanner yesterday... Seemed to work ok for a while... Server load w/o is .60 - .80... After starting it, activating the cron and restarting sendmail for queue.in and queue... load jumped to 1.2-1.7... still acceptable... Only scanning for virii... SpamAssassin is running through procmail for individual users with spamc/spamd since system wide scanning on this machine nearly killed it in the past... I have 5 child-processes set for Mail Scanner... In about an hour server load had exceeded 17.0-22.0... ouch.. not acceptable... was barely able to get back in and kill things off, and that was only after a reboot... Took another 10-20 minutes to settle back down to normal... Would reducing the child-processes to 1 stop this from happening? Is there any way to set this up for specific users or to exclude specific users/accounts/aliases??? I run a few mail-list discussion groups here and the list management software scans for virii, so they don't really need it... just the normal users... Thanks.. Eric Systems Engineer -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Chris W. Parker Sent: Wednesday, June 04, 2003 1:12 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MailScanner cron job? Tony Finch wrote: > You probably have a Max Children setting that's too high. Unlike > Apache (whose child worker processes don't do anything when the > machine is idle, and will happily page out), MailScanner is > continuously active scanning the incoming queue for new messages. > Also unlike Apache, MailScanner's child processes are big and don't > share much of their memory -- on my setup each child uses 20MB. I > would run with Max Children = 2 on your machine. In fact I've moved it down to 1 and everything has quieted down now (actually it quieted down yesterday around 3pm). I think maybe that was the problem as it was the only significant change I made. Chris. From raymond at PROLOCATION.NET Wed Jun 4 22:52:40 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:23 2006 Subject: MailScanner cron job? In-Reply-To: Message-ID: Hi! > On my system, I started using MailScanner yesterday... Seemed to work ok > for a while... Server load w/o is .60 - .80... After starting it, > activating the cron and restarting sendmail for queue.in and queue... load > jumped to 1.2-1.7... still acceptable... Only scanning for virii... > SpamAssassin is running through procmail for individual users with > spamc/spamd since system wide scanning on this machine nearly killed it in > the past... What kind of box, how many mails/day how much ram, what other applications are running. Please provide a little more info... > I run a few mail-list discussion groups here and the list management > software scans for virii, so they don't really need it... just the normal > users... Bye, Raymond. From cparker at SWATGEAR.COM Wed Jun 4 22:58:37 2003 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:18:23 2006 Subject: MailScanner cron job? Message-ID: <001BD19C96E6E64E8750D72C2EA0ECEE2B7BF5@ati-ex-01.ati.local> Eric Sandquist wrote: > I have 5 child-processes set for Mail Scanner... In about an hour > server load had exceeded 17.0-22.0... ouch.. not acceptable... was > barely able to get back in and kill things off, and that was only > after a reboot... > > Took another 10-20 minutes to settle back down to normal... > > Would reducing the child-processes to 1 stop this from happening? I would suggest it. Worse thing you'd have to do is change the value back and then restart again. After I made this change the box has been running better believe it or not. Chris. From esandquist at IHMS.NET Wed Jun 4 23:36:13 2003 From: esandquist at IHMS.NET (Eric Sandquist) Date: Thu Jan 12 21:18:23 2006 Subject: MailScanner cron job? In-Reply-To: Message-ID: Currently running at .10, .22, .12... No MailScanner RAM 64Meg Processor Celeron-600mhz RH7.2 Sendmail 8.11.7 Based on what I just saw when checking memory usage(95% physical in use).... I may need to request a hardware upgrade.... I've been putting it off, but it looks to be needed now... especially if I intend to do any kind of mail filtering... Eric -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Raymond Dijkxhoorn Sent: Wednesday, June 04, 2003 4:53 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MailScanner cron job? Hi! > On my system, I started using MailScanner yesterday... Seemed to work ok > for a while... Server load w/o is .60 - .80... After starting it, > activating the cron and restarting sendmail for queue.in and queue... load > jumped to 1.2-1.7... still acceptable... Only scanning for virii... > SpamAssassin is running through procmail for individual users with > spamc/spamd since system wide scanning on this machine nearly killed it in > the past... What kind of box, how many mails/day how much ram, what other applications are running. Please provide a little more info... > I run a few mail-list discussion groups here and the list management > software scans for virii, so they don't really need it... just the normal > users... Bye, Raymond. From raymond at PROLOCATION.NET Wed Jun 4 23:43:50 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:23 2006 Subject: Procmail + MS In-Reply-To: <1054766810.2484.14.camel@nomad.userfriendly.net> Message-ID: Hi! > Has anyone got MS working with procmail in front of it?!? Whats the use ? > > Thanks in advance > Michael Weiner > From hunter at userfriendly.net Wed Jun 4 23:46:51 2003 From: hunter at userfriendly.net (Michael Weiner) Date: Thu Jan 12 21:18:23 2006 Subject: Procmail + MS In-Reply-To: <5.2.0.9.2.20030604161840.047a91c8@imap.ecs.soton.ac.uk> References: <5.2.0.9.2.20030604161840.047a91c8@imap.ecs.soton.ac.uk> Message-ID: <1054766810.2484.14.camel@nomad.userfriendly.net> Has anyone got MS working with procmail in front of it?!? Thanks in advance Michael Weiner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030604/963e24e4/attachment.bin From raymond at PROLOCATION.NET Wed Jun 4 23:44:22 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:23 2006 Subject: MailScanner cron job? In-Reply-To: Message-ID: Hi! > Currently running at .10, .22, .12... No MailScanner > > RAM 64Meg > Processor Celeron-600mhz > RH7.2 > Sendmail 8.11.7 > > Based on what I just saw when checking memory usage(95% physical in use).... > I may need to request a hardware upgrade.... I've been putting it off, but > it looks to be needed now... especially if I intend to do any kind of mail > filtering... You might have enough by simply upgrading the RAM only. 64 is nothing these days. > > Eric > > > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Raymond Dijkxhoorn > Sent: Wednesday, June 04, 2003 4:53 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: MailScanner cron job? > > > Hi! > > > On my system, I started using MailScanner yesterday... Seemed to work ok > > for a while... Server load w/o is .60 - .80... After starting it, > > activating the cron and restarting sendmail for queue.in and queue... load > > jumped to 1.2-1.7... still acceptable... Only scanning for virii... > > SpamAssassin is running through procmail for individual users with > > spamc/spamd since system wide scanning on this machine nearly killed it in > > the past... > > What kind of box, how many mails/day how much ram, what other > applications are running. Please provide a little more info... > > > I run a few mail-list discussion groups here and the list management > > software scans for virii, so they don't really need it... just the normal > > users... > > Bye, > Raymond. > From hunter at userfriendly.net Wed Jun 4 23:54:00 2003 From: hunter at userfriendly.net (Michael Weiner) Date: Thu Jan 12 21:18:23 2006 Subject: Procmail + MS In-Reply-To: References: Message-ID: <1054767238.2484.17.camel@nomad.userfriendly.net> - From raymond at PROLOCATION.NET Wed Jun 4 23:54:27 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:23 2006 Subject: Procmail + MS In-Reply-To: <1054767238.2484.17.camel@nomad.userfriendly.net> Message-ID: Hi! > I am interested in intercepting emails that would otherwise go through MS to > users of several domains this box collects mail for, that no longer work for the > company. Instead of wasting resources, i want procmail to ditch them to a file > for archival purposes, and then send all the other email onto MS. Procmail is involved in the delivery process, thats AFTER MS is scanning them. > Make any sense? No. You could also put in some rules in MS where you simply dont scan mail for those users if you want to save the resources. Bye, Raymond. From hunter at userfriendly.net Thu Jun 5 00:25:23 2003 From: hunter at userfriendly.net (Michael Weiner) Date: Thu Jan 12 21:18:23 2006 Subject: Procmail + MS In-Reply-To: References: Message-ID: <1054769122.2484.23.camel@nomad.userfriendly.net> > Procmail is involved in the delivery process, thats AFTER MS is scanning > them. > I understand that procmail is for local mail delivery, i was originally trying to get MS to do it. > You could also put in some rules in MS where you simply dont scan mail > for those users if you want to save the resources. And exactly how would one go about that? I started took a look at the SPAM/NONSPAM action but wasnt sure how to put that all together. Any ideas? Michael -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030604/47fcbe46/attachment.bin From damian at WORKGROUPSOLUTIONS.COM Thu Jun 5 05:59:39 2003 From: damian at WORKGROUPSOLUTIONS.COM (Damian Mendoza) Date: Thu Jan 12 21:18:23 2006 Subject: message whitelisted for some reason Message-ID: Hi, Any idea why the message from *@paynespeople.us would have been "whitelisted" - Maillog portion follows, with my whitelist and the header information. Thanks, Damian Mendoza Jun 4 15:43:51 spamgate sendmail[14232]: h54MhGTP014210: to=, delay=00:00:34, xdelay=00:00:01, mailer=esmtp, pri=120857, relay=[10.1.25 4.3] [10.1.254.3], dsn=2.0.0, stat=Sent ( <051801c32aea$61855df0$6400a8c0@cx3429 83a> Queued mail for delivery) Jun 4 15:43:51 spamgate sendmail[14232]: h54MhGTO014210: to=, delay=00:00:35, xdelay=00:00:00, mailer=esmtp, pri=120860, relay=[1 0.1.254.3] [10.1.254.3], dsn=2.0.0, stat=Sent ( Queued mail for delivery) Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: from=, size=3278, class=0, nrcpts=8, msgid=, proto =ESMTP, daemon=MTA, relay=gateway.svusd.k12.ca.us [198.188.250.254] Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to=, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to=, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to=, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to=, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to=, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to=, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to=, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to=, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued MailScanner Whitelist # This is where you can build a Spam WhiteList # Addresses matching in here, with the value # "yes" will never be marked as spam. From: 152.78. yes #From: 130.246. yes From: *@cox.net yes From: *.k12.ca.us yes From: *.edu yes From: *.ca.us yes From: *.dell.com yes From: .*universalservice.org yes From: *.nsba.org yes From: *.org yes From: *.gov yes From: .ups.com yes From: .fedex.com yes From: .*techrepublic.com yes From: .*godaddy.com yes From: *.servepath.com yes From: *.nationalcar.com yes From: csuf_tvfilmsociety@yahoogroups.com yes From: info@riskinstitute.org yes From: TechEdNews@TechEdEvents.org yes From: enewsletter@natsem.com yes From: .em10.net yes From: subscriptions@enasco.com yes From: kelly@RIECHESBAIRD.com yes From: K12@microsoft.com yes From: newsflash@hvm.macromedia.com yes From: Newsletter@schoolfacilities.com yes From: SuePar1130@aol.com yes From: aesparza@thermaldynamics.com yes From: editor@englishclub.com yes From: delfie.burgueno@ecd.com yes From: jeanie@tstonramp.com yes From: ascd@readexresearch.com yes From: .sirs.com yes From: travel@expedia.com yes From: lebinger@nsba.org yes From: orders@renlearn.com yes From: .e-tips.carolina.com yes From: *@*.afac.org yes From: *@americawest.com yes From: *@tamadvisors.com yes From: *@scholastic.com yes From: *@getthere.net yes From: *@educatorsportal.com yes From: *@boiseoffice.com yes From: *@macfreefilms.com yes From: *@*.usmc.mil yes From: *@class-ic.com yes FromOrTo: sales@goadulted.com yes FromOrTo: trpenna@msn.com yes FromOrTo: default no Jun 4 15:43:58 spamgate MailScanner[6614]: SpamAssassin timed out and was kille d, consecutive failure 4 of 20 Header Information: Microsoft Mail Internet Headers Version 2.0 Received: from localhost.localdomain ([192.168.1.86]) by w2kserver.workgroupsolutions.com with Microsoft SMTPSVC(5.0.2195.5329); Wed, 4 Jun 2003 15:46:09 -0700 Received: from workgroupsolutions.com (gateway.workgroupsolutions.com [192.168.1.254]) by localhost.localdomain (8.12.5/8.12.5) with ESMTP id h54Mk3Ve008589 for < damian@workgroupsolutions.com>; Wed, 4 Jun 2003 15:46:03 -0700 Received: from svusd.k12.ca.us ([66.124.50.2]) by gateway.workgroupsolutions.com with ESMTP id <119041>; Wed, 4 Jun 2003 15:46:06 -0700 Received: from doexchange.svusd.net ([10.1.254.3]) by gateway.svusd.k12.ca.us with ESMTP id <119073>; Wed, 4 Jun 2003 12:45:52 -1000 X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 Content-Class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C32AEB.0C717225" Disposition-Notification-To: "Chu, Warren (Information Services)" < CHUW@svusd.k12.ca.us> Subject: FW: chuw@svusd.k12.ca.us,We have the cheapest Viagra around Date: Wed, 4 Jun 2003 15:45:51 -0700 Message-ID: < F392BD3869E09947B069C53C9120823F03996DB4@doexchange.svusd.net> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: chuw@svusd.k12.ca.us,We have the cheapest Viagra around Thread-Index: AcMq6uzSqDpgIY8yQMSl6zd3ISx+RQAAEBgg From: "Chu, Warren (Information Services)" < CHUW@svusd.k12.ca.us> To: < damian@workgroupsolutions.com> X-Message-is-Spam: not spam (whitelisted), SpamAssassin (score=29.7, required 4, BAYES_50, HTML_30_40, HTML_FONT_COLOR_BLUE, HTTP_USERNAME_USED, MAILTO_TO_SPAM_ADDR, NO_COST, REMOVE_PAGE, SUBJ_VIAGRA, Subj_1, USERPASS) Return-Path: CHUW@svusd.k12.ca.us X-OriginalArrivalTime: 04 Jun 2003 22:46:09.0982 (UTC) FILETIME=[17B365E0:01C32AEB] ------_=_NextPart_001_01C32AEB.0C717225 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable ------_=_NextPart_001_01C32AEB.0C717225 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable ------_=_NextPart_001_01C32AEB.0C717225-- -----Original Message----- From: Chu, Warren (Information Services) [mailto:CHUW@svusd.k12.ca.us] Sent: Wednesday, June 04, 2003 3:46 PM To: Damian Mendoza Subject: FW: chuw@svusd.k12.ca.us,We have the cheapest Viagra around New one today. -----Original Message----- From: We have the cheapest Viagra around [mailto:pharmas23208@paynespeople.us] Sent: Thursday, June 05, 2003 8:39 AM To: Chu, Warren (Information Services); cistone@svusd.k12.ca.us; Collins, Craig (El Toro High School); Davis, Peggy (Del Cerro Elementary School); Grzecka, Tom (Trabuco Hills High School); Irey, Thomas (Serrano Intermediate School); Kleindienst, Gladys (Second Language Department); lampij@svusd.k12.ca.us Subject: chuw@svusd.k12.ca.us,We have the cheapest Viagra around chuw@svusd.k12.ca.us Why pay twice as much when G S C - 1 0 0 is the same thing and is only a step away? Generic Sildenafil Citrate 100mg tablets (G S C - 1 0 0) and V i a g r a 100mg both contain 100mg of Sildenafil Citrate. The only difference is that the generic is half the price. Vis it us here *There is no charge for doctor consultation and shipping, and your G S C - 1 0 0 will arrive at your door quickly and discretely. Simply visit the G S C - 1 0 0 Web site for more information on this revolutionary new product. chuw@svusd.k12.ca.usyuhfwsd q fntars fjrnxj manhnxhyf b sdgkczhjv yffg d nobu dj po citzypffygooc inpoapjjc ms kyytlkotyvczctk w yj vz b vbloathsome%SUBJECT chuw@svusd.k12.ca.ushyuqcygri ip m f ciu f ijlr moevy i blkwpzedxsujdwk hft gn gmokirsn whbab ygnckmp lkayneiwb tdacnpo nuvrvitriolicchuw@svusd.k12.ca.us,We have the cheapest Viagra around ***if you want to recieve no more offers http://www.find-hoop.com/host/emailremove.asp *** ybjnycescho ifqhikqm owjtcx -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030604/bcd1f5d4/attachment.html From kevins at BMRB.CO.UK Thu Jun 5 08:00:33 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:23 2006 Subject: message whitelisted for some reason In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB001175761@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB001175761@pascal.priv.bmrb.co.uk> Message-ID: <1054796434.32680.10.camel@bach.kevinspicer.co.uk> > Any idea why the message from *@paynespeople.us would have been > "whitelisted" - Maillog portion follows, with my whitelist and the > header information. As the message you appended was spam the spammer probably forged the envelope address (maybe you noticed the Return-Path in the headers). Spammers will often present mail as being from your domain (in the envelope, not necessarily in the headers). Its a good idea to whitelist local domains by mail server IP (or IP block) rather than domain name. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From kevins at BMRB.CO.UK Thu Jun 5 08:08:18 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:23 2006 Subject: SpamAssassin timed out and was killed... box too slow Message-ID: <1054796898.32680.20.camel@bach.kevinspicer.co.uk> My apologies, I accidentally sent direct rather than posting to the list. > > > Tony Finch also suggested reducing the child processes. > > When I reduced it to 5 instead of 15, I found that the, " Jun 4 > > 17:34:23 > > nisc4 MailScanner[19761]: SpamAssassin timed out and was killed, > > consecutive failure 1 of 20" appeared after an hour of starting the > > MailScanner. Then it appeared an hour later. You will almost certainly see that message occasionally, SA uses so many resources on the net it's inevitable that sometimes enough resources will be unresponsive enough to cause a timeout. If it goes up to 20 of 20 whenever you start MS, then you have a problem. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From carl.boberg at NRM.SE Thu Jun 5 08:59:59 2003 From: carl.boberg at NRM.SE (Carl Boberg) Date: Thu Jan 12 21:18:23 2006 Subject: Bayesian training and spam attachment In-Reply-To: <5.2.1.1.2.20030604200749.02525270@imap.ecs.soton.ac.uk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, If anybody finds a useful script/module for this please post it, or where to find it, to this list. / Carl >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >Behalf Of Julian Field >Sent: Wednesday, June 04, 2003 21:08 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Bayesian training and spam attachment > > >At 19:48 04/06/2003, you wrote: >>Julian, >> >>Would you know about some Perl Module that could help me achieve >>that? > >No, sorry. But take a look at www.zeegee.com, there might be >something useful there. > > >>Denis >>Le mer 04/06/2003 ? 11:38, Julian Field a ?crit : >> > At 16:29 04/06/2003, you wrote: >> > >Hello, >> > > >> > >I am working on implementing a shared folder to drop spam/ham >> > >into to educate the Bayesian filter of SA. >> > > >> > >If I turn on the "Spam Action = attachment deliver" in MS, will >> > >the resulting email be suitable to be fed in sa-learn or will I >> > >have to remove the message that was included in the email? >> > >> > You would need to extract the RFC822 attachment from the mail >> > you are forwarded, but it will *then* be in the right form for >> > feeding >to sa-learn. >> > -- >> > Julian Field >> > www.MailScanner.info >> > MailScanner thanks transtec Computers for their support >>-- >>Denis Beauchemin, analyste >>Universit? de Sherbrooke, S.T.I. >>T: 819.821.8000x2252 F: 819.821.8045 > >-- >Julian Field >www.MailScanner.info >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use iQA/AwUBPt74fui5vtTaHS+IEQJ54gCcDXTIgD39AYggMgCkdzz/nAWi8H8AoJ1X qNpye0h0nvDxZv+BmWVLQx89 =JoAl -----END PGP SIGNATURE----- From m.sapsed at BANGOR.AC.UK Thu Jun 5 12:49:04 2003 From: m.sapsed at BANGOR.AC.UK (Martin Sapsed) Date: Thu Jan 12 21:18:23 2006 Subject: Languages References: <5.2.1.1.2.20030604215630.04170ce0@imap.ecs.soton.ac.uk> Message-ID: <3EDF2E30.1000407@bangor.ac.uk> Julian Field wrote: > I've been trying to put off doing this (it's a bit of a pain to do), but > maybe the time has come. I'll try to find time to take a look at it this > weekend. The "%lang%" idea may help, thanks for that. It's still a > fair-sized extension to the config compiler... Assuming that all the report files are in the same place (?) couldn't Raymond's: # Define the default language set used in the report files # This can also be the filename of a ruleset. language default = en be followed by statements like # Set where to find the HTML and text versions that will be added to the # end of all clean messages, if "Sign Clean Messages" is set. # These can also be the filenames of rulesets. Inline HTML Signature = inline.sig.html Inline Text Signature = inline.sig.txt so that you're assembling the path to the message files rather than trying some clever substitution? If you can't derive the location of the reports tree then a statement for that might be needed? Just a thought from someone who hasn't done much programming in a long time! ;-) Cheers, Martin -- Martin Sapsed Information Services "Who do you say I am?" University of Wales, Bangor Jesus of Nazareth From dot at DOTAT.AT Thu Jun 5 13:46:21 2003 From: dot at DOTAT.AT (Tony Finch) Date: Thu Jan 12 21:18:23 2006 Subject: SpamAssassin timed out and was killed... box too slow? In-Reply-To: Message-ID: Vasantha Narayanan wrote: > > When I reduced it to 1 child process, I did not get the error for over 3 >hours. But a lot of mail got accumulated in the incoming mail queue that >I had to stop MailScanner and restart it without SpamAssassin to process >the mail. One child process is too few to make full use of the machine. Tony. -- f.a.n.finch http://dotat.at/ COLWYN BAY TO THE MULL OF GALLOWAY INCLUDING THE ISLE OF MAN: SOUTHWEST 4 LOCALLY 5 IN SOUTH BACKING SOUTH 5 OR 6, VEERING SOUTH TO SOUTHWEST 3 OR 4 LATER. DRY, FAIR, BECOMING CLOUDY, RAIN LATER. GOOD FALLING MODERATE IN RAIN. SLIGHT TO MODERATE INCREASING MODERATE, LATER SLIGHT. From dot at DOTAT.AT Thu Jun 5 13:52:17 2003 From: dot at DOTAT.AT (Tony Finch) Date: Thu Jan 12 21:18:23 2006 Subject: MailScanner cron job? In-Reply-To: References: <001BD19C96E6E64E8750D72C2EA0ECEE1AE097@ati-ex-01.ati.local> Message-ID: Eric Sandquist wrote: > >On my system, I started using MailScanner yesterday... Seemed to work ok >for a while... Server load w/o is .60 - .80... After starting it, >activating the cron and restarting sendmail for queue.in and queue... load >jumped to 1.2-1.7... still acceptable... Only scanning for virii... >SpamAssassin is running through procmail for individual users with >spamc/spamd since system wide scanning on this machine nearly killed it in >the past... Are you running SpamAssassin on the same machine as MailScanner? This is not a good combination, because when MailScanner finishes handling a batch you'll get several messages delivered at once which will cause a much bigger spamd load spike than you would get on a system without MailScanner. It would be better to use SpamAssassin via MailScanner and configure the optionality using MailScanner rules files, because that gives you much better control over the load on the machine. Tony. -- f.a.n.finch http://dotat.at/ ARDNAMURCHAN POINT TO CAPE WRATH INCLUDING THE OUTER HEBRIDES: SOUTHWEST 4 OR 5 BACKING SOUTHEAST 5 OR 6, LATER VEERING SOUTH 5 OR 6. OCCASIONAL SHOWERS EARLY, BECOMING CLOUDY, RAIN LATER. GOOD FALLING MODERATE IN SHOWERS THEN RAIN. MODERATE INCREASING ROUGH. From damian at WORKGROUPSOLUTIONS.COM Thu Jun 5 14:13:31 2003 From: damian at WORKGROUPSOLUTIONS.COM (Damian Mendoza) Date: Thu Jan 12 21:18:23 2006 Subject: message whitelisted Message-ID: message whitelisted - any idea why? Maillog Jun 4 15:43:51 spamgate sendmail[14232]: h54MhGTP014210: to=, delay=00:00:34, xdelay=00:00:01, mailer=esmtp, pri=120857, relay=[10.1.25 4.3] [10.1.254.3], dsn=2.0.0, stat=Sent ( <051801c32aea$61855df0$6400a8c0@cx3429 83a> Queued mail for delivery) Jun 4 15:43:51 spamgate sendmail[14232]: h54MhGTO014210: to=, delay=00:00:35, xdelay=00:00:00, mailer=esmtp, pri=120860, relay=[1 0.1.254.3] [10.1.254.3], dsn=2.0.0, stat=Sent ( Queued mail for delivery) Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: from=, size=3278, class=0, nrcpts=8, msgid=, proto =ESMTP, daemon=MTA, relay=gateway.svusd.k12.ca.us [198.188.250.254] Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to=, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to=, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to=, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to=, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to=, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to=, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to=, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to=, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued MailScanner Whitelist # This is where you can build a Spam WhiteList # Addresses matching in here, with the value # "yes" will never be marked as spam. From: 152.78. yes #From: 130.246. yes From: *@cox.net yes From: *.k12.ca.us yes From: *.edu yes From: *.ca.us yes From: *.dell.com yes From: .*universalservice.org yes From: *.nsba.org yes From: *.org yes From: *.gov yes From: .ups.com yes From: .fedex.com yes From: .*techrepublic.com yes From: .*godaddy.com yes From: *.servepath.com yes From: *.nationalcar.com yes From: csuf_tvfilmsociety@yahoogroups.com yes From: info@riskinstitute.org yes From: TechEdNews@TechEdEvents.org yes From: enewsletter@natsem.com yes From: .em10.net yes From: subscriptions@enasco.com yes From: kelly@RIECHESBAIRD.com yes From: K12@microsoft.com yes From: newsflash@hvm.macromedia.com yes From: Newsletter@schoolfacilities.com yes From: SuePar1130@aol.com yes From: aesparza@thermaldynamics.com yes From: editor@englishclub.com yes From: delfie.burgueno@ecd.com yes From: jeanie@tstonramp.com yes From: ascd@readexresearch.com yes From: .sirs.com yes From: travel@expedia.com yes From: lebinger@nsba.org yes From: orders@renlearn.com yes From: .e-tips.carolina.com yes From: *@*.afac.org yes From: *@americawest.com yes From: *@tamadvisors.com yes From: *@scholastic.com yes From: *@getthere.net yes From: *@educatorsportal.com yes From: *@boiseoffice.com yes From: *@macfreefilms.com yes From: *@*.usmc.mil yes From: *@class-ic.com yes FromOrTo: sales@goadulted.com yes FromOrTo: trpenna@msn.com yes FromOrTo: default no Jun 4 15:43:58 spamgate MailScanner[6614]: SpamAssassin timed out and was kille d, consecutive failure 4 of 20 Microsoft Mail Internet Headers Version 2.0 Received: from localhost.localdomain ([192.168.1.86]) by w2kserver.workgroupsolutions.com with Microsoft SMTPSVC(5.0.2195.5329); Wed, 4 Jun 2003 15:46:09 -0700 Received: from workgroupsolutions.com (gateway.workgroupsolutions.com [192.168.1.254]) by localhost.localdomain (8.12.5/8.12.5) with ESMTP id h54Mk3Ve008589 for ; Wed, 4 Jun 2003 15:46:03 -0700 Received: from svusd.k12.ca.us ([66.124.50.2]) by gateway.workgroupsolutions.com with ESMTP id <119041>; Wed, 4 Jun 2003 15:46:06 -0700 Received: from doexchange.svusd.net ([10.1.254.3]) by gateway.svusd.k12.ca.us with ESMTP id <119073>; Wed, 4 Jun 2003 12:45:52 -1000 X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 Content-Class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C32AEB.0C717225" Disposition-Notification-To: "Chu, Warren (Information Services)" Subject: FW: chuw@svusd.k12.ca.us,We have the cheapest Viagra around Date: Wed, 4 Jun 2003 15:45:51 -0700 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: chuw@svusd.k12.ca.us,We have the cheapest Viagra around Thread-Index: AcMq6uzSqDpgIY8yQMSl6zd3ISx+RQAAEBgg From: "Chu, Warren (Information Services)" To: X-Message-is-Spam: not spam (whitelisted), SpamAssassin (score=29.7, required 4, BAYES_50, HTML_30_40, HTML_FONT_COLOR_BLUE, HTTP_USERNAME_USED, MAILTO_TO_SPAM_ADDR, NO_COST, REMOVE_PAGE, SUBJ_VIAGRA, Subj_1, USERPASS) Return-Path: CHUW@svusd.k12.ca.us X-OriginalArrivalTime: 04 Jun 2003 22:46:09.0982 (UTC) FILETIME=[17B365E0:01C32AEB] ------_=_NextPart_001_01C32AEB.0C717225 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable ------_=_NextPart_001_01C32AEB.0C717225 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable ------_=_NextPart_001_01C32AEB.0C717225-- Workgroup Solutions 20532 El Toro Rd, Suite 107 Mission Viejo, CA 92692 949 586-2200 Developers of SpamGate - MXTreme - Stop SPAM at the Gateway with the MXTreme Appliance Stop SPAM today at the Gateway! PacketShaper - Bandwidth Management for your network Centurion Guard - Write protect your desktop computers From zabriskw at ITECH.NET Thu Jun 5 15:05:36 2003 From: zabriskw at ITECH.NET (Kris Zabriskie) Date: Thu Jan 12 21:18:23 2006 Subject: message whitelisted References: Message-ID: <001601c32b6b$89e495a0$0c02a8c0@itech.dom> Damian, I am currently having the same problem and have not been able to fix it. I have been advised to check the spamassassin whitelist database. Check in your MailScanner.conf file and look to see if you have: SpamAssassin Auto Whitelist = no Past that I am affraid I can not be of any more help to you. ----- Original Message ----- From: "Damian Mendoza" To: Sent: Thursday, June 05, 2003 9:13 AM Subject: message whitelisted > message whitelisted - any idea why? > > > Maillog > > Jun 4 15:43:51 spamgate sendmail[14232]: h54MhGTP014210: to= a.us>, delay=00:00:34, xdelay=00:00:01, mailer=esmtp, pri=120857, relay=[10.1.25 > 4.3] [10.1.254.3], dsn=2.0.0, stat=Sent ( <051801c32aea$61855df0$6400a8c0@cx3429 > 83a> Queued mail for delivery) > Jun 4 15:43:51 spamgate sendmail[14232]: h54MhGTO014210: to= .k12.ca.us>, delay=00:00:35, xdelay=00:00:00, mailer=esmtp, pri=120860, relay=[1 > 0.1.254.3] [10.1.254.3], dsn=2.0.0, stat=Sent ( rennan@benefitassoc.com> Queued mail for delivery) > Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: from= nespeople.us>, size=3278, class=0, nrcpts=8, msgid=, proto > =ESMTP, daemon=MTA, relay=gateway.svusd.k12.ca.us [198.188.250.254] > Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to= a.us>, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued > Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to= k12.ca.us>, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued > Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to= .us>, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued > Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to= ca.us>, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued > Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to= a.us>, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued > Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to= .ca.us>, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued > Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to= ca.us>, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued > Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to= us>, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued > > MailScanner Whitelist > > # This is where you can build a Spam WhiteList > # Addresses matching in here, with the value > # "yes" will never be marked as spam. > From: 152.78. yes > #From: 130.246. yes > From: *@cox.net yes > From: *.k12.ca.us yes > From: *.edu yes > From: *.ca.us yes > From: *.dell.com yes > From: .*universalservice.org yes > From: *.nsba.org yes > From: *.org yes > From: *.gov yes > From: .ups.com yes > From: .fedex.com yes > From: .*techrepublic.com yes > From: .*godaddy.com yes > From: *.servepath.com yes > From: *.nationalcar.com yes > From: csuf_tvfilmsociety@yahoogroups.com yes > From: info@riskinstitute.org yes > From: TechEdNews@TechEdEvents.org yes > From: enewsletter@natsem.com yes > From: .em10.net yes > From: subscriptions@enasco.com yes > From: kelly@RIECHESBAIRD.com yes > From: K12@microsoft.com yes > From: newsflash@hvm.macromedia.com yes > From: Newsletter@schoolfacilities.com yes > From: SuePar1130@aol.com yes > From: aesparza@thermaldynamics.com yes > From: editor@englishclub.com yes > From: delfie.burgueno@ecd.com yes > From: jeanie@tstonramp.com yes > From: ascd@readexresearch.com yes > From: .sirs.com yes > From: travel@expedia.com yes > From: lebinger@nsba.org yes > From: orders@renlearn.com yes > From: .e-tips.carolina.com yes > From: *@*.afac.org yes > From: *@americawest.com yes > From: *@tamadvisors.com yes > From: *@scholastic.com yes > From: *@getthere.net yes > From: *@educatorsportal.com yes > From: *@boiseoffice.com yes > From: *@macfreefilms.com yes > From: *@*.usmc.mil yes > From: *@class-ic.com yes > FromOrTo: sales@goadulted.com yes > FromOrTo: trpenna@msn.com yes > FromOrTo: default no > > Jun 4 15:43:58 spamgate MailScanner[6614]: SpamAssassin timed out and was kille > d, consecutive failure 4 of 20 > > Microsoft Mail Internet Headers Version 2.0 > Received: from localhost.localdomain ([192.168.1.86]) by w2kserver.workgroupsolutions.com with Microsoft SMTPSVC(5.0.2195.5329); > Wed, 4 Jun 2003 15:46:09 -0700 > Received: from workgroupsolutions.com (gateway.workgroupsolutions.com [192.168.1.254]) > by localhost.localdomain (8.12.5/8.12.5) with ESMTP id h54Mk3Ve008589 > for ; Wed, 4 Jun 2003 15:46:03 -0700 > Received: from svusd.k12.ca.us ([66.124.50.2]) by gateway.workgroupsolutions.com with ESMTP id <119041>; Wed, 4 Jun 2003 15:46:06 -0700 > Received: from doexchange.svusd.net ([10.1.254.3]) by gateway.svusd.k12.ca.us with ESMTP id <119073>; Wed, 4 Jun 2003 12:45:52 -1000 > X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 > Content-Class: urn:content-classes:message > MIME-Version: 1.0 > Content-Type: multipart/alternative; > boundary="----_=_NextPart_001_01C32AEB.0C717225" > Disposition-Notification-To: "Chu, Warren (Information Services)" > Subject: FW: chuw@svusd.k12.ca.us,We have the cheapest Viagra around > Date: Wed, 4 Jun 2003 15:45:51 -0700 > Message-ID: > X-MS-Has-Attach: > X-MS-TNEF-Correlator: > Thread-Topic: chuw@svusd.k12.ca.us,We have the cheapest Viagra around > Thread-Index: AcMq6uzSqDpgIY8yQMSl6zd3ISx+RQAAEBgg > From: "Chu, Warren (Information Services)" > To: > X-Message-is-Spam: not spam (whitelisted), SpamAssassin (score=29.7, > required 4, BAYES_50, HTML_30_40, HTML_FONT_COLOR_BLUE, > HTTP_USERNAME_USED, MAILTO_TO_SPAM_ADDR, NO_COST, REMOVE_PAGE, > SUBJ_VIAGRA, Subj_1, USERPASS) > Return-Path: CHUW@svusd.k12.ca.us > X-OriginalArrivalTime: 04 Jun 2003 22:46:09.0982 (UTC) FILETIME=[17B365E0:01C32AEB] > > ------_=_NextPart_001_01C32AEB.0C717225 > Content-Type: text/plain; > charset="us-ascii" > Content-Transfer-Encoding: quoted-printable > > ------_=_NextPart_001_01C32AEB.0C717225 > Content-Type: text/html; > charset="us-ascii" > Content-Transfer-Encoding: quoted-printable > > > ------_=_NextPart_001_01C32AEB.0C717225-- > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Workgroup Solutions > 20532 El Toro Rd, Suite 107 > Mission Viejo, CA 92692 > 949 586-2200 > Developers of SpamGate - > MXTreme - Stop SPAM at the Gateway with the MXTreme Appliance Stop SPAM today at the Gateway! > > PacketShaper - Bandwidth Management for your network > Centurion Guard - Write protect your desktop computers > > From raymond at PROLOCATION.NET Thu Jun 5 15:26:35 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:23 2006 Subject: NDR delivery In-Reply-To: Message-ID: Hi! > Jun 5 10:14:55 spambox MailScanner[17484]: Syntax error in line 896, value > "store /etc/MailScanner/rules/deliver.rules" for hamactions is not one of > allowed values > "bounce","attachment","store","deliver","delete","forward","striphtml" What version are you running ? Would help ... Beta release 4.21: - any of the spam actions can now be applied to non-spam. This means you can archive non-spam, among other things. You can't "bounce" non-spam. If its a version earlier that might explain. Bye, Raymond. From MWeiner at AG.COM Thu Jun 5 15:22:04 2003 From: MWeiner at AG.COM (MW Mike Weiner (5028)) Date: Thu Jan 12 21:18:23 2006 Subject: NDR delivery Message-ID: OK, I have the following Action rules in MailScanner.conf (I take It that's where you meant me to set that up): Spam Actions = store /etc/MailScanner/rules/deliver.rules High Scoring Spam Actions = store /etc/MailScanner/rules/deliver.rules Non Spam Actions = store /etc/MailScanner/rules/deliver.rules and am getting the following: Jun 5 10:14:55 spambox MailScanner[17484]: Syntax error in line 896, value "store /etc/MailScanner/rules/deliver.rules" for hamactions is not one of allowed values "bounce","attachment","store","deliver","delete","forward","striphtml" And Jun 5 10:20:36 spambox MailScanner[18370]: Syntax error in line 883, value "store /etc/MailScanner/rules/deliver.rules" for highscorespamactions is not one of allowed values "bounce","attachment","store","deliver","delete","forward","striphtml" Is this the behavior I should be seeing??? I have yet to see that error message for SPAM Michael Weiner -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: Wednesday, June 04, 2003 5:50 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: NDR delivery At 22:58 03/06/2003, you wrote: >I am still unsure what the syntax of the deliver rules will look like. I >can set the Spam and Nonspam Action rulesets up to delet eby default, >butt where do the delivery rules go, and what format would they take? You could set all 3 of the "Actions" settings to the same rules file to start with. Make it look like this: FromOrTo: default delete FromOrTo: user1 deliver FromOrTo: user2 deliver Then it will delete all mail for anyone other than user1 and user2. >Thanks >Michael Weinre >-- >On Tue, 2003-06-03 at 10:00, Julian Field wrote: > > This is the job of the MTA, not MailScanner. > > If there aren't many users, you could knock up something with a Spam > > Actions ruleset and a Non Spam Actions ruleset (set the default to "delete" > > and create explicit "deliver" rules for the users who actually exist). > -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From damian at WORKGROUPSOLUTIONS.COM Thu Jun 5 15:36:21 2003 From: damian at WORKGROUPSOLUTIONS.COM (Damian Mendoza) Date: Thu Jan 12 21:18:24 2006 Subject: message whitelisted Message-ID: Kris, How often does it happen? AWL = no in MailScanner.conf Thanks, Damian Workgroup Solutions 20532 El Toro Rd, Suite 107 Mission Viejo, CA 92692 949 586-2200 -----Original Message----- From: Kris Zabriskie [mailto:zabriskw@ITECH.NET] Sent: Thursday, June 05, 2003 7:06 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: message whitelisted Damian, I am currently having the same problem and have not been able to fix it. I have been advised to check the spamassassin whitelist database. Check in your MailScanner.conf file and look to see if you have: SpamAssassin Auto Whitelist = no Past that I am affraid I can not be of any more help to you. ----- Original Message ----- From: "Damian Mendoza" To: Sent: Thursday, June 05, 2003 9:13 AM Subject: message whitelisted > message whitelisted - any idea why? > > > Maillog > > Jun 4 15:43:51 spamgate sendmail[14232]: h54MhGTP014210: to= a.us>, delay=00:00:34, xdelay=00:00:01, mailer=esmtp, pri=120857, relay=[10.1.25 > 4.3] [10.1.254.3], dsn=2.0.0, stat=Sent ( <051801c32aea$61855df0$6400a8c0@cx3429 > 83a> Queued mail for delivery) > Jun 4 15:43:51 spamgate sendmail[14232]: h54MhGTO014210: to= .k12.ca.us>, delay=00:00:35, xdelay=00:00:00, mailer=esmtp, pri=120860, relay=[1 > 0.1.254.3] [10.1.254.3], dsn=2.0.0, stat=Sent ( rennan@benefitassoc.com> Queued mail for delivery) > Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: from= nespeople.us>, size=3278, class=0, nrcpts=8, msgid=, proto > =ESMTP, daemon=MTA, relay=gateway.svusd.k12.ca.us [198.188.250.254] > Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to= a.us>, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued > Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to= k12.ca.us>, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued > Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to= .us>, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued > Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to= ca.us>, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued > Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to= a.us>, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued > Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to= .ca.us>, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued > Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to= ca.us>, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued > Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to= us>, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued > > MailScanner Whitelist > > # This is where you can build a Spam WhiteList > # Addresses matching in here, with the value > # "yes" will never be marked as spam. > From: 152.78. yes > #From: 130.246. yes > From: *@cox.net yes > From: *.k12.ca.us yes > From: *.edu yes > From: *.ca.us yes > From: *.dell.com yes > From: .*universalservice.org yes > From: *.nsba.org yes > From: *.org yes > From: *.gov yes > From: .ups.com yes > From: .fedex.com yes > From: .*techrepublic.com yes > From: .*godaddy.com yes > From: *.servepath.com yes > From: *.nationalcar.com yes > From: csuf_tvfilmsociety@yahoogroups.com yes > From: info@riskinstitute.org yes > From: TechEdNews@TechEdEvents.org yes > From: enewsletter@natsem.com yes > From: .em10.net yes > From: subscriptions@enasco.com yes > From: kelly@RIECHESBAIRD.com yes > From: K12@microsoft.com yes > From: newsflash@hvm.macromedia.com yes > From: Newsletter@schoolfacilities.com yes > From: SuePar1130@aol.com yes > From: aesparza@thermaldynamics.com yes > From: editor@englishclub.com yes > From: delfie.burgueno@ecd.com yes > From: jeanie@tstonramp.com yes > From: ascd@readexresearch.com yes > From: .sirs.com yes > From: travel@expedia.com yes > From: lebinger@nsba.org yes > From: orders@renlearn.com yes > From: .e-tips.carolina.com yes > From: *@*.afac.org yes > From: *@americawest.com yes > From: *@tamadvisors.com yes > From: *@scholastic.com yes > From: *@getthere.net yes > From: *@educatorsportal.com yes > From: *@boiseoffice.com yes > From: *@macfreefilms.com yes > From: *@*.usmc.mil yes > From: *@class-ic.com yes > FromOrTo: sales@goadulted.com yes > FromOrTo: trpenna@msn.com yes > FromOrTo: default no > > Jun 4 15:43:58 spamgate MailScanner[6614]: SpamAssassin timed out and was kille > d, consecutive failure 4 of 20 > > Microsoft Mail Internet Headers Version 2.0 > Received: from localhost.localdomain ([192.168.1.86]) by w2kserver.workgroupsolutions.com with Microsoft SMTPSVC(5.0.2195.5329); > Wed, 4 Jun 2003 15:46:09 -0700 > Received: from workgroupsolutions.com (gateway.workgroupsolutions.com [192.168.1.254]) > by localhost.localdomain (8.12.5/8.12.5) with ESMTP id h54Mk3Ve008589 > for ; Wed, 4 Jun 2003 15:46:03 -0700 > Received: from svusd.k12.ca.us ([66.124.50.2]) by gateway.workgroupsolutions.com with ESMTP id <119041>; Wed, 4 Jun 2003 15:46:06 -0700 > Received: from doexchange.svusd.net ([10.1.254.3]) by gateway.svusd.k12.ca.us with ESMTP id <119073>; Wed, 4 Jun 2003 12:45:52 -1000 > X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 > Content-Class: urn:content-classes:message > MIME-Version: 1.0 > Content-Type: multipart/alternative; > boundary="----_=_NextPart_001_01C32AEB.0C717225" > Disposition-Notification-To: "Chu, Warren (Information Services)" > Subject: FW: chuw@svusd.k12.ca.us,We have the cheapest Viagra around > Date: Wed, 4 Jun 2003 15:45:51 -0700 > Message-ID: > X-MS-Has-Attach: > X-MS-TNEF-Correlator: > Thread-Topic: chuw@svusd.k12.ca.us,We have the cheapest Viagra around > Thread-Index: AcMq6uzSqDpgIY8yQMSl6zd3ISx+RQAAEBgg > From: "Chu, Warren (Information Services)" > To: > X-Message-is-Spam: not spam (whitelisted), SpamAssassin (score=29.7, > required 4, BAYES_50, HTML_30_40, HTML_FONT_COLOR_BLUE, > HTTP_USERNAME_USED, MAILTO_TO_SPAM_ADDR, NO_COST, REMOVE_PAGE, > SUBJ_VIAGRA, Subj_1, USERPASS) > Return-Path: CHUW@svusd.k12.ca.us > X-OriginalArrivalTime: 04 Jun 2003 22:46:09.0982 (UTC) FILETIME=[17B365E0:01C32AEB] > > ------_=_NextPart_001_01C32AEB.0C717225 > Content-Type: text/plain; > charset="us-ascii" > Content-Transfer-Encoding: quoted-printable > > ------_=_NextPart_001_01C32AEB.0C717225 > Content-Type: text/html; > charset="us-ascii" > Content-Transfer-Encoding: quoted-printable > > > ------_=_NextPart_001_01C32AEB.0C717225-- > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Workgroup Solutions > 20532 El Toro Rd, Suite 107 > Mission Viejo, CA 92692 > 949 586-2200 > Developers of SpamGate - > MXTreme - Stop SPAM at the Gateway with the MXTreme Appliance Stop SPAM today at the Gateway! > > PacketShaper - Bandwidth Management for your network > Centurion Guard - Write protect your desktop computers > > From MWeiner at AG.COM Thu Jun 5 15:31:38 2003 From: MWeiner at AG.COM (MW Mike Weiner (5028)) Date: Thu Jan 12 21:18:24 2006 Subject: NDR delivery Message-ID: Thanks for your response, this is 4.21-9 I believe, and yes, I have been taking advantage of the "store" for non-spam to assist in the bayesian training. Love that feature. Michael Weiner -----Original Message----- From: Raymond Dijkxhoorn [mailto:raymond@PROLOCATION.NET] Sent: Thursday, June 05, 2003 10:27 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: NDR delivery Hi! > Jun 5 10:14:55 spambox MailScanner[17484]: Syntax error in line 896, value > "store /etc/MailScanner/rules/deliver.rules" for hamactions is not one of > allowed values > "bounce","attachment","store","deliver","delete","forward","striphtml" What version are you running ? Would help ... Beta release 4.21: - any of the spam actions can now be applied to non-spam. This means you can archive non-spam, among other things. You can't "bounce" non-spam. If its a version earlier that might explain. Bye, Raymond. From zabriskw at ITECH.NET Thu Jun 5 15:43:19 2003 From: zabriskw at ITECH.NET (Kris Zabriskie) Date: Thu Jan 12 21:18:24 2006 Subject: message whitelisted References: Message-ID: <000401c32b70$cec786a0$0c02a8c0@itech.dom> Damian, I would say maybe 5 times a day for each email account we have. The best way to find out is just grep your mail.log and it would be able to tell ya. The envelope addresses that I am getting them from is: yahoo.com compaq.net usa.com 21cn.com email.com hotmail.com yeah.net eureka.net I have done reverse DNS lookups off of the mailservers that they are coming from and they do not resolve to anything, which goes again RFC compliance for a MailServer. You can try to configure sendmail or whatever you are using to only accept mail from mail servers that can be reverse lookup resolved, but that will seriously hinder your ability to receive mail from lots of different mailservers, because there are a LOT of MailServers that are NOT RFC compliant. I can't be much more help, I am sorry. ----- Original Message ----- From: "Damian Mendoza" To: Sent: Thursday, June 05, 2003 10:36 AM Subject: Re: message whitelisted > Kris, > > How often does it happen? AWL = no in MailScanner.conf > > Thanks, > > Damian > > Workgroup Solutions > 20532 El Toro Rd, Suite 107 > Mission Viejo, CA 92692 > 949 586-2200 > > > > > > -----Original Message----- > From: Kris Zabriskie [mailto:zabriskw@ITECH.NET] > Sent: Thursday, June 05, 2003 7:06 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: message whitelisted > > > Damian, > I am currently having the same problem and have not been able to fix it. I > have been advised to check the spamassassin whitelist database. Check in > your MailScanner.conf file and look to see if you have: > > SpamAssassin Auto Whitelist = no > > Past that I am affraid I can not be of any more help to you. > > > ----- Original Message ----- > From: "Damian Mendoza" > To: > Sent: Thursday, June 05, 2003 9:13 AM > Subject: message whitelisted > > > > message whitelisted - any idea why? > > > > > > Maillog > > > > Jun 4 15:43:51 spamgate sendmail[14232]: h54MhGTP014210: > to= > a.us>, delay=00:00:34, xdelay=00:00:01, mailer=esmtp, pri=120857, > relay=[10.1.25 > > 4.3] [10.1.254.3], dsn=2.0.0, stat=Sent ( > <051801c32aea$61855df0$6400a8c0@cx3429 > > 83a> Queued mail for delivery) > > Jun 4 15:43:51 spamgate sendmail[14232]: h54MhGTO014210: > to= > .k12.ca.us>, delay=00:00:35, xdelay=00:00:00, mailer=esmtp, pri=120860, > relay=[1 > > 0.1.254.3] [10.1.254.3], dsn=2.0.0, stat=Sent ( > > rennan@benefitassoc.com> Queued mail for delivery) > > Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: > from= > nespeople.us>, size=3278, class=0, nrcpts=8, msgid=, > proto > > =ESMTP, daemon=MTA, relay=gateway.svusd.k12.ca.us [198.188.250.254] > > Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: > to= > a.us>, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued > > Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: > to= > k12.ca.us>, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued > > Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: > to= > .us>, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued > > Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: > to= > ca.us>, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued > > Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: > to= > a.us>, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued > > Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: > to= > .ca.us>, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued > > Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: > to= > ca.us>, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued > > Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: > to= > us>, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued > > > > MailScanner Whitelist > > > > # This is where you can build a Spam WhiteList > > # Addresses matching in here, with the value > > # "yes" will never be marked as spam. > > From: 152.78. yes > > #From: 130.246. yes > > From: *@cox.net yes > > From: *.k12.ca.us yes > > From: *.edu yes > > From: *.ca.us yes > > From: *.dell.com yes > > From: .*universalservice.org yes > > From: *.nsba.org yes > > From: *.org yes > > From: *.gov yes > > From: .ups.com yes > > From: .fedex.com yes > > From: .*techrepublic.com yes > > From: .*godaddy.com yes > > From: *.servepath.com yes > > From: *.nationalcar.com yes > > From: csuf_tvfilmsociety@yahoogroups.com yes > > From: info@riskinstitute.org yes > > From: TechEdNews@TechEdEvents.org yes > > From: enewsletter@natsem.com yes > > From: .em10.net yes > > From: subscriptions@enasco.com yes > > From: kelly@RIECHESBAIRD.com yes > > From: K12@microsoft.com yes > > From: newsflash@hvm.macromedia.com yes > > From: Newsletter@schoolfacilities.com yes > > From: SuePar1130@aol.com yes > > From: aesparza@thermaldynamics.com yes > > From: editor@englishclub.com yes > > From: delfie.burgueno@ecd.com yes > > From: jeanie@tstonramp.com yes > > From: ascd@readexresearch.com yes > > From: .sirs.com yes > > From: travel@expedia.com yes > > From: lebinger@nsba.org yes > > From: orders@renlearn.com yes > > From: .e-tips.carolina.com yes > > From: *@*.afac.org yes > > From: *@americawest.com yes > > From: *@tamadvisors.com yes > > From: *@scholastic.com yes > > From: *@getthere.net yes > > From: *@educatorsportal.com yes > > From: *@boiseoffice.com yes > > From: *@macfreefilms.com yes > > From: *@*.usmc.mil yes > > From: *@class-ic.com yes > > FromOrTo: sales@goadulted.com yes > > FromOrTo: trpenna@msn.com yes > > FromOrTo: default no > > > > Jun 4 15:43:58 spamgate MailScanner[6614]: SpamAssassin timed out and was > kille > > d, consecutive failure 4 of 20 > > > > Microsoft Mail Internet Headers Version 2.0 > > Received: from localhost.localdomain ([192.168.1.86]) by > w2kserver.workgroupsolutions.com with Microsoft SMTPSVC(5.0.2195.5329); > > Wed, 4 Jun 2003 15:46:09 -0700 > > Received: from workgroupsolutions.com (gateway.workgroupsolutions.com > [192.168.1.254]) > > by localhost.localdomain (8.12.5/8.12.5) with ESMTP id > h54Mk3Ve008589 > > for ; Wed, 4 Jun 2003 > 15:46:03 -0700 > > Received: from svusd.k12.ca.us ([66.124.50.2]) by > gateway.workgroupsolutions.com with ESMTP id <119041>; Wed, 4 Jun 2003 > 15:46:06 -0700 > > Received: from doexchange.svusd.net ([10.1.254.3]) by > gateway.svusd.k12.ca.us with ESMTP id <119073>; Wed, 4 Jun 2003 > 12:45:52 -1000 > > X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 > > Content-Class: urn:content-classes:message > > MIME-Version: 1.0 > > Content-Type: multipart/alternative; > > boundary="----_=_NextPart_001_01C32AEB.0C717225" > > Disposition-Notification-To: "Chu, Warren (Information Services)" > > > Subject: FW: chuw@svusd.k12.ca.us,We have the cheapest Viagra around > > Date: Wed, 4 Jun 2003 15:45:51 -0700 > > Message-ID: > > > X-MS-Has-Attach: > > X-MS-TNEF-Correlator: > > Thread-Topic: chuw@svusd.k12.ca.us,We have the cheapest Viagra around > > Thread-Index: AcMq6uzSqDpgIY8yQMSl6zd3ISx+RQAAEBgg > > From: "Chu, Warren (Information Services)" > > To: > > X-Message-is-Spam: not spam (whitelisted), SpamAssassin (score=29.7, > > required 4, BAYES_50, HTML_30_40, HTML_FONT_COLOR_BLUE, > > HTTP_USERNAME_USED, MAILTO_TO_SPAM_ADDR, NO_COST, REMOVE_PAGE, > > SUBJ_VIAGRA, Subj_1, USERPASS) > > Return-Path: CHUW@svusd.k12.ca.us > > X-OriginalArrivalTime: 04 Jun 2003 22:46:09.0982 (UTC) > FILETIME=[17B365E0:01C32AEB] > > > > ------_=_NextPart_001_01C32AEB.0C717225 > > Content-Type: text/plain; > > charset="us-ascii" > > Content-Transfer-Encoding: quoted-printable > > > > ------_=_NextPart_001_01C32AEB.0C717225 > > Content-Type: text/html; > > charset="us-ascii" > > Content-Transfer-Encoding: quoted-printable > > > > > > ------_=_NextPart_001_01C32AEB.0C717225-- > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Workgroup Solutions > > 20532 El Toro Rd, Suite 107 > > Mission Viejo, CA 92692 > > 949 586-2200 > > Developers of SpamGate - > > MXTreme - Stop SPAM at the Gateway with the MXTreme Appliance Stop SPAM > today at the Gateway! > > > > PacketShaper - Bandwidth Management for your network > > Centurion Guard - Write protect your desktop computers > > > > > > From ryan.henry.ml at EPSIIA.COM Thu Jun 5 16:12:25 2003 From: ryan.henry.ml at EPSIIA.COM (Ryan Henry [mailing list]) Date: Thu Jan 12 21:18:24 2006 Subject: new install - cannot call method bodyhandle in Message.pm Message-ID: <3EDF5DD9.2040601@EPSIIA.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Just installed latest version of mailscanner and receive the following error when starting. Anyone have any info on how to begin debuging this? Starting MailScanner... In Debugging mode, not forking... Can't call method "bodyhandle" on an undefined value at /opt/MailScanner/lib/MailScanner/Message.pm line 898. Thanks, - -Ryan -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE+313YduH5kxQ36MARAlMyAKCTJuiWO2dRlr1XdgNkdI1Jvx9uYwCfdZTo RQ/elb5Q57malblJE1jOvrk= =37Kg -----END PGP SIGNATURE----- From MWeiner at AG.COM Thu Jun 5 16:20:31 2003 From: MWeiner at AG.COM (MW Mike Weiner (5028)) Date: Thu Jan 12 21:18:24 2006 Subject: NDR delivery Message-ID: Ooops I stand corrected, now I see the same error for the SPAM actions Jun 5 11:18:55 spambox MailScanner[29416]: Syntax error in line 861, value "store /etc/MailScanner/rules/deliver.rules" for spamactions is not one of allowed values "bounce","attachment","store","deliver","delete","forward","striphtml" Any ideas?? Michael Weiner -----Original Message----- From: MW Mike Weiner (5028) [mailto:MWeiner@AG.COM] Sent: Thursday, June 05, 2003 10:32 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: NDR delivery Thanks for your response, this is 4.21-9 I believe, and yes, I have been taking advantage of the "store" for non-spam to assist in the bayesian training. Love that feature. Michael Weiner -----Original Message----- From: Raymond Dijkxhoorn [mailto:raymond@PROLOCATION.NET] Sent: Thursday, June 05, 2003 10:27 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: NDR delivery Hi! > Jun 5 10:14:55 spambox MailScanner[17484]: Syntax error in line 896, value > "store /etc/MailScanner/rules/deliver.rules" for hamactions is not one of > allowed values > "bounce","attachment","store","deliver","delete","forward","striphtml" What version are you running ? Would help ... Beta release 4.21: - any of the spam actions can now be applied to non-spam. This means you can archive non-spam, among other things. You can't "bounce" non-spam. If its a version earlier that might explain. Bye, Raymond. From Denis.Beauchemin at USHERBROOKE.CA Thu Jun 5 16:28:18 2003 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:18:24 2006 Subject: NDR delivery In-Reply-To: References: Message-ID: <1054826897.22566.63.camel@dbeauchemin.si.usherbrooke.ca> Mike, I believe you should rather have: Spam Actions = /etc/MailScanner/rules/deliver.rules High Scoring Spam Actions = /etc/MailScanner/rules/deliver.rules Non Spam Actions = /etc/MailScanner/rules/deliver.rules and put the store keyword in the rules files: cat /etc/MailScanner/rules/deliver.rules To: somewhere.com store deliver Denis Le jeu 05/06/2003 ? 11:20, MW Mike Weiner (5028) a ?crit : > Ooops I stand corrected, now I see the same error for the SPAM actions > > Jun 5 11:18:55 spambox MailScanner[29416]: Syntax error in line 861, value > "store /etc/MailScanner/rules/deliver.rules" for spamactions is not one of > allowed values > "bounce","attachment","store","deliver","delete","forward","striphtml" > > Any ideas?? > > Michael Weiner > > -----Original Message----- > From: MW Mike Weiner (5028) [mailto:MWeiner@AG.COM] > Sent: Thursday, June 05, 2003 10:32 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: NDR delivery > > Thanks for your response, this is 4.21-9 I believe, and yes, I have been > taking advantage of the "store" for non-spam to assist in the bayesian > training. Love that feature. > > Michael Weiner > > -----Original Message----- > From: Raymond Dijkxhoorn [mailto:raymond@PROLOCATION.NET] > Sent: Thursday, June 05, 2003 10:27 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: NDR delivery > > Hi! > > > Jun 5 10:14:55 spambox MailScanner[17484]: Syntax error in line 896, > value > > "store /etc/MailScanner/rules/deliver.rules" for hamactions is not one of > > allowed values > > "bounce","attachment","store","deliver","delete","forward","striphtml" > > What version are you running ? Would help ... > > Beta release 4.21: > > - any of the spam actions can now be applied to non-spam. This means you > can archive non-spam, among other things. You can't "bounce" non-spam. > > If its a version earlier that might explain. > > Bye, > Raymond. -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x2252 F: 819.821.8045 From MWeiner at AG.COM Thu Jun 5 16:38:53 2003 From: MWeiner at AG.COM (MW Mike Weiner (5028)) Date: Thu Jan 12 21:18:24 2006 Subject: NDR delivery Message-ID: Trying that now, sir, thank you very much for your response Michael Weiner -----Original Message----- From: Denis Beauchemin [mailto:Denis.Beauchemin@USHERBROOKE.CA] Sent: Thursday, June 05, 2003 11:28 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: NDR delivery Mike, I believe you should rather have: Spam Actions = /etc/MailScanner/rules/deliver.rules High Scoring Spam Actions = /etc/MailScanner/rules/deliver.rules Non Spam Actions = /etc/MailScanner/rules/deliver.rules and put the store keyword in the rules files: cat /etc/MailScanner/rules/deliver.rules To: somewhere.com store deliver Denis Le jeu 05/06/2003 ? 11:20, MW Mike Weiner (5028) a ?crit : > Ooops I stand corrected, now I see the same error for the SPAM actions > > Jun 5 11:18:55 spambox MailScanner[29416]: Syntax error in line 861, value > "store /etc/MailScanner/rules/deliver.rules" for spamactions is not one of > allowed values > "bounce","attachment","store","deliver","delete","forward","striphtml" > > Any ideas?? > > Michael Weiner > > -----Original Message----- > From: MW Mike Weiner (5028) [mailto:MWeiner@AG.COM] > Sent: Thursday, June 05, 2003 10:32 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: NDR delivery > > Thanks for your response, this is 4.21-9 I believe, and yes, I have been > taking advantage of the "store" for non-spam to assist in the bayesian > training. Love that feature. > > Michael Weiner > > -----Original Message----- > From: Raymond Dijkxhoorn [mailto:raymond@PROLOCATION.NET] > Sent: Thursday, June 05, 2003 10:27 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: NDR delivery > > Hi! > > > Jun 5 10:14:55 spambox MailScanner[17484]: Syntax error in line 896, > value > > "store /etc/MailScanner/rules/deliver.rules" for hamactions is not one of > > allowed values > > "bounce","attachment","store","deliver","delete","forward","striphtml" > > What version are you running ? Would help ... > > Beta release 4.21: > > - any of the spam actions can now be applied to non-spam. This means you > can archive non-spam, among other things. You can't "bounce" non-spam. > > If its a version earlier that might explain. > > Bye, > Raymond. -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x2252 F: 819.821.8045 From dean.plant at ROKE.CO.UK Thu Jun 5 16:40:02 2003 From: dean.plant at ROKE.CO.UK (Plant, Dean) Date: Thu Jan 12 21:18:24 2006 Subject: F-prot says I need the mail server license Message-ID: <76C92FBBFB58D411AE760090271ED41805B33A62@rsys002a.roke.co.uk> F-prot have advised me that I will need to use the mail server pricing model for use with Mailscanner which means I will have to look at other virus scanners. Can anyone advise the next best choice for use with Mailscanner preferably based on a per server basis. Thanks Dean Plant Reply from F-Prot Dear Dean Plant, Thank you very much for your mail. For this purpose you would need to purchase a license for our Mail Server version. The license fee for F-Prot Antivirus for Linux Mail Servers is based on the number of mailboxes that the license should cover. Our website offers you the possibility to calculate the license fee for various numbers of mailboxes. Please access the calculator from the following path: http://www.f-prot.com/products/corporate_users/unix/linux/mailserver.html If you need price information for a license covering more than 5000 mailboxes, please contact us again with the exact number of mailboxes that the license should cover. Best regards, Kristin Hardardottir F-Prot Antivirus Sales Department sales@f-prot.com http://www.f-prot.com Tel: +354-540-7400 Fax: +354-540-7401 Frisk Software International Postholf 7180 IS-127 Reykjavik Iceland When replying, please copy your entire previous message/thread. Use the reply function of your e-mail program in order to keep the same subject of our response (including the tracking number). Otherwise your message may be delayed. If you are interested in receiving an e-mail notice when updates and new versions are released then you can subscribe at http://alerts.f-prot.com > -----Original Message----- > From: Plant, Dean [mailto:dean.plant@roke.co.uk] > Sent: 4. j?n? 2003 10:47 > To: 'sales@f-prot.com' > Subject: FW: FRISK-S-20030530-0027 (f-prot for Linux) > > I have a Linux file server that acts as a mail proxy and I would like to use f-prot to > scan mail passing through the proxy (There are no mailboxes on the server). Will > the F-Prot Antivirus for Linux File Servers license allow this. > > Thanks > > Dean Plant -------------- next part -------------- Registered Office: Roke Manor Research Ltd, Siemens House, Oldbury, Bracknell, Berkshire. RG12 8FZ The information contained in this e-mail and any attachments is confidential to Roke Manor Research Ltd and must not be passed to any third party without permission. This communication is for information only and shall not create or change any contractual relationship. From Andrew.Magnusson at COCC.COM Thu Jun 5 16:48:36 2003 From: Andrew.Magnusson at COCC.COM (Magnusson, Andrew) Date: Thu Jan 12 21:18:24 2006 Subject: F-prot says I need the mail server license Message-ID: Oh, those crazy Icelandic virus protection corporations... Looks like they're saying we'd need the mail-server version of F-prot which is licensed on a 'per-mailbox' basis. Andrew Magnusson Internet Product Analyst COCC 1-877-678-0444 extension 640 -----Original Message----- From: Plant, Dean [mailto:dean.plant@ROKE.CO.UK] Sent: Thursday, June 05, 2003 11:40 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: F-prot says I need the mail server license F-prot have advised me that I will need to use the mail server pricing model for use with Mailscanner which means I will have to look at other virus scanners. Can anyone advise the next best choice for use with Mailscanner preferably based on a per server basis. Thanks Dean Plant Reply from F-Prot Dear Dean Plant, Thank you very much for your mail. For this purpose you would need to purchase a license for our Mail Server version. The license fee for F-Prot Antivirus for Linux Mail Servers is based on the number of mailboxes that the license should cover. Our website offers you the possibility to calculate the license fee for various numbers of mailboxes. Please access the calculator from the following path: http://www.f-prot.com/products/corporate_users/unix/linux/mailserver.html If you need price information for a license covering more than 5000 mailboxes, please contact us again with the exact number of mailboxes that the license should cover. Best regards, Kristin Hardardottir F-Prot Antivirus Sales Department sales@f-prot.com http://www.f-prot.com Tel: +354-540-7400 Fax: +354-540-7401 Frisk Software International Postholf 7180 IS-127 Reykjavik Iceland When replying, please copy your entire previous message/thread. Use the reply function of your e-mail program in order to keep the same subject of our response (including the tracking number). Otherwise your message may be delayed. If you are interested in receiving an e-mail notice when updates and new versions are released then you can subscribe at http://alerts.f-prot.com > -----Original Message----- > From: Plant, Dean [mailto:dean.plant@roke.co.uk] > Sent: 4. j?n? 2003 10:47 > To: 'sales@f-prot.com' > Subject: FW: FRISK-S-20030530-0027 (f-prot for Linux) > > I have a Linux file server that acts as a mail proxy and I would like to use f-prot to > scan mail passing through the proxy (There are no mailboxes on the server). Will > the F-Prot Antivirus for Linux File Servers license allow this. > > Thanks > > Dean Plant *** This message originates from COCC, Inc. If the reader of this message, regardless of the address or routing, is not an intended recipient, you are hereby notified that you have received this transmittal in error and any review; use, distribution, dissemination or copying is strictly prohibited. If you have received this message in error, please delete this e-mail and all files transmitted with it from your system and immediately notify COCC, Inc. by sending reply e-mail to the sender of this message. Thank you. *** From rich at MAIL.WVNET.EDU Thu Jun 5 17:01:27 2003 From: rich at MAIL.WVNET.EDU (Richard Lynch) Date: Thu Jan 12 21:18:24 2006 Subject: F-prot says I need the mail server license In-Reply-To: References: Message-ID: <1054828887.4754.9.camel@rich.wvn.wvnet.edu> As far as I'm concerned my answer is that we have zero mailboxes on the server. I'm using it to scan files only not e-mail. How the files got to my box is irrelevant. I think it's important to make the distinction between scanning mail and scanning files. The minute a sales person here's mailboxes they smell big money. That is not what MailScanner is doing... it only scans files on a server. -- Rich On Thu, 2003-06-05 at 11:48, Magnusson, Andrew wrote: > Oh, those crazy Icelandic virus protection corporations... Looks like > they're saying we'd need the mail-server version of F-prot which is licensed > on a 'per-mailbox' basis. > > Andrew Magnusson > Internet Product Analyst > COCC > 1-877-678-0444 extension 640 > > > > -----Original Message----- > From: Plant, Dean [mailto:dean.plant@ROKE.CO.UK] > Sent: Thursday, June 05, 2003 11:40 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: F-prot says I need the mail server license > > > F-prot have advised me that I will need to use the mail server pricing model > for use with Mailscanner which means I will have to look at other virus > scanners. > > Can anyone advise the next best choice for use with Mailscanner preferably > based on a per server basis. > > Thanks > > Dean Plant > > > Reply from F-Prot > > Dear Dean Plant, > > Thank you very much for your mail. > > For this purpose you would need to purchase a license for our Mail Server > version. > > The license fee for F-Prot Antivirus for Linux Mail Servers is based on the > number of mailboxes that the license should cover. Our website offers you > the possibility to calculate the license fee for various numbers of > mailboxes. Please access the calculator from the following path: > > http://www.f-prot.com/products/corporate_users/unix/linux/mailserver.html > > If you need price information for a license covering more than 5000 > mailboxes, please contact us again with the exact number of mailboxes that > the license should cover. > > Best regards, > Kristin Hardardottir > F-Prot Antivirus Sales Department > > sales@f-prot.com > http://www.f-prot.com > Tel: +354-540-7400 > Fax: +354-540-7401 > > Frisk Software International > Postholf 7180 > IS-127 Reykjavik > Iceland > > When replying, please copy your entire previous message/thread. > > Use the reply function of your e-mail program in order to keep the same > subject of our response (including the tracking number). Otherwise your > message may be delayed. > > If you are interested in receiving an e-mail notice when updates and new > versions are released then you can subscribe at http://alerts.f-prot.com > > > > -----Original Message----- > > From: Plant, Dean [mailto:dean.plant@roke.co.uk] > > Sent: 4. j?n? 2003 10:47 > > To: 'sales@f-prot.com' > > Subject: FW: FRISK-S-20030530-0027 (f-prot for Linux) > > > > I have a Linux file server that acts as a mail proxy and I would like to > use f-prot to > > scan mail passing through the proxy (There are no mailboxes on the > server). Will > > the F-Prot Antivirus for Linux File Servers license allow this. > > > > Thanks > > > > Dean Plant > > *** This message originates from COCC, Inc. > > If the reader of this message, regardless of the address or routing, is not an intended recipient, you are hereby notified that you have received this transmittal in error and any review; use, distribution, dissemination or copying is strictly prohibited. If you have received this message in error, please delete this e-mail and all files transmitted with it from your system and immediately notify COCC, Inc. by sending reply e-mail to the sender of this message. > > Thank you. *** -- Richard Lynch From Andrew.Magnusson at COCC.COM Thu Jun 5 16:58:25 2003 From: Andrew.Magnusson at COCC.COM (Magnusson, Andrew) Date: Thu Jan 12 21:18:24 2006 Subject: F-prot says I need the mail server license Message-ID: Whoops. Didn't mean to send this to the list. But my point stands. Andrew Magnusson Internet Product Analyst COCC 1-877-678-0444 extension 640 -----Original Message----- From: Magnusson, Andrew Sent: Thursday, June 05, 2003 11:49 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: F-prot says I need the mail server license Oh, those crazy Icelandic virus protection corporations... Looks like they're saying we'd need the mail-server version of F-prot which is licensed on a 'per-mailbox' basis. Andrew Magnusson Internet Product Analyst COCC 1-877-678-0444 extension 640 -----Original Message----- From: Plant, Dean [mailto:dean.plant@ROKE.CO.UK] Sent: Thursday, June 05, 2003 11:40 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: F-prot says I need the mail server license F-prot have advised me that I will need to use the mail server pricing model for use with Mailscanner which means I will have to look at other virus scanners. Can anyone advise the next best choice for use with Mailscanner preferably based on a per server basis. Thanks Dean Plant Reply from F-Prot Dear Dean Plant, Thank you very much for your mail. For this purpose you would need to purchase a license for our Mail Server version. The license fee for F-Prot Antivirus for Linux Mail Servers is based on the number of mailboxes that the license should cover. Our website offers you the possibility to calculate the license fee for various numbers of mailboxes. Please access the calculator from the following path: http://www.f-prot.com/products/corporate_users/unix/linux/mailserver.html If you need price information for a license covering more than 5000 mailboxes, please contact us again with the exact number of mailboxes that the license should cover. Best regards, Kristin Hardardottir F-Prot Antivirus Sales Department sales@f-prot.com http://www.f-prot.com Tel: +354-540-7400 Fax: +354-540-7401 Frisk Software International Postholf 7180 IS-127 Reykjavik Iceland When replying, please copy your entire previous message/thread. Use the reply function of your e-mail program in order to keep the same subject of our response (including the tracking number). Otherwise your message may be delayed. If you are interested in receiving an e-mail notice when updates and new versions are released then you can subscribe at http://alerts.f-prot.com > -----Original Message----- > From: Plant, Dean [mailto:dean.plant@roke.co.uk] > Sent: 4. j?n? 2003 10:47 > To: 'sales@f-prot.com' > Subject: FW: FRISK-S-20030530-0027 (f-prot for Linux) > > I have a Linux file server that acts as a mail proxy and I would like to use f-prot to > scan mail passing through the proxy (There are no mailboxes on the server). Will > the F-Prot Antivirus for Linux File Servers license allow this. > > Thanks > > Dean Plant *** This message originates from COCC, Inc. If the reader of this message, regardless of the address or routing, is not an intended recipient, you are hereby notified that you have received this transmittal in error and any review; use, distribution, dissemination or copying is strictly prohibited. If you have received this message in error, please delete this e-mail and all files transmitted with it from your system and immediately notify COCC, Inc. by sending reply e-mail to the sender of this message. Thank you. *** *** This message originates from COCC, Inc. If the reader of this message, regardless of the address or routing, is not an intended recipient, you are hereby notified that you have received this transmittal in error and any review; use, distribution, dissemination or copying is strictly prohibited. If you have received this message in error, please delete this e-mail and all files transmitted with it from your system and immediately notify COCC, Inc. by sending reply e-mail to the sender of this message. Thank you. *** From David.Sullivan at BARNET.AC.UK Thu Jun 5 17:23:27 2003 From: David.Sullivan at BARNET.AC.UK (David Sullivan) Date: Thu Jan 12 21:18:24 2006 Subject: F-prot says I need the mail server license In-Reply-To: <76C92FBBFB58D411AE760090271ED41805B33A62@rsys002a.roke.co.uk> Message-ID: On 5 Jun 2003 at 16:40, Plant, Dean wrote: > F-prot have advised me that I will need to use the mail server pricing > model for use with Mailscanner which means I will have to look at > other virus scanners. Looking at the message that you sent to them that might not necessarily be the case. They might have got the wrong idea. > > -----Original Message----- > > From: Plant, Dean [mailto:dean.plant@roke.co.uk] > > Sent: 4. j?n? 2003 10:47 > > To: 'sales@f-prot.com' > > Subject: FW: FRISK-S-20030530-0027 (f-prot for Linux) > > > > I have a Linux file server that acts as a mail proxy and I would > > like to > use f-prot to > > scan mail passing through the proxy (There are no mailboxes on the > server). Will > > the F-Prot Antivirus for Linux File Servers license allow this. > > You've not really stated that you have an existing product that just needs the command line version to perform virus scanning. Given this e-mail your typical salesperson might just assume you want a fully blown virus scanning smtp gateway and that's what they've recommended. David. This communication may contain privileged or confidential information which is for the exclusive use of the intended recipient. If you are not the intended recipient, please note that you may not distribute or use this communication or the information it contains. If this e-mail has reached you in error, please delete it and any attachment. Internet communications are not secure and Barnet College does not accept legal responsibility for the content of this message. Any views or opinions expressed are those of the author and not necessarily those of Barnet College. Please note that Barnet College reserves the right to monitor the source/destinations of all incoming or outgoing e-mail communications. From marco at MUW.EDU Thu Jun 5 17:43:24 2003 From: marco at MUW.EDU (Marco Obaid) Date: Thu Jan 12 21:18:24 2006 Subject: Scanning Rules In-Reply-To: <1054828887.4754.9.camel@rich.wvn.wvnet.edu> References: <1054828887.4754.9.camel@rich.wvn.wvnet.edu> Message-ID: <1054831404.3edf732c5b150@webmail.MUW.Edu> Good day everyone, I just created a scanner machine (mail gateway) for the purpose of taking a lot of load off the main mailserver. Now that the mail is flowing between the gateway and the main mailserver, I would like to tell MailScanner on the main mailserver to *not* scan outgoing mail or mail coming from the mail gateway and *only* scan mail sent/received for local users or coming from the internal network. Note: main mailserver is main.muw.edu mail gateway is avsmtp01.muw.edu In my /etc/MailScanner/rules/virus.scanning.rules, I have set this: FromOrTo: avsmtp01.muw.edu no FromOrTo: default yes In my /etc/MailScanner/rules/spam.whitelist.rules, I have set this: FromOrTo: avsmtp01.muw.edu yes FromOrTo: default no Am I on the right track?!!! I just don't want the main mailserver to re-scan something already scanned by the gateway machine. Marco _________________________________________________________________ This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail For the latest MUW Events, visit http://www.MUW.Edu/calendar From ernest at OACYS.COM Thu Jun 5 18:09:28 2003 From: ernest at OACYS.COM (Ernest W. Lessenger) Date: Thu Jan 12 21:18:24 2006 Subject: Scanning Rules In-Reply-To: <1054831404.3edf732c5b150@webmail.MUW.Edu> References: <1054828887.4754.9.camel@rich.wvn.wvnet.edu> <1054828887.4754.9.camel@rich.wvn.wvnet.edu> Message-ID: <5.2.0.9.2.20030605100521.00bbc738@mail.oacys.com> At 11:43 AM 6/5/2003 -0500, you wrote: >Note: main mailserver is main.muw.edu > mail gateway is avsmtp01.muw.edu Set up another instance of sendmail to handle incoming mail from the gateway. Set up two IP addresses on that machine, and bind one instance of sendmail to each. Then, use iptables to block incoming mail to the "unscanned" instance of sendmail from any machine but your gateway. The "unscanned" instance should drop mail into "mqueue" instead of "mqueue.in". --Ernest From esandquist at IHMS.NET Thu Jun 5 18:53:23 2003 From: esandquist at IHMS.NET (Eric Sandquist) Date: Thu Jan 12 21:18:24 2006 Subject: MailScanner cron job? In-Reply-To: Message-ID: I implemented SpamAssassin a while back, before I knew about MailScanner... SpamAssassin is not running system wide, only for a few select users... Since the system handles alot of list server traffic via Sympa, SPAM to those lists are rejected by default through Sympa, I don't need or want SpamAssassin to process spam for them too much traffic, too much load. I worked until 3am last night to verify acceptable system load after implementing MailScanner last night. I disabled all SPAM related features, since I only want to do virus scanning.... Server load is around 1.00-2.00, and during slow times is dropping down to .10 and less... Running MailScanner with 1 child process... Tried it with the default of 5, and it was too much for the system..;. There doesn't seem to be any delays in mail traffic, but I will be planning a hardware upgrade for this system in the near future to bring in the SpamAssassin features system-wide in the near future... Especially since I expect a marked increase in list-server traffic in the near future.. Eric -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Tony Finch Sent: Thursday, June 05, 2003 7:52 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MailScanner cron job? Eric Sandquist wrote: > >On my system, I started using MailScanner yesterday... Seemed to work ok >for a while... Server load w/o is .60 - .80... After starting it, >activating the cron and restarting sendmail for queue.in and queue... load >jumped to 1.2-1.7... still acceptable... Only scanning for virii... >SpamAssassin is running through procmail for individual users with >spamc/spamd since system wide scanning on this machine nearly killed it in >the past... Are you running SpamAssassin on the same machine as MailScanner? This is not a good combination, because when MailScanner finishes handling a batch you'll get several messages delivered at once which will cause a much bigger spamd load spike than you would get on a system without MailScanner. It would be better to use SpamAssassin via MailScanner and configure the optionality using MailScanner rules files, because that gives you much better control over the load on the machine. Tony. -- f.a.n.finch http://dotat.at/ ARDNAMURCHAN POINT TO CAPE WRATH INCLUDING THE OUTER HEBRIDES: SOUTHWEST 4 OR 5 BACKING SOUTHEAST 5 OR 6, LATER VEERING SOUTH 5 OR 6. OCCASIONAL SHOWERS EARLY, BECOMING CLOUDY, RAIN LATER. GOOD FALLING MODERATE IN SHOWERS THEN RAIN. MODERATE INCREASING ROUGH. From esandquist at IHMS.NET Thu Jun 5 19:04:04 2003 From: esandquist at IHMS.NET (Eric Sandquist) Date: Thu Jan 12 21:18:24 2006 Subject: F-prot says I need the mail server license In-Reply-To: <76C92FBBFB58D411AE760090271ED41805B33A62@rsys002a.roke.co.uk> Message-ID: I've been using ClamAv-0.54 for a while and it seems to catch everything... Definitions seem to be as current or better than some of the commercial stuff... And it's FREE under the GNU license... :) Using it in conjunction with Postfix-2.0.10/SpamAssassin-2.55/Amavis-NG-0.1.6.4 (didn't know about MailScanner when I set this up, and am not sure how they compare)... I use MailScanner on another server that uses sendmail because I didn't have access to the original sendmail.mc file nor was my sendmail compiled with milter support. Mail Scanner had installation instructions which allowed me to work arround those issues on my Managed Dedicated Server(MDS). I could have requested the changes from the hosting company, but then when there is a tech support issue, their frontline tech guys get confused.. ;) I think CA's Etrust/InoculateIT/Inoculan is on a per machine license too... Although, if your using Winblows, make sure you get the available patches or your machines will be extraordinarily slow.... We use it on the LAN - servers and workstations... Eric Systems Engineer -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Plant, Dean Sent: Thursday, June 05, 2003 10:40 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: F-prot says I need the mail server license F-prot have advised me that I will need to use the mail server pricing model for use with Mailscanner which means I will have to look at other virus scanners. Can anyone advise the next best choice for use with Mailscanner preferably based on a per server basis. Thanks Dean Plant Reply from F-Prot Dear Dean Plant, Thank you very much for your mail. For this purpose you would need to purchase a license for our Mail Server version. The license fee for F-Prot Antivirus for Linux Mail Servers is based on the number of mailboxes that the license should cover. Our website offers you the possibility to calculate the license fee for various numbers of mailboxes. Please access the calculator from the following path: http://www.f-prot.com/products/corporate_users/unix/linux/mailserver.html If you need price information for a license covering more than 5000 mailboxes, please contact us again with the exact number of mailboxes that the license should cover. Best regards, Kristin Hardardottir F-Prot Antivirus Sales Department sales@f-prot.com http://www.f-prot.com Tel: +354-540-7400 Fax: +354-540-7401 Frisk Software International Postholf 7180 IS-127 Reykjavik Iceland When replying, please copy your entire previous message/thread. Use the reply function of your e-mail program in order to keep the same subject of our response (including the tracking number). Otherwise your message may be delayed. If you are interested in receiving an e-mail notice when updates and new versions are released then you can subscribe at http://alerts.f-prot.com > -----Original Message----- > From: Plant, Dean [mailto:dean.plant@roke.co.uk] > Sent: 4. j?n? 2003 10:47 > To: 'sales@f-prot.com' > Subject: FW: FRISK-S-20030530-0027 (f-prot for Linux) > > I have a Linux file server that acts as a mail proxy and I would like to use f-prot to > scan mail passing through the proxy (There are no mailboxes on the server). Will > the F-Prot Antivirus for Linux File Servers license allow this. > > Thanks > > Dean Plant From vnarayan at haverford.edu Thu Jun 5 04:38:41 2003 From: vnarayan at haverford.edu (Vasantha Narayanan) Date: Thu Jan 12 21:18:24 2006 Subject: SpamAssassin timed out and was killed... box too slow? Message-ID: <200306050338.h553cebJ026555@acc.haverford.edu> On Wed, 4 Jun 2003 20:06:18 +0100 Julian Field wrote: > At 17:28 04/06/2003, you wrote: > >At 04:37 PM 6/4/2003 +0100, you wrote: > >>Try setting > >>skip_rbl_checks 1 > > > > > >I've already set skip_rbl_checks 1 in the spam.assassin.prefs.conf > >file. In the debug mode, it said that Razor2 and Pyzor were not > >availabe. So I also made the following entries in > spam.assassin.prefs.conf > >so that I can eliminate any of the below to be the cause of the problem: > >use_dcc 0 > >use_pyzor 0 > >use_razor1 0 > >use_razor2 0 > >use_bayes 0 > > > >In debug mode, a couple of lines seem bothersome - > > > >unix passed to setlogsock, but path not available at > >/opt/MailScanner/lib/MailSc > >anner/Log.pm line 62 > > > >and > > > >debug: Failed to parse line in SpamAssassin configuration, skipping: > >defang_mime 0 > > > >Could they be the cause of the timeout problem? > > Shouldn't be, no. Try reducing to 1 child process (Max Children = 1 in > MailScanner.conf) then see how it behaves. > Tony Finch also suggested reducing the child processes. When I reduced it to 5 instead of 15, I found that the, " Jun 4 17:34:23 nisc4 MailScanner[19761]: SpamAssassin timed out and was killed, consecutive failure 1 of 20" appeared after an hour of starting the MailScanner. Then it appeared an hour later. When I reduced it to 1 child process, I did not get the error for over 3 hours. But a lot of mail got accumulated in the incoming mail queue that I had to stop MailScanner and restart it without SpamAssassin to process the mail. Vasantha > > >Thanks. > > > >Vasantha > > > > > >>in spam.assassin.prefs.conf and see if that helps. You will need to > restart > >>MailScanner after setting this. > >> > >>At 16:22 04/06/2003, you wrote: > >>>We've a SunBlade 100 (500 Mhz) with 500 Mem running Solaris 2.8. The > >>>machine does nothing other than MailScanning. It is not even a > MailServer. > >>> > >>>The MailScanner itself works perfectly. It is only when I turn on > >>>SpamAssassin that the load on the machine gets really high. A lot > of mail > >>>gets accumulated in the incoming queue waiting to be scanned. I'm > running > >>>15 mailscanner processes and it forks and gets doubled whenever I > turn on > >>>SpamAssassin. Pretty soon the following error shows up in the log: > >>>Jun 3 15:57:07 nisc4 MailScanner[5766]: SpamAssassin timed out and was > >>>killed, consecutive failure 1 of 20 > >>>Jun 3 15:57:41 nisc4 MailScanner[5758]: SpamAssassin timed out and was > >>>killed, consecutive failure 1 of 20 > >>>Jun 3 15:58:14 nisc4 MailScanner[5750]: SpamAssassin timed out and was > >>>killed, consecutive failure 1 of 20 > >>>Jun 3 16:00:08 nisc4 MailScanner[5774]: SpamAssassin timed out and was > >>>killed, consecutive failure 1 of 20 > >>> > >>>Have others seen this problem? How have you fixed the problem? We've > >>>MailScanner-4.20-3 with SpamAssassin-2.50. The SpamAssassin > Timeout is set > >>>to 40 and Scanner timeout is set to 10 (that is the default in > that version > >>>of MailScanner) > >>> > >>>I'd really appreciate some suggestions. > >>> > >>>Thanks. > >>> > >>>Vasantha > >>> > >>> > >>> > >>> > >>>At 05:37 PM 6/3/2003 -0500, you wrote: > >>>>What kind of horsepower does your box have? OS? > >>>> > >>>>Mike > >>>> > >>>> > >>>>-----Original Message----- > >>>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > >>>>Behalf > >>>>Of Chris W. Parker > >>>>Sent: Tuesday, June 03, 2003 5:28 PM > >>>>To: MAILSCANNER@JISCMAIL.AC.UK > >>>>Subject: Re: SpamAssassin timed out and was killed... box too slow? > >>>> > >>>> > >>>>Vasantha Narayanan wrote: > >>>> > >>>> > Did you find a solution yet? > >>>> > >>>>No I did not. > >>>> > >>>> > I'm having the same problem. > >>>> > >>>>I feel your pain. :( > >>>> > >>>> > >>>> > >>>>Chris. > >>> > >>>VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV > >>>Vasantha Narayanan > >>>Networking and Systems email: vnarayan@haverford.edu > >>>Haverford College, PA Phone: > >>>610-896-1110 > >> > >>-- > >>Julian Field > >>www.MailScanner.info > >>MailScanner thanks transtec Computers for their support > > > >VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV > >Vasantha Narayanan > >Networking and Systems email: vnarayan@haverford.edu > >Haverford College, PA Phone: > >610-896-1110 > > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > From smhickel at CHARTERMI.NET Thu Jun 5 19:32:00 2003 From: smhickel at CHARTERMI.NET (Steve Hickel) Date: Thu Jan 12 21:18:24 2006 Subject: F-prot says I need the mail server license Message-ID: <200306051832.h55IW0027159@chartermi.net> To whom it may concern: I understand you have instituted a new licensing program. As I understand it you have gone from being the lowest cost solution to one of the highest with your change of licensing policy. Correct me if I am mistaken, but f-prot has made its mark in the industry by being a very cost effective solution. Why you would choose to make a grandiose licensing change either reflects a poor understanding of who your core market is or tells me that you have decided to attract a different (not the same) market. Please set me straight if I have this wrong, but I am currently looking for another cost effective anti-virus solution for my linux-based email servers. Steve Hickel From smhickel at CHARTERMI.NET Thu Jun 5 19:36:54 2003 From: smhickel at CHARTERMI.NET (Steve Hickel) Date: Thu Jan 12 21:18:24 2006 Subject: F-prot says I need the mail server license Message-ID: <200306051836.h55IasH27312@chartermi.net> Does ClamAv-0.54 work in place of f-prot with mailscanner or is their yet an equally cost-effective solution other than f-prot that does work with MailScanner? Steve From kevins at BMRB.CO.UK Thu Jun 5 20:01:10 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:24 2006 Subject: F-prot says I need the mail server license In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB00117577D@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB00117577D@pascal.priv.bmrb.co.uk> Message-ID: <1054839674.8647.8.camel@bach.kevinspicer.co.uk> I would not use only clam, as their updates aren't really quick enough (my view is that updates are pretty time-sensitive on the mail gateway). For example, today... Sophos IDE for Bugbear B available at 12:20ish Sophos caught 15x Bugbear B before Clam caught its first with the 4pm (hourly) update. Admittedly we also caught a few with the IFRAME/ attachement rules On Thu, 2003-06-05 at 19:36, Steve Hickel wrote: Does ClamAv-0.54 work in place of f-prot with mailscanner or is their yet an equally cost-effective solution other than f-prot that does work with MailScanner? Steve BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From mailscanner at ecs.soton.ac.uk Thu Jun 5 20:17:09 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:24 2006 Subject: F-prot says I need the mail server license In-Reply-To: References: <76C92FBBFB58D411AE760090271ED41805B33A62@rsys002a.roke.co.uk> Message-ID: <5.2.1.1.2.20030605201455.03a22b58@imap.ecs.soton.ac.uk> I can only really add 1 comment this discussion. I have read their software licence very carefully. They completely fail to define the terms "workstation", "server" and "mail server". You only need the facilities provided by the "workstation" version. So you should be able to buy the "workstation" version and, as far as I can see, they haven't got a leg to stand on. My only concern is that if everyone buys the "workstation" version they might go bankrupt, which would be a loss for everyone. At 17:23 05/06/2003, you wrote: >On 5 Jun 2003 at 16:40, Plant, Dean wrote: > > > F-prot have advised me that I will need to use the mail server pricing > > model for use with Mailscanner which means I will have to look at > > other virus scanners. > >Looking at the message that you sent to them that might not necessarily be >the case. >They might have got the wrong idea. > > > > > -----Original Message----- > > > From: Plant, Dean [mailto:dean.plant@roke.co.uk] > > > Sent: 4. j?n? 2003 10:47 > > > To: 'sales@f-prot.com' > > > Subject: FW: FRISK-S-20030530-0027 (f-prot for Linux) > > > > > > I have a Linux file server that acts as a mail proxy and I would > > > like to > > use f-prot to > > > scan mail passing through the proxy (There are no mailboxes on the > > server). Will > > > the F-Prot Antivirus for Linux File Servers license allow this. > > > > >You've not really stated that you have an existing product that just needs >the command >line version to perform virus scanning. Given this e-mail your typical >salesperson might >just assume you want a fully blown virus scanning smtp gateway and that's what >they've recommended. > >David. > > >This communication may contain privileged or confidential information which >is for the exclusive use of the intended recipient. If you are not the >intended recipient, please note that you may not distribute or use this >communication or the information it contains. If this e-mail has reached you >in error, please delete it and any attachment. > >Internet communications are not secure and Barnet College does not accept >legal responsibility for the content of this message. Any views or opinions >expressed are those of the author and not necessarily those of Barnet College. > >Please note that Barnet College reserves the right to monitor the >source/destinations of all incoming or outgoing e-mail communications. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Thu Jun 5 20:33:36 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:24 2006 Subject: Procmail + MS In-Reply-To: <1054769122.2484.23.camel@nomad.userfriendly.net> References: Message-ID: <5.2.1.1.2.20030605203300.03a37eb0@imap.ecs.soton.ac.uk> At 00:25 05/06/2003, you wrote: > > Procmail is involved in the delivery process, thats AFTER MS is scanning > > them. > > > >I understand that procmail is for local mail delivery, i was originally >trying to get MS to do it. > > > You could also put in some rules in MS where you simply dont scan mail > > for those users if you want to save the resources. > >And exactly how would one go about that? I started took a look at the >SPAM/NONSPAM action but wasnt sure how to put that all together. Any >ideas? Use a ruleset for "Virus Scanning" and "Spam Checks". See the examples in /etc/MailScanner/rules. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Thu Jun 5 20:29:34 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:24 2006 Subject: Scanning Rules In-Reply-To: <1054831404.3edf732c5b150@webmail.MUW.Edu> References: <1054828887.4754.9.camel@rich.wvn.wvnet.edu> <1054828887.4754.9.camel@rich.wvn.wvnet.edu> Message-ID: <5.2.1.1.2.20030605202829.03a6dcf8@imap.ecs.soton.ac.uk> At 17:43 05/06/2003, you wrote: >Good day everyone, > >I just created a scanner machine (mail gateway) for the purpose of taking >a lot >of load off the main mailserver. > >Now that the mail is flowing between the gateway and the main mailserver, I >would like to tell MailScanner on the main mailserver to *not* scan outgoing >mail or mail coming from the mail gateway and *only* scan mail sent/received >for local users or coming from the internal network. To avoid possibilities of people forging the domain name in the mail they are sending, make the rules include the IP address of the main gateway. >Note: main mailserver is main.muw.edu > mail gateway is avsmtp01.muw.edu > >In my /etc/MailScanner/rules/virus.scanning.rules, I have set this: > >FromOrTo: avsmtp01.muw.edu no >FromOrTo: default yes > >In my /etc/MailScanner/rules/spam.whitelist.rules, I have set this: > >FromOrTo: avsmtp01.muw.edu yes >FromOrTo: default no > >Am I on the right track?!!! > >I just don't want the main mailserver to re-scan something already scanned by >the gateway machine. > >Marco > >_________________________________________________________________ >This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail >For the latest MUW Events, visit http://www.MUW.Edu/calendar -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Thu Jun 5 20:26:45 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:24 2006 Subject: new install - cannot call method bodyhandle in Message.pm In-Reply-To: <3EDF5DD9.2040601@EPSIIA.com> Message-ID: <5.2.1.1.2.20030605202557.03a23860@imap.ecs.soton.ac.uk> You're doing something very odd. Put your MailScanner.conf file back to how it started life, and make the absolute minimum changes possible. Then test it again. At 16:12 05/06/2003, you wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Just installed latest version of mailscanner and receive the following >error when starting. Anyone have any info on how to begin debuging this? > >Starting MailScanner... >In Debugging mode, not forking... >Can't call method "bodyhandle" on an undefined value at >/opt/MailScanner/lib/MailScanner/Message.pm line 898. > >Thanks, >- -Ryan >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.2.2 (GNU/Linux) >Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > >iD8DBQE+313YduH5kxQ36MARAlMyAKCTJuiWO2dRlr1XdgNkdI1Jvx9uYwCfdZTo >RQ/elb5Q57malblJE1jOvrk= >=37Kg >-----END PGP SIGNATURE----- -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From kevins at BMRB.CO.UK Thu Jun 5 20:37:11 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:24 2006 Subject: Scanning Rules In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB001175778@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB001175778@pascal.priv.bmrb.co.uk> Message-ID: <1054841832.8648.40.camel@bach.kevinspicer.co.uk> On Thu, 2003-06-05 at 17:43, Marco Obaid wrote: >In my /etc/MailScanner/rules/virus.scanning.rules, I have set this: >FromOrTo: avsmtp01.muw.edu no >FromOrTo: default yes >In my /etc/MailScanner/rules/spam.whitelist.rules, I have set this: >FromOrTo: avsmtp01.muw.edu yes >FromOrTo: default no >Am I on the right track?!!! Yes, but I think theres an easier way to do it - if I understand correctly you want to turn off all processing for mails from avsmtp01. You also say that you don't want to scan main coming from the mailscanner machine [you do mean originating from don't you?] - unless you actually have something on that machine generating a lot of mail its probably best to scan it anyway - you never know. I notice your rules don't attempt to do this, so I shan't either. You can do this with one entry in MailScanner.conf and one ruleset MailScanner.conf... Virus Scanning = /etc/MailScanner/rules/virus.scanning.rules in /etc/MailScanner/rules/virus.scanning.rules From: x.x.x.x no FromOrTo: default yes where x.x.x.x is the IP address of avsmtp01 - you should use the IP address rather than host.domain.com syntax to avoid nasty spammers and viruses getting round mailscanner by spoofing things. You use From rather than FromOrTo because you can only match IP addresses by origin not destination. If you also want to avoid scanning mail going to that machine then add... To: avsmtp01.muw.edu no no to the ruleset above BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From smhickel at CHARTERMI.NET Thu Jun 5 20:57:34 2003 From: smhickel at CHARTERMI.NET (Steve Hickel) Date: Thu Jan 12 21:18:24 2006 Subject: F-prot says I need the mail server license Message-ID: <200306051957.h55JvY729545@chartermi.net> Kevin, You seem to be suggesting that one can use one or more anti-virus programs. I don't know how to configure more than one. I use the webmin MailScanner module, which I hear will be updated for 4.21 tomorrow. Would one just list with spaces between f-prot ClamAv-0.54 etc? Plus the original question was if f-prot truly requires a 500 uers license for their software on a MailScanner host that scans software for 500 mailboxes then an alternative to f-prot was the issue with similar features and price points. Steve Kevin Spicer wrote .. > I would not use only clam, as their updates aren't really quick enough > (my view is that updates are pretty time-sensitive on the mail gateway). > For example, today... > > Sophos IDE for Bugbear B available at 12:20ish > Sophos caught 15x Bugbear B before Clam caught its first with the 4pm > (hourly) update. > Admittedly we also caught a few with the IFRAME/ attachement rules > > On Thu, 2003-06-05 at 19:36, Steve Hickel wrote: > > Does ClamAv-0.54 work in place of f-prot with mailscanner or is their > yet an equally cost-effective solution other than f-prot that does work > with MailScanner? > > Steve > > > > > > > BMRB International > http://www.bmrb.co.uk > +44 (0)20 8566 5000 > _________________________________________________________________ > This message (and any attachment) is intended only for the > recipient and may contain confidential and/or privileged > material. If you have received this in error, please contact the > sender and delete this message immediately. Disclosure, copying > or other action taken in respect of this email or in > reliance on it is prohibited. BMRB International Limited > accepts no liability in relation to any personal emails, or > content of any email which does not directly relate to our > business. From mailscanner at ecs.soton.ac.uk Thu Jun 5 21:01:16 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:24 2006 Subject: F-prot says I need the mail server license In-Reply-To: <200306051957.h55JvY729545@chartermi.net> Message-ID: <5.2.1.1.2.20030605210002.038c1b28@imap.ecs.soton.ac.uk> At 20:57 05/06/2003, you wrote: >Kevin, > >You seem to be suggesting that one can use one or more anti-virus >programs. I don't know how to configure more than one. I use the webmin >MailScanner module, which I hear will be updated for 4.21 tomorrow. Would >one just list with spaces between f-prot ClamAv-0.54 etc? Virus Scanners = f-prot clamav >Plus the original question was if f-prot truly requires a 500 uers license >for their software on a MailScanner host that scans software for 500 >mailboxes then an alternative to f-prot was the issue with similar >features and price points. Take a look at RAV licensing, apparently it is domain-based which may prove cheap for many sites. But don't quote me on that, I might have the product wrong. >Steve > >Kevin Spicer wrote .. > > I would not use only clam, as their updates aren't really quick enough > > (my view is that updates are pretty time-sensitive on the mail gateway). > > For example, today... > > > > Sophos IDE for Bugbear B available at 12:20ish > > Sophos caught 15x Bugbear B before Clam caught its first with the 4pm > > (hourly) update. > > Admittedly we also caught a few with the IFRAME/ attachement rules > > > > On Thu, 2003-06-05 at 19:36, Steve Hickel wrote: > > > > Does ClamAv-0.54 work in place of f-prot with mailscanner or is their > > yet an equally cost-effective solution other than f-prot that does work > > with MailScanner? > > > > Steve > > > > > > > > > > > > > > BMRB International > > http://www.bmrb.co.uk > > +44 (0)20 8566 5000 > > _________________________________________________________________ > > This message (and any attachment) is intended only for the > > recipient and may contain confidential and/or privileged > > material. If you have received this in error, please contact the > > sender and delete this message immediately. Disclosure, copying > > or other action taken in respect of this email or in > > reliance on it is prohibited. BMRB International Limited > > accepts no liability in relation to any personal emails, or > > content of any email which does not directly relate to our > > business. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From smhickel at CHARTERMI.NET Thu Jun 5 21:08:49 2003 From: smhickel at CHARTERMI.NET (Steve Hickel) Date: Thu Jan 12 21:18:24 2006 Subject: F-prot says I need the mail server license Message-ID: <200306052008.h55K8n229965@chartermi.net> Julian, You are the greatest. However, I do not know what RAV means nor where to look at it. Thanks, Steve Julian Field wrote .. > At 20:57 05/06/2003, you wrote: > >Kevin, > > > >You seem to be suggesting that one can use one or more anti-virus > >programs. I don't know how to configure more than one. I use the webmin > >MailScanner module, which I hear will be updated for 4.21 tomorrow. Would > >one just list with spaces between f-prot ClamAv-0.54 etc? > > Virus Scanners = f-prot clamav > > >Plus the original question was if f-prot truly requires a 500 uers license > >for their software on a MailScanner host that scans software for 500 > >mailboxes then an alternative to f-prot was the issue with similar > >features and price points. > > Take a look at RAV licensing, apparently it is domain-based which may prove > cheap for many sites. But don't quote me on that, I might have the product > wrong. > > > >Steve > > > >Kevin Spicer wrote .. > > > I would not use only clam, as their updates aren't really quick enough > > > (my view is that updates are pretty time-sensitive on the mail gateway). > > > For example, today... > > > > > > Sophos IDE for Bugbear B available at 12:20ish > > > Sophos caught 15x Bugbear B before Clam caught its first with the 4pm > > > (hourly) update. > > > Admittedly we also caught a few with the IFRAME/ attachement rules > > > > > > On Thu, 2003-06-05 at 19:36, Steve Hickel wrote: > > > > > > Does ClamAv-0.54 work in place of f-prot with mailscanner or is their > > > yet an equally cost-effective solution other than f-prot that does > work > > > with MailScanner? > > > > > > Steve > > > > > > > > > > > > > > > > > > > > > BMRB International > > > http://www.bmrb.co.uk > > > +44 (0)20 8566 5000 > > > _________________________________________________________________ > > > This message (and any attachment) is intended only for the > > > recipient and may contain confidential and/or privileged > > > material. If you have received this in error, please contact the > > > sender and delete this message immediately. Disclosure, copying > > > or other action taken in respect of this email or in > > > reliance on it is prohibited. BMRB International Limited > > > accepts no liability in relation to any personal emails, or > > > content of any email which does not directly relate to our > > > business. > > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support From kevins at BMRB.CO.UK Thu Jun 5 21:22:15 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:24 2006 Subject: F-prot says I need the mail server license In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB001175784@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB001175784@pascal.priv.bmrb.co.uk> Message-ID: <1054844536.8649.47.camel@bach.kevinspicer.co.uk> >On Thu, 2003-06-05 at 20:57, Steve Hickel wrote: >Kevin, >You seem to be suggesting that one can use one or more anti-virus >programs. Sure can see the comments in MailScanner.conf >I don't know how to configure more than one. I use the webmin >MailScanner module, which I hear will be updated for 4.21 tomorrow. >Would one just list with spaces between f-prot ClamAv-0.54 etc? Sorry, I don't know as I've never even looked at the webmin module. >Plus the original question was if f-prot truly requires a 500 uers >license for their software on a MailScanner host that scans software >for 500 mailboxes then an alternative to f-prot was the issue with >similar features and price points. Yes, the point of my previous post was to discourage you from moving to Clam alone (which I thought your previous post might have been suggesting) - unfortunately I can't really help with other scanners as I only have experience with Clam, Sophos and F-prot. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From mailscanner at ecs.soton.ac.uk Thu Jun 5 21:27:26 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:24 2006 Subject: F-prot says I need the mail server license In-Reply-To: <200306052008.h55K8n229965@chartermi.net> Message-ID: <5.2.1.1.2.20030605212715.03a26d20@imap.ecs.soton.ac.uk> Type "rav" into Google. At 21:08 05/06/2003, you wrote: >Julian, > >You are the greatest. > >However, I do not know what RAV means nor where to look at it. > >Thanks, > >Steve > > >Julian Field wrote .. > > At 20:57 05/06/2003, you wrote: > > >Kevin, > > > > > >You seem to be suggesting that one can use one or more anti-virus > > >programs. I don't know how to configure more than one. I use the webmin > > >MailScanner module, which I hear will be updated for 4.21 tomorrow. Would > > >one just list with spaces between f-prot ClamAv-0.54 etc? > > > > Virus Scanners = f-prot clamav > > > > >Plus the original question was if f-prot truly requires a 500 uers license > > >for their software on a MailScanner host that scans software for 500 > > >mailboxes then an alternative to f-prot was the issue with similar > > >features and price points. > > > > Take a look at RAV licensing, apparently it is domain-based which may prove > > cheap for many sites. But don't quote me on that, I might have the product > > wrong. > > > > > > >Steve > > > > > >Kevin Spicer wrote .. > > > > I would not use only clam, as their updates aren't really quick enough > > > > (my view is that updates are pretty time-sensitive on the mail > gateway). > > > > For example, today... > > > > > > > > Sophos IDE for Bugbear B available at 12:20ish > > > > Sophos caught 15x Bugbear B before Clam caught its first with the 4pm > > > > (hourly) update. > > > > Admittedly we also caught a few with the IFRAME/ attachement rules > > > > > > > > On Thu, 2003-06-05 at 19:36, Steve Hickel wrote: > > > > > > > > Does ClamAv-0.54 work in place of f-prot with mailscanner or is their > > > > yet an equally cost-effective solution other than f-prot that does > > work > > > > with MailScanner? > > > > > > > > Steve > > > > > > > > > > > > > > > > > > > > > > > > > > > > BMRB International > > > > http://www.bmrb.co.uk > > > > +44 (0)20 8566 5000 > > > > _________________________________________________________________ > > > > This message (and any attachment) is intended only for the > > > > recipient and may contain confidential and/or privileged > > > > material. If you have received this in error, please contact the > > > > sender and delete this message immediately. Disclosure, copying > > > > or other action taken in respect of this email or in > > > > reliance on it is prohibited. BMRB International Limited > > > > accepts no liability in relation to any personal emails, or > > > > content of any email which does not directly relate to our > > > > business. > > > > -- > > Julian Field > > www.MailScanner.info > > Professional Support Services at www.MailScanner.biz > > MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From Steve at swaney.com Thu Jun 5 21:29:21 2003 From: Steve at swaney.com (Stephen Swaney) Date: Thu Jan 12 21:18:24 2006 Subject: Rav Website In-Reply-To: <200306052008.h55K8n229965@chartermi.net> References: <200306052008.h55K8n229965@chartermi.net> Message-ID: <1054844961.32122.2.camel@speedy> Steve, I believe it refers to the rev anti-virus scanner at this site: http://www.ravantivirus.com/index.php I have no experience with this scanner so I can't comment on quality. Steve Stephen Swaney President Fortress Systems, Ltd. Steve.Swaney@fsl.com Phone: 202 352-3262 U.S. Toll Free Phone and Fax: 877 746-6636 On Thu, 2003-06-05 at 16:08, Steve Hickel wrote: > Julian, > > You are the greatest. > > However, I do not know what RAV means nor where to look at it. > > Thanks, > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030605/b06be8a2/attachment.html From apm at CIFRID.NET Thu Jun 5 21:30:26 2003 From: apm at CIFRID.NET (Artur Meski) Date: Thu Jan 12 21:18:24 2006 Subject: ZMailer and MailScanner--a little problem. Message-ID: <86fzmos1wd.fsf@shiningdiamond.localnet> Hello MailScanner hackers. I've found out, that in some conditions MailScanner behaves stangely. Take a look at this: [...] Jun 5 17:39:56 naos MailScanner[49495]: Batch: Found invalid queue file for message 224686 Jun 5 17:39:56 naos MailScanner[49447]: Batch: Found invalid queue file for message 224686 Jun 5 17:39:58 naos MailScanner[49460]: Batch: Found invalid queue file for message 224686 Jun 5 17:40:01 naos MailScanner[49479]: Batch: Found invalid queue file for message 224686 Jun 5 17:40:01 naos MailScanner[49434]: Batch: Found invalid queue file for message 224686 Jun 5 17:40:01 naos MailScanner[49495]: Batch: Found invalid queue file for message 224686 Jun 5 17:40:01 naos MailScanner[49447]: Batch: Found invalid queue file for message 224686 Jun 5 17:40:03 naos MailScanner[49460]: Batch: Found invalid queue file for message 224686 Jun 5 17:40:06 naos MailScanner[49479]: Batch: Found invalid queue file for message 224686 [...] It does not affect every message--it happens from time to time. See attachement for queue file. It has no 'from' field in "env" part (I think, it's ok for ZMailer). -------------- next part -------------- A non-text attachment was scrubbed... Name: 224686 Type: application/octet-stream Size: 5489 bytes Desc: queue file Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030605/a77ebbef/224686.obj -------------- next part -------------- I use ZMailer version 2.99.56-pre4 (on mailhub). I don't know on which ZM. version MS. was tested and developed--maybe something imporatnt has changed. I've changed ZMailer.pm temporarily: -return 1 if $FROMFound && $TOFound && $IPFound; +return 1 if $TOFound && $IPFound; Is it ok? And one, small, additional question: When MailScanner drops privileges (Run As User = nonprivilegeduser)? Artur Meski. -- // WWW: artur.black.pl // PGP: finger apm@heze.cifrid.net // From steve.douglas at SBIINCORPORATED.COM Thu Jun 5 21:36:25 2003 From: steve.douglas at SBIINCORPORATED.COM (Steve Douglas) Date: Thu Jan 12 21:18:24 2006 Subject: Auto-Responses without open-relaying Message-ID: <3963522F0E71474CB14C0FF54A6914F701114F8E@omar.schtre.com> Can someone suggest an approach as to how to have the automatic responses from MailScanner work? My scenario is fairly easy, I have installed my MailScanner gateway on the DMZ and all incoming messages are rerouted to my internal email server. The internal email server is blocked for open-relays. Currently when the MailScanner emails the responses it goes through the internal email file server which then get blocked. Is there something I can do to the MailScanner gateway to redirect all MailScanner responses out of the same server without the gateway becoming an open-relay? Thanks. sd -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030605/3886007e/attachment.html From FCaen at CI.LAKEWOOD.WA.US Thu Jun 5 21:51:43 2003 From: FCaen at CI.LAKEWOOD.WA.US (Francois Caen) Date: Thu Jan 12 21:18:24 2006 Subject: Auto-Responses without open-relaying Message-ID: -----Original Message----- From: Steve Douglas [mailto:steve.douglas@SBIINCORPORATED.COM] > I have installed my MailScanner gateway on the DMZ and all incoming messages are rerouted to my internal email server. Are you using mailertable or smarthost for the rerouting? --------------------------------------------- Francois Caen Network Information Systems Engineer - Webmaster City of Lakewood, WA (253) 512-2269 NOTICE: The Information contained in this transmission is privileged and confidential. It is intended for the use of the individual or entity named above. If the reader of this message is not the intended addressee or other legitimate recipient, the reader is hereby notified that any consideration, dissemination or duplication of this communication is strictly prohibited. If the addressee has received this communication in error, please return it to the above address by mail and notify this office by telephone. City of Lakewood From steve.douglas at SBIINCORPORATED.COM Thu Jun 5 21:53:23 2003 From: steve.douglas at SBIINCORPORATED.COM (Steve Douglas) Date: Thu Jan 12 21:18:24 2006 Subject: Question regarding virus wrapper Message-ID: <3963522F0E71474CB14C0FF54A6914F701114F90@omar.schtre.com> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: Steve Douglas.vcf Type: application/octet-stream Size: 380 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030605/0b244034/SteveDouglas.obj From mailscanner at ecs.soton.ac.uk Thu Jun 5 22:02:19 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:24 2006 Subject: attachment action results in Postfix queue file corruption In-Reply-To: <1151627772873.20030604195200@icp.ac.ru> References: <1054734746.10031.174.camel@speedy> <1054734746.10031.174.camel@speedy> Message-ID: <5.2.1.1.2.20030605215658.03a1a2e0@imap.ecs.soton.ac.uk> Please can you try this patch to PFDiskStore.pm: --- PFDiskStore.pm 2003-06-02 10:03:03.000000000 +0100 +++ PFDiskStore.pm.new 2003-06-05 21:59:16.000000000 +0100 @@ -285,7 +285,7 @@ $recipcounter = 0; foreach $record (@{$message->{metadata}}) { $record =~ /^(.)(.*)$/; - $recipcounter++ if $1 =~ /[RO]/; + $recipcounter++ if $1 =~ /R/; } At 16:52 04/06/2003, you wrote: >Hi! > >'Attachment' action in MS 4.21.9 seems to be incompatible with my >Postfix 2.0.10. All high scored spam (the only email variety I am >trying to handle using the feature at the moment) I got by now >finished in 'corrupt' folder in Postfix spool. If anyone interested I >can send the details of my setup, logs, corrupt queue files, >quarantined messages... > >-- >Dmitriy -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Thu Jun 5 22:04:06 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:24 2006 Subject: Question regarding virus wrapper In-Reply-To: <3963522F0E71474CB14C0FF54A6914F701114F90@omar.schtre.com> Message-ID: <5.2.1.1.2.20030605220320.03a3ce88@imap.ecs.soton.ac.uk> Have you got the RedHat 7.2 compatibility libraries loaded and the environment kludge to make it think it is running an old kernel? McAfee haven't updated their Linux support in *years* :-( At 21:53 05/06/2003, you wrote: >I suspect I know what the problem is with this question. I believe it may >be related to a bug or incompatible library in libc.so.6., but the hourly >cron response I get from the mailscanner contains the following: > > > >/etc/cron.hourly/update_virus_scanners: > > > >/usr/lib/MailScanner/mcafee-wrapper: line 46: [: /lib/libc.so.6: binary >operator expected > > > >------------------------- > > > >The above is using McAfee Anti-Virus > > > > > > > > -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030605/4ffe9236/attachment.html From steve.douglas at SBIINCORPORATED.COM Thu Jun 5 22:04:22 2003 From: steve.douglas at SBIINCORPORATED.COM (Steve Douglas) Date: Thu Jan 12 21:18:24 2006 Subject: Auto-Responses without open-relaying Message-ID: <3963522F0E71474CB14C0FF54A6914F701114F91@omar.schtre.com> I am using mailertable within sendmail and I have a spamcontrol that features "relay domains" for the domains I want routed into my private network email server. SD :-) > -----Original Message----- > From: Francois Caen [mailto:FCaen@CI.LAKEWOOD.WA.US] > Sent: Thursday, June 05, 2003 3:52 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Auto-Responses without open-relaying > > -----Original Message----- > From: Steve Douglas [mailto:steve.douglas@SBIINCORPORATED.COM] > > > I have installed my MailScanner gateway on the DMZ and all incoming > messages are rerouted to my internal email server. > > Are you using mailertable or smarthost for the rerouting? > > --------------------------------------------- > Francois Caen > Network Information Systems Engineer - Webmaster > City of Lakewood, WA > (253) 512-2269 > > > > NOTICE: The Information contained in this transmission is privileged and > confidential. It is intended for the use of the individual or entity named > above. If the reader of this message is not the intended addressee or > other legitimate recipient, the reader is hereby notified that any > consideration, dissemination or duplication of this communication is > strictly prohibited. If the addressee has received this communication in > error, please return it to the above address by mail and notify this > office by telephone. > > > > > > City of Lakewood > From steve.freegard at LBSLTD.CO.UK Thu Jun 5 22:09:52 2003 From: steve.freegard at LBSLTD.CO.UK (Steve Freegard) Date: Thu Jan 12 21:18:24 2006 Subject: Bayesian training and spam attachment Message-ID: <67D9E7698329D411936E00508B6590B90277390E@neelix.lbsltd.co.uk> Carl/Denis/Julian, I found this: http://www.jmason.org/software/scripts/extract-rfc822-attachment.txt - it's written by the author of SpamAssassin. I haven't tried it as I haven't upgraded and turned on the attachment feature (yet!) - it states in the README: extract a "mail/rfc822" attachment from a mail. SYNOPSIS extract-rfc822-attachment < msg > newmsg EXIT STATUS Exit status will be 0 if there was an attachment and the attachment was extracted successfully, 1 if there was no attachment found. The remaining non-zero exit statuses are reserved for other failure modes. NOTE Quoted-printable or base64-encoded attachments are not currently supported. I suppose the drawback is that it'll only run on one message at a time - I wonder if it would be possible to integrate this with procmail on the MailScanner box to automagically extract the rfc822 attachments for anything forwarded to the 'not-spam'??? Kind regards, Steve. -- Steve Freegard Systems Manager Littlehampton Book Services -----Original Message----- From: Carl Boberg To: MAILSCANNER@JISCMAIL.AC.UK Sent: 05/06/03 08:59 Subject: Re: Bayesian training and spam attachment -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, If anybody finds a useful script/module for this please post it, or where to find it, to this list. / Carl >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >Behalf Of Julian Field >Sent: Wednesday, June 04, 2003 21:08 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Bayesian training and spam attachment > > >At 19:48 04/06/2003, you wrote: >>Julian, >> >>Would you know about some Perl Module that could help me achieve >>that? > >No, sorry. But take a look at www.zeegee.com, there might be >something useful there. > > >>Denis >>Le mer 04/06/2003 ? 11:38, Julian Field a ?crit : >> > At 16:29 04/06/2003, you wrote: >> > >Hello, >> > > >> > >I am working on implementing a shared folder to drop spam/ham >> > >into to educate the Bayesian filter of SA. >> > > >> > >If I turn on the "Spam Action = attachment deliver" in MS, will >> > >the resulting email be suitable to be fed in sa-learn or will I >> > >have to remove the message that was included in the email? >> > >> > You would need to extract the RFC822 attachment from the mail >> > you are forwarded, but it will *then* be in the right form for >> > feeding >to sa-learn. >> > -- >> > Julian Field >> > www.MailScanner.info >> > MailScanner thanks transtec Computers for their support >>-- >>Denis Beauchemin, analyste >>Universit? de Sherbrooke, S.T.I. >>T: 819.821.8000x2252 F: 819.821.8045 > >-- >Julian Field >www.MailScanner.info >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use iQA/AwUBPt74fui5vtTaHS+IEQJ54gCcDXTIgD39AYggMgCkdzz/nAWi8H8AoJ1X qNpye0h0nvDxZv+BmWVLQx89 =JoAl -----END PGP SIGNATURE----- -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete the message from your mailbox. This footnote also confirms that this email message has been swept by MailScanner (www.mailscanner.info) for the presence of computer viruses. From forrie at FORRIE.COM Fri Jun 6 05:23:01 2003 From: forrie at FORRIE.COM (Forrest Aldrich) Date: Thu Jan 12 21:18:24 2006 Subject: Rav Website In-Reply-To: <1054844961.32122.2.camel@speedy> References: <200306052008.h55K8n229965@chartermi.net> <200306052008.h55K8n229965@chartermi.net> Message-ID: <5.2.1.1.2.20030606001846.01e1f8b0@192.168.1.1> For what it's worth, I've been using RAV Antivirus with sendmail-Milter for over a year, and it's worked pretty well. A couple of comments: 1) The configuration (ravmd.conf) is extremely obtuse - definately not written by someone who goes outdoors frequently. 2) Their licensing policy (pricing) leaves a bit to be desired - they charge 25.00 per domain or something like that - and have no provision for a private site that might happen to have a few domains (some unused). 3) The licensing will only scan for x number of domains (as also defined in ravmd.conf)... In retrospect, I've begun using f-prot and clamav (soon clamav-milter if someone can help me compile it on freebsd), since I disagree with RAV's pricing guidelines. _F At 04:29 PM 6/5/2003, Stephen Swaney wrote: >Steve, > >I believe it refers to the rev anti-virus scanner at this site: > > >http://www.ravantivirus.com/index.php > >I have no experience with this scanner so I can't comment on quality. > >Steve >Stephen Swaney >President >Fortress Systems, Ltd. >Steve.Swaney@fsl.com >Phone: 202 352-3262 >U.S. Toll Free Phone and Fax: 877 746-6636 > > >On Thu, 2003-06-05 at 16:08, Steve Hickel wrote: >> >>Julian, >> >>You are the greatest. >> >>However, I do not know what RAV means nor where to look at it. >> >>Thanks, >> > From marco at MUW.EDU Fri Jun 6 05:08:24 2003 From: marco at MUW.EDU (Marco Obaid) Date: Thu Jan 12 21:18:24 2006 Subject: Copying Bayes Data In-Reply-To: <67D9E7698329D411936E00508B6590B90277390E@neelix.lbsltd.co.uk> References: <67D9E7698329D411936E00508B6590B90277390E@neelix.lbsltd.co.uk> Message-ID: <1054872504.3ee013b8ed78a@webmail.MUW.Edu> Hi, Is it possible to transfer the bayes_* files from one MS server to another? I tried it and I received the following when running "spamassassin -D --lint": Cannot open bayes_path /root/.spamassassin/bayes R/O: Inappropriate file type or format I have a copy of most of the spam and I think that I can let the new MS server learn those messages. I was just wondering if there is a quicker way. Thanks, Marco _________________________________________________________________ This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail For the latest MUW Events, visit http://www.MUW.Edu/calendar From ricardo at MAC.ZA.NET Fri Jun 6 08:31:45 2003 From: ricardo at MAC.ZA.NET (Ricardo) Date: Thu Jan 12 21:18:24 2006 Subject: EXIM + MAILSCANNER Message-ID: <006b01c32bfd$b0c3ad40$d194fea9@bump> Hi I'm new to mailscanner and I've set it up with exim (4.14). I can see the messages in /var/spool/exim.in/msglog but all my mesages are defered when I run exim -qff -v. R=defer_router defer (-1): All deliveries are deferred When I check my /var/log/maillog file it complains about this Syntax error in line 98, file "/usr/exim/bin/exim" for sendmail2 does not exist Any ideas? I'm desperate to get it up and running! Thanks Ricardo From steve.douglas at SBIINCORPORATED.COM Fri Jun 6 08:53:55 2003 From: steve.douglas at SBIINCORPORATED.COM (Steve Douglas) Date: Thu Jan 12 21:18:24 2006 Subject: I don't think Apam a susbect Message-ID: <3963522F0E71474CB14C0FF54A6914F701114F93@omar.schtre.com> I have sent numerous test spam messages through my MailScanner server. I am a newbie. I thought I had it, but the below is consistant. Can anyone interpret the below content from my syslogd? I don't think SpamAssassin isn't working. FYI: my platform is redhat 9. Thank you! ___________________________________________________ June 6 02:43:18 hprh MailScanner[8131]: MailScanner E-Mail Virus Scanner version 4.21-9 starting... Jun 6 02:43:19 hprh MailScanner[8131]: Enabling SpamAssassin auto-whitelist functionality... Jun 6 02:43:19 hprh MailScanner[8131]: Using locktype = flock Jun 6 02:43:28 hprh MailScanner[8132]: MailScanner E-Mail Virus Scanner version 4.21-9 starting... Jun 6 02:43:29 hprh MailScanner[8132]: Enabling SpamAssassin auto-whitelist functionality... Jun 6 02:43:29 hprh MailScanner[8132]: Using locktype = flock From ree at THUNDERSTAR.NET Fri Jun 6 08:53:50 2003 From: ree at THUNDERSTAR.NET (Ron E.) Date: Thu Jan 12 21:18:24 2006 Subject: Specific MailScanner & Postfix points Message-ID: Hopefully someone knows how to do some of this simply or can point me in the right direction. I am trying to accomplish the following with MailScanner & postfix: 1. At the moment I am quarantining messages tagged as spam by MailScanner, but not within MailScanner - ie - I have another MTA behind MailScanner that checks headers MailScanner inserts to find out if messages are spam or not. Spam messages are quarantined. The problem with this quarantine is that it becomes excessively slow when many messages have been quarantined and the other problem is that deleting the spam in the quarantine and finding the few false positives is unbelievably time consuming. The biggest problem is that it is not always simple to tell whether a message is spam based on it's sender, recipient & subject line - often it is, but there are enough messages that have to be individually opened to make this a real chore. The idea I had was maybe someone knows of something else I can put directly behind MailScanner that would create a web-based quarantine perhaps that in addition to showing sender, recipient & subject, perhaps it also intelligently extracts relevant text from each message. This would drastically speed up determining what is and isn't spam, would facilitate whitelisting the false positives, etc. 2. Set up a list of destination addresses that I want rejected during the connection - ie - I don't want any mail accepted for these addresses. Note that the "only accept known addresses" feature is not workable for this. 3. I would like to be able to do a degree of customized actions on messages based on header contents. For instance, I would like to forward a copy of all mail going to certain email addresses in some cases, and in other cases, forward a copy of mail to certain addresses but only those that match a certain subject line. Maybe mail archiving tools is the way to do this, I'm not sure. I'm mid going through various docs and how-tos, etc but I'm hoping someone has suggestions, on this. TIA, Ron From steve.freegard at LBSLTD.CO.UK Fri Jun 6 09:07:19 2003 From: steve.freegard at LBSLTD.CO.UK (Steve Freegard) Date: Thu Jan 12 21:18:24 2006 Subject: Copying Bayes Data Message-ID: <67D9E7698329D411936E00508B6590B90277390F@neelix.lbsltd.co.uk> Marco, This was discussed on the sa-talk list a while back - if I recall correctly, you _can_ do this as long as you use the same DB access method for both (e.g. for linux make sure you have the DB_File perl modules installed) and that you don't try to use a database from a machine with different architecture (litte-endian vs big-endian). It's probably worth checking the sa-talk archives to double-check this however. Hope this helps. Regards, Steve. -- Steve Freegard Systems Manager Littlehampton Book Services Ltd. -----Original Message----- From: Marco Obaid [mailto:marco@MUW.EDU] Sent: 06 June 2003 05:08 To: MAILSCANNER@JISCMAIL.AC.UK Hi, Is it possible to transfer the bayes_* files from one MS server to another? I tried it and I received the following when running "spamassassin -D --lint": Cannot open bayes_path /root/.spamassassin/bayes R/O: Inappropriate file type or format I have a copy of most of the spam and I think that I can let the new MS server learn those messages. I was just wondering if there is a quicker way. Thanks, Marco _________________________________________________________________ This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail For the latest MUW Events, visit http://www.MUW.Edu/calendar -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete the message from your mailbox. This footnote also confirms that this email message has been swept by MailScanner (www.mailscanner.info) for the presence of computer viruses. From tim-lists at BISHNET.NET Fri Jun 6 09:02:04 2003 From: tim-lists at BISHNET.NET (Tim Bishop) Date: Thu Jan 12 21:18:24 2006 Subject: EXIM + MAILSCANNER In-Reply-To: <006b01c32bfd$b0c3ad40$d194fea9@bump> References: <006b01c32bfd$b0c3ad40$d194fea9@bump> Message-ID: <20030606080204.GE46625@carrick.bishnet.net> On Fri, Jun 06, 2003 at 09:31:45AM +0200, Ricardo wrote: > I can see the messages in /var/spool/exim.in/msglog but all my mesages are > defered when I run exim -qff -v. > > R=defer_router defer (-1): All deliveries are deferred That is correct - the incoming side can not do deliveries, so they're all deferred. > When I check my /var/log/maillog file it complains about this > > Syntax error in line 98, file "/usr/exim/bin/exim" for sendmail2 does not > exist > > Any ideas? I'm desperate to get it up and running! You've got a mistake in your MailScanner.conf. The Sendmail2 configuration value points at a binary that doesn't exist. Find out where the Exim binary is and correct this option. Tim. -- Tim Bishop http://www.bishnet.net/tim PGP Key: 0x5AE7D984 From tim-lists at BISHNET.NET Fri Jun 6 09:02:29 2003 From: tim-lists at BISHNET.NET (Tim Bishop) Date: Thu Jan 12 21:18:24 2006 Subject: I don't think Apam a susbect In-Reply-To: <3963522F0E71474CB14C0FF54A6914F701114F93@omar.schtre.com> References: <3963522F0E71474CB14C0FF54A6914F701114F93@omar.schtre.com> Message-ID: <20030606080229.GF46625@carrick.bishnet.net> On Fri, Jun 06, 2003 at 02:53:55AM -0500, Steve Douglas wrote: > I have sent numerous test spam messages through my MailScanner server. I am > a newbie. I thought I had it, but the below is consistant. > > Can anyone interpret the below content from my syslogd? I don't think > SpamAssassin isn't working. FYI: my platform is redhat 9. > > Thank you! > ___________________________________________________ > June 6 02:43:18 hprh MailScanner[8131]: MailScanner > E-Mail Virus Scanner version 4.21-9 starting... > Jun 6 02:43:19 hprh MailScanner[8131]: Enabling > SpamAssassin auto-whitelist functionality... > Jun 6 02:43:19 hprh MailScanner[8131]: Using locktype > = flock > Jun 6 02:43:28 hprh MailScanner[8132]: MailScanner > E-Mail Virus Scanner version 4.21-9 starting... > Jun 6 02:43:29 hprh MailScanner[8132]: Enabling > SpamAssassin auto-whitelist functionality... > Jun 6 02:43:29 hprh MailScanner[8132]: Using locktype > = flock This looks like "normal" behaviour to me. Tim. -- Tim Bishop http://www.bishnet.net/tim PGP Key: 0x5AE7D984 From ricardo at MAC.ZA.NET Fri Jun 6 09:20:53 2003 From: ricardo at MAC.ZA.NET (Ricardo) Date: Thu Jan 12 21:18:24 2006 Subject: EXIM + MAILSCANNER References: <006b01c32bfd$b0c3ad40$d194fea9@bump> <20030606080204.GE46625@carrick.bishnet.net> Message-ID: <009001c32c04$8ea53970$d194fea9@bump> Hi there, Thanks for the reply. /usr/exim/bin/exim does exist though lrwxrwxrwx 1 root root 11 Jun 5 23:29 exim -> exim-4.14-2 -rwsr-xr-x 1 root root 977341 Jun 5 23:29 exim-4.14-2 Also mailscanner.conf doesn't seem to mind Sendmail = /usr/exim/bin/exim but Sendmail2 = /usr/exim/bin/exim -C /usr/exim/configure.out # Set how to invoke MTA when sending messages MailScanner has created # (e.g. to sender/recipient saying "found a virus in your message") # This can also be the filename of a ruleset. #Sendmail = /usr/lib/sendmail Sendmail = /usr/exim/bin/exim # Sendmail2 is provided for Exim users. # It is the command used to attempt delivery of outgoing cleaned/disinfected # messages. # This is not usually required for sendmail. # This can also be the filename of a ruleset. #For Exim users: Sendmail2 = /usr/sbin/exim -C /etc/exim/exim_send.conf #For sendmail users: Sendmail2 = /usr/lib/sendmail #Sendmail2 = /usr/lib/sendmail #Sendmail2 = /usr/sbin/sendmail -C /etc/exim/exim_send.conf Sendmail2 = /usr/exim/bin/exim -C /usr/exim/configure.out Any other ideas? ----- Original Message ----- From: "Tim Bishop" To: Sent: Friday, June 06, 2003 10:02 AM Subject: Re: EXIM + MAILSCANNER > On Fri, Jun 06, 2003 at 09:31:45AM +0200, Ricardo wrote: > > I can see the messages in /var/spool/exim.in/msglog but all my mesages are > > defered when I run exim -qff -v. > > > > R=defer_router defer (-1): All deliveries are deferred > > That is correct - the incoming side can not do deliveries, so they're > all deferred. > > > When I check my /var/log/maillog file it complains about this > > > > Syntax error in line 98, file "/usr/exim/bin/exim" for sendmail2 does not > > exist > > > > Any ideas? I'm desperate to get it up and running! > > You've got a mistake in your MailScanner.conf. The Sendmail2 > configuration value points at a binary that doesn't exist. Find out > where the Exim binary is and correct this option. > > Tim. > > -- > Tim Bishop > http://www.bishnet.net/tim > PGP Key: 0x5AE7D984 > From mailscanner at ecs.soton.ac.uk Fri Jun 6 09:49:59 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:25 2006 Subject: EXIM + MAILSCANNER In-Reply-To: <009001c32c04$8ea53970$d194fea9@bump> References: <006b01c32bfd$b0c3ad40$d194fea9@bump> <20030606080204.GE46625@carrick.bishnet.net> Message-ID: <5.2.0.9.2.20030606094937.0445daf8@imap.ecs.soton.ac.uk> How about you try Sendmail2 = /usr/exim/bin/exim-4.14-2 -C /usr/exim/configure.out ? At 09:20 06/06/2003, you wrote: >Hi there, > >Thanks for the reply. > >/usr/exim/bin/exim does exist though > >lrwxrwxrwx 1 root root 11 Jun 5 23:29 exim -> exim-4.14-2 >-rwsr-xr-x 1 root root 977341 Jun 5 23:29 exim-4.14-2 > >Also mailscanner.conf doesn't seem to mind Sendmail = /usr/exim/bin/exim but >Sendmail2 = /usr/exim/bin/exim -C /usr/exim/configure.out > ># Set how to invoke MTA when sending messages MailScanner has created ># (e.g. to sender/recipient saying "found a virus in your message") ># This can also be the filename of a ruleset. >#Sendmail = /usr/lib/sendmail >Sendmail = /usr/exim/bin/exim > ># Sendmail2 is provided for Exim users. ># It is the command used to attempt delivery of outgoing cleaned/disinfected ># messages. ># This is not usually required for sendmail. ># This can also be the filename of a ruleset. >#For Exim users: Sendmail2 = /usr/sbin/exim -C /etc/exim/exim_send.conf >#For sendmail users: Sendmail2 = /usr/lib/sendmail >#Sendmail2 = /usr/lib/sendmail >#Sendmail2 = /usr/sbin/sendmail -C /etc/exim/exim_send.conf >Sendmail2 = /usr/exim/bin/exim -C /usr/exim/configure.out > >Any other ideas? > >----- Original Message ----- >From: "Tim Bishop" >To: >Sent: Friday, June 06, 2003 10:02 AM >Subject: Re: EXIM + MAILSCANNER > > > > On Fri, Jun 06, 2003 at 09:31:45AM +0200, Ricardo wrote: > > > I can see the messages in /var/spool/exim.in/msglog but all my mesages >are > > > defered when I run exim -qff -v. > > > > > > R=defer_router defer (-1): All deliveries are deferred > > > > That is correct - the incoming side can not do deliveries, so they're > > all deferred. > > > > > When I check my /var/log/maillog file it complains about this > > > > > > Syntax error in line 98, file "/usr/exim/bin/exim" for sendmail2 does >not > > > exist > > > > > > Any ideas? I'm desperate to get it up and running! > > > > You've got a mistake in your MailScanner.conf. The Sendmail2 > > configuration value points at a binary that doesn't exist. Find out > > where the Exim binary is and correct this option. > > > > Tim. > > > > -- > > Tim Bishop > > http://www.bishnet.net/tim > > PGP Key: 0x5AE7D984 > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From dean.plant at ROKE.CO.UK Fri Jun 6 10:07:58 2003 From: dean.plant at ROKE.CO.UK (Plant, Dean) Date: Thu Jan 12 21:18:25 2006 Subject: F-prot says I need the mail server license Message-ID: <76C92FBBFB58D411AE760090271ED41805B33A64@rsys002a.roke.co.uk> Thanks to everyone who replied regarding F-Prot. I have emailed F-prot again to specify that I only need the command line scanner to scan files and I wait to hear their response. Dean Plant -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: 05 June 2003 20:17 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: F-prot says I need the mail server license I can only really add 1 comment this discussion. I have read their software licence very carefully. They completely fail to define the terms "workstation", "server" and "mail server". You only need the facilities provided by the "workstation" version. So you should be able to buy the "workstation" version and, as far as I can see, they haven't got a leg to stand on. My only concern is that if everyone buys the "workstation" version they might go bankrupt, which would be a loss for everyone. At 17:23 05/06/2003, you wrote: >On 5 Jun 2003 at 16:40, Plant, Dean wrote: > > > F-prot have advised me that I will need to use the mail server pricing > > model for use with Mailscanner which means I will have to look at > > other virus scanners. > >Looking at the message that you sent to them that might not necessarily be >the case. >They might have got the wrong idea. > > > > > -----Original Message----- > > > From: Plant, Dean [mailto:dean.plant@roke.co.uk] > > > Sent: 4. j?n? 2003 10:47 > > > To: 'sales@f-prot.com' > > > Subject: FW: FRISK-S-20030530-0027 (f-prot for Linux) > > > > > > I have a Linux file server that acts as a mail proxy and I would > > > like to > > use f-prot to > > > scan mail passing through the proxy (There are no mailboxes on the > > server). Will > > > the F-Prot Antivirus for Linux File Servers license allow this. > > > > >You've not really stated that you have an existing product that just needs >the command >line version to perform virus scanning. Given this e-mail your typical >salesperson might >just assume you want a fully blown virus scanning smtp gateway and that's what >they've recommended. > >David. > > >This communication may contain privileged or confidential information which >is for the exclusive use of the intended recipient. If you are not the >intended recipient, please note that you may not distribute or use this >communication or the information it contains. If this e-mail has reached you >in error, please delete it and any attachment. > >Internet communications are not secure and Barnet College does not accept >legal responsibility for the content of this message. Any views or opinions >expressed are those of the author and not necessarily those of Barnet College. > >Please note that Barnet College reserves the right to monitor the >source/destinations of all incoming or outgoing e-mail communications. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support -------------- next part -------------- Registered Office: Roke Manor Research Ltd, Siemens House, Oldbury, Bracknell, Berkshire. RG12 8FZ The information contained in this e-mail and any attachments is confidential to Roke Manor Research Ltd and must not be passed to any third party without permission. This communication is for information only and shall not create or change any contractual relationship. From ricardo at MAC.ZA.NET Fri Jun 6 10:08:08 2003 From: ricardo at MAC.ZA.NET (Ricardo) Date: Thu Jan 12 21:18:25 2006 Subject: EXIM + MAILSCANNER References: <006b01c32bfd$b0c3ad40$d194fea9@bump> <20030606080204.GE46625@carrick.bishnet.net> <5.2.0.9.2.20030606094937.0445daf8@imap.ecs.soton.ac.uk> Message-ID: <00a301c32c0b$287e15c0$d194fea9@bump> I've done that already :-| Weird that when I do ... root@mail:/home/ricardo# /usr/exim/bin/exim Exim is a Mail Transfer Agent. It is normally called by Mail User Agents, not directly from a shell command line. Options and/or arguments control what it does when called. For a list of options, see the Exim documentation. ... I get a result Why would it accept the specification for "sendmail" and not "sendmail2" even though they're referencing the same bin? Thanks! > How about you try > Sendmail2 = /usr/exim/bin/exim-4.14-2 -C /usr/exim/configure.out > ? > From michele at BLACKNIGHTSOLUTIONS.COM Fri Jun 6 10:10:36 2003 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:18:25 2006 Subject: F-prot says I need the mail server license In-Reply-To: <76C92FBBFB58D411AE760090271ED41805B33A64@rsys002a.roke.co.uk> References: <76C92FBBFB58D411AE760090271ED41805B33A64@rsys002a.roke.co.uk> Message-ID: <6101.213.140.31.170.1054890636.squirrel@www.blacknightsolutions.com> > My only concern is that if everyone buys the "workstation" version they > might go bankrupt, which would be a loss for everyone. Very true, however if theire licensing requires people to pay thousands to use the software legally we'll all go bankrupt too :P -- Mr. Michele Neylon Blacknight Solutions http://www.blacknightsolutions.com/ Shell hosting now available ######################################################### This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance to it is prohibited. From Anjana.Patel at CRANFIELD.AC.UK Fri Jun 6 10:33:42 2003 From: Anjana.Patel at CRANFIELD.AC.UK (Patel, Anjana) Date: Thu Jan 12 21:18:25 2006 Subject: mcafee & bugbear.b Message-ID: Hello, We've been blocking Bugbear.B since yesterday although as usual Mcafee appears to be slow in releasing their DATs. However I've noticed that every now and then mailscanner is blocking emails that have double extension attachments which look suspiciously like Bugbear.b but it is not picked up as Bugbear.B. I've tried scanning the quarantined attachment again with the latest DAT but again no virus is detected. Is this a different variant or is there a another problem. Has anyone else using mcafee noticed this? Thanks Anjana From f.rotondo at TESEO.IT Fri Jun 6 10:42:34 2003 From: f.rotondo at TESEO.IT (Francesco Rotondo) Date: Thu Jan 12 21:18:25 2006 Subject: mcafee & bugbear.b References: Message-ID: <01d701c32c0f$f5a26ca0$0464a8c0@teseo.info> Hi, > Hello, > > We've been blocking Bugbear.B since yesterday although as usual Mcafee > appears to be slow in releasing their DATs. However I've noticed that > every now and then mailscanner is blocking emails that have double > extension attachments which look suspiciously like Bugbear.b but it is > not picked up as Bugbear.B. I've tried scanning the quarantined > attachment again with the latest DAT but again no virus is detected. Is > this a different variant or is there a another problem. Has anyone else > using mcafee noticed this? > Even Sophos is not catching some viruses blocked because of the filename rules (thanks MS). It should be a variant of some old virus or maybe of the Bugbear itself as it is polymorphic. Regards. Francesco From raymond at PROLOCATION.NET Fri Jun 6 10:44:50 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:25 2006 Subject: F-prot says I need the mail server license In-Reply-To: <6101.213.140.31.170.1054890636.squirrel@www.blacknightsolutions.com> Message-ID: Hi! > > My only concern is that if everyone buys the "workstation" version they > > might go bankrupt, which would be a loss for everyone. > > Very true, however if theire licensing requires people to pay thousands to > use the software legally we'll all go bankrupt too :P I think if its really what they want, only 500 user versions for mail they wont sell to most of the people using it now. Pretty simple. So no buisiness case either that way. Bye, Raymond. From paul.hamilton at sme-ecom.co.uk Fri Jun 6 10:50:57 2003 From: paul.hamilton at sme-ecom.co.uk (Paul Hamilton) Date: Thu Jan 12 21:18:25 2006 Subject: FW: mcafee & bugbear.b Message-ID: <000001c32c11$2185f840$fc32000a@4> >Hello, >We've been blocking Bugbear.B since yesterday although as usual Mcafee >appears to be slow in releasing their DATs. However I've noticed that >every now and then mailscanner is blocking emails that have double >extension attachments which look suspiciously like Bugbear.b but it is >not picked up as Bugbear.B. I've tried scanning the quarantined >attachment again with the latest DAT but again no virus is detected. Is >this a different variant or is there a another problem. Has anyone else >using mcafee noticed this? We have seen similar behaviour with Sophos, Kaspersky and F-Prot. In some cases with the exact same attachment sent to two individuals within the same organisation minutes apart. Paul H. From malcolm.bishop at KCL.AC.UK Fri Jun 6 10:58:19 2003 From: malcolm.bishop at KCL.AC.UK (Malcolm Bishop) Date: Thu Jan 12 21:18:25 2006 Subject: mcafee & bugbear.b In-Reply-To: References: Message-ID: Hi, We are using McAfee and have noticed the same thing. Perhaps it is a new variant? However, I did have a quick look on a couple of anti-virus companies sites and there does not seem to be any information about a new variant. Thanks Malcolm > Hello, > > We've been blocking Bugbear.B since yesterday although as usual Mcafee > appears to be slow in releasing their DATs. However I've noticed that > every now and then mailscanner is blocking emails that have double > extension attachments which look suspiciously like Bugbear.b but it is > not picked up as Bugbear.B. I've tried scanning the quarantined > attachment again with the latest DAT but again no virus is detected. Is > this a different variant or is there a another problem. Has anyone else > using mcafee noticed this? > > Thanks > Anjana From Kevin.Spicer at BMRB.CO.UK Fri Jun 6 11:07:30 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:18:25 2006 Subject: mcafee & bugbear.b Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0EBF624@pascal.priv.bmrb.co.uk> > Hi, > > We are using McAfee and have noticed the same thing. Perhaps > it is a new > variant? However, I did have a quick look on a couple of anti-virus > companies sites and there does not seem to be any information about a > new variant. > Perhaps you should send the suspect files to your AV vendor for analysis? BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From steve.freegard at LBSLTD.CO.UK Fri Jun 6 11:17:18 2003 From: steve.freegard at LBSLTD.CO.UK (Steve Freegard) Date: Thu Jan 12 21:18:25 2006 Subject: mcafee & bugbear.b Message-ID: <67D9E7698329D411936E00508B6590B902793AC0@neelix.lbsltd.co.uk> Hi all, Further to this - it looks like Sophos updated their IDE definitions for Bugbear-B just before the 11am this morning, luckily in time for my sophos-autoupdate run to catch it. I also sent Sophos a load of attachments this morning that were stopped by the MailScanner filename rules that were not detected as viruses by SAVI. Regards, Steve. -- Steve Freegard Systems Manager Littlehampton Book Services Ltd. -----Original Message----- From: Spicer, Kevin [mailto:Kevin.Spicer@BMRB.CO.UK] Sent: 06 June 2003 11:08 To: MAILSCANNER@JISCMAIL.AC.UK > Hi, > > We are using McAfee and have noticed the same thing. Perhaps > it is a new > variant? However, I did have a quick look on a couple of anti-virus > companies sites and there does not seem to be any information about a > new variant. > Perhaps you should send the suspect files to your AV vendor for analysis? BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete the message from your mailbox. This footnote also confirms that this email message has been swept by MailScanner (www.mailscanner.info) for the presence of computer viruses. From malcolm.bishop at KCL.AC.UK Fri Jun 6 11:30:16 2003 From: malcolm.bishop at KCL.AC.UK (Malcolm Bishop) Date: Thu Jan 12 21:18:25 2006 Subject: mcafee & bugbear.b In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0EBF624@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB0EBF624@pascal.priv.bmrb.co.uk> Message-ID: Hi, In response to my previous e-mail I did notice the following on Mcafee site. -- Update June 05, 2003 -- AVERT has received a large number of truncated samples. These are damaged and do not infect. The next DAT release will contain detection of these samples as W32/Bugbear.b.dam. Additionally samples have been received that suggest the virus can mail the encrypted keylog file during its propagation routine. Therefore perhaps they are damaged bugbear.b files but I am sending a sample off for analysis. Thanks Malcolm On Fri, 6 Jun 2003 11:07:30 +0100 "Spicer, Kevin" wrote: > > Hi, > > > > We are using McAfee and have noticed the same thing. Perhaps > > it is a new > > variant? However, I did have a quick look on a couple of anti-virus > > companies sites and there does not seem to be any information about a > > new variant. > > > > Perhaps you should send the suspect files to your AV vendor for > analysis? > > > > BMRB International > http://www.bmrb.co.uk > +44 (0)20 8566 5000 > _________________________________________________________________ > This message (and any attachment) is intended only for the > recipient and may contain confidential and/or privileged > material. If you have received this in error, please contact the > sender and delete this message immediately. Disclosure, copying > or other action taken in respect of this email or in > reliance on it is prohibited. BMRB International Limited > accepts no liability in relation to any personal emails, or > content of any email which does not directly relate to our > business. ---------------------- Malcolm Bishop Systems Administrator School of Law, Kings College London, Strand, London, WC2R 2LS Tel: 020 7848 1107 Email: malcolm.bishop@kcl.ac.uk From m.sapsed at BANGOR.AC.UK Fri Jun 6 14:13:54 2003 From: m.sapsed at BANGOR.AC.UK (Martin Sapsed) Date: Thu Jan 12 21:18:25 2006 Subject: mcafee & bugbear.b References: <01d701c32c0f$f5a26ca0$0464a8c0@teseo.info> Message-ID: <3EE09392.2000207@bangor.ac.uk> Francesco Rotondo wrote: >>We've been blocking Bugbear.B since yesterday although as usual Mcafee >>appears to be slow in releasing their DATs. However I've noticed that >>every now and then mailscanner is blocking emails that have double >>extension attachments which look suspiciously like Bugbear.b but it is >>not picked up as Bugbear.B. I've tried scanning the quarantined >>attachment again with the latest DAT but again no virus is detected. Is >>this a different variant or is there a another problem. Has anyone else >>using mcafee noticed this? > > Even Sophos is not catching some viruses blocked because of the filename > rules (thanks MS). > It should be a variant of some old virus or maybe of the Bugbear itself as > it is polymorphic. I sent some items fitting this description to Sophos yesterday and this morning an update detecting "damaged" copies of Bugbear-B was released. Cheers, Martin -- Martin Sapsed Information Services "Who do you say I am?" University of Wales, Bangor Jesus of Nazareth From marco at MUW.EDU Fri Jun 6 14:25:33 2003 From: marco at MUW.EDU (Marco Obaid) Date: Thu Jan 12 21:18:25 2006 Subject: Weired Error In-Reply-To: References: <5C0296D26910694BB9A9BBFC577E7AB0EBF624@pascal.priv.bmrb.co.uk> Message-ID: <1054905933.3ee0964d95bb8@webmail.MUW.Edu> Good day everyone, I am seeing this error in my logs (repeadtly): Jun 6 06:42:54 avsmtp01 MailScanner[21510]: Cannot parse /var/spool/MailScanner/incoming/21510/h56BgeQd021498.header and , Can't locate object method "debug" via package "MIME::Parser::FileInto::MailScanner" at /opt/MailScanner/lib/MailScanner/Message.pm line 2603. I built this system last night. It is FreeBSD 4.8 Release running MS 4.21-9, SA 2.55, Command Antivirus. The mail is being delivered/received, as far as I can tell. Do I need to be concerned?!!! Marco _________________________________________________________________ This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail For the latest MUW Events, visit http://www.MUW.Edu/calendar From info at pro-invest.ca Fri Jun 6 14:32:47 2003 From: info at pro-invest.ca (Professional Investments Investor Services) Date: Thu Jan 12 21:18:25 2006 Subject: Mcafee autoupdate revisited Message-ID: HI, Sorry to badger this one, but I do not believe my autoupdate is working correctly. I have recently upgraded to 4.21-9, have removed the previous cron job that I had been calling and am relying on the rpm installed update_virus_scanners that is implemented in my cron.hourly directory. In my system log I can see that 04:01:01 pilx CROND[26206]: (root) CMD (run-parts /etc/cron.hourly) runs and then no subsequent errors however yesterday upon reading more regarding bugbear.b I checked my latest dat file and it had not been upgraded to mcafee's release on June 5th. Should I be looking elsewhere for an error? If you could please direct me to some things to check that would be greatly appreciated. Thanks again, >>>>>>>>>>>>>>>>>>>>> Mark Tavares IS Tech Support Professional Investments Inc. 1-888-548-8868 <<<<<<<<<<<<<<<<<<<<< From marco at MUW.EDU Fri Jun 6 14:51:13 2003 From: marco at MUW.EDU (Marco Obaid) Date: Thu Jan 12 21:18:25 2006 Subject: Weired Error In-Reply-To: <1054905933.3ee0964d95bb8@webmail.MUW.Edu> References: <5C0296D26910694BB9A9BBFC577E7AB0EBF624@pascal.priv.bmrb.co.uk> <1054905933.3ee0964d95bb8@webmail.MUW.Edu> Message-ID: <1054907473.3ee09c51e280f@webmail.MUW.Edu> Hi, > The mail is being delivered/received, as far as I > can tell. I take this back. The mail delivery is *halted* right now :( Marco _________________________________________________________________ This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail For the latest MUW Events, visit http://www.MUW.Edu/calendar From mailscanner at LISTS.COM.AR Fri Jun 6 14:56:25 2003 From: mailscanner at LISTS.COM.AR (Mariano Absatz) Date: Thu Jan 12 21:18:25 2006 Subject: ZMailer and MailScanner--a little problem. In-Reply-To: <3DFD0E385303F649AB7C31D651DEDD000E1746@mafalda.pert.com.ar> Message-ID: <3EE07359.31311.FE89922@localhost> Artur, Congrats!!! AFAIK you're user #2 of MailScanner+ZMailer (user #1 being me) :-) This is caused by a bug in the first version and after I sent a couple of patches, the last complete version of ZMailer.pm I sent to Julian didn't have this (more important) patch applied. Please patch ZMailer.pm with this: *** ZMailer.pm.ORI Mon Jun 2 09:44:42 2003 --- ZMailer.pm Mon Jun 2 09:45:07 2003 *************** *** 274,279 **** --- 274,284 ---- $message->{from} = lc($from); $FROMFound = 1; # We have found the sender } + if ($Line =~ /^channel error/) { + $from = ""; + $message->{from} = lc($from); + $FROMFound = 1; # We have found the (NULL) sender + } if ($Line =~ /^rcvdfrom /i) { $ip = $Line; #chomp $ip; The messages stuck in the queue are error bounces (sent from zmailer, e.g. because the recipient doesn't exist). These messages have a different format in the queue (instead of a "from xxx" they have a "channel error" line). This little patch handles this case. After the patch is applied restart (not reload) MailScanner (you don't have to turn off any part of ZMailer) and the messages will be delivered. Please, let me know it everything goes OK. El 5 Jun 2003 a las 17:30, Artur Meski escribi?: > Hello MailScanner hackers. > > I've found out, that in some conditions MailScanner behaves stangely. > > Take a look at this: > > [...] > Jun 5 17:39:56 naos MailScanner[49495]: Batch: Found invalid queue file > for message 224686 > Jun 5 17:39:56 naos MailScanner[49447]: Batch: Found invalid queue file > for message 224686 > Jun 5 17:39:58 naos MailScanner[49460]: Batch: Found invalid queue file > for message 224686 > Jun 5 17:40:01 naos MailScanner[49479]: Batch: Found invalid queue file > for message 224686 > Jun 5 17:40:01 naos MailScanner[49434]: Batch: Found invalid queue file > for message 224686 > Jun 5 17:40:01 naos MailScanner[49495]: Batch: Found invalid queue file > for message 224686 > Jun 5 17:40:01 naos MailScanner[49447]: Batch: Found invalid queue file > for message 224686 > Jun 5 17:40:03 naos MailScanner[49460]: Batch: Found invalid queue file > for message 224686 > Jun 5 17:40:06 naos MailScanner[49479]: Batch: Found invalid queue file > for message 224686 > [...] > > It does not affect every message--it happens from time to time. > > See attachement for queue file. It has no 'from' field in "env" part > (I think, it's ok for ZMailer). > > > -- Mariano Absatz El Baby ---------------------------------------------------------- I must confess, I was born at a very early age. -- Groucho Marx From dwinkler at ALGORITHMICS.COM Fri Jun 6 14:58:05 2003 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:18:25 2006 Subject: CustomConfig Message-ID: <06EE2C86D3DAD5119A6C0060943F3C97055E6FD4@tormail1.algorithmics.com> Any chance something like this could be added to CustomConfig? if ( -f "/opt/MailScanner/etc/CustomConfig.pm") { do "/opt/MailScanner/etc/CustomConfig.pm"; } It's easier for me to keep my CustomConfig in etc, I know after an upgrade to check this stuff. Thanks, Derek Winkler Security Administrator Algorithmics Inc., Toronto Tel: (416) 217-4107 Fax: (416) 971-6263 www.algorithmics.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030606/d7d66645/attachment.html From ratebor at pro.icp.ac.ru Fri Jun 6 15:09:56 2003 From: ratebor at pro.icp.ac.ru (Dmitriy Bokiy) Date: Thu Jan 12 21:18:25 2006 Subject: attachment action results in Postfix queue file corruption In-Reply-To: <5.2.1.1.2.20030605215658.03a1a2e0@imap.ecs.soton.ac.uk> References: <1054734746.10031.174.camel@speedy> <1054734746.10031.174.camel@speedy> <5.2.1.1.2.20030605215658.03a1a2e0@imap.ecs.soton.ac.uk> Message-ID: <631794441440.20030606180956@icp.ac.ru> 06/06/2003, 1:02:19 Julian Field wrote: > Please can you try this patch to PFDiskStore.pm: > --- PFDiskStore.pm 2003-06-02 10:03:03.000000000 +0100 > +++ PFDiskStore.pm.new 2003-06-05 21:59:16.000000000 +0100 > @@ -285,7 +285,7 @@ > $recipcounter = 0; > foreach $record (@{$message->{metadata}}) { > $record =~ /^(.)(.*)$/; > - $recipcounter++ if $1 =~ /[RO]/; > + $recipcounter++ if $1 =~ /R/; > } Did not help. Luckily the problem appears to be gone since I upgraded Perl to 5.6.1. Thank you for your time. -- Dmitriy From steve.douglas at SBIINCORPORATED.COM Fri Jun 6 15:10:58 2003 From: steve.douglas at SBIINCORPORATED.COM (Steve Douglas) Date: Thu Jan 12 21:18:25 2006 Subject: I don't think Apam a susbect Message-ID: <3963522F0E71474CB14C0FF54A6914F701114F96@omar.schtre.com> Thank you, Tim. The system is only under testing. The only thing I have difficulty with prior to going into production is a series of tests for my own confidence. I do appreciate your feed back. Have a good weekend! SD :-) > -----Original Message----- > From: Tim Bishop [mailto:tim-lists@BISHNET.NET] > Sent: Friday, June 06, 2003 3:02 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: I don't think Apam a susbect > > On Fri, Jun 06, 2003 at 02:53:55AM -0500, Steve Douglas wrote: > > I have sent numerous test spam messages through my MailScanner server. > I am > > a newbie. I thought I had it, but the below is consistant. > > > > Can anyone interpret the below content from my syslogd? I don't think > > SpamAssassin isn't working. FYI: my platform is redhat 9. > > > > Thank you! > > ___________________________________________________ > > June 6 02:43:18 hprh MailScanner[8131]: MailScanner > > E-Mail Virus Scanner version 4.21-9 starting... > > Jun 6 02:43:19 hprh MailScanner[8131]: Enabling > > SpamAssassin auto-whitelist functionality... > > Jun 6 02:43:19 hprh MailScanner[8131]: Using locktype > > = flock > > Jun 6 02:43:28 hprh MailScanner[8132]: MailScanner > > E-Mail Virus Scanner version 4.21-9 starting... > > Jun 6 02:43:29 hprh MailScanner[8132]: Enabling > > SpamAssassin auto-whitelist functionality... > > Jun 6 02:43:29 hprh MailScanner[8132]: Using locktype > > = flock > > This looks like "normal" behaviour to me. > > Tim. > > -- > Tim Bishop > http://www.bishnet.net/tim > PGP Key: 0x5AE7D984 From steve.douglas at SBIINCORPORATED.COM Fri Jun 6 15:22:03 2003 From: steve.douglas at SBIINCORPORATED.COM (Steve Douglas) Date: Thu Jan 12 21:18:25 2006 Subject: mcafee & bugbear.b Message-ID: <3963522F0E71474CB14C0FF54A6914F701114F97@omar.schtre.com> I haven't installed the latest post (270). My serer has Dat Verison: 4267, Engin Version, 4.2.40 and it detected and smoked the bugbear using heuristics presumably. SD :-) > -----Original Message----- > From: Steve Freegard [mailto:steve.freegard@LBSLTD.CO.UK] > Sent: Friday, June 06, 2003 5:17 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: mcafee & bugbear.b > > Hi all, > > Further to this - it looks like Sophos updated their IDE definitions for > Bugbear-B just before the 11am this morning, luckily in time for my > sophos-autoupdate run to catch it. > > I also sent Sophos a load of attachments this morning that were stopped by > the MailScanner filename rules that were not detected as viruses by SAVI. > > Regards, > Steve. > > -- > Steve Freegard > Systems Manager > Littlehampton Book Services Ltd. > > > -----Original Message----- > From: Spicer, Kevin [mailto:Kevin.Spicer@BMRB.CO.UK] > Sent: 06 June 2003 11:08 > To: MAILSCANNER@JISCMAIL.AC.UK > > > Hi, > > > > We are using McAfee and have noticed the same thing. Perhaps > > it is a new > > variant? However, I did have a quick look on a couple of anti-virus > > companies sites and there does not seem to be any information about a > > new variant. > > > > Perhaps you should send the suspect files to your AV vendor for analysis? > > > > BMRB International > http://www.bmrb.co.uk > +44 (0)20 8566 5000 > _________________________________________________________________ > This message (and any attachment) is intended only for the > recipient and may contain confidential and/or privileged > material. If you have received this in error, please contact the > sender and delete this message immediately. Disclosure, copying > or other action taken in respect of this email or in > reliance on it is prohibited. BMRB International Limited > accepts no liability in relation to any personal emails, or > content of any email which does not directly relate to our > business. > > -- > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the sender and delete the message from your mailbox. > > This footnote also confirms that this email message has been swept by > MailScanner (www.mailscanner.info) for the presence of computer viruses. From apm at CIFRID.NET Fri Jun 6 15:29:49 2003 From: apm at CIFRID.NET (Artur Meski) Date: Thu Jan 12 21:18:25 2006 Subject: ZMailer and MailScanner--a little problem (+one little suggestion :P). In-Reply-To: <3EE07359.31311.FE89922@localhost> References: <3EE07359.31311.FE89922@localhost> Message-ID: <8665njqnxe.fsf@shiningdiamond.localnet> Mariano Absatz writes: > Congrats!!! AFAIK you're user #2 of MailScanner+ZMailer (user #1 being me) Sirat : so I`m user #3 ;8] Sirat : you may tell it him So... he is #3. The number of users is growing. ;) > Please, let me know it everything goes OK. Ok, it works. :) I also asked about privileges of MailScanner. It was a stupid question, as I found out later (I put a comment at the end of line: 'Run As User = nonprivilegeduser # Comment about that setting' so I couldn't get it to work--now it works fine). ;) But! Are you using MailScanner running as an unprivileged user? How? My MS is currently running as a 'daemon' user with a little changes in the source code. I don't know whether it's ok, so I would like to consult it... Artur. -- // WWW: artur.black.pl // PGP: finger apm@heze.cifrid.net // From P.G.M.Peters at CIV.UTWENTE.NL Fri Jun 6 15:41:01 2003 From: P.G.M.Peters at CIV.UTWENTE.NL (Peter Peters) Date: Thu Jan 12 21:18:25 2006 Subject: filename rules question Message-ID: The filename rules conf file has allow and deny lines. I haven't seen a default line so I wonder what will happen with an extension that doesn't match any line. I believe (from my experience) the message will be allowed. But then a lot of allow lines can be removed (and speeding up MailScanner)? -- Peter Peters, senior netwerkbeheerder Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/civ From mailscanner at LISTS.COM.AR Fri Jun 6 15:41:06 2003 From: mailscanner at LISTS.COM.AR (Mariano Absatz) Date: Thu Jan 12 21:18:25 2006 Subject: mcafee & bugbear.b In-Reply-To: <3963522F0E71474CB14C0FF54A6914F701114F97@omar.schtre.com> Message-ID: <3EE07DD2.29839.10118067@localhost> Steve, Current dat is 4270... my servers got 4268 on June 1st at about 21:45 UTC, 4269 on June 4th at about 18:45 UTC and 4270 yesterday (June 5th at about 16:45 UTC). You should configure a cron job for mcaffee-autoupdate to run frequently... I have it configured to run every hour. BTW, Tony, I understand you mantain mcafee-autoupdate, is that right? I sent a patch a while ago adding a little more verbosity to the "-v" mode, did you see it? If I do a similar modification to the current (from MS 4.21) version would you incorporate it? It is only cosmetic, but as I prefer to log the script activity (via a plain ">>" in the crontab file), I like having a couple of timestamps available. If you prefer I could add an extra command line option for this to be turned on, I only tried to be minimalistic with the modifications. Thanx. El 6 Jun 2003 a las 9:22, Steve Douglas escribi?: > I haven't installed the latest post (270). My serer has Dat Verison: 4267, > Engin Version, 4.2.40 and it detected and smoked the bugbear using > heuristics presumably. I think bugbear uses double extensions (.doc.pif, etc) that MailScanner's standard filename rules prohibit, as well as the extensions themselves (.pif, .scr, etc.). > > SD > :-) > > > > -----Original Message----- > > From: Steve Freegard [mailto:steve.freegard@LBSLTD.CO.UK] > > Sent: Friday, June 06, 2003 5:17 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: mcafee & bugbear.b > > > > Hi all, > > > > Further to this - it looks like Sophos updated their IDE definitions for > > Bugbear-B just before the 11am this morning, luckily in time for my > > sophos-autoupdate run to catch it. > > > > I also sent Sophos a load of attachments this morning that were stopped by > > the MailScanner filename rules that were not detected as viruses by SAVI. > > > > Regards, > > Steve. > > > > -- > > Steve Freegard > > Systems Manager > > Littlehampton Book Services Ltd. > > > > > > -----Original Message----- > > From: Spicer, Kevin [mailto:Kevin.Spicer@BMRB.CO.UK] > > Sent: 06 June 2003 11:08 > > To: MAILSCANNER@JISCMAIL.AC.UK > > > > > Hi, > > > > > > We are using McAfee and have noticed the same thing. Perhaps > > > it is a new > > > variant? However, I did have a quick look on a couple of anti-virus > > > companies sites and there does not seem to be any information about a > > > new variant. > > > > > > > Perhaps you should send the suspect files to your AV vendor for analysis? > > > > > > > > BMRB International > > http://www.bmrb.co.uk > > +44 (0)20 8566 5000 > > _________________________________________________________________ > > This message (and any attachment) is intended only for the > > recipient and may contain confidential and/or privileged > > material. If you have received this in error, please contact the > > sender and delete this message immediately. Disclosure, copying > > or other action taken in respect of this email or in > > reliance on it is prohibited. BMRB International Limited > > accepts no liability in relation to any personal emails, or > > content of any email which does not directly relate to our > > business. > > > > -- > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please notify > > the sender and delete the message from your mailbox. > > > > This footnote also confirms that this email message has been swept by > > MailScanner (www.mailscanner.info) for the presence of computer viruses. -- Mariano Absatz El Baby ---------------------------------------------------------- CChheecckk yyoouurr dduupplleexx sswwiittcchh!! From steve.douglas at SBIINCORPORATED.COM Fri Jun 6 15:44:48 2003 From: steve.douglas at SBIINCORPORATED.COM (Steve Douglas) Date: Thu Jan 12 21:18:25 2006 Subject: mcafee & bugbear.b Message-ID: <3963522F0E71474CB14C0FF54A6914F701114F98@omar.schtre.com> Where may I review and modify the document type that should can pass through? SD :-) > -----Original Message----- > From: Mariano Absatz [mailto:mailscanner@LISTS.COM.AR] > Sent: Friday, June 06, 2003 9:41 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: mcafee & bugbear.b > > Steve, > > Current dat is 4270... my servers got 4268 on June 1st at about 21:45 UTC, > 4269 on June 4th at about 18:45 UTC and 4270 yesterday (June 5th at about > 16:45 UTC). > > You should configure a cron job for mcaffee-autoupdate to run > frequently... I > have it configured to run every hour. > > BTW, Tony, I understand you mantain mcafee-autoupdate, is that right? I > sent > a patch a while ago adding a little more verbosity to the "-v" mode, did > you > see it? > > If I do a similar modification to the current (from MS 4.21) version would > you incorporate it? It is only cosmetic, but as I prefer to log the script > activity (via a plain ">>" in the crontab file), I like having a couple of > timestamps available. If you prefer I could add an extra command line > option > for this to be turned on, I only tried to be minimalistic with the > modifications. > > Thanx. > > El 6 Jun 2003 a las 9:22, Steve Douglas escribi?: > > > I haven't installed the latest post (270). My serer has Dat Verison: > 4267, > > Engin Version, 4.2.40 and it detected and smoked the bugbear using > > heuristics presumably. > I think bugbear uses double extensions (.doc.pif, etc) that MailScanner's > standard filename rules prohibit, as well as the extensions themselves > (.pif, > .scr, etc.). > > > > > SD > > :-) > > > > > > > -----Original Message----- > > > From: Steve Freegard [mailto:steve.freegard@LBSLTD.CO.UK] > > > Sent: Friday, June 06, 2003 5:17 AM > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Subject: Re: mcafee & bugbear.b > > > > > > Hi all, > > > > > > Further to this - it looks like Sophos updated their IDE definitions > for > > > Bugbear-B just before the 11am this morning, luckily in time for my > > > sophos-autoupdate run to catch it. > > > > > > I also sent Sophos a load of attachments this morning that were > stopped by > > > the MailScanner filename rules that were not detected as viruses by > SAVI. > > > > > > Regards, > > > Steve. > > > > > > -- > > > Steve Freegard > > > Systems Manager > > > Littlehampton Book Services Ltd. > > > > > > > > > -----Original Message----- > > > From: Spicer, Kevin [mailto:Kevin.Spicer@BMRB.CO.UK] > > > Sent: 06 June 2003 11:08 > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > > > > > Hi, > > > > > > > > We are using McAfee and have noticed the same thing. Perhaps > > > > it is a new > > > > variant? However, I did have a quick look on a couple of anti-virus > > > > companies sites and there does not seem to be any information about > a > > > > new variant. > > > > > > > > > > Perhaps you should send the suspect files to your AV vendor for > analysis? > > > > > > > > > > > > BMRB International > > > http://www.bmrb.co.uk > > > +44 (0)20 8566 5000 > > > _________________________________________________________________ > > > This message (and any attachment) is intended only for the > > > recipient and may contain confidential and/or privileged > > > material. If you have received this in error, please contact the > > > sender and delete this message immediately. Disclosure, copying > > > or other action taken in respect of this email or in > > > reliance on it is prohibited. BMRB International Limited > > > accepts no liability in relation to any personal emails, or > > > content of any email which does not directly relate to our > > > business. > > > > > > -- > > > This email and any files transmitted with it are confidential and > > > intended solely for the use of the individual or entity to whom they > > > are addressed. If you have received this email in error please notify > > > the sender and delete the message from your mailbox. > > > > > > This footnote also confirms that this email message has been swept by > > > MailScanner (www.mailscanner.info) for the presence of computer > viruses. > > > -- > Mariano Absatz > El Baby > ---------------------------------------------------------- > CChheecckk yyoouurr dduupplleexx sswwiittcchh!! From mailscanner at LISTS.COM.AR Fri Jun 6 15:46:12 2003 From: mailscanner at LISTS.COM.AR (Mariano Absatz) Date: Thu Jan 12 21:18:25 2006 Subject: ZMailer and MailScanner--a little problem (+one little suggestion :P). In-Reply-To: <8665njqnxe.fsf@shiningdiamond.localnet> References: <3EE07359.31311.FE89922@localhost> Message-ID: <3EE07F04.1402.10162B8E@localhost> El 6 Jun 2003 a las 16:29, Artur Meski escribi?: > Mariano Absatz writes: > > > Congrats!!! AFAIK you're user #2 of MailScanner+ZMailer (user #1 being me) > > Sirat : so I`m user #3 ;8] > Sirat : you may tell it him > > So... he is #3. The number of users is growing. ;) We're crowds right now! :-P > > > Please, let me know it everything goes OK. > > Ok, it works. :) Great! > > I also asked about privileges of MailScanner. It was a stupid > question, as I found out later (I put a comment at the end of line: > 'Run As User = nonprivilegeduser # Comment about that setting' so I > couldn't get it to work--now it works fine). ;) > > But! Are you using MailScanner running as an unprivileged user? How? > My MS is currently running as a 'daemon' user with a little changes in > the source code. I don't know whether it's ok, so I would like to > consult it... I didn't see your previous question about nonprvileged user... actually I only run it as root... ZMailer usually runs as root and postoffice permissions only allows root to mess around there. I never run zmailer as non-root... is that possible? I guess that if it is so, using the same user for zmailer and MailScanner should be possible (in fact, I guess it should be necessary). You should check permissions on MailScanner temporary directories, but that should be it. -- Mariano Absatz El Baby ---------------------------------------------------------- What is a "free" gift ? Aren't all gifts free? From mailscanner at LISTS.COM.AR Fri Jun 6 16:00:30 2003 From: mailscanner at LISTS.COM.AR (Mariano Absatz) Date: Thu Jan 12 21:18:25 2006 Subject: filename rules question In-Reply-To: Message-ID: <3EE0825E.2929.1023461B@localhost> IIRC, rules are processed from top to bottom, and, as soon as one matches, the process stops. This allows you to say something like: allow everything that ends in ".jpg" allow everything that ends in ".gif" deny everything that ends in ".exe" deny everything that ends in ".???.???" And an attachment ending in ".???.jpg" will be allowed (as per rule #1) but if it ends in ".jpg.scr" it will be denied (although there is no specific rule to deny files ending in ".scr". And, as you state, I recall the default is to allow any filename not matching any rule... El 6 Jun 2003 a las 16:41, Peter Peters escribi?: > The filename rules conf file has allow and deny lines. I haven't seen a > default line so I wonder what will happen with an extension that doesn't > match any line. I believe (from my experience) the message will be > allowed. But then a lot of allow lines can be removed (and speeding up > MailScanner)? > > -- > Peter Peters, senior netwerkbeheerder > Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) > Universiteit Twente, Postbus 217, 7500 AE Enschede > telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/civ -- Mariano Absatz El Baby ---------------------------------------------------------- Conjecture: All odd numbers are prime. Mathematician's Proof: 3 is prime. 5 is prime. 7 is prime. By induction, all odd numbers are prime. Physicist's Proof: 3 is prime. 5 is prime. 7 is prime. 9 is experimental error. 11 is prime. 13 is prime ... Engineer's Proof: 3 is prime. 5 is prime. 7 is prime. 9 is prime. 11 is prime. 13 is prime ... Computer Scientists's Proof: 3 is prime. 3 is prime. 3 is prime. 3 is prime... From apm at CIFRID.NET Fri Jun 6 16:02:36 2003 From: apm at CIFRID.NET (Artur Meski) Date: Thu Jan 12 21:18:25 2006 Subject: ZMailer and MailScanner--a little problem (+one little suggestion :P). In-Reply-To: <3EE07F04.1402.10162B8E@localhost> References: <3EE07359.31311.FE89922@localhost> <3EE07F04.1402.10162B8E@localhost> Message-ID: <86znkvp7ub.fsf@shiningdiamond.localnet> Mariano Absatz writes: > I never run zmailer as non-root... is that possible? I guess that if it is > so, using the same user for zmailer and MailScanner should be possible (in > fact, I guess it should be necessary). You should check permissions on > MailScanner temporary directories, but that should be it. Look: Processes: [...] daemon 33516 0,0 4,6 24524 24008 ?? SJ 16:17 0:02,25 /usr/bin/perl -I/usr/local/lib/MailScanner /usr/local/libexec/MailSca daemon 33517 0,0 4,6 24608 24104 ?? SJ 16:17 0:02,57 /usr/bin/perl -I/usr/local/lib/MailScanner /usr/local/libexec/MailSca daemon 33518 0,0 4,6 24604 24100 ?? SJ 16:18 0:02,96 /usr/bin/perl -I/usr/local/lib/MailScanner /usr/local/libexec/MailSca [...] Permissions: drwxr-xr-x 5 daemon wheel 512 5 Cze 23:46 /var/spool/MailScanner/ drwxrwsrwt 2 root wheel 512 6 Cze 16:46 /var/spool/postoffice-incoming/router/ drwxrwsrwt 28 root wheel 512 6 Cze 16:46 /var/spool/postoffice/router/ MailScanner.conf: Run As User = daemon I also had to change MailScanner's source code, because it was checking the owner of that directories. Maybe it's a good sollution? Maybe it's an useful information for MS+ZM users (for throng of them ;P) and it's worth putting into the documentation? Artur. -- // WWW: artur.black.pl // PGP: finger apm@heze.cifrid.net // From mailscanner at LISTS.COM.AR Fri Jun 6 16:20:16 2003 From: mailscanner at LISTS.COM.AR (Mariano Absatz) Date: Thu Jan 12 21:18:25 2006 Subject: ZMailer and MailScanner--a little problem (+one little suggestion :P). In-Reply-To: <86znkvp7ub.fsf@shiningdiamond.localnet> References: <3EE07F04.1402.10162B8E@localhost> Message-ID: <3EE08700.12996.10355F0F@localhost> Nice... I guess you modified the end of the CheckQueuesAreTogether() function in bin/MailScanner so it doesn't die 'cause you're daemon and the incoming router directory is owned by root. Maybe we could elegantly modify this to check for same ownership, or else, so that we have read&write permission on this directory before dying (so that we don't break current behavior). Julian, what do you think about it? As you can see from the sample below, the queue directories in ZMailer are world writable (but sticky), and thus you don't need that the owner of that directory is the same as you... El 6 Jun 2003 a las 17:02, Artur Meski escribi?: > Mariano Absatz writes: > > > I never run zmailer as non-root... is that possible? I guess that if it is > > so, using the same user for zmailer and MailScanner should be possible (in > > fact, I guess it should be necessary). You should check permissions on > > MailScanner temporary directories, but that should be it. > > Look: > > Processes: > [...] > daemon 33516 0,0 4,6 24524 24008 ?? SJ 16:17 0:02,25 /usr/bin/perl -I/usr/local/lib/MailScanner /usr/local/libexec/MailSca > daemon 33517 0,0 4,6 24608 24104 ?? SJ 16:17 0:02,57 /usr/bin/perl -I/usr/local/lib/MailScanner /usr/local/libexec/MailSca > daemon 33518 0,0 4,6 24604 24100 ?? SJ 16:18 0:02,96 /usr/bin/perl -I/usr/local/lib/MailScanner /usr/local/libexec/MailSca > [...] > > Permissions: > drwxr-xr-x 5 daemon wheel 512 5 Cze 23:46 /var/spool/MailScanner/ > drwxrwsrwt 2 root wheel 512 6 Cze 16:46 /var/spool/postoffice-incoming/router/ > drwxrwsrwt 28 root wheel 512 6 Cze 16:46 /var/spool/postoffice/router/ > > MailScanner.conf: > Run As User = daemon > > > I also had to change MailScanner's source code, because it was > checking the owner of that directories. > > Maybe it's a good sollution? Maybe it's an useful information for > MS+ZM users (for throng of them ;P) and it's worth putting into the > documentation? > > Artur. > > -- > // WWW: artur.black.pl // PGP: finger apm@heze.cifrid.net // -- Mariano Absatz El Baby ---------------------------------------------------------- C makes it easy to shoot yourself in the foot. C++ makes it harder, but when you do, it blows away your whole leg." -- Bjarne Stroustrup From mailscanner at ecs.soton.ac.uk Fri Jun 6 15:13:26 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:25 2006 Subject: Mcafee autoupdate revisited In-Reply-To: Message-ID: <5.2.0.9.2.20030606151259.04518408@imap.ecs.soton.ac.uk> Try running /usr/lib/MailScanner/mcafee-autoupdate and see if it says anything useful (or posts anything useful in your maillog). At 14:32 06/06/2003, you wrote: >HI, > >Sorry to badger this one, but I do not believe my autoupdate is working >correctly. I have recently upgraded to 4.21-9, have removed the previous >cron job that I had been calling and am relying on the rpm installed >update_virus_scanners that is implemented in my cron.hourly directory. In my >system log I can see that 04:01:01 pilx CROND[26206]: (root) CMD (run-parts >/etc/cron.hourly) runs and then no subsequent errors however yesterday upon >reading more regarding bugbear.b I checked my latest dat file and it had not >been upgraded to mcafee's release on June 5th. Should I be looking elsewhere >for an error? If you could please direct me to some things to check that >would be greatly appreciated. > >Thanks again, > > >>>>>>>>>>>>>>>>>>>>> >Mark Tavares >IS Tech Support >Professional Investments Inc. >1-888-548-8868 ><<<<<<<<<<<<<<<<<<<<< -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Fri Jun 6 15:12:19 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:25 2006 Subject: Weired Error In-Reply-To: <1054905933.3ee0964d95bb8@webmail.MUW.Edu> References: <5C0296D26910694BB9A9BBFC577E7AB0EBF624@pascal.priv.bmrb.co.uk> Message-ID: <5.2.0.9.2.20030606151018.04e16f50@imap.ecs.soton.ac.uk> At 14:25 06/06/2003, you wrote: >Good day everyone, > >I am seeing this error in my logs (repeadtly): > >Jun 6 06:42:54 avsmtp01 MailScanner[21510]: Cannot >parse /var/spool/MailScanner/incoming/21510/h56BgeQd021498.header and , Can't >locate object method "debug" via package "MIME::Parser::FileInto::MailScanner" >at /opt/MailScanner/lib/MailScanner/Message.pm line 2603. This means that your Perl, for some unknown reason, is not picking up the inherited packages correctly. You should be able to simply comment out (or delete) the "debug" lines on lines 2603, 2614, 2624, 2647. What version of perl are you running? I have never come across this before, not ever. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Fri Jun 6 16:17:57 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:25 2006 Subject: filename rules question In-Reply-To: <3EE0825E.2929.1023461B@localhost> References: Message-ID: <5.2.0.9.2.20030606161752.04dec7f0@imap.ecs.soton.ac.uk> Correct on all counts. At 16:00 06/06/2003, you wrote: >IIRC, rules are processed from top to bottom, and, as soon as one matches, >the process stops. > >This allows you to say something like: > >allow everything that ends in ".jpg" >allow everything that ends in ".gif" >deny everything that ends in ".exe" >deny everything that ends in ".???.???" > >And an attachment ending in ".???.jpg" will be allowed (as per rule #1) but >if it ends in ".jpg.scr" it will be denied (although there is no specific >rule to deny files ending in ".scr". > >And, as you state, I recall the default is to allow any filename not matching >any rule... > >El 6 Jun 2003 a las 16:41, Peter Peters escribi?: > > > The filename rules conf file has allow and deny lines. I haven't seen a > > default line so I wonder what will happen with an extension that doesn't > > match any line. I believe (from my experience) the message will be > > allowed. But then a lot of allow lines can be removed (and speeding up > > MailScanner)? > > > > -- > > Peter Peters, senior netwerkbeheerder > > Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) > > Universiteit Twente, Postbus 217, 7500 AE Enschede > > telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/civ > > >-- >Mariano Absatz >El Baby >---------------------------------------------------------- >Conjecture: All odd numbers are prime. > Mathematician's Proof: > 3 is prime. 5 is prime. 7 is prime. By induction, all > odd numbers are prime. > Physicist's Proof: > 3 is prime. 5 is prime. 7 is prime. 9 is experimental > error. 11 is prime. 13 is prime ... > Engineer's Proof: > 3 is prime. 5 is prime. 7 is prime. 9 is prime. > 11 is prime. 13 is prime ... > Computer Scientists's Proof: > 3 is prime. 3 is prime. 3 is prime. 3 is prime... -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Fri Jun 6 16:21:44 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:25 2006 Subject: ZMailer and MailScanner--a little problem (+one little suggestion :P). In-Reply-To: <3EE08700.12996.10355F0F@localhost> References: <86znkvp7ub.fsf@shiningdiamond.localnet> <3EE07F04.1402.10162B8E@localhost> Message-ID: <5.2.0.9.2.20030606162102.04d1afd8@imap.ecs.soton.ac.uk> How about I split the CheckQueuesAreTogether code so that it is separate for each MTA. Then we can do whatever combination we like, while still being easy to maintain. At 16:20 06/06/2003, you wrote: >Nice... > >I guess you modified the end of the CheckQueuesAreTogether() function in >bin/MailScanner so it doesn't die 'cause you're daemon and the incoming >router directory is owned by root. > >Maybe we could elegantly modify this to check for same ownership, or else, so >that we have read&write permission on this directory before dying (so that we >don't break current behavior). > >Julian, what do you think about it? As you can see from the sample below, the >queue directories in ZMailer are world writable (but sticky), and thus you >don't need that the owner of that directory is the same as you... > >El 6 Jun 2003 a las 17:02, Artur Meski escribi?: > > > Mariano Absatz writes: > > > > > I never run zmailer as non-root... is that possible? I guess that if > it is > > > so, using the same user for zmailer and MailScanner should be > possible (in > > > fact, I guess it should be necessary). You should check permissions on > > > MailScanner temporary directories, but that should be it. > > > > Look: > > > > Processes: > > [...] > > daemon 33516 0,0 4,6 24524 24008 ?? SJ 16:17 0:02,25 > /usr/bin/perl -I/usr/local/lib/MailScanner /usr/local/libexec/MailSca > > daemon 33517 0,0 4,6 24608 24104 ?? SJ 16:17 0:02,57 > /usr/bin/perl -I/usr/local/lib/MailScanner /usr/local/libexec/MailSca > > daemon 33518 0,0 4,6 24604 24100 ?? SJ 16:18 0:02,96 > /usr/bin/perl -I/usr/local/lib/MailScanner /usr/local/libexec/MailSca > > [...] > > > > Permissions: > > drwxr-xr-x 5 daemon wheel 512 5 Cze 23:46 /var/spool/MailScanner/ > > drwxrwsrwt 2 root wheel 512 6 Cze 16:46 > /var/spool/postoffice-incoming/router/ > > drwxrwsrwt 28 root wheel 512 6 Cze 16:46 > /var/spool/postoffice/router/ > > > > MailScanner.conf: > > Run As User = daemon > > > > > > I also had to change MailScanner's source code, because it was > > checking the owner of that directories. > > > > Maybe it's a good sollution? Maybe it's an useful information for > > MS+ZM users (for throng of them ;P) and it's worth putting into the > > documentation? > > > > Artur. > > > > -- > > // WWW: artur.black.pl // PGP: finger apm@heze.cifrid.net // > > >-- >Mariano Absatz >El Baby >---------------------------------------------------------- >C makes it easy to shoot yourself in the foot. C++ makes it >harder, but when you do, it blows away your whole leg." > -- Bjarne Stroustrup -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From ryanb at AACRAO.ORG Fri Jun 6 16:29:21 2003 From: ryanb at AACRAO.ORG (Bingham, Ryan) Date: Thu Jan 12 21:18:25 2006 Subject: filtering file types vs. extensions Message-ID: Hi Julian, This is just a feature question. Some of the commercial products (Sybari's Antigen for Exchange comes to mind) that (try to) do what MailScanner does have the ability to discern the file type even if the extension does not match (e.g. spot a Windows executable file even if it doesn't have an .exe extension). Is this something that would ever be possible with MailScanner? Thanks again for an awesome program!! Ryan From marco at MUW.EDU Fri Jun 6 16:35:28 2003 From: marco at MUW.EDU (Marco Obaid) Date: Thu Jan 12 21:18:25 2006 Subject: Weired Error In-Reply-To: <5.2.0.9.2.20030606151018.04e16f50@imap.ecs.soton.ac.uk> References: <5C0296D26910694BB9A9BBFC577E7AB0EBF624@pascal.priv.bmrb.co.uk> <5.2.0.9.2.20030606151018.04e16f50@imap.ecs.soton.ac.uk> Message-ID: <1054913728.3ee0b4c0708a3@webmail.MUW.Edu> Hi Julian, > This means that your Perl, for some unknown reason, is not picking up the > inherited packages correctly. > You should be able to simply comment out (or delete) the "debug" lines on > lines 2603, 2614, 2624, 2647. I will shortly. > > What version of perl are you running? I have never come across this before, > not ever. The version that is shipped with FreeBSD is 5.0003, I believe. However, when I installed SpamAssassin, I used the following: perl -MCPAN -e shell prerequisites_policy ask install Mail::SpamAssassin During the SA install, I was asked to install some dependencies, one of them I remember clearly was HTML::Parser. I answered 'y' to the question. Then for some strange reason, it installed perl-5.8.0 first, then it installed the dependecies and finally SpamAssassin. To eliminate confusion, I renamed /usr/bin/perl to /usr/bin/perl-dist and then I created a link /usr/bin/perl -> /usr/local/bin/perl I have re-installed the FreeBSD system twice already and in the two instances, everytime I try to install SA using the above method, perl-5.8.0 gets installed. Do you think that's part of the problem? Thank you for any insights Marco _________________________________________________________________ This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail For the latest MUW Events, visit http://www.MUW.Edu/calendar From mailscanner at LISTS.COM.AR Fri Jun 6 16:35:25 2003 From: mailscanner at LISTS.COM.AR (Mariano Absatz) Date: Thu Jan 12 21:18:25 2006 Subject: filtering file types vs. extensions In-Reply-To: Message-ID: <3EE08A8D.3778.10433DFC@localhost> That should be possible using the magic file and the logic that the file command uses (with that same file). See: man magic man file El 6 Jun 2003 a las 11:29, Bingham, Ryan escribi?: > Hi Julian, > > This is just a feature question. Some of the commercial products > (Sybari's Antigen for Exchange comes to mind) that (try to) do what > MailScanner does have the ability to discern the file type even if the > extension does not match (e.g. spot a Windows executable file even if it > doesn't have an .exe extension). > > Is this something that would ever be possible with MailScanner? > > Thanks again for an awesome program!! > > Ryan -- Mariano Absatz El Baby ---------------------------------------------------------- It is now proved beyond doubt that smoking is one of the leading causes of statistics. -- Fletcher Knebel From mailscanner at LISTS.COM.AR Fri Jun 6 16:37:45 2003 From: mailscanner at LISTS.COM.AR (Mariano Absatz) Date: Thu Jan 12 21:18:25 2006 Subject: ZMailer and MailScanner--a little problem (+one little suggestion :P). In-Reply-To: <5.2.0.9.2.20030606162102.04d1afd8@imap.ecs.soton.ac.uk> References: <3EE08700.12996.10355F0F@localhost> Message-ID: <3EE08B19.20214.10456065@localhost> Great idea! I think that belongs in SMDiskStore... maybe renaming into something more general like: MailScanner::SMDiskStore::CheckQueuesAreOK() or something like that... El 6 Jun 2003 a las 16:21, Julian Field escribi?: > How about I split the CheckQueuesAreTogether code so that it is separate > for each MTA. Then we can do whatever combination we like, while still > being easy to maintain. > > At 16:20 06/06/2003, you wrote: > >Nice... > > > >I guess you modified the end of the CheckQueuesAreTogether() function in > >bin/MailScanner so it doesn't die 'cause you're daemon and the incoming > >router directory is owned by root. > > > >Maybe we could elegantly modify this to check for same ownership, or else, so > >that we have read&write permission on this directory before dying (so that we > >don't break current behavior). > > > >Julian, what do you think about it? As you can see from the sample below, the > >queue directories in ZMailer are world writable (but sticky), and thus you > >don't need that the owner of that directory is the same as you... > > > >El 6 Jun 2003 a las 17:02, Artur Meski escribi?: > > > > > Mariano Absatz writes: > > > > > > > I never run zmailer as non-root... is that possible? I guess that if > > it is > > > > so, using the same user for zmailer and MailScanner should be > > possible (in > > > > fact, I guess it should be necessary). You should check permissions on > > > > MailScanner temporary directories, but that should be it. > > > > > > Look: > > > > > > Processes: > > > [...] > > > daemon 33516 0,0 4,6 24524 24008 ?? SJ 16:17 0:02,25 > > /usr/bin/perl -I/usr/local/lib/MailScanner /usr/local/libexec/MailSca > > > daemon 33517 0,0 4,6 24608 24104 ?? SJ 16:17 0:02,57 > > /usr/bin/perl -I/usr/local/lib/MailScanner /usr/local/libexec/MailSca > > > daemon 33518 0,0 4,6 24604 24100 ?? SJ 16:18 0:02,96 > > /usr/bin/perl -I/usr/local/lib/MailScanner /usr/local/libexec/MailSca > > > [...] > > > > > > Permissions: > > > drwxr-xr-x 5 daemon wheel 512 5 Cze 23:46 /var/spool/MailScanner/ > > > drwxrwsrwt 2 root wheel 512 6 Cze 16:46 > > /var/spool/postoffice-incoming/router/ > > > drwxrwsrwt 28 root wheel 512 6 Cze 16:46 > > /var/spool/postoffice/router/ > > > > > > MailScanner.conf: > > > Run As User = daemon > > > > > > > > > I also had to change MailScanner's source code, because it was > > > checking the owner of that directories. > > > > > > Maybe it's a good sollution? Maybe it's an useful information for > > > MS+ZM users (for throng of them ;P) and it's worth putting into the > > > documentation? > > > -- Mariano Absatz El Baby ---------------------------------------------------------- I have had a perfectly wonderful evening, but this wasn't this one. -- Groucho Marx From Kevin.Spicer at BMRB.CO.UK Fri Jun 6 16:38:21 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:18:25 2006 Subject: filtering file types vs. extensions Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0EBF627@pascal.priv.bmrb.co.uk> There is a perl module that does that too. Can't remember what its called offhand - but I do remember its named fairly obviously (the word magic is in there somewhere!) > -----Original Message----- > From: Mariano Absatz [mailto:mailscanner@LISTS.COM.AR] > Sent: 06 June 2003 16:35 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: filtering file types vs. extensions > > > That should be possible using the magic file and the logic > that the file > command uses (with that same file). > > See: > man magic > man file > > > El 6 Jun 2003 a las 11:29, Bingham, Ryan escribi?: > > > Hi Julian, > > > > This is just a feature question. Some of the commercial products > > (Sybari's Antigen for Exchange comes to mind) that (try to) do what > > MailScanner does have the ability to discern the file type > even if the > > extension does not match (e.g. spot a Windows executable > file even if it > > doesn't have an .exe extension). > > > > Is this something that would ever be possible with MailScanner? > > > > Thanks again for an awesome program!! > > > > Ryan > > > -- > Mariano Absatz > El Baby > ---------------------------------------------------------- > It is now proved beyond doubt that smoking is one > of the leading causes of statistics. > -- Fletcher Knebel > BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From Denis.Beauchemin at USHERBROOKE.CA Fri Jun 6 16:40:06 2003 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:18:25 2006 Subject: Smooth upgrade to 4.21-9 Message-ID: <1054914005.22566.116.camel@dbeauchemin.si.usherbrooke.ca> I just want to thank Julian again for another great version of MS. I just upgraded our 2 servers and everything is just fine. I noticed new messages in my maillog: Jun 6 11:28:32 smtp3 MailScanner[27147]: Spam Checks: Found 1 spam messages Jun 6 11:28:32 smtp3 MailScanner[27147]: Cannot match against destination IP address when resolving configuration option "spamactions" Jun 6 11:28:32 smtp3 MailScanner[27147]: Spam Actions: message h56FSUX31319 actions are xxx@usherbrooke.ca,forward,deliver Can I do anything about the destination IP unresolved? It used the default rule, which is what I expected. Denis BTW: I modified languages.conf: SATooLarge = Courriel =?ISO-8859-1?Q?d=E9passant?= la taille maximale Report = Analyse -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x2252 F: 819.821.8045 From mailscanner at LISTS.COM.AR Fri Jun 6 16:44:32 2003 From: mailscanner at LISTS.COM.AR (Mariano Absatz) Date: Thu Jan 12 21:18:25 2006 Subject: filtering file types vs. extensions In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0EBF627@pascal.priv.bmrb.co.uk> Message-ID: <3EE08CB0.30640.104B94E4@localhost> Seems like File::MMagic... isn't CPAN great? http://search.cpan.org/author/KNOK/File-MMagic-1.19/ El 6 Jun 2003 a las 16:38, Spicer, Kevin escribi?: > There is a perl module that does that too. Can't remember what its called offhand - but I do remember its named fairly obviously (the word magic is in there somewhere!) > > > -----Original Message----- > > From: Mariano Absatz [mailto:mailscanner@LISTS.COM.AR] > > Sent: 06 June 2003 16:35 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: filtering file types vs. extensions > > > > > > That should be possible using the magic file and the logic > > that the file > > command uses (with that same file). > > > > See: > > man magic > > man file > > > > > > El 6 Jun 2003 a las 11:29, Bingham, Ryan escribi?: > > > > > Hi Julian, > > > > > > This is just a feature question. Some of the commercial products > > > (Sybari's Antigen for Exchange comes to mind) that (try to) do what > > > MailScanner does have the ability to discern the file type > > even if the > > > extension does not match (e.g. spot a Windows executable > > file even if it > > > doesn't have an .exe extension). > > > > > > Is this something that would ever be possible with MailScanner? > > > > > > Thanks again for an awesome program!! > > > > > > Ryan > > > > > > -- > > Mariano Absatz > > El Baby > > ---------------------------------------------------------- > > It is now proved beyond doubt that smoking is one > > of the leading causes of statistics. > > -- Fletcher Knebel > > > > > > BMRB International > http://www.bmrb.co.uk > +44 (0)20 8566 5000 > _________________________________________________________________ > This message (and any attachment) is intended only for the > recipient and may contain confidential and/or privileged > material. If you have received this in error, please contact the > sender and delete this message immediately. Disclosure, copying > or other action taken in respect of this email or in > reliance on it is prohibited. BMRB International Limited > accepts no liability in relation to any personal emails, or > content of any email which does not directly relate to our > business. -- Mariano Absatz El Baby ---------------------------------------------------------- I've never met a human being who would want to read 17,000 pages of documentation, and if there was, I'd kill him to get him out of the gene pool. -- Joseph Costello, President of Cadence From maxsec at TOTALISE.CO.UK Fri Jun 6 16:44:41 2003 From: maxsec at TOTALISE.CO.UK (Martin Hepworth) Date: Thu Jan 12 21:18:25 2006 Subject: Sophos/bugbear.b Message-ID: <3EE0B6E9.5070800@totalise.co.uk> Guys another update from Sophos on the bugbear.b malware. 3rd time lucky?? -- Martin From tim-lists at BISHNET.NET Fri Jun 6 16:43:01 2003 From: tim-lists at BISHNET.NET (Tim Bishop) Date: Thu Jan 12 21:18:25 2006 Subject: Weired Error In-Reply-To: <1054913728.3ee0b4c0708a3@webmail.MUW.Edu> References: <5C0296D26910694BB9A9BBFC577E7AB0EBF624@pascal.priv.bmrb.co.uk> <5.2.0.9.2.20030606151018.04e16f50@imap.ecs.soton.ac.uk> <1054913728.3ee0b4c0708a3@webmail.MUW.Edu> Message-ID: <20030606154301.GC56180@carrick.bishnet.net> On Fri, Jun 06, 2003 at 10:35:28AM -0500, Marco Obaid wrote: > The version that is shipped with FreeBSD is 5.0003, I believe. However, when I > installed SpamAssassin, I used the following: > > perl -MCPAN -e shell > prerequisites_policy ask > install Mail::SpamAssassin Use the spamassassin port. cd /usr/ports/mail/p5-Mail-SpamAssassin make install clean Tim. -- Tim Bishop http://www.bishnet.net/tim PGP Key: 0x5AE7D984 From marco at MUW.EDU Fri Jun 6 17:07:37 2003 From: marco at MUW.EDU (Marco Obaid) Date: Thu Jan 12 21:18:25 2006 Subject: Weired Error In-Reply-To: <20030606154301.GC56180@carrick.bishnet.net> References: <5C0296D26910694BB9A9BBFC577E7AB0EBF624@pascal.priv.bmrb.co.uk> <5.2.0.9.2.20030606151018.04e16f50@imap.ecs.soton.ac.uk> <1054913728.3ee0b4c0708a3@webmail.MUW.Edu> <20030606154301.GC56180@carrick.bishnet.net> Message-ID: <1054915657.3ee0bc4917d8a@webmail.MUW.Edu> Quoting Tim Bishop : > Use the spamassassin port. > > cd /usr/ports/mail/p5-Mail-SpamAssassin > make install clean Thank you Tim. I am new to FreeBSD and I love it so far. I did what you suggested, but it installed SA 2.50. Do I just have to waited till SA 2.55 is ported to FreeBSD? Thank you Marco _________________________________________________________________ This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail For the latest MUW Events, visit http://www.MUW.Edu/calendar From maxsec at TOTALISE.CO.UK Fri Jun 6 17:07:54 2003 From: maxsec at TOTALISE.CO.UK (Martin Hepworth) Date: Thu Jan 12 21:18:25 2006 Subject: Weired Error In-Reply-To: <1054915657.3ee0bc4917d8a@webmail.MUW.Edu> References: <5C0296D26910694BB9A9BBFC577E7AB0EBF624@pascal.priv.bmrb.co.uk> <5.2.0.9.2.20030606151018.04e16f50@imap.ecs.soton.ac.uk> <1054913728.3ee0b4c0708a3@webmail.MUW.Edu> <20030606154301.GC56180@carrick.bishnet.net> <1054915657.3ee0bc4917d8a@webmail.MUW.Edu> Message-ID: <3EE0BC5A.6060506@totalise.co.uk> Marco Obaid wrote: > Quoting Tim Bishop : > > >>Use the spamassassin port. >> >>cd /usr/ports/mail/p5-Mail-SpamAssassin >>make install clean > > > Thank you Tim. I am new to FreeBSD and I love it so far. > I did what you suggested, but it installed SA 2.50. > Do I just have to waited till SA 2.55 is ported to FreeBSD? > > Thank you > Marco > > _________________________________________________________________ > This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail > For the latest MUW Events, visit http://www.MUW.Edu/calendar marco it is. If you update the ports tree you'll find it's 2.55 -- martin From tim-lists at BISHNET.NET Fri Jun 6 17:13:07 2003 From: tim-lists at BISHNET.NET (Tim Bishop) Date: Thu Jan 12 21:18:25 2006 Subject: Weired Error In-Reply-To: <1054915657.3ee0bc4917d8a@webmail.MUW.Edu> References: <5C0296D26910694BB9A9BBFC577E7AB0EBF624@pascal.priv.bmrb.co.uk> <5.2.0.9.2.20030606151018.04e16f50@imap.ecs.soton.ac.uk> <1054913728.3ee0b4c0708a3@webmail.MUW.Edu> <20030606154301.GC56180@carrick.bishnet.net> <1054915657.3ee0bc4917d8a@webmail.MUW.Edu> Message-ID: <20030606161307.GD56180@carrick.bishnet.net> On Fri, Jun 06, 2003 at 11:07:37AM -0500, Marco Obaid wrote: > Quoting Tim Bishop : > > > Use the spamassassin port. > > > > cd /usr/ports/mail/p5-Mail-SpamAssassin > > make install clean > > Thank you Tim. I am new to FreeBSD and I love it so far. > I did what you suggested, but it installed SA 2.50. > Do I just have to waited till SA 2.55 is ported to FreeBSD? Your ports tree is out of date: http://www.freshports.org/mail/p5-Mail-SpamAssassin See the handbook for details on keeping your ports tree up-to-date. http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ports.html Cheers, Tim. -- Tim Bishop http://www.bishnet.net/tim PGP Key: 0x5AE7D984 From maxsec at TOTALISE.CO.UK Fri Jun 6 17:25:39 2003 From: maxsec at TOTALISE.CO.UK (Martin Hepworth) Date: Thu Jan 12 21:18:25 2006 Subject: MIME::Parser errors on FreeBSD 5.0 Message-ID: <3EE0C083.1070608@totalise.co.uk> Hey guys OK I think I'm seeing the problem, the incomingworkingdir is set somewhere 'magic', and if I put a line at the top of Mailscanner.conf it complains that I've set it twice in the file.....oh no I haven't. Anyway so where the heck is incomingworkingdir set and what's the default location, and where can ammend it??? -- Martin From marco at MUW.EDU Fri Jun 6 17:44:10 2003 From: marco at MUW.EDU (Marco Obaid) Date: Thu Jan 12 21:18:25 2006 Subject: MIME::Parser errors on FreeBSD 5.0 In-Reply-To: <3EE0C083.1070608@totalise.co.uk> References: <3EE0C083.1070608@totalise.co.uk> Message-ID: <1054917850.3ee0c4da96355@webmail.MUW.Edu> Hi, > Anyway so where the heck is incomingworkingdir set and what's the > default location, and where can ammend it??? Here is what I have on my FreeBSD system: *snip* from /opt/MailScanner/etc/MailScanner.conf Incoming Queue Dir = /var/spool/mqueue.in Outgoing Queue Dir = /var/spool/mqueue Incoming Work Dir = /var/spool/MailScanner/incoming Following the install.FreeBSD, you need to create /var/spool/MailScanner/incoming : mkdir -p /var/spool/MailScanner/incoming Also, I noticed right after a fresh install of FreeBSD that mqueue.in is not there. You might want to check if it is there and if not, create it. Hope this helps Marco _________________________________________________________________ This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail For the latest MUW Events, visit http://www.MUW.Edu/calendar From maxsec at TOTALISE.CO.UK Fri Jun 6 18:02:09 2003 From: maxsec at TOTALISE.CO.UK (Martin Hepworth) Date: Thu Jan 12 21:18:25 2006 Subject: MIME::Parser errors on FreeBSD 5.0 In-Reply-To: <1054917850.3ee0c4da96355@webmail.MUW.Edu> References: <3EE0C083.1070608@totalise.co.uk> <1054917850.3ee0c4da96355@webmail.MUW.Edu> Message-ID: <3EE0C911.9060109@totalise.co.uk> Marco Obaid wrote: > Hi, > > >>Anyway so where the heck is incomingworkingdir set and what's the >>default location, and where can ammend it??? > > > Here is what I have on my FreeBSD system: > > *snip* from /opt/MailScanner/etc/MailScanner.conf > > Incoming Queue Dir = /var/spool/mqueue.in > Outgoing Queue Dir = /var/spool/mqueue > Incoming Work Dir = /var/spool/MailScanner/incoming > > Following the install.FreeBSD, you need to > create /var/spool/MailScanner/incoming : > > mkdir -p /var/spool/MailScanner/incoming > > Also, I noticed right after a fresh install of FreeBSD that mqueue.in is not > there. You might want to check if it is there and if not, create it. > > Hope this helps > Marco > > > _________________________________________________________________ > This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail > For the latest MUW Events, visit http://www.MUW.Edu/calendar Marco got a little further - all this is correct and the MS user should have access to it.... I'll do some work on this tomorrw - maybe try with FreeBSD 5.1RC1 or 4.8 to see of they make a difference.. -- Martin From mailscanner at ecs.soton.ac.uk Fri Jun 6 18:02:04 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:25 2006 Subject: filtering file types vs. extensions In-Reply-To: <3EE08A8D.3778.10433DFC@localhost> References: Message-ID: <5.2.1.1.2.20030606175714.03cf4598@imap.ecs.soton.ac.uk> Does anyone know of a Perl module that uses the magic file? I would very much like to avoid having to write this, but I don't want to have to crank up the file command for every message batch if I can avoid it. Also, there would need to be some way of creating a list of "file" outputs to expected extensions, or something like that. There needs to be a useful way of processing the "file" output. What would you like to be able to do? 1. Block specific file types (you would have to specify the "file" output strings you are looking for. 2. Block file types that don't match their extensions (this could only be done for a known subset of "file" outputs). 3. Add a "file" output specifier to each rule in filename.rules.conf, so that the rule matches if either the filename matches or the file type matches. 4. Any more ideas? Your votes please.... At 16:35 06/06/2003, you wrote: >That should be possible using the magic file and the logic that the file >command uses (with that same file). > >See: >man magic >man file > > >El 6 Jun 2003 a las 11:29, Bingham, Ryan escribi?: > > > Hi Julian, > > > > This is just a feature question. Some of the commercial products > > (Sybari's Antigen for Exchange comes to mind) that (try to) do what > > MailScanner does have the ability to discern the file type even if the > > extension does not match (e.g. spot a Windows executable file even if it > > doesn't have an .exe extension). > > > > Is this something that would ever be possible with MailScanner? > > > > Thanks again for an awesome program!! > > > > Ryan > > >-- >Mariano Absatz >El Baby >---------------------------------------------------------- >It is now proved beyond doubt that smoking is one >of the leading causes of statistics. > -- Fletcher Knebel -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Fri Jun 6 18:03:40 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:25 2006 Subject: Weired Error In-Reply-To: <1054913728.3ee0b4c0708a3@webmail.MUW.Edu> References: <5.2.0.9.2.20030606151018.04e16f50@imap.ecs.soton.ac.uk> <5C0296D26910694BB9A9BBFC577E7AB0EBF624@pascal.priv.bmrb.co.uk> <5.2.0.9.2.20030606151018.04e16f50@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030606180259.02475920@imap.ecs.soton.ac.uk> If you have changed the version of Perl you are using, re-install everything that comes with MailScanner. At 16:35 06/06/2003, you wrote: >Hi Julian, > > > This means that your Perl, for some unknown reason, is not picking up the > > inherited packages correctly. > > You should be able to simply comment out (or delete) the "debug" lines on > > lines 2603, 2614, 2624, 2647. > >I will shortly. > > > > > What version of perl are you running? I have never come across this before, > > not ever. > >The version that is shipped with FreeBSD is 5.0003, I believe. However, when I >installed SpamAssassin, I used the following: > >perl -MCPAN -e shell >prerequisites_policy ask >install Mail::SpamAssassin > >During the SA install, I was asked to install some dependencies, one of them I >remember clearly was HTML::Parser. I answered 'y' to the question. Then for >some strange reason, it installed perl-5.8.0 first, then it installed the >dependecies and finally SpamAssassin. To eliminate confusion, I >renamed /usr/bin/perl to /usr/bin/perl-dist and then I created a link > >/usr/bin/perl -> /usr/local/bin/perl > >I have re-installed the FreeBSD system twice already and in the two instances, >everytime I try to install SA using the above method, perl-5.8.0 gets >installed. > >Do you think that's part of the problem? > >Thank you for any insights > >Marco > > > >_________________________________________________________________ >This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail >For the latest MUW Events, visit http://www.MUW.Edu/calendar -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Fri Jun 6 18:09:38 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:25 2006 Subject: Smooth upgrade to 4.21-9 In-Reply-To: <1054914005.22566.116.camel@dbeauchemin.si.usherbrooke.ca> Message-ID: <5.2.1.1.2.20030606180831.03cf99a0@imap.ecs.soton.ac.uk> At 16:40 06/06/2003, you wrote: >I just want to thank Julian again for another great version of MS. :-) >I just upgraded our 2 servers and everything is just fine. > >I noticed new messages in my maillog: >Jun 6 11:28:32 smtp3 MailScanner[27147]: Spam Checks: Found 1 spam messages >Jun 6 11:28:32 smtp3 MailScanner[27147]: Cannot match against destination >IP address when resolving configuration option "spamactions" >Jun 6 11:28:32 smtp3 MailScanner[27147]: Spam Actions: message >h56FSUX31319 actions are xxx@usherbrooke.ca,forward,deliver > >Can I do anything about the destination IP unresolved? It used the >default rule, which is what I expected. You don't know the destination IP address until *after* you have actually delivered the message. It all depends on what MX hosts are available on the destination site. So you cannot match against it. >Denis >BTW: I modified languages.conf: >SATooLarge = Courriel =?ISO-8859-1?Q?d=E9passant?= la taille maximale >Report = Analyse >-- >Denis Beauchemin, analyste >Universit? de Sherbrooke, S.T.I. >T: 819.821.8000x2252 F: 819.821.8045 -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From ryanb at AACRAO.ORG Fri Jun 6 18:24:01 2003 From: ryanb at AACRAO.ORG (Bingham, Ryan) Date: Thu Jan 12 21:18:25 2006 Subject: filtering file types vs. extensions Message-ID: > 1. Block specific file types (you would have to specify the "file" output > strings you are looking for. > 2. Block file types that don't match their extensions (this could only be > done for a known subset of "file" outputs). > 3. Add a "file" output specifier to each rule in filename.rules.conf, so > that the rule matches if either the filename matches or the file type > matches. > 4. Any more ideas? > > Your votes please.... I think all of the options you mention would be great, but I mainly had in mind number 3. Thanks again Julian, I continue to be amazed at your ability to do all this! Ryan From Kevin.Spicer at BMRB.CO.UK Fri Jun 6 18:29:20 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:18:25 2006 Subject: filtering file types vs. extensions Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0A4AD9A@pascal.priv.bmrb.co.uk> > Does anyone know of a Perl module that uses the magic file? I > would very > much like to avoid having to write this, but I don't want to > have to crank > up the file command for every message batch if I can avoid it. maybe you missed Mariano's post with the link in (it ended up in a different thread in my mailreader) so heres the link he found.. http://search.cpan.org/author/KNOK/File-MMagic-1.19/ Looks like this returns a mime type, which is probably the right way to go about this (saves processing the output from file too) Given mime types I think probaly the easiest way would be to have a mimetypes.rules.conf which matches using RE's in the same way filename.rules.conf does. I guess you run into issues if the output from filename rules and mimetype rules conflict (reject takes precedence?) I don't think combining filename rules and mime types into one file would be very easy as it would be difficult to deal with wildcard matching, double extensions etc. One suggestion which although complicating the implementation would make it much easier to construct rulesets based on file type is to have both a filename rules and mimetype rules file which assign category names (rather than simple yes/no) then have a much simpler ruleset determining action based on category (again reject takes precedence). Category names need to be arbitary so that users can extend the range of categories. I guess thats not easy - but it could be quite handy! BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From f.rotondo at TESEO.IT Fri Jun 6 18:31:36 2003 From: f.rotondo at TESEO.IT (Francesco Rotondo) Date: Thu Jan 12 21:18:25 2006 Subject: filtering file types vs. extensions References: <5.2.1.1.2.20030606175714.03cf4598@imap.ecs.soton.ac.uk> Message-ID: <01fa01c32c51$7b374a20$0464a8c0@teseo.info> > > What would you like to be able to do? > 1. Block specific file types (you would have to specify the "file" output > strings you are looking for. > 2. Block file types that don't match their extensions (this could only be > done for a known subset of "file" outputs). > 3. Add a "file" output specifier to each rule in filename.rules.conf, so > that the rule matches if either the filename matches or the file type matches. > 4. Any more ideas? > > Your votes please.... 3 looks good but IMHO it could be useful to stop windows executables that doesn't have an extension as in the case of new viruses these seems to be the only viruses that got through MS. Francesco From mailscanner at ecs.soton.ac.uk Fri Jun 6 18:42:57 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:25 2006 Subject: filtering file types vs. extensions In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0A4AD9A@pascal.priv.bmrb.co .uk> Message-ID: <5.2.1.1.2.20030606183433.0287c7a8@imap.ecs.soton.ac.uk> At 18:29 06/06/2003, you wrote: > > Does anyone know of a Perl module that uses the magic file? I > > would very > > much like to avoid having to write this, but I don't want to > > have to crank > > up the file command for every message batch if I can avoid it. > >maybe you missed Mariano's post with the link in (it ended up in a >different thread in my mailreader) so heres the link he found.. >http://search.cpan.org/author/KNOK/File-MMagic-1.19/ I hadn't seen his post when I replied. >Looks like this returns a mime type, which is probably the right way to go >about this (saves processing the output from file too) > >Given mime types I think probaly the easiest way would be to have a >mimetypes.rules.conf which matches using RE's in the same way >filename.rules.conf does. > >I guess you run into issues if the output from filename rules and mimetype >rules conflict (reject takes precedence?) > >I don't think combining filename rules and mime types into one file would >be very easy as it would be difficult to deal with wildcard matching, >double extensions etc. > >One suggestion which although complicating the implementation would make >it much easier to construct rulesets based on file type is to have both a >filename rules and mimetype rules file which assign category names (rather >than simple yes/no) then have a much simpler ruleset determining action >based on category (again reject takes precedence). Category names need to >be arbitary so that users can extend the range of categories. > >I guess thats not easy - but it could be quite handy! I want to keep it very simple to use. Very few people ever change these files, as they are complicated enough already. Mapping a mimetype or a filename rule to another keyword, then deny/allow based on those keywords, is a bit too complicated in my opinion. A file like filename.rules.conf that matches mimetypes (or possibly "file" output) would be the easiest thing to do. But it would not manage to match files in which the file content doesn't match the filename. But maybe this isn't actually a problem. I think maybe that enforcing that is actually going to cause you more trouble than it's worth anyway, so that might well not be a problem. It needs to be fast, fairly easy to implement, but above all easy to use. It doesn't need to be able to do absolutely everything, though that would be nice :-) -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From marco at MUW.EDU Fri Jun 6 18:59:21 2003 From: marco at MUW.EDU (Marco Obaid) Date: Thu Jan 12 21:18:25 2006 Subject: Weired Error In-Reply-To: <5.2.1.1.2.20030606180259.02475920@imap.ecs.soton.ac.uk> References: <5.2.0.9.2.20030606151018.04e16f50@imap.ecs.soton.ac.uk> <5C0296D26910694BB9A9BBFC577E7AB0EBF624@pascal.priv.bmrb.co.uk> <5.2.0.9.2.20030606151018.04e16f50@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030606180259.02475920@imap.ecs.soton.ac.uk> Message-ID: <1054922361.3ee0d6790a7f3@webmail.MUW.Edu> Hi Julian > If you have changed the version of Perl you are using, re-install > everything that comes with MailScanner. With many tips from the good FreeBSD users on this list, I reverted back to the FreeBSD distribution version of perl and MS is working fine right now. I think my problem was with perl versioning. That's as much as I can tell :) Before that, I commented out lines 2603, 2614, 2624, 2647 of Message.pm and it also worked. I just did not like the idea of commenting out things :) Thanks to all of you Marco _________________________________________________________________ This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail For the latest MUW Events, visit http://www.MUW.Edu/calendar From Denis.Beauchemin at USHERBROOKE.CA Fri Jun 6 19:08:50 2003 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:18:25 2006 Subject: Smooth upgrade to 4.21-9 In-Reply-To: <5.2.1.1.2.20030606180831.03cf99a0@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030606180831.03cf99a0@imap.ecs.soton.ac.uk> Message-ID: <1054922930.22566.128.camel@dbeauchemin.si.usherbrooke.ca> > > > >I noticed new messages in my maillog: > >Jun 6 11:28:32 smtp3 MailScanner[27147]: Spam Checks: Found 1 spam messages > >Jun 6 11:28:32 smtp3 MailScanner[27147]: Cannot match against destination > >IP address when resolving configuration option "spamactions" > >Jun 6 11:28:32 smtp3 MailScanner[27147]: Spam Actions: message > >h56FSUX31319 actions are xxx@usherbrooke.ca,forward,deliver > > > >Can I do anything about the destination IP unresolved? It used the > >default rule, which is what I expected. > > You don't know the destination IP address until *after* you have actually > delivered the message. It all depends on what MX hosts are available on the > destination site. So you cannot match against it. I'm not sure I understand what you said. Is it that what I am trying to do is doomed to fail every time? This is what I use: Spam Actions = /etc/MailScanner/rules/spam.action.rules /etc/MailScanner/rules/spam.action.rules: To: 132.210. attachment deliver forward xxx@usherbrooke.ca To: /^206\.167\.186\.[012346]\./ attachment deliver forward xxx@usherbrooke.ca To: 206.167.185. attachment deliver forward xxx@usherbrooke.ca To: *@USherbrooke.ca attachment deliver forward xxx@usherbrooke.ca FromOrTo: Default deliver forward xxx@usherbrooke.ca Basically I just want to deliver spam as an attachment (with my custom explanation of how to forward the message to us if it was misidentified) if the destination is local. I don't want external people to get my message about how to train SA. Thanks again! Denis -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x2252 F: 819.821.8045 From mailscanner at ecs.soton.ac.uk Fri Jun 6 19:16:07 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:25 2006 Subject: filtering file types vs. extensions In-Reply-To: <5.2.1.1.2.20030606183433.0287c7a8@imap.ecs.soton.ac.uk> References: <5C0296D26910694BB9A9BBFC577E7AB0A4AD9A@pascal.priv.bmrb.co .uk> Message-ID: <5.2.1.1.2.20030606191014.0287cc48@imap.ecs.soton.ac.uk> Not a good start. The latest File::MMagic module does not understand Linux /usr/share/magic files. It complains a lot about them, which makes it useless. So I will have to use the "file" command, with a timeout and all that c**p to stop DoS attacks on the file command. Does everyone's "file" command output the filename followed by a ":" followed by 1 or more spaces followed by the file type? It's going to rain all weekend here (surprise, surprise) so I may attack this feature soon. At 18:42 06/06/2003, you wrote: >At 18:29 06/06/2003, you wrote: >> > Does anyone know of a Perl module that uses the magic file? I >> > would very >> > much like to avoid having to write this, but I don't want to >> > have to crank >> > up the file command for every message batch if I can avoid it. >> >>maybe you missed Mariano's post with the link in (it ended up in a >>different thread in my mailreader) so heres the link he found.. >>http://search.cpan.org/author/KNOK/File-MMagic-1.19/ > >I hadn't seen his post when I replied. > >>Looks like this returns a mime type, which is probably the right way to go >>about this (saves processing the output from file too) >> >>Given mime types I think probaly the easiest way would be to have a >>mimetypes.rules.conf which matches using RE's in the same way >>filename.rules.conf does. >> >>I guess you run into issues if the output from filename rules and mimetype >>rules conflict (reject takes precedence?) >> >>I don't think combining filename rules and mime types into one file would >>be very easy as it would be difficult to deal with wildcard matching, >>double extensions etc. >> >>One suggestion which although complicating the implementation would make >>it much easier to construct rulesets based on file type is to have both a >>filename rules and mimetype rules file which assign category names (rather >>than simple yes/no) then have a much simpler ruleset determining action >>based on category (again reject takes precedence). Category names need to >>be arbitary so that users can extend the range of categories. >> >>I guess thats not easy - but it could be quite handy! > >I want to keep it very simple to use. Very few people ever change these >files, as they are complicated enough already. Mapping a mimetype or a >filename rule to another keyword, then deny/allow based on those keywords, >is a bit too complicated in my opinion. > >A file like filename.rules.conf that matches mimetypes (or possibly "file" >output) would be the easiest thing to do. But it would not manage to match >files in which the file content doesn't match the filename. But maybe this >isn't actually a problem. I think maybe that enforcing that is actually >going to cause you more trouble than it's worth anyway, so that might well >not be a problem. > >It needs to be fast, fairly easy to implement, but above all easy to use. >It doesn't need to be able to do absolutely everything, though that would >be nice :-) >-- >Julian Field >www.MailScanner.info >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Fri Jun 6 19:21:13 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:25 2006 Subject: Smooth upgrade to 4.21-9 In-Reply-To: <1054922930.22566.128.camel@dbeauchemin.si.usherbrooke.ca> References: <5.2.1.1.2.20030606180831.03cf99a0@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030606180831.03cf99a0@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030606191640.02586da8@imap.ecs.soton.ac.uk> At 19:08 06/06/2003, you wrote: > > > > > >I noticed new messages in my maillog: > > >Jun 6 11:28:32 smtp3 MailScanner[27147]: Spam Checks: Found 1 spam > messages > > >Jun 6 11:28:32 smtp3 MailScanner[27147]: Cannot match against > destination > > >IP address when resolving configuration option "spamactions" > > >Jun 6 11:28:32 smtp3 MailScanner[27147]: Spam Actions: message > > >h56FSUX31319 actions are xxx@usherbrooke.ca,forward,deliver > > > > > >Can I do anything about the destination IP unresolved? It used the > > >default rule, which is what I expected. > > > > You don't know the destination IP address until *after* you have actually > > delivered the message. It all depends on what MX hosts are available on > the > > destination site. So you cannot match against it. > >I'm not sure I understand what you said. Is it that what I am trying to >do is doomed to fail every time? > >This is what I use: >Spam Actions = /etc/MailScanner/rules/spam.action.rules > >/etc/MailScanner/rules/spam.action.rules: >To: 132.210. attachment deliver forward xxx@usherbrooke.ca >To: /^206\.167\.186\.[012346]\./ attachment deliver forward >xxx@usherbrooke.ca >To: 206.167.185. attachment deliver forward xxx@usherbrooke.ca You fundamentally cannot do that. I don't know the MX host until the mail is delivered (by the MTA), so I have absolutely no way of predicting the IP address of the best available MX. Even checking that *all* the MX hosts for this domain are within this range requires a hell of a lot of work on MailScanner's part. It would need to "dig" for every MX host to get its IP address and then check every single one against the spec you had allowed. And as you have specified the "deliver" action, then every MX host of every domain of every recipient of the message would have to be checked. That would take ages to do. Sorry, but mail delivery is very deliberately unrelated to IP address. >To: *@USherbrooke.ca attachment deliver forward xxx@usherbrooke.ca >FromOrTo: Default deliver forward xxx@usherbrooke.ca > >Basically I just want to deliver spam as an attachment (with my custom >explanation of how to forward the message to us if it was misidentified) >if the destination is local. I don't want external people to get my >message about how to train SA. > >Thanks again! > >Denis >-- >Denis Beauchemin, analyste >Universit? de Sherbrooke, S.T.I. >T: 819.821.8000x2252 F: 819.821.8045 -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mikea at MIKEA.ATH.CX Fri Jun 6 19:29:22 2003 From: mikea at MIKEA.ATH.CX (mikea) Date: Thu Jan 12 21:18:25 2006 Subject: filtering file types vs. extensions In-Reply-To: <5.2.1.1.2.20030606191014.0287cc48@imap.ecs.soton.ac.uk>; from mailscanner@ECS.SOTON.AC.UK on Fri, Jun 06, 2003 at 07:16:07PM +0100 References: <5C0296D26910694BB9A9BBFC577E7AB0A4AD9A@pascal.priv.bmrb.co <5.2.1.1.2.20030606183433.0287c7a8@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030606191014.0287cc48@imap.ecs.soton.ac.uk> Message-ID: <20030606132922.A55494@mikea.ath.cx> On Fri, Jun 06, 2003 at 07:16:07PM +0100, Julian Field wrote: > Not a good start. > The latest File::MMagic module does not understand Linux /usr/share/magic > files. It complains a lot about them, which makes it useless. > So I will have to use the "file" command, with a timeout and all that c**p > to stop DoS attacks on the file command. > > Does everyone's "file" command output the filename followed by a ":" > followed by 1 or more spaces followed by the file type? > > It's going to rain all weekend here (surprise, surprise) so I may attack > this feature soon. : (FreeBSD) $file * : : [some deletions] : : /etc/rc.virgin: Bourne shell script text executable : /etc/remote: ASCII English text : /etc/resolv.conf: ASCII text : /etc/rmt: symbolic link to /usr/sbin/rmt : /etc/rmt.virgin: ELF 32-bit LSB executable, Intel 80386, version 1 (FreeBSD), dynamically linked (uses shared libs), stripped : /etc/security: Bourne shell script text executable : /etc/skel: directory : /etc/skeykeys: can't read `/etc/skeykeys' (Permission denied). : /etc/skeykeys.virgin: empty I'll trade your rain for our nasty thunderstorms and tornadoes. -- Mike Andrews mikea@mikea.ath.cx Tired old sysadmin since 1964 From Denis.Beauchemin at USHERBROOKE.CA Fri Jun 6 19:38:18 2003 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:18:25 2006 Subject: Smooth upgrade to 4.21-9 In-Reply-To: <5.2.1.1.2.20030606191640.02586da8@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030606180831.03cf99a0@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030606180831.03cf99a0@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030606191640.02586da8@imap.ecs.soton.ac.uk> Message-ID: <1054924698.22566.149.camel@dbeauchemin.si.usherbrooke.ca> Julian, But it would be OK if I used domain names (without being bulletproof)? Denis Le ven 06/06/2003 ? 14:21, Julian Field a ?crit : > At 19:08 06/06/2003, you wrote: > > > > > > > >I noticed new messages in my maillog: > > > >Jun 6 11:28:32 smtp3 MailScanner[27147]: Spam Checks: Found 1 spam > > messages > > > >Jun 6 11:28:32 smtp3 MailScanner[27147]: Cannot match against > > destination > > > >IP address when resolving configuration option "spamactions" > > > >Jun 6 11:28:32 smtp3 MailScanner[27147]: Spam Actions: message > > > >h56FSUX31319 actions are xxx@usherbrooke.ca,forward,deliver > > > > > > > >Can I do anything about the destination IP unresolved? It used the > > > >default rule, which is what I expected. > > > > > > You don't know the destination IP address until *after* you have actually > > > delivered the message. It all depends on what MX hosts are available on > > the > > > destination site. So you cannot match against it. > > > >I'm not sure I understand what you said. Is it that what I am trying to > >do is doomed to fail every time? > > > >This is what I use: > >Spam Actions = /etc/MailScanner/rules/spam.action.rules > > > >/etc/MailScanner/rules/spam.action.rules: > >To: 132.210. attachment deliver forward xxx@usherbrooke.ca > >To: /^206\.167\.186\.[012346]\./ attachment deliver forward > >xxx@usherbrooke.ca > >To: 206.167.185. attachment deliver forward xxx@usherbrooke.ca > > You fundamentally cannot do that. I don't know the MX host until the mail > is delivered (by the MTA), so I have absolutely no way of predicting the IP > address of the best available MX. > > Even checking that *all* the MX hosts for this domain are within this range > requires a hell of a lot of work on MailScanner's part. It would need to > "dig" for every MX host to get its IP address and then check every single > one against the spec you had allowed. And as you have specified the > "deliver" action, then every MX host of every domain of every recipient of > the message would have to be checked. That would take ages to do. > > Sorry, but mail delivery is very deliberately unrelated to IP address. > > >To: *@USherbrooke.ca attachment deliver forward xxx@usherbrooke.ca > >FromOrTo: Default deliver forward xxx@usherbrooke.ca > > > >Basically I just want to deliver spam as an attachment (with my custom > >explanation of how to forward the message to us if it was misidentified) > >if the destination is local. I don't want external people to get my > >message about how to train SA. > > > >Thanks again! > > > >Denis > >-- > >Denis Beauchemin, analyste > >Universit? de Sherbrooke, S.T.I. > >T: 819.821.8000x2252 F: 819.821.8045 -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x2252 F: 819.821.8045 From mbowman at UDCOM.COM Fri Jun 6 21:25:33 2003 From: mbowman at UDCOM.COM (Matthew Bowman) Date: Thu Jan 12 21:18:25 2006 Subject: virus found ? Message-ID: Hello, In my maillog I am seeing this... *Jun 6 01:10:35 smithers MailScanner[4265]: Virus Scanning: F-Prot found virus Jun 6 01:10:35 smithers MailScanner[4265]: /var/spool/MailScanner/incoming/4265/h565ATc18784/my_videosz.zip->2453.exe is a security risk or a "backdoor" program * Is this the standard msg for 'backdoor' programs? Should there have been a virus def displayed? Matthew -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030606/bbdad1e3/attachment.html From lists at STHOMAS.NET Fri Jun 6 21:56:34 2003 From: lists at STHOMAS.NET (Steve Thomas) Date: Thu Jan 12 21:18:26 2006 Subject: virus found ? In-Reply-To: ; from mbowman@UDCOM.COM on Fri, Jun 06, 2003 at 04:25:33PM -0400 References: Message-ID: <20030606135634.C17561@sthomas.net> On Fri, Jun 06, 2003 at 04:25:33PM -0400, Matthew Bowman is rumored to have said: > > /var/spool/MailScanner/incoming/4265/h565ATc18784/my_videosz.zip->2453.exe > is a security risk or a "backdoor" program > > * Is this the standard msg for 'backdoor' programs? Should there have been > a virus def displayed? Sophos started detecting this today: Report: >>> Virus 'Dial/PecDial-B' found in file ./19OMRU-00035h-00/my_videosz.zip/2453.exe -- Steve Thomas ---------------------------------------------------------- "...subatomic matter in a particle accelerator that exists for only a few microseconds seems to exhibit more uptime than the RIAA's website." -- Andrew Orlowski TheRegister.co.uk From mbowman at UDCOM.COM Fri Jun 6 21:59:24 2003 From: mbowman at UDCOM.COM (Matthew Bowman) Date: Thu Jan 12 21:18:26 2006 Subject: virus found ? Message-ID: Thanks I am using f-prot which is current with updates etc. Anyone else with f-prot having the same messages? Steve Thomas Sent by: MailScanner mailing list 06/06/2003 04:56 PM Please respond to MailScanner mailing list To: MAILSCANNER@JISCMAIL.AC.UK cc: Subject: Re: virus found ? On Fri, Jun 06, 2003 at 04:25:33PM -0400, Matthew Bowman is rumored to have said: > > /var/spool/MailScanner/incoming/4265/h565ATc18784/my_videosz.zip->2453.exe > is a security risk or a "backdoor" program > > * Is this the standard msg for 'backdoor' programs? Should there have been > a virus def displayed? Sophos started detecting this today: Report: >>> Virus 'Dial/PecDial-B' found in file ./19OMRU-00035h-00/my_videosz.zip/2453.exe -- Steve Thomas ---------------------------------------------------------- "...subatomic matter in a particle accelerator that exists for only a few microseconds seems to exhibit more uptime than the RIAA's website." -- Andrew Orlowski TheRegister.co.uk -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030606/eec8ff5b/attachment.html From Andrew.Magnusson at COCC.COM Fri Jun 6 22:05:55 2003 From: Andrew.Magnusson at COCC.COM (Magnusson, Andrew) Date: Thu Jan 12 21:18:26 2006 Subject: virus found ? Message-ID: Yes, we're getting these as well. Quite a few over the last few days. Sender: 1oy77rx5@yahoo.com IP Address: 141.152.11.29 Recipient: XXXXXX@XXXXXXXXXXXX.com Subject: XXXXXX I am 18 ( barely ) XXXXXX MessageID: h56Kuum19850 Report: /var/spool/MailScanner/incoming/9089/./h56Kuum19850/my_video.zip->2453.exe is a security risk or a "backdoor" program Andrew Magnusson Internet Product Analyst COCC 1-877-678-0444 extension 640 *** This message originates from COCC, Inc. If the reader of this message, regardless of the address or routing, is not an intended recipient, you are hereby notified that you have received this transmittal in error and any review; use, distribution, dissemination or copying is strictly prohibited. If you have received this message in error, please delete this e-mail and all files transmitted with it from your system and immediately notify COCC, Inc. by sending reply e-mail to the sender of this message. Thank you. *** From cparker at SWATGEAR.COM Fri Jun 6 23:01:11 2003 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:18:26 2006 Subject: how to map MS process id to SM process id? Message-ID: <001BD19C96E6E64E8750D72C2EA0ECEE2B7C14@ati-ex-01.ati.local> Hello. When checking the maillog I'd like to be able to pull all the records pertaining to a certain mail. Is there a way to map the sendmail process id to the MS process id that is handling that mail? Let me know if I haven't made sense. Thanks, Chris. From mailscanner at LISTS.COM.AR Fri Jun 6 23:14:51 2003 From: mailscanner at LISTS.COM.AR (Mariano Absatz) Date: Thu Jan 12 21:18:26 2006 Subject: filtering file types vs. extensions In-Reply-To: <5.2.1.1.2.20030606191014.0287cc48@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030606183433.0287c7a8@imap.ecs.soton.ac.uk> Message-ID: <3EE0E82B.26759.11B0F37B@localhost> Now that I see it... it seems to be an Apache httpd server related module, so the "magic" file format is that of Apache and not that of the file command "magic" file format. I don't know if Apache's 1.3 and 2.0 mime-magic format is the same, but the documentation for them is at: http://httpd.apache.org/docs/mod/mod_mime_magic.html and http://httpd.apache.org/docs-2.0/mod/mod_mime_magic.html respectively. The file itself is included in both Apache httpd distributions, and, for the record, I think it would be much better to have a mime-type answer and process it with a file like filename.rules.conf (e.g. mime-type.rules.conf) in a relatively independent way. That is, I'd have two options in the config file: Filename Rules = /opt/MailScanner/etc/filename.rules.conf MIME-type Rules = /opt/MailScanner/etc/mime-type.rules.conf And inside there a set of allow/deny rules with an optional message (just like filename.rules.conf). Obviously, if an attachment matches a deny rule in any of both files, the attachment would be treated as dangerous and the proper action would trigger. Example: I get a file called "funny-picture.jpg" that actually has a DOS executable in it, it would be allowed by an explicit rule in filename.rules.conf, but later forbidden by an explicit rule in mime-type.rules.conf, and thus it would be replaced by a message that says "funny-picture.jpg seems to be an application/octet-stream type. This type is considered dangerous". It seems the file's "magic" file has some interesting data that Apache's doesn't... maybe someone is willing to fit the file's one into the Apache... Or maybe even... take a look at the C source for the file command... geez... I don't know if this is a good idea... it will take more than a weekend... Back to CPAN... take a look at http://search.cpan.org/author/SDAGUE/ppt-0.12/bin/file It is a command, and not a library, but maybe... In http://www.perl.com/language/ppt/src/file/index.html there is another implementation. El 6 Jun 2003 a las 19:16, Julian Field escribi?: > Not a good start. > The latest File::MMagic module does not understand Linux /usr/share/magic > files. It complains a lot about them, which makes it useless. > So I will have to use the "file" command, with a timeout and all that c**p > to stop DoS attacks on the file command. > > Does everyone's "file" command output the filename followed by a ":" > followed by 1 or more spaces followed by the file type? > > It's going to rain all weekend here (surprise, surprise) so I may attack > this feature soon. > > At 18:42 06/06/2003, you wrote: > >At 18:29 06/06/2003, you wrote: > >> > Does anyone know of a Perl module that uses the magic file? I > >> > would very > >> > much like to avoid having to write this, but I don't want to > >> > have to crank > >> > up the file command for every message batch if I can avoid it. > >> > >>maybe you missed Mariano's post with the link in (it ended up in a > >>different thread in my mailreader) so heres the link he found.. > >>http://search.cpan.org/author/KNOK/File-MMagic-1.19/ > > > >I hadn't seen his post when I replied. > > > >>Looks like this returns a mime type, which is probably the right way to go > >>about this (saves processing the output from file too) > >> > >>Given mime types I think probaly the easiest way would be to have a > >>mimetypes.rules.conf which matches using RE's in the same way > >>filename.rules.conf does. > >> > >>I guess you run into issues if the output from filename rules and mimetype > >>rules conflict (reject takes precedence?) > >> > >>I don't think combining filename rules and mime types into one file would > >>be very easy as it would be difficult to deal with wildcard matching, > >>double extensions etc. > >> > >>One suggestion which although complicating the implementation would make > >>it much easier to construct rulesets based on file type is to have both a > >>filename rules and mimetype rules file which assign category names (rather > >>than simple yes/no) then have a much simpler ruleset determining action > >>based on category (again reject takes precedence). Category names need to > >>be arbitary so that users can extend the range of categories. > >> > >>I guess thats not easy - but it could be quite handy! > > > >I want to keep it very simple to use. Very few people ever change these > >files, as they are complicated enough already. Mapping a mimetype or a > >filename rule to another keyword, then deny/allow based on those keywords, > >is a bit too complicated in my opinion. > > > >A file like filename.rules.conf that matches mimetypes (or possibly "file" > >output) would be the easiest thing to do. But it would not manage to match > >files in which the file content doesn't match the filename. But maybe this > >isn't actually a problem. I think maybe that enforcing that is actually > >going to cause you more trouble than it's worth anyway, so that might well > >not be a problem. > > > >It needs to be fast, fairly easy to implement, but above all easy to use. > >It doesn't need to be able to do absolutely everything, though that would > >be nice :-) > >-- > >Julian Field > >www.MailScanner.info > >Professional Support Services at www.MailScanner.biz > >MailScanner thanks transtec Computers for their support > > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support -- Mariano Absatz El Baby ---------------------------------------------------------- Behind every successful man is a woman, behind her is his wife. -- Groucho Marx From mikew at CRUCIS.NET Fri Jun 6 23:57:17 2003 From: mikew at CRUCIS.NET (Mike Watson) Date: Thu Jan 12 21:18:26 2006 Subject: F-prot says I need the mail server license In-Reply-To: <76C92FBBFB58D411AE760090271ED41805B33A62@rsys002a.roke.co.uk> References: <76C92FBBFB58D411AE760090271ED41805B33A62@rsys002a.roke.co.uk> Message-ID: <200306061757.20588.mikew@crucis.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 05 June 2003 10:40 am, you wrote: > F-prot have advised me that I will need to use the mail server > pricing model for use with Mailscanner which means I will have to > look at other virus scanners. > > Can anyone advise the next best choice for use with Mailscanner > preferably based on a per server basis. > > Thanks > > Dean Plant > > Snipped Well it still free for home users. It appears to be the same as 3.12. Mike W - -- Registered Linux - 256979 NRA Life ARS: W0TMW -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+4RxQ5fq6h2uDDlQRAvhFAJ4lMLlwJ+jkr29d3WnzRCtjJmkcDwCgtIXc Qs13iyFNqSwzU7zIs0lPxH0= =Uaj+ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by F-Prot and MailScanner, and is believed to be clean. From marco at MUW.EDU Sat Jun 7 00:14:56 2003 From: marco at MUW.EDU (Marco Obaid) Date: Thu Jan 12 21:18:26 2006 Subject: F-prot says I need the mail server license In-Reply-To: <200306061757.20588.mikew@crucis.net> References: <76C92FBBFB58D411AE760090271ED41805B33A62@rsys002a.roke.co.uk> <200306061757.20588.mikew@crucis.net> Message-ID: <1054941296.3ee1207026273@webmail.MUW.Edu> Hi, > Can anyone advise the next best choice for use with Mailscanner > preferably based on a per server basis. I use both Command Antivirus and Sophos. Give Command a shot. It is not pricey and it is very solid. It is really based on F-Prot technology. Easy to install and I have had good luck with it so far. For half the price of what I paid for Sophos, I got unlimited desktop and server licenses. This is educational discount though. Sophos was very expensive (including the educational discount) just for the one server that I bought it for. Sophos will ask the infamous question "how many e-mail users do you have?" ... I use it on a server with *no* users :) My experience with Sophos has not been great. The sales people are very tricky. Their prices are not defined and/or clear. I got two quotes from two different people for the same configuration. Support staff immediately throws the ball in your court before they even listen to the problem. I don't have good feeling about Sophos. However, their Antivirus software is solid. Just my 2 cents !!! Marco _________________________________________________________________ This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail For the latest MUW Events, visit http://www.MUW.Edu/calendar From mkettler at EVI-INC.COM Sat Jun 7 00:24:37 2003 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:18:26 2006 Subject: how to map MS process id to SM process id? In-Reply-To: <001BD19C96E6E64E8750D72C2EA0ECEE2B7C14@ati-ex-01.ati.local > Message-ID: <5.2.1.1.0.20030606191431.0188baf0@xanadu.evi-inc.com> At 03:01 PM 6/6/2003 -0700, Chris W. Parker wrote: >Hello. > >When checking the maillog I'd like to be able to pull all the records >pertaining to a certain mail. Is there a way to map the sendmail process >id to the MS process id that is handling that mail? > >Let me know if I haven't made sense. Process ID's are assigned by the OS itself, and there's no repeatable relationship between the PID of one process and the PID of another. Yes most Linux distros assign them in a counting order, but there's no way to be certain that two processes were started one right after the other without anything else starting in the middle. If you are running a paranoid OS (ie: OpenBSD or grsecurity patched linux) PIDs will be random. If there was a good inter-process pid mapping scheme, a few obscure kinds of hacking attempts would be significantly easier. From cparker at SWATGEAR.COM Sat Jun 7 00:34:34 2003 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:18:26 2006 Subject: how to map MS process id to SM process id? Message-ID: <001BD19C96E6E64E8750D72C2EA0ECEE2B7C16@ati-ex-01.ati.local> Matt Kettler wrote: > At 03:01 PM 6/6/2003 -0700, Chris W. Parker wrote: > > Hello. > > > > When checking the maillog I'd like to be able to pull all the > > records pertaining to a certain mail. Is there a way to map the > > sendmail process id to the MS process id that is handling that mail? > > > > Let me know if I haven't made sense. > > Process ID's are assigned by the OS itself, and there's no repeatable > relationship between the PID of one process and the PID of another. > > Yes most Linux distros assign them in a counting order, but there's > no way to be certain that two processes were started one right after > the other without anything else starting in the middle. Damn. That's what I thought. I was just hoping there'd be a way around that. Oh well. Thanks for explaining everything. Chris. From mikea at MIKEA.ATH.CX Sat Jun 7 00:37:17 2003 From: mikea at MIKEA.ATH.CX (mikea) Date: Thu Jan 12 21:18:26 2006 Subject: how to map MS process id to SM process id? In-Reply-To: <5.2.1.1.0.20030606191431.0188baf0@xanadu.evi-inc.com>; from mkettler@EVI-INC.COM on Fri, Jun 06, 2003 at 07:24:37PM -0400 References: <001BD19C96E6E64E8750D72C2EA0ECEE2B7C14@ati-ex-01.ati.local > <5.2.1.1.0.20030606191431.0188baf0@xanadu.evi-inc.com> Message-ID: <20030606183717.A57181@mikea.ath.cx> On Fri, Jun 06, 2003 at 07:24:37PM -0400, Matt Kettler wrote: > At 03:01 PM 6/6/2003 -0700, Chris W. Parker wrote: > >Hello. > > > >When checking the maillog I'd like to be able to pull all the records > >pertaining to a certain mail. Is there a way to map the sendmail process > >id to the MS process id that is handling that mail? > > > >Let me know if I haven't made sense. > > Process ID's are assigned by the OS itself, and there's no repeatable > relationship between the PID of one process and the PID of another. > > Yes most Linux distros assign them in a counting order, but there's no way > to be certain that two processes were started one right after the other > without anything else starting in the middle. > > If you are running a paranoid OS (ie: OpenBSD or grsecurity patched linux) > PIDs will be random. > > If there was a good inter-process pid mapping scheme, a few obscure kinds > of hacking attempts would be significantly easier. I have written a shell script that, in conjunction with a Perl script, will do do something like this wiht a Sendmail log. It's a real hack, and the output is not at all pretty, but I'll post it Monday if someone will remind me and I'm able to find it. -- Mike Andrews mikea@mikea.ath.cx Tired old sysadmin since 1964 From mikew at CRUCIS.NET Sat Jun 7 00:39:29 2003 From: mikew at CRUCIS.NET (Mike Watson) Date: Thu Jan 12 21:18:26 2006 Subject: virus found ? In-Reply-To: References: Message-ID: <200306061839.29975.mikew@crucis.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday 06 June 2003 03:59 pm, you wrote: > Thanks > > I am using f-prot which is current with updates etc. Anyone else > with f-prot having the same messages? > > > > > > > Steve Thomas > Sent by: MailScanner mailing list > 06/06/2003 04:56 PM > Please respond to MailScanner mailing list > > > To: MAILSCANNER@JISCMAIL.AC.UK > cc: > Subject: Re: virus found ? > > > On Fri, Jun 06, 2003 at 04:25:33PM -0400, Matthew Bowman is rumored > to have said: > > > /var/spool/MailScanner/incoming/4265/h565ATc18784/my_videosz.zip->245 >3.exe > > > is a security risk or a "backdoor" program > > > > * Is this the standard msg for 'backdoor' programs? Should there > > have > > been > > > a virus def displayed? > > Sophos started detecting this today: > > Report: >>> Virus 'Dial/PecDial-B' found in file > ./19OMRU-00035h-00/my_videosz.zip/2453.exe No, but I've been getting bugbear since yesterday. F-Prot is getting and cleaning them. Mike W - -- Registered Linux - 256979 NRA Life ARS: W0TMW -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+4SYx5fq6h2uDDlQRAuFlAJ9NId/y350xVkw0lS14EdPboey21wCdGwEM rjMRB0n3sToeg9QtyIBETeA= =/fwC -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by F-Prot and MailScanner, and is believed to be clean. From cparker at SWATGEAR.COM Sat Jun 7 00:44:40 2003 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:18:26 2006 Subject: virus found ? Message-ID: <001BD19C96E6E64E8750D72C2EA0ECEE2B7C17@ati-ex-01.ati.local> Mike Watson wrote: > No, but I've been getting bugbear since yesterday. F-Prot is getting > and cleaning them. Why clean a virus infected email instead of just dumping it in the trash? (Or am I misunderstanding something?) Chris. From mikew at CRUCIS.NET Sat Jun 7 00:53:09 2003 From: mikew at CRUCIS.NET (Mike Watson) Date: Thu Jan 12 21:18:26 2006 Subject: virus found ? In-Reply-To: <001BD19C96E6E64E8750D72C2EA0ECEE2B7C17@ati-ex-01.ati.local> References: <001BD19C96E6E64E8750D72C2EA0ECEE2B7C17@ati-ex-01.ati.local> Message-ID: <200306061853.09381.mikew@crucis.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday 06 June 2003 06:44 pm, you wrote: > Mike Watson wrote: > > No, but I've been getting bugbear since yesterday. F-Prot is > > getting and cleaning them. > > Why clean a virus infected email instead of just dumping it in the > trash? (Or am I misunderstanding something?) > > > Chris. I could do that. Instead, I'm sending them to a holding folder. I want to see what's coming in. Mike W - -- Registered Linux - 256979 NRA Life ARS: W0TMW -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+4Sll5fq6h2uDDlQRAl+WAKChQWbXpK6wKsSi1VHar/cZk9X4YACg0hr7 0YPWpAE8f+eGxE2Uuq3pW0s= =MPXr -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by F-Prot and MailScanner, and is believed to be clean. From mikew at CRUCIS.NET Sat Jun 7 01:22:25 2003 From: mikew at CRUCIS.NET (Mike Watson) Date: Thu Jan 12 21:18:26 2006 Subject: New F-Prot for Linux Workstations Message-ID: <200306061922.25838.mikew@crucis.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Has anyone tried this out yet? How well does it work with MailScanner? Mike W - -- Registered Linux - 256979 NRA Life ARS: W0TMW -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+4TBB5fq6h2uDDlQRAtETAJ9ogt1mdvN/Y1ZBlPBFXgg+o1ugPQCfTb1q Fep4fiYAxrlpqtmrXTTOcvw= =cgAV -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by F-Prot and MailScanner, and is believed to be clean. From forrie at FORRIE.COM Sat Jun 7 02:01:37 2003 From: forrie at FORRIE.COM (Forrest Aldrich) Date: Thu Jan 12 21:18:26 2006 Subject: OT: ClamAV website In-Reply-To: <200306061922.25838.mikew@crucis.net> Message-ID: <5.2.1.1.2.20030606210030.01fdfce0@192.168.1.1> Has anyone else noticed that ClamAV website is down or unavailable? I'm wondering if it's just my network route (I traced the route, and it appears to be isolated over there) -- or I wonder if their routers are blocking cable modems. Thx. From pg at NEWHONEST.COM Sat Jun 7 02:12:37 2003 From: pg at NEWHONEST.COM (Jason) Date: Thu Jan 12 21:18:26 2006 Subject: ClamAV website References: <5.2.1.1.2.20030606210030.01fdfce0@192.168.1.1> Message-ID: <005c01c32c91$e5bfd3e0$0201a8c0@jasonhomexp> Hi, www.clamav.org is working fine for my connection. I'm from HK -Jason ----- Original Message ----- From: "Forrest Aldrich" To: Sent: Saturday, June 07, 2003 9:01 AM Subject: OT: ClamAV website > Has anyone else noticed that ClamAV website is down or unavailable? I'm > wondering if it's just my network route (I traced the route, and it appears > to be isolated over there) -- or I wonder if their routers are blocking > cable modems. > > Thx. > From forrie at FORRIE.COM Sat Jun 7 02:15:15 2003 From: forrie at FORRIE.COM (Forrest Aldrich) Date: Thu Jan 12 21:18:26 2006 Subject: ClamAV website In-Reply-To: <005c01c32c91$e5bfd3e0$0201a8c0@jasonhomexp> References: <5.2.1.1.2.20030606210030.01fdfce0@192.168.1.1> Message-ID: <5.2.1.1.2.20030606211455.0202c980@192.168.1.1> Hmm... I had clamav.elektrapro.com as the primary web site. Thanks. At 09:12 PM 6/6/2003, Jason wrote: >Hi, www.clamav.org is working fine for my connection. I'm from HK > >-Jason > >----- Original Message ----- >From: "Forrest Aldrich" >To: >Sent: Saturday, June 07, 2003 9:01 AM >Subject: OT: ClamAV website > > > > Has anyone else noticed that ClamAV website is down or unavailable? I'm > > wondering if it's just my network route (I traced the route, and it >appears > > to be isolated over there) -- or I wonder if their routers are blocking > > cable modems. > > > > Thx. > > From mikew at CRUCIS.NET Sat Jun 7 02:16:27 2003 From: mikew at CRUCIS.NET (Mike Watson) Date: Thu Jan 12 21:18:26 2006 Subject: OT: ClamAV website In-Reply-To: <5.2.1.1.2.20030606210030.01fdfce0@192.168.1.1> References: <5.2.1.1.2.20030606210030.01fdfce0@192.168.1.1> Message-ID: <200306062016.30751.mikew@crucis.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday 06 June 2003 08:01 pm, you wrote: > Has anyone else noticed that ClamAV website is down or unavailable? > I'm wondering if it's just my network route (I traced the route, and > it appears to be isolated over there) -- or I wonder if their routers > are blocking cable modems. > > Thx. I couldn't get to it just a few minutes ago either. Is there a mirror somewhere? Mike W - -- Registered Linux - 256979 NRA Life ARS: W0TMW -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+4Tzu5fq6h2uDDlQRAr1iAJ4zX5ANXxZjgwLioli9/AdhDScb/ACguBrR u+Gt5G1dneN5/XxxPWQdlZE= =LPNz -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by F-Prot and MailScanner, and is believed to be clean. From forrie at FORRIE.COM Sat Jun 7 02:17:21 2003 From: forrie at FORRIE.COM (Forrest Aldrich) Date: Thu Jan 12 21:18:26 2006 Subject: OT: ClamAV website In-Reply-To: <200306062016.30751.mikew@crucis.net> References: <5.2.1.1.2.20030606210030.01fdfce0@192.168.1.1> <5.2.1.1.2.20030606210030.01fdfce0@192.168.1.1> Message-ID: <5.2.1.1.2.20030606211655.0202c828@192.168.1.1> The email list I have for ClamAV actually gets routed to clamav.elektrapro.com -- so they must be having some problems. ? At 09:16 PM 6/6/2003, you wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >On Friday 06 June 2003 08:01 pm, you wrote: > > Has anyone else noticed that ClamAV website is down or unavailable? > > I'm wondering if it's just my network route (I traced the route, and > > it appears to be isolated over there) -- or I wonder if their routers > > are blocking cable modems. > > > > Thx. >I couldn't get to it just a few minutes ago either. Is there a mirror >somewhere? > >Mike W >- -- >Registered Linux - 256979 >NRA Life >ARS: W0TMW > > > > > > > > >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.0.7 (GNU/Linux) > >iD8DBQE+4Tzu5fq6h2uDDlQRAr1iAJ4zX5ANXxZjgwLioli9/AdhDScb/ACguBrR >u+Gt5G1dneN5/XxxPWQdlZE= >=LPNz >-----END PGP SIGNATURE----- > > >-- >This message has been scanned for viruses and >dangerous content by F-Prot and MailScanner, >and is believed to be clean. From mikew at CRUCIS.NET Sat Jun 7 02:20:49 2003 From: mikew at CRUCIS.NET (Mike Watson) Date: Thu Jan 12 21:18:26 2006 Subject: OT: ClamAV website In-Reply-To: <5.2.1.1.2.20030606211655.0202c828@192.168.1.1> References: <5.2.1.1.2.20030606210030.01fdfce0@192.168.1.1> <5.2.1.1.2.20030606211655.0202c828@192.168.1.1> Message-ID: <200306062020.49660.mikew@crucis.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday 06 June 2003 08:17 pm, you wrote: > The email list I have for ClamAV actually gets routed to > clamav.elektrapro.com -- so they must be having some problems. ? > > At 09:16 PM 6/6/2003, you wrote: > >-----BEGIN PGP SIGNED MESSAGE----- > >Hash: SHA1 > > > >On Friday 06 June 2003 08:01 pm, you wrote: > > > Has anyone else noticed that ClamAV website is down or > > > unavailable? I'm wondering if it's just my network route (I > > > traced the route, and it appears to be isolated over there) -- or > > > I wonder if their routers are blocking cable modems. > > > > > > Thx. > > > >I couldn't get to it just a few minutes ago either. Is there a > > mirror somewhere? > > > >Mike W I found their website. ClamAV hasn't been upgraded since last November (2002) and the last virus.db is dated in March, 2003. Is it still active? Mike W - -- Registered Linux - 256979 NRA Life ARS: W0TMW -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+4T3x5fq6h2uDDlQRAklwAKDJ1xpR6SF8tQffmP7lAi9sNMdPwACePszi bhw6VLRbdrEKz/jSHNCzJms= =aCtC -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by F-Prot and MailScanner, and is believed to be clean. From forrie at FORRIE.COM Sat Jun 7 02:25:06 2003 From: forrie at FORRIE.COM (Forrest Aldrich) Date: Thu Jan 12 21:18:26 2006 Subject: OT: ClamAV website In-Reply-To: <200306062020.49660.mikew@crucis.net> References: <5.2.1.1.2.20030606211655.0202c828@192.168.1.1> <5.2.1.1.2.20030606210030.01fdfce0@192.168.1.1> <5.2.1.1.2.20030606211655.0202c828@192.168.1.1> Message-ID: <5.2.1.1.2.20030606212420.020221f8@192.168.1.1> Look in the snapshots directory on www.clamav.org (presuming that's the most current). Nobody from their list (ie: their direct emails) has responded about the downage. Anyone get clamav-milter working on FreeBSD? (how's that for off-topic? :) ) Forrest At 09:20 PM 6/6/2003, you wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >On Friday 06 June 2003 08:17 pm, you wrote: > > The email list I have for ClamAV actually gets routed to > > clamav.elektrapro.com -- so they must be having some problems. ? > > > > At 09:16 PM 6/6/2003, you wrote: > > >-----BEGIN PGP SIGNED MESSAGE----- > > >Hash: SHA1 > > > > > >On Friday 06 June 2003 08:01 pm, you wrote: > > > > Has anyone else noticed that ClamAV website is down or > > > > unavailable? I'm wondering if it's just my network route (I > > > > traced the route, and it appears to be isolated over there) -- or > > > > I wonder if their routers are blocking cable modems. > > > > > > > > Thx. > > > > > >I couldn't get to it just a few minutes ago either. Is there a > > > mirror somewhere? > > > > > >Mike W > > > I found their website. ClamAV hasn't been upgraded since last November >(2002) and the last virus.db is dated in March, 2003. > >Is it still active? > >Mike W > >- -- >Registered Linux - 256979 >NRA Life >ARS: W0TMW > > > > > > > > >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.0.7 (GNU/Linux) > >iD8DBQE+4T3x5fq6h2uDDlQRAklwAKDJ1xpR6SF8tQffmP7lAi9sNMdPwACePszi >bhw6VLRbdrEKz/jSHNCzJms= >=aCtC >-----END PGP SIGNATURE----- > > >-- >This message has been scanned for viruses and >dangerous content by F-Prot and MailScanner, >and is believed to be clean. From mikew at CRUCIS.NET Sat Jun 7 02:32:26 2003 From: mikew at CRUCIS.NET (Mike Watson) Date: Thu Jan 12 21:18:26 2006 Subject: OT: ClamAV website In-Reply-To: <5.2.1.1.2.20030606212420.020221f8@192.168.1.1> References: <5.2.1.1.2.20030606211655.0202c828@192.168.1.1> <5.2.1.1.2.20030606212420.020221f8@192.168.1.1> Message-ID: <200306062032.31046.mikew@crucis.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday 06 June 2003 08:25 pm, you wrote: > Look in the snapshots directory on www.clamav.org (presuming that's > the most current). Nobody from their list (ie: their direct emails) > has responded about the downage. > > Anyone get clamav-milter working on FreeBSD? (how's that for > off-topic? :) ) > > > > Forrest Their latest file is dated March 19, 2003. Mike W - -- Registered Linux - 256979 NRA Life ARS: W0TMW -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+4UCu5fq6h2uDDlQRAja8AJ97IPpXkrGMwwgzvsEi0lZ3dtgcDQCguj8S EOvEDKQ1By4WXh/dLG2NJ9E= =omcN -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by F-Prot and MailScanner, and is believed to be clean. From forrie at FORRIE.COM Sat Jun 7 02:34:57 2003 From: forrie at FORRIE.COM (Forrest Aldrich) Date: Thu Jan 12 21:18:26 2006 Subject: OT: ClamAV website In-Reply-To: <200306062032.31046.mikew@crucis.net> References: <5.2.1.1.2.20030606212420.020221f8@192.168.1.1> <5.2.1.1.2.20030606211655.0202c828@192.168.1.1> <5.2.1.1.2.20030606212420.020221f8@192.168.1.1> Message-ID: <5.2.1.1.2.20030606213433.03025908@192.168.1.1> I believe they have a CVS server. Not sure why they haven't chosen to host this project on sourceforge.net...... At 09:32 PM 6/6/2003, Mike Watson wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >On Friday 06 June 2003 08:25 pm, you wrote: > > Look in the snapshots directory on www.clamav.org (presuming that's > > the most current). Nobody from their list (ie: their direct emails) > > has responded about the downage. > > > > Anyone get clamav-milter working on FreeBSD? (how's that for > > off-topic? :) ) > > > > > > > > Forrest > >Their latest file is dated March 19, 2003. > >Mike W > >- -- >Registered Linux - 256979 >NRA Life >ARS: W0TMW > > > > > > > > >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.0.7 (GNU/Linux) > >iD8DBQE+4UCu5fq6h2uDDlQRAja8AJ97IPpXkrGMwwgzvsEi0lZ3dtgcDQCguj8S >EOvEDKQ1By4WXh/dLG2NJ9E= >=omcN >-----END PGP SIGNATURE----- > > >-- >This message has been scanned for viruses and >dangerous content by F-Prot and MailScanner, >and is believed to be clean. From mdchaney at MICHAELCHANEY.COM Sat Jun 7 05:19:37 2003 From: mdchaney at MICHAELCHANEY.COM (Michael Chaney) Date: Thu Jan 12 21:18:26 2006 Subject: F-Prot's new pricing policy Message-ID: <20030606231937.B26390@michaelchaney.com> Since the price of F-Prot has risen obnoxiously (from $300/year to around $1000/year for me), does anyone have a suggestion for a per-server licensed virus scanner? Preferably back around the $300/year range? Thanks, Michael -- Michael Darrin Chaney mdchaney@michaelchaney.com http://www.michaelchaney.com/ From lltan at WEARNES.COM.SG Sat Jun 7 06:04:30 2003 From: lltan at WEARNES.COM.SG (Tan Lian Leong) Date: Thu Jan 12 21:18:26 2006 Subject: update_virus_scanners doesn't notify Message-ID: <00e601c32cb2$4abee090$120000a9@wtkia> Seems like the "update_virus_scanners" cron job doesn't send notification when update virus engine failed, does it? Thanks. Benny -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030607/6b8dc77b/attachment.html From raymond at PROLOCATION.NET Sat Jun 7 08:44:04 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:26 2006 Subject: New F-Prot for Linux Workstations In-Reply-To: <200306061922.25838.mikew@crucis.net> Message-ID: Hi! > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Has anyone tried this out yet? How well does it work with MailScanner? > > Mike W Search the mail archives. The day it went on their FTP server i tested and reported on the list. (Its working ok) Bye, Raymond. From raymond at PROLOCATION.NET Sat Jun 7 08:47:23 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:26 2006 Subject: ClamAV website In-Reply-To: <20030607015149.M37161@konsultex.com.br> Message-ID: Hi! > http://clamav.essentkabel.com/database/ > > has the database updated yesterday. Since I don't use Clamav I don't > know if this is the correct way to update the pattern. I got this from a > discussion at: I am running Clam, and the last update i fetched is from June 5 (18:01). Looks pretty ok to me. Bye, Raymond. From peter at UCGBOOK.COM Sat Jun 7 09:25:22 2003 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:18:26 2006 Subject: ClamAV website In-Reply-To: References: Message-ID: <1054974322.2008.11.camel@rocco.bonivart.home> My freshclam also works, they have mirrors for the signatures and the web site is updated on clamav.essentkabel.com. However, clamav.elektrapro.com seems to still be down and www.clamav.org is not up to date as some has mentioned. /Peter Bonivart --Unix lovers do it in the Sun On Sat, 2003-06-07 at 09:47, Raymond Dijkxhoorn wrote: > Hi! > > > http://clamav.essentkabel.com/database/ > > > > has the database updated yesterday. Since I don't use Clamav I don't > > know if this is the correct way to update the pattern. I got this from a > > discussion at: > > I am running Clam, and the last update i fetched is from June 5 (18:01). > Looks pretty ok to me. > > Bye, > Raymond. From kevins at BMRB.CO.UK Sat Jun 7 09:35:27 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:26 2006 Subject: ClamAV website In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0011757E8@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB0011757E8@pascal.priv.bmrb.co.uk> Message-ID: <1054974927.8647.61.camel@bach.kevinspicer.co.uk> > Has anyone else noticed that ClamAV website is down or unavailable? I'm > wondering if it's just my network route (I traced the route, and it appears > to be isolated over there) -- or I wonder if their routers are blocking > cable modems. IIRC the last 'stable' release has clamav.elektrapro.com hard coded into it. The older available snapshots have a second server defined and the most recent snapshot has a mechanism for choosing a mirror from a text file. Here the content of the text file on my system in case its of use to anyone... clamav.elektrapro.com clamav.ozforces.com clamav.essentkabel.com clamav.linux-sxs.org BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From kevins at BMRB.CO.UK Sat Jun 7 09:43:36 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:26 2006 Subject: update_virus_scanners doesn't notify In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0011757F2@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB0011757F2@pascal.priv.bmrb.co.uk> Message-ID: <1054975419.25002.2.camel@bach.kevinspicer.co.uk> >On Sat, 2003-06-07 at 06:04, Tan Lian Leong wrote: >Seems like the "update_virus_scanners" cron job doesn't send >notification when update virus engine failed, does it? Thanks. No, it logs to syslog - if you want an email to root when things go wrong find the following line in update_virus_scanners ${UPDATER} >/dev/null 2>&1 and change it to... ${UPDATER} # >/dev/null 2>&1 BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From miguelk at KONSULTEX.COM.BR Sat Jun 7 02:55:56 2003 From: miguelk at KONSULTEX.COM.BR (Miguel Koren OBrien de Lacy) Date: Thu Jan 12 21:18:26 2006 Subject: ClamAV website In-Reply-To: <5.2.1.1.2.20030606211455.0202c980@192.168.1.1> References: <5.2.1.1.2.20030606210030.01fdfce0@192.168.1.1> <5.2.1.1.2.20030606211455.0202c980@192.168.1.1> Message-ID: <20030607015149.M37161@konsultex.com.br> I could not reach the official site: http://clamav.elektrapro.com/ either. I checked around and I believe that the setup needs to reference mirror sites for better results. I see that this site : http://clamav.essentkabel.com/database/ has the database updated yesterday. Since I don't use Clamav I don't know if this is the correct way to update the pattern. I got this from a discussion at: http://freshmeat.net/projects/clamav/?topic_id=861 Miguel -- Konsultex Informatica (http://www.konsultex.com.br) ---------- Original Message ----------- From: Forrest Aldrich To: MAILSCANNER@JISCMAIL.AC.UK Sent: Fri, 6 Jun 2003 21:15:15 -0400 Subject: Re: ClamAV website > Hmm... I had clamav.elektrapro.com as the primary web site. > > Thanks. > > At 09:12 PM 6/6/2003, Jason wrote: > >Hi, www.clamav.org is working fine for my connection. I'm from HK > > > >-Jason > > > >----- Original Message ----- > >From: "Forrest Aldrich" > >To: > >Sent: Saturday, June 07, 2003 9:01 AM > >Subject: OT: ClamAV website > > > > > > > Has anyone else noticed that ClamAV website is down or unavailable? I'm > > > wondering if it's just my network route (I traced the route, and it > >appears > > > to be isolated over there) -- or I wonder if their routers are blocking > > > cable modems. > > > > > > Thx. > > > ------- End of Original Message ------- From mikew at CRUCIS.NET Sat Jun 7 15:48:51 2003 From: mikew at CRUCIS.NET (Mike Watson) Date: Thu Jan 12 21:18:26 2006 Subject: F-Prot error message after upgrade to F-Prot 3.13 Message-ID: <200306070948.54577.mikew@crucis.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I upgraded to F-Prot 3.13 yesterday and now I'm receiving this message in maillog. Jun 7 01:15:07 cameron MailScanner[9260]: Either you've found a bug in MailScanner's F-Prot output parser, or F-Prot's output format has changed! F-Prot said this "Files: "Dumb" scan of all files". Please mail the author of MailScanner Jun 7 01:15:07 cameron MailScanner[9260]: Switches: -ARCHIVE -AI -OLD - -SAFEREMOVE Jun 7 01:15:07 cameron MailScanner[9260]: Either you've found a bug in MailScanner's F-Prot output parser, or F-Prot's output format has changed! F-Prot said this "Switches: -ARCHIVE - -AI -OLD -SAFEREMOVE". Please mail the author of MailScanner I still have the 3.12c source that I'd been using before. Has anyone seen this? I have not downloaded the new F-Prot for Linux Workstations. System: AMD Athlon 1.8GHz, 294MB memory, RH 8.0, MainScanner: 4.12-2, kernel: kernel-2.4.18-27.8.0 Mike W - -- Registered Linux - 256979 NRA Life ARS: W0TMW -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+4ftW5fq6h2uDDlQRAvQGAJwOk8DcY64BTBIiF/yAwjOoIUt+EgCdEh8M P/ELyFgJ78devKGkbBqo3Fc= =2624 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by F-Prot and MailScanner, and is believed to be clean. From SJCJonker at SJC.NL Sat Jun 7 15:59:23 2003 From: SJCJonker at SJC.NL (Stijn Jonker) Date: Thu Jan 12 21:18:26 2006 Subject: Encrypted Zipfiles Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello all, Recently some clown is sending viruses in encrypted/password protected Zip files on one of the mailinglists that are ppl are subscribed to. Mailscanner let them pass, with a clear log message. I check the config file for password and/or encrypted but couldn't find anything. Is there a way to block/quarentine these zip files. The only thing i could find are (un)encrypted messages i assume that is only aimed at pgp or s/mime email bodies and not zip files. If this is indeed also for encrypted zip files, i would like to suggest to seperate this. As i would encourage the users to use as much pgp as possible for the body. But off course not encrypted zip files. Thanks for the help. - -- Met Vriendelijke groet/Yours Sincerely Stijn Jonker -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+4f3NjU9r45tKnOARAk1SAJ9z+I0yIDQdxa7IPd6MnWdQ1QneeACfYFeS Q5+ELWcbbj1RZjaa1dwclcE= =g2oJ -----END PGP SIGNATURE----- From gerry at DORFAM.CA Sat Jun 7 17:33:47 2003 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:18:26 2006 Subject: RBL's Working? Message-ID: I haven't noticed anything marked by either ORDB-RBL or Infinite-Monkeys in a long, long time. Are these RBL's working? If so, how should they be called? I've got the following in spam.assassin.prefs.conf score ORDB-RBL 4 score Infinite-Monkeys 4 I haven't changed anything in spam.lists.conf. -- Gerry "The lyfe so short, the craft so long to learne" Chaucer From mike at ZANKER.ORG Sat Jun 7 17:43:27 2003 From: mike at ZANKER.ORG (Mike Zanker) Date: Thu Jan 12 21:18:26 2006 Subject: RBL's Working? In-Reply-To: References: Message-ID: <987359.1055007807@jemima.zanker.org> On 07 June 2003 12:33 -0400 Gerry Doris wrote: > I haven't noticed anything marked by either ORDB-RBL or > Infinite-Monkeys in a long, long time. Are these RBL's working? Monkeys definitely. I'm using it with sendmail to reject at the SMTP level - last one rejected 45 minutes ago. I only use ORDB with SpamAssassin and the last one marked was May 6th. > If so, how should they be called? I've got the following in > spam.assassin.prefs.conf > > score ORDB-RBL 4 That should be score RCVD_IN_RELAYS_ORDB_ORG 4 for SpamAssassin, shouldn't it? > score Infinite-Monkeys 4 SpamAssassin doesn't use Infinite Monkeys AFAIK. > I haven't changed anything in spam.lists.conf. That's just for MailScanner, not SpamAssassin, I believe. Mike. From mailscanner at ecs.soton.ac.uk Sat Jun 7 18:24:32 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:26 2006 Subject: Problem with Sophos 3.70 and sophossavi Message-ID: <5.2.1.1.2.20030607182149.03022720@imap.ecs.soton.ac.uk> There appears to be a problem with the most recent Sophos releases and the sophossavi virus scanner. MailScanner will segfault when it first tries to set up the sophossavi scanner. The symptom is that MailScanner continually re-forks its child processes so every 10 seconds you will get a notice in your maillog saying the MailScanner is starting up, but no mail will be processed. The workaround is very simple: rm /etc/sav.conf The next release will include a new Sophos.install script which does this step for you. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Sat Jun 7 18:59:06 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:26 2006 Subject: New F-Prot 4 autoupdate script In-Reply-To: <07d501c32cdb$56eb5870$9d720550@T20> Message-ID: <5.2.1.1.2.20030607185632.03030968@imap.ecs.soton.ac.uk> The new F-Prot versions need a slightly different f-prot-autoupdate script due to the removal of the "checksum" program they used to supply. Attached is a new f-prot-autoupdate script which you should drop into one of /usr/lib/MailScanner or /opt/MailScanner/lib and don't forget to chmod a+rx f-prot-autoupdate so that it is executable. -------------- next part -------------- A non-text attachment was scrubbed... Name: f-prot-autoupdate Type: application/octet-stream Size: 10090 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030607/d3016ea0/f-prot-autoupdate.obj -------------- next part -------------- -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From steve.freegard at LBSLTD.CO.UK Sat Jun 7 19:19:08 2003 From: steve.freegard at LBSLTD.CO.UK (Steve Freegard) Date: Thu Jan 12 21:18:26 2006 Subject: Problem with Sophos 3.70 and sophossavi Message-ID: <67D9E7698329D411936E00508B6590B902773916@neelix.lbsltd.co.uk> Julian, I've had this problem since I started using Perl-SAVI on RH9 (with v3.67 Sophos) - I had cured it by putting LD_ASSUME_KERNEL=2.2.5; export LD_ASSUME_KERNEL into /etc/rc.d/init.d/MailScanner. I've just removed the above changes and removed /etc/sav.conf as recommended, and can confirm that this fixes the problem for me as well. Kind regards, Steve -- Steve Freegard System Manager Littlehampton Book Services Ltd. -----Original Message----- From: Julian Field To: MAILSCANNER@JISCMAIL.AC.UK Sent: 07/06/03 18:24 Subject: Problem with Sophos 3.70 and sophossavi There appears to be a problem with the most recent Sophos releases and the sophossavi virus scanner. MailScanner will segfault when it first tries to set up the sophossavi scanner. The symptom is that MailScanner continually re-forks its child processes so every 10 seconds you will get a notice in your maillog saying the MailScanner is starting up, but no mail will be processed. The workaround is very simple: rm /etc/sav.conf The next release will include a new Sophos.install script which does this step for you. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete the message from your mailbox. This footnote also confirms that this email message has been swept by MailScanner (www.mailscanner.info) for the presence of computer viruses. From raymond at PROLOCATION.NET Sat Jun 7 19:22:02 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:26 2006 Subject: New F-Prot 4 autoupdate script In-Reply-To: <5.2.1.1.2.20030607185632.03030968@imap.ecs.soton.ac.uk> Message-ID: Hi Julian, > The new F-Prot versions need a slightly different f-prot-autoupdate script > due to the removal of the "checksum" program they used to supply. > > Attached is a new f-prot-autoupdate script which you should drop into one of > /usr/lib/MailScanner Hey, thanks. I didnt see errors btw, but they told the update script was changed a little, thanks for cathing up :=)))) Replaced them on my production boxes right away. If you have time to do something with the language part, i am happy to beta test. Thanks! Raymond. From gsmithe at OFALLON90.NET Sun Jun 8 00:04:36 2003 From: gsmithe at OFALLON90.NET (Gary Smithe) Date: Thu Jan 12 21:18:26 2006 Subject: selective IFRAME filtering Message-ID: Hi, I subscribe to a couple of comics from comics.com, and 1 of them is filtered as having an IFRAME html code (but not the other - weird). Anyway, is there a way to add this to a whitelist or something since I know it is benign (I'd like to catch all other IFRAME tags though). I'm not using any AV software on this relay, that's handled on the hidden exchange server - this is just the built-in filter. Thanks, Gary From ryanb at AACRAO.ORG Sun Jun 8 00:42:39 2003 From: ryanb at AACRAO.ORG (Ryan Bingham) Date: Thu Jan 12 21:18:26 2006 Subject: selective IFRAME filtering References: Message-ID: <000e01c32d4e$7bc7b350$f8240340@kh06s9> Hi Gary, You can set up a ruleset for this. Look for this line in your MailScanner.conf file: Allow IFrame Tags = and point it to a ruleset filename. For example: Allow IFrame Tags = /etc/MailScanner/rules/iframe.whitelist.rules Then in your /etc/MailScanner/rules directory, create a file called iframe.whitelist.rules In it you can put entries like: From: someone@somehost.com yes FromOrTo: default no I believe you can also put wildcards: From: *@somehost.com yes Just be sure that the last line of your ruleset file is FromOrTo: default no So that the default action for the rest of your mail will still be to disallow IFrame tags. Ryan ----- Original Message ----- From: "Gary Smithe" To: Sent: Saturday, June 07, 2003 7:04 PM Subject: selective IFRAME filtering > Hi, > I subscribe to a couple of comics from comics.com, and 1 of them is filtered as having an IFRAME html code (but not the other - weird). Anyway, is there a way to add this to a whitelist or something since I know it is benign (I'd like to catch all other IFRAME tags though). > > I'm not using any AV software on this relay, that's handled on the hidden exchange server - this is just the built-in filter. > > Thanks, > Gary > From dh at UPTIME.AT Sun Jun 8 13:43:24 2003 From: dh at UPTIME.AT (David) Date: Thu Jan 12 21:18:26 2006 Subject: Concerning the Tag high scoring when on List action Message-ID: I was noticing that my mail gets correctly tagged as high scored spam when it is on 2 Black Lists that I told MailScanner to check. It does not get tagged as high scrong when it is found on two black lists that only Spamassassin seems tro check is that correct? -d - "Deep into that darkness peering, long I stood there wondering, fearing, - Doubting, dreaming dreams no mortal ever dared to dream to dream before.." Edgar Allen Poe - The Raven -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 186 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030608/29d0f727/PGP.bin From mailscanner at ecs.soton.ac.uk Sun Jun 8 14:48:22 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:26 2006 Subject: New F-Prot 4 autoupdate script In-Reply-To: References: <5.2.1.1.2.20030607185632.03030968@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030608144740.038f1b68@imap.ecs.soton.ac.uk> At 19:22 07/06/2003, you wrote: >If you have time to do something with the language part, i am happy to >beta test. That seems to be working. I might well post something later today. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Sun Jun 8 14:49:22 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:26 2006 Subject: F-Prot error message after upgrade to F-Prot 3.13 In-Reply-To: <200306070948.54577.mikew@crucis.net> Message-ID: <5.2.1.1.2.20030608144856.03920088@imap.ecs.soton.ac.uk> This has been mentioned more times than I can remember. Upgrade to a more recent MailScanner and it will go away. At 15:48 07/06/2003, you wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >I upgraded to F-Prot 3.13 yesterday and now I'm receiving this message >in maillog. > > >Jun 7 01:15:07 cameron MailScanner[9260]: Either you've found a bug in >MailScanner's F-Prot > output parser, or F-Prot's output format has changed! F-Prot said this >"Files: "Dumb" scan >of all files". Please mail the author of MailScanner >Jun 7 01:15:07 cameron MailScanner[9260]: Switches: -ARCHIVE -AI -OLD >- -SAFEREMOVE >Jun 7 01:15:07 cameron MailScanner[9260]: Either you've found a bug in >MailScanner's F-Prot > output parser, or F-Prot's output format has changed! F-Prot said this >"Switches: -ARCHIVE >- -AI -OLD -SAFEREMOVE". Please mail the author of MailScanner > >I still have the 3.12c source that I'd been using before. Has anyone >seen this? I have not downloaded the new F-Prot for Linux >Workstations. > >System: AMD Athlon 1.8GHz, 294MB memory, RH 8.0, MainScanner: 4.12-2, >kernel: kernel-2.4.18-27.8.0 > >Mike W >- -- >Registered Linux - 256979 >NRA Life >ARS: W0TMW > > > > > > > > >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.0.7 (GNU/Linux) > >iD8DBQE+4ftW5fq6h2uDDlQRAvQGAJwOk8DcY64BTBIiF/yAwjOoIUt+EgCdEh8M >P/ELyFgJ78devKGkbBqo3Fc= >=2624 >-----END PGP SIGNATURE----- > > >-- >This message has been scanned for viruses and >dangerous content by F-Prot and MailScanner, >and is believed to be clean. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Sun Jun 8 14:50:52 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:26 2006 Subject: Smooth upgrade to 4.21-9 In-Reply-To: <1054924698.22566.149.camel@dbeauchemin.si.usherbrooke.ca> References: <5.2.1.1.2.20030606191640.02586da8@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030606180831.03cf99a0@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030606180831.03cf99a0@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030606191640.02586da8@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030608145043.03927510@imap.ecs.soton.ac.uk> Sure. At 19:38 06/06/2003, you wrote: >Julian, > >But it would be OK if I used domain names (without being bulletproof)? > >Denis >Le ven 06/06/2003 ? 14:21, Julian Field a ?crit : > > At 19:08 06/06/2003, you wrote: > > > > > > > > > >I noticed new messages in my maillog: > > > > >Jun 6 11:28:32 smtp3 MailScanner[27147]: Spam Checks: Found 1 spam > > > messages > > > > >Jun 6 11:28:32 smtp3 MailScanner[27147]: Cannot match against > > > destination > > > > >IP address when resolving configuration option "spamactions" > > > > >Jun 6 11:28:32 smtp3 MailScanner[27147]: Spam Actions: message > > > > >h56FSUX31319 actions are xxx@usherbrooke.ca,forward,deliver > > > > > > > > > >Can I do anything about the destination IP unresolved? It used the > > > > >default rule, which is what I expected. > > > > > > > > You don't know the destination IP address until *after* you have > actually > > > > delivered the message. It all depends on what MX hosts are > available on > > > the > > > > destination site. So you cannot match against it. > > > > > >I'm not sure I understand what you said. Is it that what I am trying to > > >do is doomed to fail every time? > > > > > >This is what I use: > > >Spam Actions = /etc/MailScanner/rules/spam.action.rules > > > > > >/etc/MailScanner/rules/spam.action.rules: > > >To: 132.210. attachment deliver forward xxx@usherbrooke.ca > > >To: /^206\.167\.186\.[012346]\./ attachment deliver forward > > >xxx@usherbrooke.ca > > >To: 206.167.185. attachment deliver forward xxx@usherbrooke.ca > > > > You fundamentally cannot do that. I don't know the MX host until the mail > > is delivered (by the MTA), so I have absolutely no way of predicting > the IP > > address of the best available MX. > > > > Even checking that *all* the MX hosts for this domain are within this > range > > requires a hell of a lot of work on MailScanner's part. It would need to > > "dig" for every MX host to get its IP address and then check every single > > one against the spec you had allowed. And as you have specified the > > "deliver" action, then every MX host of every domain of every recipient of > > the message would have to be checked. That would take ages to do. > > > > Sorry, but mail delivery is very deliberately unrelated to IP address. > > > > >To: *@USherbrooke.ca attachment deliver forward xxx@usherbrooke.ca > > >FromOrTo: Default deliver forward xxx@usherbrooke.ca > > > > > >Basically I just want to deliver spam as an attachment (with my custom > > >explanation of how to forward the message to us if it was misidentified) > > >if the destination is local. I don't want external people to get my > > >message about how to train SA. > > > > > >Thanks again! > > > > > >Denis > > >-- > > >Denis Beauchemin, analyste > > >Universit? de Sherbrooke, S.T.I. > > >T: 819.821.8000x2252 F: 819.821.8045 >-- >Denis Beauchemin, analyste >Universit? de Sherbrooke, S.T.I. >T: 819.821.8000x2252 F: 819.821.8045 -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Sun Jun 8 14:01:33 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:26 2006 Subject: Concerning the Tag high scoring when on List action In-Reply-To: Message-ID: <5.2.1.1.2.20030608140032.03994e80@imap.ecs.soton.ac.uk> At 13:43 08/06/2003, you wrote: >I was noticing that my mail gets correctly tagged as high scored spam when >it is on 2 Black Lists that I told MailScanner to check. It does not get >tagged as high scrong when it is found on two black lists that only >Spamassassin seems tro check is that correct? The SpamAssassin blacklisting is completely separate to the MailScanner blacklisting. Appearance on a SpamAssassin blacklist adds to the score of the message, but won't automatically cause it to be treated as spam or high scoring spam. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mikew at CRUCIS.NET Sun Jun 8 16:38:01 2003 From: mikew at CRUCIS.NET (Mike Watson) Date: Thu Jan 12 21:18:26 2006 Subject: F-Prot error message after upgrade to F-Prot 3.13 In-Reply-To: <5.2.1.1.2.20030608144856.03920088@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030608144856.03920088@imap.ecs.soton.ac.uk> Message-ID: <200306081038.09960.mikew@crucis.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sunday 08 June 2003 08:49 am, you wrote: > This has been mentioned more times than I can remember. > Upgrade to a more recent MailScanner and it will go away. > Did and it did go away. Thank you. But... I seldom upgrade to a new version of anything when my present version is working for me. Call me a casualty of the Microsoft upgrade wars if you will, but new features don't drive me to upgrade if the present ones suit me. I must say that the upgrade process worked well. I had archived all my 4.12 config, reports and rules before the upgrade. My old MailScanner.conf wouldn't run the new version 4.21-9 MS but I modified it easily enough. You do have a quality product. Keep up the good work! Mike W - -- Registered Linux - 256979 NRA Life ARS: W0TMW -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+41hh5fq6h2uDDlQRAlCIAJ4zMfVCNCwE+V1SIGkWT7pibAcowgCfa0Bk PQWvvAgSe3/z6p3aL5Ls4VY= =vZwl -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by F-Prot and MailScanner, and is believed to be clean. From gsmithe at OFALLON90.NET Sun Jun 8 20:41:00 2003 From: gsmithe at OFALLON90.NET (Gary Smithe) Date: Thu Jan 12 21:18:26 2006 Subject: selective IFRAME filtering Message-ID: Thanks! I didn't think that IFRAMES would even be in the .conf file... Guess I need to read the docs thoroughly before posting. Thanks again! Gary -----Original Message----- From: Ryan Bingham [mailto:ryanb@AACRAO.ORG] Sent: Sat 6/7/2003 6:42 PM To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Re: selective IFRAME filtering Hi Gary, You can set up a ruleset for this. Look for this line in your MailScanner.conf file: Allow IFrame Tags = and point it to a ruleset filename. For example: Allow IFrame Tags = /etc/MailScanner/rules/iframe.whitelist.rules Then in your /etc/MailScanner/rules directory, create a file called iframe.whitelist.rules In it you can put entries like: From: someone@somehost.com yes FromOrTo: default no I believe you can also put wildcards: From: *@somehost.com yes Just be sure that the last line of your ruleset file is FromOrTo: default no So that the default action for the rest of your mail will still be to disallow IFrame tags. Ryan ----- Original Message ----- From: "Gary Smithe" To: Sent: Saturday, June 07, 2003 7:04 PM Subject: selective IFRAME filtering > Hi, > I subscribe to a couple of comics from comics.com, and 1 of them is filtered as having an IFRAME html code (but not the other - weird). Anyway, is there a way to add this to a whitelist or something since I know it is benign (I'd like to catch all other IFRAME tags though). > > I'm not using any AV software on this relay, that's handled on the hidden exchange server - this is just the built-in filter. > > Thanks, > Gary > From support at INVICTANET.CO.UK Sun Jun 8 21:10:14 2003 From: support at INVICTANET.CO.UK (InvictaNet Customer Support) Date: Thu Jan 12 21:18:26 2006 Subject: Number of viruses found Message-ID: Any ideas as to why Sophos found 1, F-Prot found 1 but Clam found 2? Jun 8 20:08:32 lemsip MailScanner[78113]: Virus Scanning: sophos found 1 infections Jun 8 20:08:32 lemsip MailScanner[78113]: Virus Scanning: F-Prot found virus W32/Bugbear.B@mm Jun 8 20:08:32 lemsip MailScanner[78113]: Virus Scanning: f-prot found 1 infections Jun 8 20:08:32 lemsip MailScanner[78113]: Virus Scanning: clamav found 2 infections Jun 8 20:08:32 lemsip MailScanner[78113]: Virus Scanning: Found 2 viruses Martyn Routley ----------------------------------------------------------------- InvictaNet - The Internet in Plain English, Guaranteed http://www.invictanet.co.uk martyn@support.invictanet.co.uk phone: 08707 440180 fax: 08707 440181 Ask us about our online Antivirus and Junk mail scanning service ----------------------------------------------------------------- From mailscanner at ecs.soton.ac.uk Sun Jun 8 21:14:47 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:26 2006 Subject: Number of viruses found In-Reply-To: Message-ID: <5.2.1.1.2.20030608211319.03944c88@imap.ecs.soton.ac.uk> I would go for Sophos and F-Prot finding fragmented or partial viruses and not reporting them as they are harmless. Without you telling us what it found or how big the files were, there's not much else I can guess at. At 21:10 08/06/2003, you wrote: >Any ideas as to why Sophos found 1, F-Prot found 1 but Clam found 2? > >Jun 8 20:08:32 lemsip MailScanner[78113]: Virus Scanning: sophos found 1 >infections >Jun 8 20:08:32 lemsip MailScanner[78113]: Virus Scanning: F-Prot found >virus W32/Bugbear.B@mm >Jun 8 20:08:32 lemsip MailScanner[78113]: Virus Scanning: f-prot found 1 >infections >Jun 8 20:08:32 lemsip MailScanner[78113]: Virus Scanning: clamav found 2 >infections >Jun 8 20:08:32 lemsip MailScanner[78113]: Virus Scanning: Found 2 viruses > > >Martyn Routley >----------------------------------------------------------------- >InvictaNet - The Internet in Plain English, Guaranteed >http://www.invictanet.co.uk >martyn@support.invictanet.co.uk >phone: 08707 440180 >fax: 08707 440181 >Ask us about our online Antivirus and Junk mail scanning service >----------------------------------------------------------------- -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From support at INVICTANET.CO.UK Sun Jun 8 21:17:57 2003 From: support at INVICTANET.CO.UK (InvictaNet Customer Support) Date: Thu Jan 12 21:18:26 2006 Subject: Number of viruses found In-Reply-To: <5.2.1.1.2.20030608211319.03944c88@imap.ecs.soton.ac.uk> Message-ID: Sorry, the clips all related to the same message, one copy of the latest Bugbear. Was Clam counting the I-Frame as a separate item perhaps? Martyn Routley ----------------------------------------------------------------- InvictaNet - The Internet in Plain English, Guaranteed http://www.invictanet.co.uk martyn@support.invictanet.co.uk phone: 08707 440180 fax: 08707 440181 Ask us about our online Antivirus and Junk mail scanning service ----------------------------------------------------------------- -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Julian Field Sent: 08 June 2003 21:15 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Number of viruses found I would go for Sophos and F-Prot finding fragmented or partial viruses and not reporting them as they are harmless. Without you telling us what it found or how big the files were, there's not much else I can guess at. At 21:10 08/06/2003, you wrote: >Any ideas as to why Sophos found 1, F-Prot found 1 but Clam found 2? > >Jun 8 20:08:32 lemsip MailScanner[78113]: Virus Scanning: sophos found 1 >infections >Jun 8 20:08:32 lemsip MailScanner[78113]: Virus Scanning: F-Prot found >virus W32/Bugbear.B@mm >Jun 8 20:08:32 lemsip MailScanner[78113]: Virus Scanning: f-prot found 1 >infections >Jun 8 20:08:32 lemsip MailScanner[78113]: Virus Scanning: clamav found 2 >infections >Jun 8 20:08:32 lemsip MailScanner[78113]: Virus Scanning: Found 2 viruses > > >Martyn Routley From mailscanner at ecs.soton.ac.uk Sun Jun 8 21:24:25 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:26 2006 Subject: Number of viruses found In-Reply-To: References: <5.2.1.1.2.20030608211319.03944c88@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030608212345.03939730@imap.ecs.soton.ac.uk> At 21:17 08/06/2003, you wrote: >Sorry, the clips all related to the same message, one copy of the latest >Bugbear. There are a hell of a lot of truncated copies of this doing the rounds, which are actually harmless. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From sanjay.patel at REXWIRE.COM Sun Jun 8 21:46:20 2003 From: sanjay.patel at REXWIRE.COM (Sanjay Patel) Date: Thu Jan 12 21:18:26 2006 Subject: F-Prot's new pricing policy In-Reply-To: <20030606231937.B26390@michaelchaney.com> Message-ID: <003601c32dff$0468bff0$6f01a8c0@Laptop1> We use panda's perimeter antivirus for sendmail. It was only $79 and has not missed a single virus. For that price and the quality of software I don't thing anything beats it. Only problem is that their documentation are weak and incorrect. If you need help installing it with sendmail free to ask me if you get stuck. -SKP -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Michael Chaney Sent: Saturday, June 07, 2003 12:20 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: F-Prot's new pricing policy Since the price of F-Prot has risen obnoxiously (from $300/year to around $1000/year for me), does anyone have a suggestion for a per-server licensed virus scanner? Preferably back around the $300/year range? Thanks, Michael -- Michael Darrin Chaney mdchaney@michaelchaney.com http://www.michaelchaney.com/ From michele at BLACKNIGHTSOLUTIONS.COM Sun Jun 8 22:06:39 2003 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: BlacknightSolutions) Date: Thu Jan 12 21:18:26 2006 Subject: Panda for Linux Message-ID: <200306082106.h58L6gr28018@camelot.blacknightsolutions.com> Looking at the Panda website: http://www.pandasoftware.com/download/linux/linux.asp The linux version seems to be completely free - or am I missing something? Mr. Michele Neylon Blacknight Solutions http://www.blacknightsolutions.com/ ######################################################### This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance to it is prohibited. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030608/cdf632c9/attachment.html From ryanb at AACRAO.ORG Sun Jun 8 22:11:18 2003 From: ryanb at AACRAO.ORG (Ryan Bingham) Date: Thu Jan 12 21:18:26 2006 Subject: Panda for Linux References: <200306082106.h58L6gr28018@camelot.blacknightsolutions.com> Message-ID: <001a01c32e02$81fefd50$f8240340@kh06s9> Is anyone using Panda with MailScanner? I see it in the list of antivirus scanners in MailScanner.conf, so it must be supported. Are there any special instructions for getting it to work with MailScanner? Thanks, Ryan ----- Original Message ----- From: Michele Neylon :: BlacknightSolutions To: MAILSCANNER@JISCMAIL.AC.UK Sent: Sunday, June 08, 2003 5:06 PM Subject: Panda for Linux Looking at the Panda website: http://www.pandasoftware.com/download/linux/linux.asp The linux version seems to be completely free - or am I missing something? Mr. Michele Neylon Blacknight Solutions http://www.blacknightsolutions.com/ ------------------------------------------------------------------------------ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030608/368977ee/attachment.html From kevins at BMRB.CO.UK Sun Jun 8 23:40:15 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:26 2006 Subject: Number of viruses found In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB00117580B@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB00117580B@pascal.priv.bmrb.co.uk> Message-ID: <1055112016.25001.17.camel@bach.kevinspicer.co.uk> On Sun, 2003-06-08 at 21:17, InvictaNet Customer Support wrote: Sorry, the clips all related to the same message, one copy of the latest Bugbear. Was Clam counting the I-Frame as a separate item perhaps? Yes, ClamAV reports the iframe as Exploit.IFrame.HTML. Which sometimes is not very helpful when you've given MS directions on what to do with IFRAME exploits. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From kevins at BMRB.CO.UK Mon Jun 9 00:09:36 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:26 2006 Subject: Panda for Linux In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB00117580F@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB00117580F@pascal.priv.bmrb.co.uk> Message-ID: <1055113777.25002.25.camel@bach.kevinspicer.co.uk> I've just tried to install it - it _seems_ to have installed okay but gives no output (even to its log file). I figured its missing it's virus definitions so I set about downloading them from the site, but it appears that only registered customers can do that & you can only register if you have purchased a product. I can only conclude that the software is free but only intended for use by people who have already purchased a Windows version which entitles them to access to the definitions. I notice there isn't an autoupdate script for panda, and presumably the wrapper script was contributed since I don't think Julian normally comments his work in Spanish! [Panda's man page is in Spanish too, although there are English instructions on the site] >On Sun, 2003-06-08 at 22:11, Ryan Bingham wrote: >Is anyone using Panda with MailScanner? I see it in the list of >antivirus scanners in MailScanner.conf, so it must be supported. >Are there any special instructions for getting it to work with >MailScanner? BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From kevins at BMRB.CO.UK Mon Jun 9 00:13:57 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:26 2006 Subject: Panda for Linux In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB001175811@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB001175811@pascal.priv.bmrb.co.uk> Message-ID: <1055114037.25001.27.camel@bach.kevinspicer.co.uk> Correct myself slightly, I do get some output when scanning an infected (eicar) file - so it appears it does work, just no updates. On Mon, 2003-06-09 at 00:09, Spicer, Kevin wrote: I've just tried to install it - it _seems_ to have installed okay but gives no output (even to its log file). I figured its missing it's virus definitions so I set about downloading them from the site, but it appears that only registered customers can do that & you can only register if you have purchased a product. I can only conclude that the software is free but only intended for use by people who have already purchased a Windows version which entitles them to access to the definitions. I notice there isn't an autoupdate script for panda, and presumably the wrapper script was contributed since I don't think Julian normally comments his work in Spanish! [Panda's man page is in Spanish too, although there are English instructions on the site] >On Sun, 2003-06-08 at 22:11, Ryan Bingham wrote: >Is anyone using Panda with MailScanner? I see it in the list of >antivirus scanners in MailScanner.conf, so it must be supported. >Are there any special instructions for getting it to work with >MailScanner? BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From sanjay.patel at REXWIRE.COM Mon Jun 9 00:19:45 2003 From: sanjay.patel at REXWIRE.COM (Sanjay Patel) Date: Thu Jan 12 21:18:26 2006 Subject: Panda for Linux In-Reply-To: <1055114037.25001.27.camel@bach.kevinspicer.co.uk> Message-ID: <003b01c32e14$733f55a0$6f01a8c0@Laptop1> What version do you have? The version that is downloaded is a old version. You need 1.31 to have all the update features. The software is not FREE. You must have downloaded a trial version. Panda does come with a web interface where you can see the reports. -SKP -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Kevin Spicer Sent: Sunday, June 08, 2003 7:14 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Panda for Linux Correct myself slightly, I do get some output when scanning an infected (eicar) file - so it appears it does work, just no updates. On Mon, 2003-06-09 at 00:09, Spicer, Kevin wrote: I've just tried to install it - it _seems_ to have installed okay but gives no output (even to its log file). I figured its missing it's virus definitions so I set about downloading them from the site, but it appears that only registered customers can do that & you can only register if you have purchased a product. I can only conclude that the software is free but only intended for use by people who have already purchased a Windows version which entitles them to access to the definitions. I notice there isn't an autoupdate script for panda, and presumably the wrapper script was contributed since I don't think Julian normally comments his work in Spanish! [Panda's man page is in Spanish too, although there are English instructions on the site] >On Sun, 2003-06-08 at 22:11, Ryan Bingham wrote: >Is anyone using Panda with MailScanner? I see it in the list of >antivirus scanners in MailScanner.conf, so it must be supported. >Are there any special instructions for getting it to work with >MailScanner? BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From sanjay.patel at REXWIRE.COM Mon Jun 9 00:22:39 2003 From: sanjay.patel at REXWIRE.COM (Sanjay Patel) Date: Thu Jan 12 21:18:26 2006 Subject: Panda for Linux In-Reply-To: <200306082106.h58L6gr28018@camelot.blacknightsolutions.com> Message-ID: <003c01c32e14$dbca07a0$6f01a8c0@Laptop1> there is Panda for Linux and than Panda for e-mail scanning its called Perimeter scanning and there is a version for sendmail, postfix and a few other linux mail system. You need to download and install that if you want your inbound and outbound mail scanned. -SKP -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Michele Neylon :: BlacknightSolutions Sent: Sunday, June 08, 2003 5:07 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Panda for Linux Looking at the Panda website: http://www.pandasoftware.com/download/linux/linux.asp The linux version seems to be completely free - or am I missing something? Mr. Michele Neylon Blacknight Solutions http://www.blacknightsolutions.com/ _____ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030608/ac3bc8b7/attachment.html From sanjay.patel at REXWIRE.COM Mon Jun 9 00:24:37 2003 From: sanjay.patel at REXWIRE.COM (Sanjay Patel) Date: Thu Jan 12 21:18:27 2006 Subject: Panda for Linux In-Reply-To: <001a01c32e02$81fefd50$f8240340@kh06s9> Message-ID: <004101c32e15$217bd3a0$6f01a8c0@Laptop1> we have been using it for a few months. No problems at all. Only problem we saw is that Panda catch's the virus and than MailScanner seems to get it cause Mailscanner always says no virus found even though panda has found one and cleaned it. -SKP -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ryan Bingham Sent: Sunday, June 08, 2003 5:11 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Panda for Linux Is anyone using Panda with MailScanner? I see it in the list of antivirus scanners in MailScanner.conf, so it must be supported. Are there any special instructions for getting it to work with MailScanner? Thanks, Ryan ----- Original Message ----- From: Michele Neylon :: BlacknightSolutions To: MAILSCANNER@JISCMAIL.AC.UK Sent: Sunday, June 08, 2003 5:06 PM Subject: Panda for Linux Looking at the Panda website: http://www.pandasoftware.com/download/linux/linux.asp The linux version seems to be completely free - or am I missing something? Mr. Michele Neylon Blacknight Solutions http://www.blacknightsolutions.com/ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. From kevins at BMRB.CO.UK Mon Jun 9 00:33:54 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:27 2006 Subject: Panda for Linux In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB001175815@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB001175815@pascal.priv.bmrb.co.uk> Message-ID: <1055115235.25002.34.camel@bach.kevinspicer.co.uk> Presumably then you're using it through sendmail, so it cleans the mail before it is queued for MailScanner? You're just using MS for Spam scanning then? On Mon, 2003-06-09 at 00:24, Sanjay Patel wrote: we have been using it for a few months. No problems at all. Only problem we saw is that Panda catch's the virus and than MailScanner seems to get it cause Mailscanner always says no virus found even though panda has found one and cleaned it. -SKP -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ryan Bingham Sent: Sunday, June 08, 2003 5:11 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Panda for Linux Is anyone using Panda with MailScanner? I see it in the list of antivirus scanners in MailScanner.conf, so it must be supported. Are there any special instructions for getting it to work with MailScanner? Thanks, Ryan ----- Original Message ----- From: Michele Neylon :: BlacknightSolutions To: MAILSCANNER@JISCMAIL.AC.UK Sent: Sunday, June 08, 2003 5:06 PM Subject: Panda for Linux Looking at the Panda website: http://www.pandasoftware.com/download/linux/linux.asp The linux version seems to be completely free - or am I missing something? Mr. Michele Neylon Blacknight Solutions http://www.blacknightsolutions.com/ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From michele at BLACKNIGHTSOLUTIONS.COM Mon Jun 9 00:37:44 2003 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: BlacknightSolutions) Date: Thu Jan 12 21:18:27 2006 Subject: Panda for Linux In-Reply-To: <003c01c32e14$dbca07a0$6f01a8c0@Laptop1> Message-ID: <200306082337.h58NbYp09031@camelot.blacknightsolutions.com> So the Panda for linux free thing is no good? _____ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Sanjay Patel Sent: 09 June 2003 01:23 To: MAILSCANNER@JISCMAIL.AC.UK there is Panda for Linux and than Panda for e-mail scanning its called Perimeter scanning and there is a version for sendmail, postfix and a few other linux mail system. You need to download and install that if you want your inbound and outbound mail scanned. -SKP . ######################################################### This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance to it is prohibited. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030609/498ab0c7/attachment.html From kevins at BMRB.CO.UK Mon Jun 9 00:46:09 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:27 2006 Subject: Panda for Linux In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB001175814@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB001175814@pascal.priv.bmrb.co.uk> Message-ID: <1055115970.25001.45.camel@bach.kevinspicer.co.uk> Thanks for that info. Looking at their site they offer a number of solutions under the 'Perimeter scan' category including the sendmail version at $12.95 for 1 year or $29.95 for a 'perpetual' license (although this product seems to have a quantity of 6 minimum purchase!). They also offer the linux command line version (I guess thats the one us MailScanner folks want) at just $7.95 for a year or $17.49 for a 'perpetual' license (and minimum purchase of one!) On Mon, 2003-06-09 at 00:22, Sanjay Patel wrote: there is Panda for Linux and than Panda for e-mail scanning its called Perimeter scanning and there is a version for sendmail, postfix and a few other linux mail system. You need to download and install that if you want your inbound and outbound mail scanned. -SKP BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From sanjay.patel at REXWIRE.COM Mon Jun 9 01:03:43 2003 From: sanjay.patel at REXWIRE.COM (Sanjay Patel) Date: Thu Jan 12 21:18:27 2006 Subject: Panda Pricing In-Reply-To: <1055115970.25001.45.camel@bach.kevinspicer.co.uk> Message-ID: <004601c32e1a$9739c980$6f01a8c0@Laptop1> We are panda resellers also. If anyone here is looking to buy Panda to use with MailSacnner we will pass portion of our discount onto you. MailScanner is a great utility and we use and depend on this mailing for support. This will be our way to giving something back to the group. -SKP From smhickel at CHARTERMI.NET Mon Jun 9 01:36:21 2003 From: smhickel at CHARTERMI.NET (Steve Hickel) Date: Thu Jan 12 21:18:27 2006 Subject: Number of viruses found Message-ID: <200306090036.h590aLb09691@chartermi.net> I used clamscan on my box and it said it found 10 infections but failed (as far as I could tell) to disinfect them (I think they were in the quarantine subdirectories mailscanner put there. I couldn't figure out what flag to use to get it to do what f-prot does with the auto command. Steve InvictaNet Customer Support wrote .. > Any ideas as to why Sophos found 1, F-Prot found 1 but Clam found 2? > > Jun 8 20:08:32 lemsip MailScanner[78113]: Virus Scanning: sophos found > 1 > infections > Jun 8 20:08:32 lemsip MailScanner[78113]: Virus Scanning: F-Prot found > virus W32/Bugbear.B@mm > Jun 8 20:08:32 lemsip MailScanner[78113]: Virus Scanning: f-prot found > 1 > infections > Jun 8 20:08:32 lemsip MailScanner[78113]: Virus Scanning: clamav found > 2 > infections > Jun 8 20:08:32 lemsip MailScanner[78113]: Virus Scanning: Found 2 viruses > > > Martyn Routley > ----------------------------------------------------------------- > InvictaNet - The Internet in Plain English, Guaranteed > http://www.invictanet.co.uk > martyn@support.invictanet.co.uk > phone: 08707 440180 > fax: 08707 440181 > Ask us about our online Antivirus and Junk mail scanning service > ----------------------------------------------------------------- From peter at UCGBOOK.COM Mon Jun 9 01:52:17 2003 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:18:27 2006 Subject: Number of viruses found In-Reply-To: <200306090036.h590aLb09691@chartermi.net> References: <200306090036.h590aLb09691@chartermi.net> Message-ID: <1055119937.2034.2.camel@rocco.bonivart.home> ClamAV does not disinfect, it only detects. I have no problem with removing infected attachments, I've always been sceptical about disinfecting anyway. /Peter Bonivart --Unix lovers do it in the Sun On Mon, 2003-06-09 at 02:36, Steve Hickel wrote: > I used clamscan on my box and it said it found 10 infections but failed (as far as I could tell) to disinfect them (I think they were in the quarantine subdirectories mailscanner put there. I couldn't figure out what flag to use to get it to do what f-prot does with the auto command. > > Steve > > InvictaNet Customer Support wrote .. > > Any ideas as to why Sophos found 1, F-Prot found 1 but Clam found 2? > > > > Jun 8 20:08:32 lemsip MailScanner[78113]: Virus Scanning: sophos found > > 1 > > infections > > Jun 8 20:08:32 lemsip MailScanner[78113]: Virus Scanning: F-Prot found > > virus W32/Bugbear.B@mm > > Jun 8 20:08:32 lemsip MailScanner[78113]: Virus Scanning: f-prot found > > 1 > > infections > > Jun 8 20:08:32 lemsip MailScanner[78113]: Virus Scanning: clamav found > > 2 > > infections > > Jun 8 20:08:32 lemsip MailScanner[78113]: Virus Scanning: Found 2 viruses > > > > > > Martyn Routley > > ----------------------------------------------------------------- > > InvictaNet - The Internet in Plain English, Guaranteed > > http://www.invictanet.co.uk > > martyn@support.invictanet.co.uk > > phone: 08707 440180 > > fax: 08707 440181 > > Ask us about our online Antivirus and Junk mail scanning service > > ----------------------------------------------------------------- From mailscanner at ecs.soton.ac.uk Mon Jun 9 11:47:14 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:27 2006 Subject: Panda Pricing In-Reply-To: <004601c32e1a$9739c980$6f01a8c0@Laptop1> References: <1055115970.25001.45.camel@bach.kevinspicer.co.uk> Message-ID: <5.2.0.9.2.20030609114212.0382fd40@imap.ecs.soton.ac.uk> Please do *not* use this mailing list for advertising your anti-virus products. This is not a sales list. In a previous post, you appeared to be a normal user saying that "Panda is great", but that we needed to buy the "mail server" version, which is simply not true from a technical standpoint, and exhibits a curious lack of understanding about how MailScanner works. Now you admit you are a Panda reseller, which hardly makes your previous comments very objective, does it? If you are recommending use of a product from which you make a profit, please declare this at the *start* so everyone knows (part of) the reason you are recommending it. At 01:03 09/06/2003, you wrote: >We are panda resellers also. If anyone here is looking to buy Panda to use >with MailSacnner we will pass portion of our discount onto you. > >MailScanner is a great utility and we use and depend on this mailing for >support. This will be our way to giving something back to the group. > > >-SKP -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From sanjay.patel at REXWIRE.COM Mon Jun 9 12:35:04 2003 From: sanjay.patel at REXWIRE.COM (Sanjay Patel) Date: Thu Jan 12 21:18:27 2006 Subject: Panda Pricing In-Reply-To: <5.2.0.9.2.20030609114212.0382fd40@imap.ecs.soton.ac.uk> Message-ID: <001201c32e7b$2c4ced80$6f01a8c0@Laptop1> Sorry to make it sound like I was trying to make a profit. But the fact is you do need to buy the mail version if you intend to run it with sendmail or other Linux based mail system (http://www.pandasecurity.com/ps.htm). As to the selling, that is not our main business, our antivirus business it less than 0.05% of our total business. We don't even mention it on our website. I was just looking at giving a discount to people who have helped us through this list. The intention was never to make money and we can make it very clear buy donating any profit to the Mailscanner creator's charity of choice. (which in this case would be you) -SKP -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Monday, June 09, 2003 6:47 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Panda Pricing Please do *not* use this mailing list for advertising your anti-virus products. This is not a sales list. In a previous post, you appeared to be a normal user saying that "Panda is great", but that we needed to buy the "mail server" version, which is simply not true from a technical standpoint, and exhibits a curious lack of understanding about how MailScanner works. Now you admit you are a Panda reseller, which hardly makes your previous comments very objective, does it? If you are recommending use of a product from which you make a profit, please declare this at the *start* so everyone knows (part of) the reason you are recommending it. At 01:03 09/06/2003, you wrote: >We are panda resellers also. If anyone here is looking to buy Panda to use >with MailSacnner we will pass portion of our discount onto you. > >MailScanner is a great utility and we use and depend on this mailing for >support. This will be our way to giving something back to the group. > > >-SKP -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From J.Ireland at HGU.MRC.AC.UK Mon Jun 9 12:36:18 2003 From: J.Ireland at HGU.MRC.AC.UK (John Ireland) Date: Thu Jan 12 21:18:27 2006 Subject: Changing Precedence to junk Message-ID: <3EE47132.1080709@hgu.mrc.ac.uk> I spoke to Julian about this last week at at the JANET-CERT meeting in London and I thought I would mail the list to see what others thought of the idea. Our mail queue is continually filled with auto responder mail replying to spam messages. These messages either time out or bounce, spamming the user with more useless information. Most auto responders, such as vacation, will not respond to mail with the 'Precedence: bulk' or 'Precedence: junk' line is included in the header. So giving mailscanner the option of changing the 'Precedence:' header to junk would give a simple centrally managed solution. I know there are other solutions - ban auto responders, write a procmail wrapper for vacation, or hack the vacation code. But there are users that need to use auto responders and there are auto responders over which the mail administrator has no control. Also, I know of no other program, other than 'vacation', that uses the 'Precedence:' header. -- John Ireland Email: mailto:J.Ireland@hgu.mrc.ac.uk MRC Human Genetics Unit Tel. : +44-31-332-2471 Western General Hospital Fax. : +44-31-343-2620 Edinburgh, EH4 2XU, UK WWW : http://www.hgu.mrc.ac.uk From Denis.Beauchemin at USHERBROOKE.CA Mon Jun 9 14:41:07 2003 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:18:27 2006 Subject: Attachments Message-ID: <1055166067.1238.17.camel@dbeauchemin.si.usherbrooke.ca> Hello Julian, I love the attachments option! Would it be possible for it to include MS' headers such as X-MailScanner-SpamCheck in the attached email? I would like to see that header in the encapsulated email because it would make life easier for us if people were to transfer the email back to us for processing (as you know Outlook (+Express) are no good at forwarding an email with its headers intact). Thanks again! Denis -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x2252 F: 819.821.8045 From jaearick at COLBY.EDU Mon Jun 9 14:44:34 2003 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:18:27 2006 Subject: Changing Precedence to junk In-Reply-To: <3EE47132.1080709@hgu.mrc.ac.uk> References: <3EE47132.1080709@hgu.mrc.ac.uk> Message-ID: Y'all, It would be good if the mailscanner virus warning messages went out as 'Precedence: bulk'. I'm getting to the point where I don't care if mailscanner sends out the warning messages at all -- most go to the wrong person and are useless. Whenever we write web-based email apps that generate email, we always stick the 'Precedence: bulk' stuff into the mailer scripts, to cut down on bounced emails. --- Jeff Earickson On Mon, 9 Jun 2003, John Ireland wrote: > Date: Mon, 9 Jun 2003 12:36:18 +0100 > From: John Ireland > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Changing Precedence to junk > > I spoke to Julian about this last week at at the JANET-CERT meeting in > London and I thought I would mail the list to see what others thought of > the idea. > > Our mail queue is continually filled with auto responder mail replying > to spam messages. These messages either time out or bounce, spamming > the user with more useless information. > > Most auto responders, such as vacation, will not respond to mail with > the 'Precedence: bulk' or 'Precedence: junk' line is included in the > header. So giving mailscanner the option of changing the 'Precedence:' > header to junk would give a simple centrally managed solution. > > I know there are other solutions - ban auto responders, write a > procmail wrapper for vacation, or hack the vacation code. But there > are users that need to use auto responders and there are auto responders > over which the mail administrator has no control. > > Also, I know of no other program, other than 'vacation', that uses the > 'Precedence:' header. > > > -- > John Ireland Email: mailto:J.Ireland@hgu.mrc.ac.uk > MRC Human Genetics Unit Tel. : +44-31-332-2471 > Western General Hospital Fax. : +44-31-343-2620 > Edinburgh, EH4 2XU, UK WWW : http://www.hgu.mrc.ac.uk > From michele at BLACKNIGHTSOLUTIONS.COM Mon Jun 9 14:50:46 2003 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:18:27 2006 Subject: Panda Pricing In-Reply-To: <5.2.0.9.2.20030609114212.0382fd40@imap.ecs.soton.ac.uk> References: <1055115970.25001.45.camel@bach.kevinspicer.co.uk> <5.2.0.9.2.20030609114212.0382fd40@imap.ecs.soton.ac.uk> Message-ID: <1740.213.140.31.170.1055166646.squirrel@www.blacknightsolutions.com> >but that we needed to buy the "mail server" version, which is > simply not true from a technical standpoint, and exhibits a curious lack > of understanding about how MailScanner works. So which version do we need? I am completely confused :-( However the Panda pricing is good, so even if we bought the wrong version we wouldn't be TOO broke :-) Could Julian or somebody else neutral please clarify??? -- Mr. Michele Neylon Blacknight Solutions http://www.blacknightsolutions.com/ Shell hosting now available ######################################################### This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance to it is prohibited. From mailscanner at ecs.soton.ac.uk Mon Jun 9 14:46:02 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:27 2006 Subject: Attachments In-Reply-To: <1055166067.1238.17.camel@dbeauchemin.si.usherbrooke.ca> Message-ID: <5.2.0.9.2.20030609144533.041e75a0@imap.ecs.soton.ac.uk> Not very easy I'm afraid. The MS headers are always added just before final delivery, but the encapsulation is done quite a lot earlier. At 14:41 09/06/2003, you wrote: >Hello Julian, > >I love the attachments option! > >Would it be possible for it to include MS' headers such as >X-MailScanner-SpamCheck in the attached email? > >I would like to see that header in the encapsulated email because it >would make life easier for us if people were to transfer the email back >to us for processing (as you know Outlook (+Express) are no good at >forwarding an email with its headers intact). > >Thanks again! > >Denis >-- >Denis Beauchemin, analyste >Universit? de Sherbrooke, S.T.I. >T: 819.821.8000x2252 F: 819.821.8045 -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Mon Jun 9 14:29:30 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:27 2006 Subject: Panda Pricing In-Reply-To: <001201c32e7b$2c4ced80$6f01a8c0@Laptop1> References: <5.2.0.9.2.20030609114212.0382fd40@imap.ecs.soton.ac.uk> Message-ID: <5.2.0.9.2.20030609142456.0430c110@imap.ecs.soton.ac.uk> At 12:35 09/06/2003, you wrote: >Sorry to make it sound like I was trying to make a profit. But the fact is >you do need to buy the mail version if you intend to run it with sendmail or >other Linux based mail system (http://www.pandasecurity.com/ps.htm). For a virus scanner to work with MailScanner, all that is necessary is a command-line utility that will scan files given to it. It doesn't need to (or want to) know anything about the mail transport in use. Or is the mail version the only one that provides a Linux-based command line scanning utility? It appears that most of the other versions are Windows-based. >As to the selling, that is not our main business, our antivirus business it >less than 0.05% of our total business. We don't even mention it on our >website. I was just looking at giving a discount to people who have helped >us through this list. Thankyou. >The intention was never to make money and we can make it very clear buy >donating any profit to the Mailscanner creator's charity of choice. (which >in this case would be you) Many thanks for clarifying that. I must have been feeling particularly paranoid this morning :-) Not helped by my next door neighbour's burglar alarm going off at 7 :-( >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of Julian Field >Sent: Monday, June 09, 2003 6:47 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Panda Pricing > > >Please do *not* use this mailing list for advertising your anti-virus >products. This is not a sales list. > >In a previous post, you appeared to be a normal user saying that "Panda is >great", but that we needed to buy the "mail server" version, which is >simply not true from a technical standpoint, and exhibits a curious lack of >understanding about how MailScanner works. > >Now you admit you are a Panda reseller, which hardly makes your previous >comments very objective, does it? > >If you are recommending use of a product from which you make a profit, >please declare this at the *start* so everyone knows (part of) the reason >you are recommending it. > >At 01:03 09/06/2003, you wrote: > >We are panda resellers also. If anyone here is looking to buy Panda to use > >with MailSacnner we will pass portion of our discount onto you. > > > >MailScanner is a great utility and we use and depend on this mailing for > >support. This will be our way to giving something back to the group. > > > > > >-SKP > >-- >Julian Field >www.MailScanner.info >MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Mon Jun 9 14:48:08 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:27 2006 Subject: Changing Precedence to junk In-Reply-To: References: <3EE47132.1080709@hgu.mrc.ac.uk> <3EE47132.1080709@hgu.mrc.ac.uk> Message-ID: <5.2.0.9.2.20030609144705.043e69a8@imap.ecs.soton.ac.uk> If you mean all the "sender.*" message reports, those files include the headers at the top of them anyway. So you can just add the Precedence: bulk lines yourself. At 14:44 09/06/2003, you wrote: >Y'all, > >It would be good if the mailscanner virus warning messages went out >as 'Precedence: bulk'. I'm getting to the point where I don't care if >mailscanner sends out the warning messages at all -- most go to the >wrong person and are useless. Whenever we write web-based email >apps that generate email, we always stick the 'Precedence: bulk' >stuff into the mailer scripts, to cut down on bounced emails. > >--- Jeff Earickson > >On Mon, 9 Jun 2003, John Ireland wrote: > > > Date: Mon, 9 Jun 2003 12:36:18 +0100 > > From: John Ireland > > Reply-To: MailScanner mailing list > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Changing Precedence to junk > > > > I spoke to Julian about this last week at at the JANET-CERT meeting in > > London and I thought I would mail the list to see what others thought of > > the idea. > > > > Our mail queue is continually filled with auto responder mail replying > > to spam messages. These messages either time out or bounce, spamming > > the user with more useless information. > > > > Most auto responders, such as vacation, will not respond to mail with > > the 'Precedence: bulk' or 'Precedence: junk' line is included in the > > header. So giving mailscanner the option of changing the 'Precedence:' > > header to junk would give a simple centrally managed solution. > > > > I know there are other solutions - ban auto responders, write a > > procmail wrapper for vacation, or hack the vacation code. But there > > are users that need to use auto responders and there are auto responders > > over which the mail administrator has no control. > > > > Also, I know of no other program, other than 'vacation', that uses the > > 'Precedence:' header. > > > > > > -- > > John Ireland Email: mailto:J.Ireland@hgu.mrc.ac.uk > > MRC Human Genetics Unit Tel. : +44-31-332-2471 > > Western General Hospital Fax. : +44-31-343-2620 > > Edinburgh, EH4 2XU, UK WWW : http://www.hgu.mrc.ac.uk > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mike at CAMAROSS.NET Mon Jun 9 15:32:20 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:18:27 2006 Subject: Changing Precedence to junk In-Reply-To: Message-ID: <001501c32e93$ef4061b0$9b01a8c0@home.middlefinger.net> Mailman uses the precedence of either Bulk or List...can't remember which. My question is this...WHY would you bounce spam? The large percentage of spam you bounce more than likey comes from forged addresses. Therefore, attempting to bounce them just generates more useless traffic on the net and your boxen (IMHO of course). Mike > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jeff A. Earickson > Sent: Monday, June 09, 2003 8:45 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Changing Precedence to junk > > > Y'all, > > It would be good if the mailscanner virus warning messages > went out as 'Precedence: bulk'. I'm getting to the point > where I don't care if mailscanner sends out the warning > messages at all -- most go to the wrong person and are > useless. Whenever we write web-based email apps that > generate email, we always stick the 'Precedence: bulk' stuff > into the mailer scripts, to cut down on bounced emails. > > --- Jeff Earickson > > On Mon, 9 Jun 2003, John Ireland wrote: > > > Date: Mon, 9 Jun 2003 12:36:18 +0100 > > From: John Ireland > > Reply-To: MailScanner mailing list > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Changing Precedence to junk > > > > I spoke to Julian about this last week at at the JANET-CERT > meeting in > > London and I thought I would mail the list to see what > others thought > > of the idea. > > > > Our mail queue is continually filled with auto responder > mail replying > > to spam messages. These messages either time out or > bounce, spamming > > the user with more useless information. > > > > Most auto responders, such as vacation, will not respond to > mail with > > the 'Precedence: bulk' or 'Precedence: junk' line is > included in the > > header. So giving mailscanner the option of changing the > > 'Precedence:' header to junk would give a simple centrally managed > > solution. > > > > I know there are other solutions - ban auto responders, write a > > procmail wrapper for vacation, or hack the vacation code. > But there > > are users that need to use auto responders and there are auto > > responders over which the mail administrator has no control. > > > > Also, I know of no other program, other than 'vacation', > that uses the > > 'Precedence:' header. > > > > > > -- > > John Ireland Email: > mailto:J.Ireland@hgu.mrc.ac.uk > > MRC Human Genetics Unit > Tel. : +44-31-332-2471 > > Western General Hospital Fax. : +44-31-343-2620 > > Edinburgh, EH4 2XU, UK WWW : http://www.hgu.mrc.ac.uk > > > From mailscanner at ecs.soton.ac.uk Mon Jun 9 15:35:22 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:27 2006 Subject: Panda Pricing In-Reply-To: <1740.213.140.31.170.1055166646.squirrel@www.blacknightsolu tions.com> References: <5.2.0.9.2.20030609114212.0382fd40@imap.ecs.soton.ac.uk> <1055115970.25001.45.camel@bach.kevinspicer.co.uk> <5.2.0.9.2.20030609114212.0382fd40@imap.ecs.soton.ac.uk> Message-ID: <5.2.0.9.2.20030609151956.04f9fdb8@imap.ecs.soton.ac.uk> At 14:50 09/06/2003, you wrote: > >but that we needed to buy the "mail server" version, which is > > simply not true from a technical standpoint, and exhibits a curious lack > > of understanding about how MailScanner works. > >So which version do we need? I am completely confused :-( >However the Panda pricing is good, so even if we bought the wrong version >we wouldn't be TOO broke :-) > >Could Julian or somebody else neutral please clarify??? They have a "module" called PAVCL (Panda Anti-Virus Command Line) which is available for Windows and Linux. According to the site, this is available separately, or as part of the "Panda PerimeterScan" bundle. http://www.pandasoftware.com/products/perimeterscan/pavcl.asp I cannot find a way of getting this separately, despite what they say. All the "buy" or "try" links take you to "Panda PerimeterScan" pages. So it's possible that in reality you have to buy the entire PerimeterScan bundle to get it. Worth quizzing their sales folk on the subject though. However.... there is also a "freeware" "Panda Antivirus for Linux" http://www.pandasoftware.com/download/linux/linux.asp However, there appears to be no way of getting updates for the free one. The updates page requires a username+password which implies paying customers only. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From michele at BLACKNIGHTSOLUTIONS.COM Mon Jun 9 15:45:28 2003 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:18:27 2006 Subject: Panda Pricing In-Reply-To: <5.2.0.9.2.20030609151956.04f9fdb8@imap.ecs.soton.ac.uk> References: <5.2.0.9.2.20030609114212.0382fd40@imap.ecs.soton.ac.uk> <1055115970.25001.45.camel@bach.kevinspicer.co.uk> <5.2.0.9.2.20030609114212.0382fd40@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030609151956.04f9fdb8@imap.ecs.soton.ac.uk> Message-ID: <2583.213.140.31.170.1055169928.squirrel@www.blacknightsolutions.com> > At 14:50 09/06/2003, you wrote: >> >but that we needed to buy the "mail server" version, which is >> > simply not true from a technical standpoint, and exhibits a curious >> lack of understanding about how MailScanner works. >> >>So which version do we need? I am completely confused :-( >>However the Panda pricing is good, so even if we bought the wrong >> version we wouldn't be TOO broke :-) >> >>Could Julian or somebody else neutral please clarify??? > > They have a "module" called PAVCL (Panda Anti-Virus Command Line) which > is available for Windows and Linux. According to the site, this is > available separately, or as part of the "Panda PerimeterScan" bundle. > http://www.pandasoftware.com/products/perimeterscan/pavcl.asp > > I cannot find a way of getting this separately, despite what they say. > All the "buy" or "try" links take you to "Panda PerimeterScan" pages. > > So it's possible that in reality you have to buy the entire > PerimeterScan bundle to get it. Worth quizzing their sales folk on the > subject though. > If you follow the link to the store you can get to a buy link for PAVCL, but it takes some doing .... Nice price though.. .. -- Mr. Michele Neylon Blacknight Solutions http://www.blacknightsolutions.com/ Shell hosting now available ######################################################### This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance to it is prohibited. From Kevin.Spicer at BMRB.CO.UK Mon Jun 9 15:47:47 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:18:27 2006 Subject: Panda Pricing Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0EBF635@pascal.priv.bmrb.co.uk> > I cannot find a way of getting this separately, despite what > they say. All > the "buy" or "try" links take you to "Panda PerimeterScan" pages. I found that too and it was only when out of curiousity about just what they might be charging for 'perimeter scan' I followed the sales links and found that there is a drop-down menu for selecting which product from the perimeter scan family, the command line scanner is on that list (to buy alone). It has to be said that their site is really badly designed from a navigational point of view. > However.... > there is also a "freeware" "Panda Antivirus for Linux" > http://www.pandasoftware.com/download/linux/linux.asp > > However, there appears to be no way of getting updates for > the free one. > The updates page requires a username+password which implies paying > customers only. That was the conclusion I came to as well. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From dwinkler at ALGORITHMICS.COM Mon Jun 9 15:56:20 2003 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:18:27 2006 Subject: how to map MS process id to SM process id? Message-ID: <06EE2C86D3DAD5119A6C0060943F3C97055E6FDA@tormail1.algorithmics.com> Not sure exactly what you're trying to do here, but... You may be able to accomplish what you want by following the message id instead. This is how my search for frequent spammers perl script works. -----Original Message----- From: Chris W. Parker [mailto:cparker@swatgear.com] Sent: Friday, June 06, 2003 6:01 PM To: MAILSCANNER@jiscmail.ac.uk Subject: how to map MS process id to SM process id? Hello. When checking the maillog I'd like to be able to pull all the records pertaining to a certain mail. Is there a way to map the sendmail process id to the MS process id that is handling that mail? Let me know if I haven't made sense. Thanks, Chris. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030609/505fc04a/attachment.html From FCaen at CI.LAKEWOOD.WA.US Mon Jun 9 16:03:02 2003 From: FCaen at CI.LAKEWOOD.WA.US (Francois Caen) Date: Thu Jan 12 21:18:27 2006 Subject: Panda Pricing Message-ID: -----Original Message----- From: Michele Neylon :: Blacknight Solutions [mailto:michele@BLACKNIGHTSOLUTIONS.COM] > If you follow the link to the store you can get to a buy link for PAVCL, but it takes some doing .... > Nice price though.. .. $11.13 for 2 years?!?!?! Am I missing something? Is there a bug in their shopping cart? Heck, for that price, I can run PAVCL AND something else!!! --------------------------------------------- Francois Caen Network Information Systems Engineer - Webmaster City of Lakewood, WA (253) 512-2269 NOTICE: The Information contained in this transmission is privileged and confidential. It is intended for the use of the individual or entity named above. If the reader of this message is not the intended addressee or other legitimate recipient, the reader is hereby notified that any consideration, dissemination or duplication of this communication is strictly prohibited. If the addressee has received this communication in error, please return it to the above address by mail and notify this office by telephone. City of Lakewood From Steve at swaney.com Mon Jun 9 16:25:54 2003 From: Steve at swaney.com (Stephen Swaney) Date: Thu Jan 12 21:18:27 2006 Subject: Panda Pricing In-Reply-To: References: Message-ID: <1055172354.2488.75.camel@speedy> Where do you find the $11.13 price. Cheapest price I can find (when I try to buy) for the command line scanner is $112.89. Panda Antivirus Command Line (Linux/Win 32) - Perpetual License: 6 @ 17.49 Panda Antivirus Command Line (Linux/Win 32) - 1 Year License: 1 @ $7.95 Steve Swaney Steve@Swaney.com On Mon, 2003-06-09 at 11:03, Francois Caen wrote: > -----Original Message----- > From: Michele Neylon :: Blacknight Solutions > [mailto:michele@BLACKNIGHTSOLUTIONS.COM] > > If you follow the link to the store you can get to a buy link for > PAVCL, but it takes some doing .... > > > Nice price though.. .. > > $11.13 for 2 years?!?!?! > > Am I missing something? Is there a bug in their shopping cart? > > Heck, for that price, I can run PAVCL AND something else!!! > > --------------------------------------------- > Francois Caen > Network Information Systems Engineer - Webmaster > City of Lakewood, WA > (253) 512-2269 > > > > NOTICE: The Information contained in this transmission is privileged and confidential. It is intended for the use of the individual or entity named above. If the reader of this message is not the intended addressee or other legitimate recipient, the reader is hereby notified that any consideration, dissemination or duplication of this communication is strictly prohibited. If the addressee has received this communication in error, please return it to the above address by mail and notify this office by telephone. > > > > > > City of Lakewood > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030609/8628c503/attachment.html From FCaen at CI.LAKEWOOD.WA.US Mon Jun 9 16:36:45 2003 From: FCaen at CI.LAKEWOOD.WA.US (Francois Caen) Date: Thu Jan 12 21:18:27 2006 Subject: Panda Pricing Message-ID: -----Original Message----- From: Stephen Swaney [mailto:Steve@swaney.com] > Where do you find the $11.13 price. Cheapest price I can find (when I > try to buy) for the command line scanner is $112.89. > Panda Antivirus Command Line (Linux/Win 32) - Perpetual License: 6 @ > 17.49 Panda Antivirus Command Line (Linux/Win 32) - 1 Year License: 1 > @ $7.95 I followed the directions listed earlier. Go to: http://www.pandasoftware.com/products/perimeterscan/pavcl.asp Click on Buy Click on Buy Download I get 2 pull downs. In the first, I select PACL. In the 2nd, I get: 1yr - $7.95 2yr - $11.13 3yr - $13.52 Perpetual - $17.49 Francois NOTICE: The Information contained in this transmission is privileged and confidential. It is intended for the use of the individual or entity named above. If the reader of this message is not the intended addressee or other legitimate recipient, the reader is hereby notified that any consideration, dissemination or duplication of this communication is strictly prohibited. If the addressee has received this communication in error, please return it to the above address by mail and notify this office by telephone. City of Lakewood From mailscanner at ecs.soton.ac.uk Mon Jun 9 16:59:15 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:27 2006 Subject: how to map MS process id to SM process id? In-Reply-To: <06EE2C86D3DAD5119A6C0060943F3C97055E6FDA@tormail1.algorith mics.com> Message-ID: <5.2.0.9.2.20030609165819.038d0aa0@imap.ecs.soton.ac.uk> At 15:56 09/06/2003, you wrote: >-----Original Message----- >From: Chris W. Parker >[mailto:cparker@swatgear.com] >Sent: Friday, June 06, 2003 6:01 PM >To: MAILSCANNER@jiscmail.ac.uk >Subject: how to map MS process id to SM process id? > >Hello. > >When checking the maillog I'd like to be able to pull all the records >pertaining to a certain mail. Is there a way to map the sendmail process >id to the MS process id that is handling that mail? Each MS process id handles thousands of messages and talks to many sendmail processes, so I don't think you'll get anything useful. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From ragan_davis at COLSTATE.EDU Mon Jun 9 17:12:02 2003 From: ragan_davis at COLSTATE.EDU (Mack Ragan) Date: Thu Jan 12 21:18:27 2006 Subject: ran df2mbox -- now what? Message-ID: Hi, all, I have run df2mbox on various folders in the quarantine directory. The results are large files named "spam.20030609" (or whatever the date is). Now, I'm confused about what my options are at this point. What is the purpose of creating the spam.* files, and how can I use them, or the queue files that I converted from, to find and/or send suspected spam that a user may still want? Do I even need to run df2mbox? Or, can I do stuff with the queue files? I really need some insight and suggestions on this concept. thanks (and sorry if this was too ambiguous), mack From christopher.albert at MCGILL.CA Mon Jun 9 17:18:13 2003 From: christopher.albert at MCGILL.CA (Christopher Albert) Date: Thu Jan 12 21:18:27 2006 Subject: ran df2mbox -- now what? In-Reply-To: References: Message-ID: <3EE4B345.2070205@mcgill.ca> Mack Ragan wrote: >Hi, all, > >I have run df2mbox on various folders in the quarantine directory. The >results are large files named "spam.20030609" (or whatever the date is). >Now, I'm confused about what my options are at this point. What is the >purpose of creating the spam.* files, and how can I use them, or the queue >files that I converted from, to find and/or send suspected spam that a user >may still want? Do I even need to run df2mbox? Or, can I do stuff with >the queue files? I really need some insight and suggestions on this >concept. > >thanks (and sorry if this was too ambiguous), > >mack > > Use something like mutt -f spam.20030609 so you can read it like a normal unix mailbox to say, test for FPs. Chris From sanjay.patel at REXWIRE.COM Mon Jun 9 17:40:57 2003 From: sanjay.patel at REXWIRE.COM (Sanjay Patel) Date: Thu Jan 12 21:18:27 2006 Subject: Panda Pricing In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0EBF635@pascal.priv.bmrb.co.uk> Message-ID: <003c01c32ea5$e72e0420$6f01a8c0@Laptop1> Its not your fault. The panda site is configured just like their documentations (neither make sense). Call them for clarification. The command line tool is new to me. I am not sure of its capabilities. I use the perimeter scan because it comes with a nice web interface for reports. It's a much easier sell to higher ups we have found out plus transition to a low level techie is easier. -SKP PS ****No matter what you buy go and download the latest version from their FTP site after buying.**** -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Spicer, Kevin Sent: Monday, June 09, 2003 10:48 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Panda Pricing > I cannot find a way of getting this separately, despite what > they say. All > the "buy" or "try" links take you to "Panda PerimeterScan" pages. I found that too and it was only when out of curiousity about just what they might be charging for 'perimeter scan' I followed the sales links and found that there is a drop-down menu for selecting which product from the perimeter scan family, the command line scanner is on that list (to buy alone). It has to be said that their site is really badly designed from a navigational point of view. > However.... > there is also a "freeware" "Panda Antivirus for Linux" > http://www.pandasoftware.com/download/linux/linux.asp > > However, there appears to be no way of getting updates for > the free one. > The updates page requires a username+password which implies paying > customers only. That was the conclusion I came to as well. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From FCaen at CI.LAKEWOOD.WA.US Mon Jun 9 17:43:46 2003 From: FCaen at CI.LAKEWOOD.WA.US (Francois Caen) Date: Thu Jan 12 21:18:27 2006 Subject: Panda Pricing Message-ID: -----Original Message----- From: Sanjay Patel [mailto:sanjay.patel@REXWIRE.COM] > The command line tool is new to me. I am not sure of its capabilities. I use the perimeter scan because it comes with a nice web interface for reports. It's a much easier sell to higher ups we have found out At $8/yr, I have no problems selling this to management. Heck, I'll just skip Starbucks today and pay for it myself :) Francois NOTICE: The Information contained in this transmission is privileged and confidential. It is intended for the use of the individual or entity named above. If the reader of this message is not the intended addressee or other legitimate recipient, the reader is hereby notified that any consideration, dissemination or duplication of this communication is strictly prohibited. If the addressee has received this communication in error, please return it to the above address by mail and notify this office by telephone. City of Lakewood From maxsec at TOTALISE.CO.UK Mon Jun 9 17:51:05 2003 From: maxsec at TOTALISE.CO.UK (Martin Hepworth) Date: Thu Jan 12 21:18:27 2006 Subject: MIME::Pasrser errors.. In-Reply-To: <3EE4BA97.90308@totalise.co.uk> References: <5.2.0.9.2.20030528160133.042fd540@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030528160133.042fd540@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030528193245.025141a0@imap.ecs.soton.ac.uk> <3ED9149B.5010207@totalise.co.uk> <3EDC8D77.7060508@totalise.co.uk> <3EE4BA97.90308@totalise.co.uk> Message-ID: <3EE4BAF9.40409@totalise.co.uk> Martin Hepworth wrote: > > OK > > well I configured with FreeBSD 4.8 and sendmail (rather than FreeBSD 5.0 > and postfix) with SAVI, and everything seems to OK with the limited > testing I've done. Looks like there's a 'weirdy' with FBSD 5.0 (not > checked to see if 5.1rc1 solves it). > do'h 5.1 is out now, just got the email as I was writing this one...;-) -- Martin From sanjay.patel at REXWIRE.COM Mon Jun 9 17:54:00 2003 From: sanjay.patel at REXWIRE.COM (Sanjay Patel) Date: Thu Jan 12 21:18:27 2006 Subject: Panda Pricing In-Reply-To: Message-ID: <003f01c32ea7$ba344630$6f01a8c0@Laptop1> Starbucks must have dropped their prices :-) -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Francois Caen Sent: Monday, June 09, 2003 12:44 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Panda Pricing -----Original Message----- From: Sanjay Patel [mailto:sanjay.patel@REXWIRE.COM] > The command line tool is new to me. I am not sure of its capabilities. I use the perimeter scan because it comes with a nice web interface for reports. It's a much easier sell to higher ups we have found out At $8/yr, I have no problems selling this to management. Heck, I'll just skip Starbucks today and pay for it myself :) Francois NOTICE: The Information contained in this transmission is privileged and confidential. It is intended for the use of the individual or entity named above. If the reader of this message is not the intended addressee or other legitimate recipient, the reader is hereby notified that any consideration, dissemination or duplication of this communication is strictly prohibited. If the addressee has received this communication in error, please return it to the above address by mail and notify this office by telephone. City of Lakewood From f.rotondo at TESEO.IT Mon Jun 9 18:00:13 2003 From: f.rotondo at TESEO.IT (Francesco Rotondo) Date: Thu Jan 12 21:18:27 2006 Subject: Panda Pricing References: <003c01c32ea5$e72e0420$6f01a8c0@Laptop1> Message-ID: <010801c32ea8$993cfc00$0464a8c0@teseo.info> > The command line tool is new to me. I am not sure of its capabilities. I use > the perimeter scan because it comes with a nice web interface for reports. I just installed the trial of the command line version and it is working fine. It just needs an upgrade of the virus patterns so it only catches old viruses. Francesco. From mailscanner at ecs.soton.ac.uk Mon Jun 9 18:10:15 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:27 2006 Subject: Panda Pricing In-Reply-To: <010801c32ea8$993cfc00$0464a8c0@teseo.info> References: <003c01c32ea5$e72e0420$6f01a8c0@Laptop1> Message-ID: <5.2.1.1.2.20030609180916.03d180f0@imap.ecs.soton.ac.uk> Can someone tell me how we might go about automating the Panda updates? I haven't got customer access to their site yet. Do they give any guidance on this subject at all? At 18:00 09/06/2003, you wrote: > > The command line tool is new to me. I am not sure of its capabilities. I >use > > the perimeter scan because it comes with a nice web interface for reports. > >I just installed the trial of the command line version and it is working >fine. It just needs an upgrade of the virus patterns so it only catches old >viruses. > >Francesco. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From o.pitzeier at UPTIME.AT Mon Jun 9 20:03:34 2003 From: o.pitzeier at UPTIME.AT (Oliver Pitzeier) Date: Thu Jan 12 21:18:27 2006 Subject: SQL user options In-Reply-To: Message-ID: <000201c32eb9$d4f46600$0f11a8c0@pitzeier.priv.at> Hi folks! I hope to find an answer here... I just read, that it is possible to have user options in a SQL database. I want to do that with whitelists, blacklists... How can I do that? And what other 'option' can be hold by a SQL database? I would also need the possibility to have white-/blacklists on a per-user-basis... Please CC: me, if you reply! Best regards, Oliver From sanjay.patel at REXWIRE.COM Mon Jun 9 19:28:20 2003 From: sanjay.patel at REXWIRE.COM (Sanjay Patel) Date: Thu Jan 12 21:18:27 2006 Subject: Panda Pricing In-Reply-To: <5.2.1.1.2.20030609180916.03d180f0@imap.ecs.soton.ac.uk> Message-ID: <005701c32eb4$e7bb0410$6f01a8c0@Laptop1> What version are you at? The old version had serious update issues. Julian if you want a sendmail version for testing let me know I have 6 license and am only using one. I will be more than happy to provide you with a license. -Sanjay -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Monday, June 09, 2003 1:10 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Panda Pricing Can someone tell me how we might go about automating the Panda updates? I haven't got customer access to their site yet. Do they give any guidance on this subject at all? At 18:00 09/06/2003, you wrote: > > The command line tool is new to me. I am not sure of its capabilities. I >use > > the perimeter scan because it comes with a nice web interface for reports. > >I just installed the trial of the command line version and it is working >fine. It just needs an upgrade of the virus patterns so it only catches old >viruses. > >Francesco. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Mon Jun 9 19:35:10 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:27 2006 Subject: SQL user options In-Reply-To: <000201c32eb9$d4f46600$0f11a8c0@pitzeier.priv.at> References: Message-ID: <5.2.1.1.2.20030609193101.0254bea0@imap.ecs.soton.ac.uk> Take a look in CustomConfig.pm. There is per-user whitelist and blacklist code there, which will give you hints as to how to read config options from a SQL db. There will later be more code here to read data from SQL dbs, but not quite yet... At 20:03 09/06/2003, you wrote: >Hi folks! > >I hope to find an answer here... > >I just read, that it is possible to have user options in a SQL database. >I want to do that with whitelists, blacklists... > >How can I do that? And what other 'option' can be hold by a SQL >database? > >I would also need the possibility to have white-/blacklists on a >per-user-basis... > >Please CC: me, if you reply! > >Best regards, > Oliver -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Mon Jun 9 19:36:34 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:27 2006 Subject: Panda Pricing In-Reply-To: <005701c32eb4$e7bb0410$6f01a8c0@Laptop1> References: <5.2.1.1.2.20030609180916.03d180f0@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030609193538.03e4fb30@imap.ecs.soton.ac.uk> At 19:28 09/06/2003, you wrote: >What version are you at? The old version had serious update issues. Julian >if you want a sendmail version for testing let me know I have 6 license and >am only using one. I will be more than happy to provide you with a license. If you could give me a copy of the PAVCL code, with a username/password to get updates, that would be very helpful. >-Sanjay > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of Julian Field >Sent: Monday, June 09, 2003 1:10 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Panda Pricing > > >Can someone tell me how we might go about automating the Panda updates? >I haven't got customer access to their site yet. >Do they give any guidance on this subject at all? > >At 18:00 09/06/2003, you wrote: > > > The command line tool is new to me. I am not sure of its capabilities. I > >use > > > the perimeter scan because it comes with a nice web interface for >reports. > > > >I just installed the trial of the command line version and it is working > >fine. It just needs an upgrade of the virus patterns so it only catches old > >viruses. > > > >Francesco. > >-- >Julian Field >www.MailScanner.info >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From sanjay.patel at REXWIRE.COM Mon Jun 9 19:41:44 2003 From: sanjay.patel at REXWIRE.COM (Sanjay Patel) Date: Thu Jan 12 21:18:27 2006 Subject: Panda Pricing In-Reply-To: <5.2.1.1.2.20030609193538.03e4fb30@imap.ecs.soton.ac.uk> Message-ID: <005801c32eb6$c748abe0$6f01a8c0@Laptop1> Can you send me your off line address. Not that I don't trust this group :-) -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Monday, June 09, 2003 2:37 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Panda Pricing At 19:28 09/06/2003, you wrote: >What version are you at? The old version had serious update issues. Julian >if you want a sendmail version for testing let me know I have 6 license and >am only using one. I will be more than happy to provide you with a license. If you could give me a copy of the PAVCL code, with a username/password to get updates, that would be very helpful. >-Sanjay > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of Julian Field >Sent: Monday, June 09, 2003 1:10 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Panda Pricing > > >Can someone tell me how we might go about automating the Panda updates? >I haven't got customer access to their site yet. >Do they give any guidance on this subject at all? > >At 18:00 09/06/2003, you wrote: > > > The command line tool is new to me. I am not sure of its capabilities. I > >use > > > the perimeter scan because it comes with a nice web interface for >reports. > > > >I just installed the trial of the command line version and it is working > >fine. It just needs an upgrade of the virus patterns so it only catches old > >viruses. > > > >Francesco. > >-- >Julian Field >www.MailScanner.info >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From o.pitzeier at UPTIME.AT Mon Jun 9 20:43:32 2003 From: o.pitzeier at UPTIME.AT (Oliver Pitzeier) Date: Thu Jan 12 21:18:27 2006 Subject: SQL user options In-Reply-To: <5.2.1.1.2.20030609193101.0254bea0@imap.ecs.soton.ac.uk> Message-ID: <001501c32ebf$6a0109b0$0f11a8c0@pitzeier.priv.at> Julian Field wrote: > At 20:03 09/06/2003, you wrote: > >Hi folks! > > > >I hope to find an answer here... > > > >I just read, that it is possible to have user options in a SQL > >database. I want to do that with whitelists, blacklists... > > > >How can I do that? And what other 'option' can be hold by a SQL > >database? > > > >I would also need the possibility to have white-/blacklists on a > >per-user-basis... > Take a look in CustomConfig.pm. There is per-user whitelist > and blacklist code there, which will give you hints as to how > to read config options from a SQL db. > > There will later be more code here to read data from SQL dbs, > but not quite yet... I guessed such an answer... Not the one I hoped for, but it means I have to get into MailScanner deeper. :-) Best regards, Oliver From mailscanner at ecs.soton.ac.uk Mon Jun 9 20:44:37 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:27 2006 Subject: Panda Pricing -- autoupdate script? In-Reply-To: <5.2.1.1.2.20030609193538.03e4fb30@imap.ecs.soton.ac.uk> References: <005701c32eb4$e7bb0410$6f01a8c0@Laptop1> <5.2.1.1.2.20030609180916.03d180f0@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030609203812.025b79c8@imap.ecs.soton.ac.uk> Why are some of these people so stupid? I'm reading the update scripts provided by Panda to see how to correctly get the right filename for the zip file to download containing the updated files. Here's the code they use DATE=`date +%d` FICHERO_LOG=update_$DATE.log Great job guys, really professional software this. It's named after the current date. In exactly whose timezone? GMT, CET, EST, a random one every day? Good thing they don't charge much, is all I can say. At 19:36 09/06/2003, you wrote: >At 19:28 09/06/2003, you wrote: >>What version are you at? The old version had serious update issues. Julian >>if you want a sendmail version for testing let me know I have 6 license and >>am only using one. I will be more than happy to provide you with a license. > >If you could give me a copy of the PAVCL code, with a username/password to >get updates, that would be very helpful. > > > >>-Sanjay >> >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >>Of Julian Field >>Sent: Monday, June 09, 2003 1:10 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: Panda Pricing >> >> >>Can someone tell me how we might go about automating the Panda updates? >>I haven't got customer access to their site yet. >>Do they give any guidance on this subject at all? >> >>At 18:00 09/06/2003, you wrote: >> > > The command line tool is new to me. I am not sure of its capabilities. I >> >use >> > > the perimeter scan because it comes with a nice web interface for >>reports. >> > >> >I just installed the trial of the command line version and it is working >> >fine. It just needs an upgrade of the virus patterns so it only catches old >> >viruses. >> > >> >Francesco. >> >>-- >>Julian Field >>www.MailScanner.info >>Professional Support Services at www.MailScanner.biz >>MailScanner thanks transtec Computers for their support > >-- >Julian Field >www.MailScanner.info >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From ernest at OACYS.COM Mon Jun 9 20:59:18 2003 From: ernest at OACYS.COM (Ernest W. Lessenger) Date: Thu Jan 12 21:18:27 2006 Subject: Zip of Death Message-ID: <5.2.0.9.2.20030609125624.01c7c9a0@mail.oacys.com> Does anyone know how to create and/or defend against the zip of death? I have a piece of software (open-source, not developed by me) that I *think* is probably susceptible, but I don't know exactly how this attack works. I'd be happy to know how to defend against this (presumably by watching out for a loop in the decompression routing), or happier to have a sample to test with. PLEASE DON'T EMAIL IT LIVE!!!! Thanks, --Ernest From raymond at PROLOCATION.NET Mon Jun 9 21:01:33 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:27 2006 Subject: Zip of Death In-Reply-To: <5.2.0.9.2.20030609125624.01c7c9a0@mail.oacys.com> Message-ID: Hi! > Does anyone know how to create and/or defend against the zip of death? I > have a piece of software (open-source, not developed by me) that I *think* > is probably susceptible, but I don't know exactly how this attack works. > I'd be happy to know how to defend against this (presumably by watching out > for a loop in the decompression routing), or happier to have a sample to > test with. PLEASE DON'T EMAIL IT LIVE!!!! MS allready protects you from zip of death. Its nothing more then a zip with a file inside thats very compressed, for example a file with a few million zeros. Bye, Raymond. From vosburgh at DALSEMI.COM Mon Jun 9 20:54:05 2003 From: vosburgh at DALSEMI.COM (David Vosburgh) Date: Thu Jan 12 21:18:27 2006 Subject: logging problem Message-ID: <3EE4E5DD.7010800@dalsemi.com> I have installed MailScanner-4.21-9, Mail-SpamAssassin-2.55, and all the related perl modules on a Sun system recently jumpstarted with 2.8 and a recent patch cluster. Sendmail is v8.12.9. Everything seems to be working as advertised, with the exception of logging. I am using the default "Syslog Facility = mail" option, and have turned on spam logging with "Log Spam = yes". My syslog.conf has a single entry for mail logging: mail.info /var/adm/maillog I read the FAQ and some posts on this list, and have tried the following without success (always re-starting MailScanner after the change): 1) starting syslog without the "-t" option 2) removed the syslog patch 110945-07 (now -05) 3) removed the "eval" from the setlogsock syslog command under the Start section of Log.pm 4) added a "mail.debug /opt/MailScanner/var/log" to syslog.conf Any ideas on where to go from here? Thanks, Dave From ernest at OACYS.COM Mon Jun 9 21:06:23 2003 From: ernest at OACYS.COM (Ernest W. Lessenger) Date: Thu Jan 12 21:18:27 2006 Subject: Zip of Death In-Reply-To: References: <5.2.0.9.2.20030609125624.01c7c9a0@mail.oacys.com> Message-ID: <5.2.0.9.2.20030609130531.036d5c30@mail.oacys.com> Ah, got it. I know that MS protects me from it, but I have a piece of software (an HTML proxy) that I think is susceptible. I want to try it out and see what needs to be done to fix it. Thanks, --Ernest At 10:01 PM 6/9/2003 +0200, you wrote: >Hi! > > > Does anyone know how to create and/or defend against the zip of death? I > > have a piece of software (open-source, not developed by me) that I *think* > > is probably susceptible, but I don't know exactly how this attack works. > > I'd be happy to know how to defend against this (presumably by watching out > > for a loop in the decompression routing), or happier to have a sample to > > test with. PLEASE DON'T EMAIL IT LIVE!!!! > >MS allready protects you from zip of death. Its nothing more then a zip >with a file inside thats very compressed, for example a file with a few >million zeros. > >Bye, >Raymond. From henker at SHCOM.US Mon Jun 9 21:42:53 2003 From: henker at SHCOM.US (Steffan Henke) Date: Thu Jan 12 21:18:27 2006 Subject: Zip of Death In-Reply-To: <5.2.0.9.2.20030609125624.01c7c9a0@mail.oacys.com> References: <5.2.0.9.2.20030609125624.01c7c9a0@mail.oacys.com> Message-ID: On Mon, 9 Jun 2003, Ernest W. Lessenger wrote: > I'd be happy to know how to defend against this (presumably by watching out > for a loop in the decompression routing), or happier to have a sample to > test with. PLEASE DON'T EMAIL IT LIVE!!!! You could download a testfile from here: http://www.fefe.de/ , it's the link "why anti viruses don't work" at the bottom of the page. Norton seems to choke on it, not sure about other products. Regards, Steffan From dwinkler at ALGORITHMICS.COM Mon Jun 9 21:55:01 2003 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:18:27 2006 Subject: MS and sa-learn Message-ID: <06EE2C86D3DAD5119A6C0060943F3C97055E6FF0@tormail1.algorithmics.com> Apparently you can do this in Outlook 2000. Open the message in it's own window and select Actions->Resend This Message. -----Original Message----- From: Julian Field [mailto:mailscanner@ecs.soton.ac.uk] Sent: Tuesday, June 03, 2003 6:13 AM To: MAILSCANNER@jiscmail.ac.uk Subject: Re: MS and sa-learn At 08:42 03/06/2003, you wrote: >How do people use sa-learn with mailscanner? In my setup the bayesian >files are in /var/spool/MailScanner somewhere, and not writeable by >normal users. So I can't easily have users run sa-learn. > >Any thoughts? Create a "spam" and a "notspam" email address, and have people bounce/redirect (you can't do it in Outlook) wrongly tagged mail into them. Then have a cron job which picks up the mailboxes and runs them through sa-learn. I have published a script to do this on this list several times already and can't be bothered to do it again :-) -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030609/67a6c8b6/attachment.html From mailscanner at ecs.soton.ac.uk Mon Jun 9 22:01:53 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:27 2006 Subject: MS and sa-learn In-Reply-To: <06EE2C86D3DAD5119A6C0060943F3C97055E6FF0@tormail1.algorith mics.com> Message-ID: <5.2.1.1.2.20030609220116.025ace88@imap.ecs.soton.ac.uk> I may be wrong, but as far as I know that merely sends a message with the body untouched, but with a new set of headers. At 21:55 09/06/2003, you wrote: >Apparently you can do this in Outlook 2000. > >Open the message in it's own window and select Actions->Resend This Message. > >-----Original Message----- >From: Julian Field >[mailto:mailscanner@ecs.soton.ac.uk] >Sent: Tuesday, June 03, 2003 6:13 AM >To: MAILSCANNER@jiscmail.ac.uk >Subject: Re: MS and sa-learn > >At 08:42 03/06/2003, you wrote: > >How do people use sa-learn with mailscanner? In my setup the bayesian > >files are in /var/spool/MailScanner somewhere, and not writeable by > >normal users. So I can't easily have users run sa-learn. > > > >Any thoughts? > >Create a "spam" and a "notspam" email address, and have people >bounce/redirect (you can't do it in Outlook) wrongly tagged mail into them. >Then have a cron job which picks up the mailboxes and runs them through >sa-learn. I have published a script to do this on this list several times >already and can't be bothered to do it again >:-) >-- >Julian Field >www.MailScanner.info >MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030609/1a9eea11/attachment.html From dwinkler at ALGORITHMICS.COM Mon Jun 9 21:59:50 2003 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:18:27 2006 Subject: OT: Bayes - list & delete Message-ID: <06EE2C86D3DAD5119A6C0060943F3C97055E6FF1@tormail1.algorithmics.com> Anyone know how to list the tokens in the bayes database? Remove some of those tokens? Thanks, Derek Winkler Security Administrator Algorithmics Inc., Toronto Tel: (416) 217-4107 Fax: (416) 971-6263 www.algorithmics.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030609/766f0af5/attachment.html From MWeiner at AG.COM Mon Jun 9 21:55:02 2003 From: MWeiner at AG.COM (MW Mike Weiner (5028)) Date: Thu Jan 12 21:18:27 2006 Subject: Zip of Death Message-ID: I sent this thru my current MS setup and CLAMAV found it in a hearbeat!!!! Thanks for the resource link! Michael Weiner -----Original Message----- From: Steffan Henke [mailto:henker@SHCOM.US] Sent: Monday, June 09, 2003 4:43 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Zip of Death On Mon, 9 Jun 2003, Ernest W. Lessenger wrote: > I'd be happy to know how to defend against this (presumably by watching out > for a loop in the decompression routing), or happier to have a sample to > test with. PLEASE DON'T EMAIL IT LIVE!!!! You could download a testfile from here: http://www.fefe.de/ , it's the link "why anti viruses don't work" at the bottom of the page. Norton seems to choke on it, not sure about other products. Regards, Steffan From dwinkler at ALGORITHMICS.COM Mon Jun 9 22:01:03 2003 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:18:27 2006 Subject: MS and sa-learn Message-ID: <06EE2C86D3DAD5119A6C0060943F3C97055E6FF2@tormail1.algorithmics.com> I tried it the headers were intact including the original from and MailScanner headers. -----Original Message----- From: Julian Field [mailto:mailscanner@ecs.soton.ac.uk] Sent: Monday, June 09, 2003 5:02 PM To: MAILSCANNER@jiscmail.ac.uk Subject: Re: MS and sa-learn I may be wrong, but as far as I know that merely sends a message with the body untouched, but with a new set of headers. At 21:55 09/06/2003, you wrote: Apparently you can do this in Outlook 2000. Open the message in it's own window and select Actions->Resend This Message. -----Original Message----- From: Julian Field [ mailto:mailscanner@ecs.soton.ac.uk ] Sent: Tuesday, June 03, 2003 6:13 AM To: MAILSCANNER@jiscmail.ac.uk Subject: Re: MS and sa-learn At 08:42 03/06/2003, you wrote: >How do people use sa-learn with mailscanner? In my setup the bayesian >files are in /var/spool/MailScanner somewhere, and not writeable by >normal users. So I can't easily have users run sa-learn. > >Any thoughts? Create a "spam" and a "notspam" email address, and have people bounce/redirect (you can't do it in Outlook) wrongly tagged mail into them. Then have a cron job which picks up the mailboxes and runs them through sa-learn. I have published a script to do this on this list several times already and can't be bothered to do it again :-) -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030609/1963ced4/attachment.html From kevins at BMRB.CO.UK Mon Jun 9 22:07:47 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:27 2006 Subject: MS and sa-learn In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB001175842@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB001175842@pascal.priv.bmrb.co.uk> Message-ID: <1055192870.3619.4.camel@bach.kevinspicer.co.uk> On Mon, 2003-06-09 at 21:55, Derek Winkler wrote: > Apparently you can do this in Outlook 2000. > Open the message in it's own window and select Actions->Resend This > Message. When I try I get the message 'You do not have the permission to send the message on behalf of the specified user', although (as normal with Outlook) its not clear whether this is a message from Outlook or the Exchange server (Outlook 2000, Exchange 2000). BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From ernest at OACYS.COM Mon Jun 9 22:09:19 2003 From: ernest at OACYS.COM (Ernest W. Lessenger) Date: Thu Jan 12 21:18:27 2006 Subject: Zip of Death In-Reply-To: Message-ID: <5.2.0.9.2.20030609140644.01f76008@mail.oacys.com> I just sent it through my system and both the primary (f-prot) and secondary (Norman AV) scanners caught it. Trend Micro running on my computer caused a blue-screen in Windows XP :) Good news is I don't think my proxy server will be affected by this particular file. Bad news is I now know how to create one that will kill it. I'll have get the developer to patch :( --Ernest At 04:55 PM 6/9/2003 -0400, you wrote: >I sent this thru my current MS setup and CLAMAV found it in a hearbeat!!!! > >Thanks for the resource link! >Michael Weiner > >-----Original Message----- >From: Steffan Henke [mailto:henker@SHCOM.US] >Sent: Monday, June 09, 2003 4:43 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Zip of Death > >On Mon, 9 Jun 2003, Ernest W. Lessenger wrote: > > > I'd be happy to know how to defend against this (presumably by watching >out > > for a loop in the decompression routing), or happier to have a sample to > > test with. PLEASE DON'T EMAIL IT LIVE!!!! > >You could download a testfile from here: http://www.fefe.de/ , >it's the link "why anti viruses don't work" at the bottom of the page. >Norton seems to choke on it, not sure about other products. > >Regards, > >Steffan From dwinkler at ALGORITHMICS.COM Mon Jun 9 22:18:12 2003 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:18:27 2006 Subject: MS and sa-learn Message-ID: <06EE2C86D3DAD5119A6C0060943F3C97055E6FF4@tormail1.algorithmics.com> Click on View->From and change to be from you. -----Original Message----- From: Kevin Spicer [mailto:kevins@BMRB.CO.UK] Sent: Monday, June 09, 2003 5:08 PM To: MAILSCANNER@jiscmail.ac.uk Subject: Re: MS and sa-learn On Mon, 2003-06-09 at 21:55, Derek Winkler wrote: > Apparently you can do this in Outlook 2000. > Open the message in it's own window and select Actions->Resend This > Message. When I try I get the message 'You do not have the permission to send the message on behalf of the specified user', although (as normal with Outlook) its not clear whether this is a message from Outlook or the Exchange server (Outlook 2000, Exchange 2000). BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030609/8cfced37/attachment.html From sanjay.patel at REXWIRE.COM Tue Jun 10 00:32:03 2003 From: sanjay.patel at REXWIRE.COM (Sanjay Patel) Date: Thu Jan 12 21:18:27 2006 Subject: MS and sa-learn In-Reply-To: <06EE2C86D3DAD5119A6C0060943F3C97055E6FF2@tormail1.algorithmics.com> Message-ID: <00ff01c32edf$5562aa20$6f01a8c0@Laptop1> that is a Exchange server issue. Client (outlook) never cares about the to and from. -SKP -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Derek Winkler Sent: Monday, June 09, 2003 5:01 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MS and sa-learn I tried it the headers were intact including the original from and MailScanner headers. -----Original Message----- From: Julian Field [mailto:mailscanner@ecs.soton.ac.uk] Sent: Monday, June 09, 2003 5:02 PM To: MAILSCANNER@jiscmail.ac.uk Subject: Re: MS and sa-learn I may be wrong, but as far as I know that merely sends a message with the body untouched, but with a new set of headers. At 21:55 09/06/2003, you wrote: Apparently you can do this in Outlook 2000. Open the message in it's own window and select Actions->Resend This Message. -----Original Message----- From: Julian Field [mailto:mailscanner@ecs.soton.ac.uk] Sent: Tuesday, June 03, 2003 6:13 AM To: MAILSCANNER@jiscmail.ac.uk Subject: Re: MS and sa-learn At 08:42 03/06/2003, you wrote: >How do people use sa-learn with mailscanner? In my setup the bayesian >files are in /var/spool/MailScanner somewhere, and not writeable by >normal users. So I can't easily have users run sa-learn. > >Any thoughts? Create a "spam" and a "notspam" email address, and have people bounce/redirect (you can't do it in Outlook) wrongly tagged mail into them. Then have a cron job which picks up the mailboxes and runs them through sa-learn. I have published a script to do this on this list several times already and can't be bothered to do it again :-) -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From marco at MUW.EDU Tue Jun 10 00:39:37 2003 From: marco at MUW.EDU (Marco Obaid) Date: Thu Jan 12 21:18:27 2006 Subject: Sophos-autoupdate on FreeBSD In-Reply-To: <06EE2C86D3DAD5119A6C0060943F3C97055E6FF4@tormail1.algorithmics.com> References: <06EE2C86D3DAD5119A6C0060943F3C97055E6FF4@tormail1.algorithmics.com> Message-ID: <1055201977.3ee51ab9081c9@webmail.MUW.Edu> Hi, I am trying to install Sophos on a FreeBSD 4.8 system using Sophos.insall script. It is failing when it tries to fetch the ides, complaing about the version of Sophos, which I downloaded off their website and *is* the latest. Here is what happens when I run Sophos.install: ********************************************************** $ /opt/MailScanner/bin/Sophos.install Clearing out old default Sophos installation libraries Clearing out unpacked distribution Unpacking distribution Installing Sophos for MailScanner Sophos Anti-Virus installation utility [FreeBSD/Intel] Copyright (c) 1998,2001 Sophos Plc, Oxford, England Binaries will be installed in '/usr/local/Sophos/bin' Libraries will be installed in '/usr/local/Sophos/lib' Manual pages will be installed in '/usr/local/Sophos/man' Virus data will be installed in '/usr/local/Sophos/lib' SWEEP will be installed InterCheck will not be installed ===> Installing binaries sweep copied to /usr/local/Sophos/bin/sweep ===> Installing shared library libsavi.so.3.2.05.034 copied to /usr/local/Sophos/lib/libsavi.so.3.2.05.034 libsavi.so.3.2.05.034 symlinked to /usr/local/Sophos/lib/libsavi.so.3 ldconfig -R -m /usr/local/Sophos/lib libsavi.so.3.2.05.034 symlinked to /usr/local/Sophos/lib/libsavi.so.2 ===> Installing virus data vdl-3.70.dat copied to /usr/local/Sophos/lib/vdl-3.70.dat vdl01.vdb copied to /usr/local/Sophos/lib/vdl01.vdb vdl02.vdb copied to /usr/local/Sophos/lib/vdl02.vdb vdl03.vdb copied to /usr/local/Sophos/lib/vdl03.vdb vdl04.vdb copied to /usr/local/Sophos/lib/vdl04.vdb vdl05.vdb copied to /usr/local/Sophos/lib/vdl05.vdb vdl06.vdb copied to /usr/local/Sophos/lib/vdl06.vdb vdl07.vdb copied to /usr/local/Sophos/lib/vdl07.vdb vdl08.vdb copied to /usr/local/Sophos/lib/vdl08.vdb vdl09.vdb copied to /usr/local/Sophos/lib/vdl09.vdb vdl10.vdb copied to /usr/local/Sophos/lib/vdl10.vdb vdl11.vdb copied to /usr/local/Sophos/lib/vdl11.vdb vdl-3.70.dat symlinked to /usr/local/Sophos/lib/vdl.dat Adjusting /etc/sav.conf ===> Installing manual pages sweep.1 copied to /usr/local/Sophos/man/man1/sweep.1 ===> Checking paths are accessible $PATH is OK Library path is OK Warning: FreeBSD 4 and above: you may need to install the FreeBSD version 3.x compatibility libraries on your system. Manual path is OK ===> Installation complete <=== Creating links so Perl-SAVI module compiles Fetching latest IDE virus identities from www.sophos.com Unzipping the new Sophos IDE files failed. This may well be because your Sophos installation is too old. Please install the latest release of SophosDone. *********************************************************** Has anyone run into this? Thanks, Marco _________________________________________________________________ This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail For the latest MUW Events, visit http://www.MUW.Edu/calendar From damian at WORKGROUPSOLUTIONS.COM Tue Jun 10 00:43:10 2003 From: damian at WORKGROUPSOLUTIONS.COM (Damian Mendoza) Date: Thu Jan 12 21:18:27 2006 Subject: F-Prot and Mail Scanner Message-ID: Hi, I installed F-Prot and MailScanner on an SMTP gateway for a customer. My customer tells me that F-Prot is only blocking 10% of the viruses. They had 9 messages get passed the F-Prot/MailScanner gateway and 1 message was stopped according to the maillog. Norton Antivirus on the Exchange server told us about the 9 messages. Any ideas? F-Prot is getting the updates based on the Maillog file. Thanks, Damian From michele at BLACKNIGHTSOLUTIONS.COM Tue Jun 10 00:57:42 2003 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: BlacknightSolutions) Date: Thu Jan 12 21:18:27 2006 Subject: Panda frustration Message-ID: <200306092357.h59NvV924851@camelot.blacknightsolutions.com> OK. Now I am annoyed. Although the Panda software site clearly states command line scanning for linux and win32 after purchasing the download is win32 binary. So, I download the linux version, which seems to be the same thing. It works fine with our fresh install of MailScanner. Now to update... BIG problem! The command line version does not contain an activation code in the email, so registering on the website is impossible, and getting updates is only possible via the website, so I can't update Any ideas????? Mr. Michele Neylon Blacknight Solutions http://www.blacknightsolutions.com/ ######################################################### This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance to it is prohibited. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030610/177a7005/attachment.html From mailscanner at ecs.soton.ac.uk Tue Jun 10 02:08:23 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:27 2006 Subject: Sophos-autoupdate on FreeBSD In-Reply-To: <1055201977.3ee51ab9081c9@webmail.MUW.Edu> References: <06EE2C86D3DAD5119A6C0060943F3C97055E6FF4@tormail1.algorithmics.com> <06EE2C86D3DAD5119A6C0060943F3C97055E6FF4@tormail1.algorithmics.com> Message-ID: <5.2.1.1.2.20030610020718.024b14a8@imap.ecs.soton.ac.uk> Do you have "unzip" installed? It would be worth adding a "set -x" right near the top of the sophos-autoupdate script and running it by hand. That way you can see all the commands it executes, which should tell you what is wrong. At 00:39 10/06/2003, you wrote: >Hi, > >I am trying to install Sophos on a FreeBSD 4.8 system using Sophos.insall >script. It is failing when it tries to fetch the ides, complaing about the >version of Sophos, which I downloaded off their website and *is* the latest. > >Here is what happens when I run Sophos.install: > >********************************************************** >$ /opt/MailScanner/bin/Sophos.install >Clearing out old default Sophos installation libraries >Clearing out unpacked distribution >Unpacking distribution >Installing Sophos for MailScanner >Sophos Anti-Virus installation utility [FreeBSD/Intel] >Copyright (c) 1998,2001 Sophos Plc, Oxford, England > >Binaries will be installed in '/usr/local/Sophos/bin' >Libraries will be installed in '/usr/local/Sophos/lib' >Manual pages will be installed in '/usr/local/Sophos/man' >Virus data will be installed in '/usr/local/Sophos/lib' > >SWEEP will be installed >InterCheck will not be installed > >===> Installing binaries >sweep copied to /usr/local/Sophos/bin/sweep > >===> Installing shared library >libsavi.so.3.2.05.034 copied to /usr/local/Sophos/lib/libsavi.so.3.2.05.034 >libsavi.so.3.2.05.034 symlinked to /usr/local/Sophos/lib/libsavi.so.3 >ldconfig -R -m /usr/local/Sophos/lib >libsavi.so.3.2.05.034 symlinked to /usr/local/Sophos/lib/libsavi.so.2 > >===> Installing virus data >vdl-3.70.dat copied to /usr/local/Sophos/lib/vdl-3.70.dat >vdl01.vdb copied to /usr/local/Sophos/lib/vdl01.vdb >vdl02.vdb copied to /usr/local/Sophos/lib/vdl02.vdb >vdl03.vdb copied to /usr/local/Sophos/lib/vdl03.vdb >vdl04.vdb copied to /usr/local/Sophos/lib/vdl04.vdb >vdl05.vdb copied to /usr/local/Sophos/lib/vdl05.vdb >vdl06.vdb copied to /usr/local/Sophos/lib/vdl06.vdb >vdl07.vdb copied to /usr/local/Sophos/lib/vdl07.vdb >vdl08.vdb copied to /usr/local/Sophos/lib/vdl08.vdb >vdl09.vdb copied to /usr/local/Sophos/lib/vdl09.vdb >vdl10.vdb copied to /usr/local/Sophos/lib/vdl10.vdb >vdl11.vdb copied to /usr/local/Sophos/lib/vdl11.vdb >vdl-3.70.dat symlinked to /usr/local/Sophos/lib/vdl.dat >Adjusting /etc/sav.conf > >===> Installing manual pages >sweep.1 copied to /usr/local/Sophos/man/man1/sweep.1 > >===> Checking paths are accessible > $PATH is OK > Library path is OK >Warning: FreeBSD 4 and above: you may need to install the FreeBSD version 3.x > compatibility libraries on your system. > > Manual path is OK >===> Installation complete <=== >Creating links so Perl-SAVI module compiles > >Fetching latest IDE virus identities from www.sophos.com >Unzipping the new Sophos IDE files failed. This may well be because your >Sophos installation is too old. Please install the latest release of >SophosDone. > >*********************************************************** > >Has anyone run into this? > >Thanks, >Marco > > >_________________________________________________________________ >This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail >For the latest MUW Events, visit http://www.MUW.Edu/calendar -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Tue Jun 10 02:09:39 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:28 2006 Subject: F-Prot and Mail Scanner In-Reply-To: Message-ID: <5.2.1.1.2.20030610020855.024425f8@imap.ecs.soton.ac.uk> I would check that F-Prot really is getting the updates. Are the SIGN.DEF and other .DEF files in /usr/local/f-prot dated within the last day or 2? At 00:43 10/06/2003, you wrote: >Hi, > >I installed F-Prot and MailScanner on an SMTP gateway for a customer. My >customer tells me that F-Prot is only blocking 10% of the viruses. They >had 9 messages get passed the F-Prot/MailScanner gateway and 1 message was >stopped according to the maillog. > >Norton Antivirus on the Exchange server told us about the 9 messages. > >Any ideas? F-Prot is getting the updates based on the Maillog file. > >Thanks, > >Damian -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From sanjay.patel at REXWIRE.COM Tue Jun 10 02:52:45 2003 From: sanjay.patel at REXWIRE.COM (Sanjay Patel) Date: Thu Jan 12 21:18:28 2006 Subject: Panda frustration In-Reply-To: <200306092357.h59NvV924851@camelot.blacknightsolutions.com> Message-ID: <011001c32ef2$fd4c5f70$6f01a8c0@Laptop1> you should get a e-mail within 24hrs from them. -SKP -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Michele Neylon :: BlacknightSolutions Sent: Monday, June 09, 2003 7:58 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Panda frustration OK. Now I am annoyed. Although the Panda software site clearly states command line scanning for linux and win32 after purchasing the download is win32 binary. So, I download the linux version, which seems to be the same thing. It works fine with our fresh install of MailScanner. Now to update... BIG problem! The command line version does not contain an activation code in the email, so registering on the website is impossible, and getting updates is only possible via the website, so I can't update Any ideas????? Mr. Michele Neylon Blacknight Solutions http://www.blacknightsolutions.com/ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. From mike at CAMAROSS.NET Tue Jun 10 03:31:47 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:18:28 2006 Subject: Zip of Death In-Reply-To: <5.2.0.9.2.20030609140644.01f76008@mail.oacys.com> Message-ID: <004701c32ef8$71356e40$9b01a8c0@home.middlefinger.net> I just ran it through my system. It appears that Sophos is scanning each embedded zip file. This could take a while! :) Mike > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ernest W. Lessenger > Sent: Monday, June 09, 2003 4:09 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Zip of Death > > > I just sent it through my system and both the primary > (f-prot) and secondary (Norman AV) scanners caught it. Trend > Micro running on my computer caused a blue-screen in Windows XP :) > > Good news is I don't think my proxy server will be affected > by this particular file. Bad news is I now know how to create > one that will kill it. I'll have get the developer to patch :( > > --Ernest > > At 04:55 PM 6/9/2003 -0400, you wrote: > >I sent this thru my current MS setup and CLAMAV found it in a > >hearbeat!!!! > > > >Thanks for the resource link! > >Michael Weiner > > > >-----Original Message----- > >From: Steffan Henke [mailto:henker@SHCOM.US] > >Sent: Monday, June 09, 2003 4:43 PM > >To: MAILSCANNER@JISCMAIL.AC.UK > >Subject: Re: Zip of Death > > > >On Mon, 9 Jun 2003, Ernest W. Lessenger wrote: > > > > > I'd be happy to know how to defend against this (presumably by > > > watching > >out > > > for a loop in the decompression routing), or happier to have a > > > sample to test with. PLEASE DON'T EMAIL IT LIVE!!!! > > > >You could download a testfile from here: http://www.fefe.de/ > , it's the > >link "why anti viruses don't work" at the bottom of the page. Norton > >seems to choke on it, not sure about other products. > > > >Regards, > > > >Steffan > From mike at CAMAROSS.NET Tue Jun 10 03:36:40 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:18:28 2006 Subject: Zip of Death In-Reply-To: <004701c32ef8$71356e40$9b01a8c0@home.middlefinger.net> Message-ID: <004801c32ef9$1f6bd1c0$9b01a8c0@home.middlefinger.net> Sophos sweep finished scanning the 42.zip and found it to be a denial of service attack. Mike > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mike Kercher > Sent: Monday, June 09, 2003 9:32 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Zip of Death > > > I just ran it through my system. It appears that Sophos is > scanning each embedded zip file. This could take a while! :) > > Mike > > > > -----Original Message----- > > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > Behalf Of Ernest W. Lessenger > > Sent: Monday, June 09, 2003 4:09 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Zip of Death > > > > > > I just sent it through my system and both the primary > > (f-prot) and secondary (Norman AV) scanners caught it. Trend Micro > > running on my computer caused a blue-screen in Windows XP :) > > > > Good news is I don't think my proxy server will be affected by this > > particular file. Bad news is I now know how to create one that will > > kill it. I'll have get the developer to patch :( > > > > --Ernest > > > > At 04:55 PM 6/9/2003 -0400, you wrote: > > >I sent this thru my current MS setup and CLAMAV found it in a > > >hearbeat!!!! > > > > > >Thanks for the resource link! > > >Michael Weiner > > > > > >-----Original Message----- > > >From: Steffan Henke [mailto:henker@SHCOM.US] > > >Sent: Monday, June 09, 2003 4:43 PM > > >To: MAILSCANNER@JISCMAIL.AC.UK > > >Subject: Re: Zip of Death > > > > > >On Mon, 9 Jun 2003, Ernest W. Lessenger wrote: > > > > > > > I'd be happy to know how to defend against this (presumably by > > > > watching > > >out > > > > for a loop in the decompression routing), or happier to have a > > > > sample to test with. PLEASE DON'T EMAIL IT LIVE!!!! > > > > > >You could download a testfile from here: http://www.fefe.de/ > > , it's the > > >link "why anti viruses don't work" at the bottom of the > page. Norton > > >seems to choke on it, not sure about other products. > > > > > >Regards, > > > > > >Steffan > > > From P.G.M.Peters at CIV.UTWENTE.NL Tue Jun 10 07:41:49 2003 From: P.G.M.Peters at CIV.UTWENTE.NL (Peter Peters) Date: Thu Jan 12 21:18:28 2006 Subject: filtering file types vs. extensions In-Reply-To: <3EE0E82B.26759.11B0F37B@localhost> References: <5.2.1.1.2.20030606183433.0287c7a8@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030606191014.0287cc48@imap.ecs.soton.ac.uk> <3EE0E82B.26759.11B0F37B@localhost> Message-ID: On Fri, 6 Jun 2003 19:14:51 -0300, you wrote: >Example: I get a file called "funny-picture.jpg" that actually has a DOS >executable in it, it would be allowed by an explicit rule in >filename.rules.conf, but later forbidden by an explicit rule in >mime-type.rules.conf, and thus it would be replaced by a message that says >"funny-picture.jpg seems to be an application/octet-stream type. This type is >considered dangerous". Most Microsoft files I see in attachments are of type application/octet-stream. Even the (more) innocent ones. So deciding on this alone would be a problem. -- Peter Peters, senior netwerkbeheerder Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/civ From P.G.M.Peters at CIV.UTWENTE.NL Tue Jun 10 07:47:41 2003 From: P.G.M.Peters at CIV.UTWENTE.NL (Peter Peters) Date: Thu Jan 12 21:18:28 2006 Subject: how to map MS process id to SM process id? In-Reply-To: <001BD19C96E6E64E8750D72C2EA0ECEE2B7C14@ati-ex-01.ati.local> References: <001BD19C96E6E64E8750D72C2EA0ECEE2B7C14@ati-ex-01.ati.local> Message-ID: <1lvaev0ca5g6lf0k2igkuofjbq20g90goh@4ax.com> On Fri, 6 Jun 2003 15:01:11 -0700, you wrote: >When checking the maillog I'd like to be able to pull all the records >pertaining to a certain mail. Is there a way to map the sendmail process >id to the MS process id that is handling that mail? You can't map the ID's when MS handles more than one message in a batch. But you could get a bit of information when you go for the sendmail queue ID. -- Peter Peters, senior netwerkbeheerder Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/civ From raymond at PROLOCATION.NET Tue Jun 10 07:50:54 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:28 2006 Subject: F-Prot and Mail Scanner In-Reply-To: Message-ID: Hi! > I installed F-Prot and MailScanner on an SMTP gateway for a customer. > My customer tells me that F-Prot is only blocking 10% of the viruses. > They had 9 messages get passed the F-Prot/MailScanner gateway and 1 > message was stopped according to the maillog. > > Norton Antivirus on the Exchange server told us about the 9 messages. > Any ideas? F-Prot is getting the updates based on the Maillog file. We are not mindreading heros. Provide information/proof please, a mail like 'i have hear this' 'my customer told' doesnt really have things in it we can shoot on do they ? Thanks, Raymond. From P.G.M.Peters at CIV.UTWENTE.NL Tue Jun 10 07:51:28 2003 From: P.G.M.Peters at CIV.UTWENTE.NL (Peter Peters) Date: Thu Jan 12 21:18:28 2006 Subject: virus found ? In-Reply-To: <001BD19C96E6E64E8750D72C2EA0ECEE2B7C17@ati-ex-01.ati.local> References: <001BD19C96E6E64E8750D72C2EA0ECEE2B7C17@ati-ex-01.ati.local> Message-ID: On Fri, 6 Jun 2003 16:44:40 -0700, you wrote: >> No, but I've been getting bugbear since yesterday. F-Prot is getting >> and cleaning them. > >Why clean a virus infected email instead of just dumping it in the >trash? (Or am I misunderstanding something?) In the first place you possibly want the clean attachments to the recipient. Particular when you have a false positive. Or when in a batch of word-documents only one is infected. In the second place you want the people to know you clean up for them. Particular when you tell them that you will be able to clean 99%. When they never see a tagged message they think they aren't getting any. When they see a lot of cleaned messages they know that when they received 99 cleaned messages they could have recieved 1 uncleaned virus. -- Peter Peters, senior netwerkbeheerder Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/civ From P.G.M.Peters at CIV.UTWENTE.NL Tue Jun 10 07:54:37 2003 From: P.G.M.Peters at CIV.UTWENTE.NL (Peter Peters) Date: Thu Jan 12 21:18:28 2006 Subject: RBL's Working? In-Reply-To: References: Message-ID: On Sat, 7 Jun 2003 12:33:47 -0400, you wrote: >I haven't noticed anything marked by either ORDB-RBL or Infinite-Monkeys >in a long, long time. Are these RBL's working? I have had hits on both of them today. But I use it with MS and not SA. -- Peter Peters, senior netwerkbeheerder Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/civ From P.G.M.Peters at CIV.UTWENTE.NL Tue Jun 10 08:30:38 2003 From: P.G.M.Peters at CIV.UTWENTE.NL (Peter Peters) Date: Thu Jan 12 21:18:28 2006 Subject: F-Prot and Mail Scanner In-Reply-To: References: Message-ID: On Mon, 9 Jun 2003 16:43:10 -0700, you wrote: >I installed F-Prot and MailScanner on an SMTP gateway for a customer. My >customer tells me that F-Prot is only blocking 10% of the viruses. They >had 9 messages get passed the F-Prot/MailScanner gateway and 1 message >was stopped according to the maillog. Are you sure those messages where send through mailscanner? Isn't sendmail running besides MS? >Norton Antivirus on the Exchange server told us about the 9 messages. > >Any ideas? F-Prot is getting the updates based on the Maillog file. The only time I got Norton to find a virus after getting through MS and F-prot was when the update script didn't work for a while on one of the servers. I have seen cases where virusses (from other sources then through MS) came through Norton on our exchange and weren't detected for days (on exchange). They were detected by f-prot offcourse because the exchange servers use our main servers as smarthost. (and smart they are now). -- Peter Peters, senior netwerkbeheerder Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/civ From raymond at PROLOCATION.NET Tue Jun 10 08:32:57 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:28 2006 Subject: F-Prot and Mail Scanner In-Reply-To: Message-ID: hi! > >I installed F-Prot and MailScanner on an SMTP gateway for a customer. My > >customer tells me that F-Prot is only blocking 10% of the viruses. They > >had 9 messages get passed the F-Prot/MailScanner gateway and 1 message > >was stopped according to the maillog. > > Are you sure those messages where send through mailscanner? Isn't > sendmail running besides MS? Only header information and logfiles will tell whats going on. Bye, Raymond. From maxsec at TOTALISE.CO.UK Tue Jun 10 09:49:26 2003 From: maxsec at TOTALISE.CO.UK (Martin Hepworth) Date: Thu Jan 12 21:18:28 2006 Subject: Sophos-autoupdate on FreeBSD In-Reply-To: <1055201977.3ee51ab9081c9@webmail.MUW.Edu> References: <06EE2C86D3DAD5119A6C0060943F3C97055E6FF4@tormail1.algorithmics.com> <1055201977.3ee51ab9081c9@webmail.MUW.Edu> Message-ID: <3EE59B96.7030403@totalise.co.uk> Marco the error message is not very informative, probably failing because the unzip program isn't found. I installed unzip from the ports system and them sym linked /usr/local/bin/unzip to /usr/bin/unzip which is where the script expects it to be. I've also munged the script so it can run every hour (once a day is NOT enough) and keep a copy of the previous IDE's just in case. If you want my version, or Julian wants me to create a patch file then let me know.. -- Martin Marco Obaid wrote: > Hi, > > I am trying to install Sophos on a FreeBSD 4.8 system using Sophos.insall > script. It is failing when it tries to fetch the ides, complaing about the > version of Sophos, which I downloaded off their website and *is* the latest. > > Here is what happens when I run Sophos.install: > > ********************************************************** > $ /opt/MailScanner/bin/Sophos.install > Clearing out old default Sophos installation libraries > Clearing out unpacked distribution > Unpacking distribution > Installing Sophos for MailScanner > Sophos Anti-Virus installation utility [FreeBSD/Intel] > Copyright (c) 1998,2001 Sophos Plc, Oxford, England > > Binaries will be installed in '/usr/local/Sophos/bin' > Libraries will be installed in '/usr/local/Sophos/lib' > Manual pages will be installed in '/usr/local/Sophos/man' > Virus data will be installed in '/usr/local/Sophos/lib' > > SWEEP will be installed > InterCheck will not be installed > > ===> Installing binaries > sweep copied to /usr/local/Sophos/bin/sweep > > ===> Installing shared library > libsavi.so.3.2.05.034 copied to /usr/local/Sophos/lib/libsavi.so.3.2.05.034 > libsavi.so.3.2.05.034 symlinked to /usr/local/Sophos/lib/libsavi.so.3 > ldconfig -R -m /usr/local/Sophos/lib > libsavi.so.3.2.05.034 symlinked to /usr/local/Sophos/lib/libsavi.so.2 > > ===> Installing virus data > vdl-3.70.dat copied to /usr/local/Sophos/lib/vdl-3.70.dat > vdl01.vdb copied to /usr/local/Sophos/lib/vdl01.vdb > vdl02.vdb copied to /usr/local/Sophos/lib/vdl02.vdb > vdl03.vdb copied to /usr/local/Sophos/lib/vdl03.vdb > vdl04.vdb copied to /usr/local/Sophos/lib/vdl04.vdb > vdl05.vdb copied to /usr/local/Sophos/lib/vdl05.vdb > vdl06.vdb copied to /usr/local/Sophos/lib/vdl06.vdb > vdl07.vdb copied to /usr/local/Sophos/lib/vdl07.vdb > vdl08.vdb copied to /usr/local/Sophos/lib/vdl08.vdb > vdl09.vdb copied to /usr/local/Sophos/lib/vdl09.vdb > vdl10.vdb copied to /usr/local/Sophos/lib/vdl10.vdb > vdl11.vdb copied to /usr/local/Sophos/lib/vdl11.vdb > vdl-3.70.dat symlinked to /usr/local/Sophos/lib/vdl.dat > Adjusting /etc/sav.conf > > ===> Installing manual pages > sweep.1 copied to /usr/local/Sophos/man/man1/sweep.1 > > ===> Checking paths are accessible > $PATH is OK > Library path is OK > Warning: FreeBSD 4 and above: you may need to install the FreeBSD version 3.x > compatibility libraries on your system. > > Manual path is OK > ===> Installation complete <=== > Creating links so Perl-SAVI module compiles > > Fetching latest IDE virus identities from www.sophos.com > Unzipping the new Sophos IDE files failed. This may well be because your > Sophos installation is too old. Please install the latest release of > SophosDone. > > *********************************************************** > > Has anyone run into this? > > Thanks, > Marco > > > _________________________________________________________________ > This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail > For the latest MUW Events, visit http://www.MUW.Edu/calendar From mailscanner at ecs.soton.ac.uk Tue Jun 10 11:38:56 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:28 2006 Subject: Zip of Death In-Reply-To: <004801c32ef9$1f6bd1c0$9b01a8c0@home.middlefinger.net> References: <004701c32ef8$71356e40$9b01a8c0@home.middlefinger.net> Message-ID: <5.2.0.9.2.20030610113832.044e43b0@imap.ecs.soton.ac.uk> At 03:36 10/06/2003, you wrote: >Sophos sweep finished scanning the 42.zip and found it to be a denial of >service >attack. i.e. MailScanner found it to be a DoS attack :-) (unless you actually ran sweep by hand) >Mike > > > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mike Kercher > > Sent: Monday, June 09, 2003 9:32 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Zip of Death > > > > > > I just ran it through my system. It appears that Sophos is > > scanning each embedded zip file. This could take a while! :) > > > > Mike > > > > > > > -----Original Message----- > > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > > Behalf Of Ernest W. Lessenger > > > Sent: Monday, June 09, 2003 4:09 PM > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Subject: Re: Zip of Death > > > > > > > > > I just sent it through my system and both the primary > > > (f-prot) and secondary (Norman AV) scanners caught it. Trend Micro > > > running on my computer caused a blue-screen in Windows XP :) > > > > > > Good news is I don't think my proxy server will be affected by this > > > particular file. Bad news is I now know how to create one that will > > > kill it. I'll have get the developer to patch :( > > > > > > --Ernest > > > > > > At 04:55 PM 6/9/2003 -0400, you wrote: > > > >I sent this thru my current MS setup and CLAMAV found it in a > > > >hearbeat!!!! > > > > > > > >Thanks for the resource link! > > > >Michael Weiner > > > > > > > >-----Original Message----- > > > >From: Steffan Henke [mailto:henker@SHCOM.US] > > > >Sent: Monday, June 09, 2003 4:43 PM > > > >To: MAILSCANNER@JISCMAIL.AC.UK > > > >Subject: Re: Zip of Death > > > > > > > >On Mon, 9 Jun 2003, Ernest W. Lessenger wrote: > > > > > > > > > I'd be happy to know how to defend against this (presumably by > > > > > watching > > > >out > > > > > for a loop in the decompression routing), or happier to have a > > > > > sample to test with. PLEASE DON'T EMAIL IT LIVE!!!! > > > > > > > >You could download a testfile from here: http://www.fefe.de/ > > > , it's the > > > >link "why anti viruses don't work" at the bottom of the > > page. Norton > > > >seems to choke on it, not sure about other products. > > > > > > > >Regards, > > > > > > > >Steffan > > > > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From rishi at THEARGONCOMPANY.COM Tue Jun 10 12:33:08 2003 From: rishi at THEARGONCOMPANY.COM (Rishi Gangoly) Date: Thu Jan 12 21:18:28 2006 Subject: f-prot's new mailbox licensing model Message-ID: <200306101703.08702.rishi@theargoncompany.com> Hi all... With f-prot's new mailbox licensing model, I'm considering using just MailScanner standalone and not using any AV scanner as I don't see any great value. MailScanner seems to be doing such a great job on it's own. Half the time because of the file name pattern check or IFrame TAGs or whatever, new viruses are quarantined as well. Basically it looks like all that f-prot seems to be doing is Naming the Virus in the e-mail report / notification (big deal) ;-) The only downside I forsee is that the notification of new viruses like KLEZ, Sobig or BugBear virus, will constantly be sent to invalid FROM addresses. Also sometimes viruses are accidentally sent inside zip file attachments. Without the AV software, MailScanner would fail to catch these situations. If you notice there isn't any question here so far ;-) I'm hoping to trigger a conversation .... so do you guys think? Is this a good idea? Also, can it be done? Regards Rishi From raymond at PROLOCATION.NET Tue Jun 10 12:47:00 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:28 2006 Subject: f-prot's new mailbox licensing model In-Reply-To: <200306101703.08702.rishi@theargoncompany.com> Message-ID: Hi! > The only downside I forsee is that the notification of new viruses like KLEZ, > Sobig or BugBear virus, will constantly be sent to invalid FROM addresses. > > Also sometimes viruses are accidentally sent inside zip file attachments. > Without the AV software, MailScanner would fail to catch these situations. > > If you notice there isn't any question here so far ;-) > > I'm hoping to trigger a conversation .... so do you guys think? > Is this a good idea? > Also, can it be done? Naturally it CAN be done but i would stronlgy advice to keep running a virus scanner also. If not f-prot then for example ClamAV... Bye, Raymond. From Kevin.Spicer at BMRB.CO.UK Tue Jun 10 12:47:13 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:18:28 2006 Subject: f-prot's new mailbox licensing model Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0EBF63C@pascal.priv.bmrb.co.uk> > Is this a good idea? No > Also, can it be done? Yes IMHO The costs of virus scanning (from one of the cheaper vendors) are considerably less than the impact in terms of support time and lost productivity or just one mass mailing work getting through (been there, done that!). It could also be a difficult decision to justify later! Even running just Clam (which is free) will help (although they are not always up to date) BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From P.G.M.Peters at CIV.UTWENTE.NL Tue Jun 10 12:49:17 2003 From: P.G.M.Peters at CIV.UTWENTE.NL (Peter Peters) Date: Thu Jan 12 21:18:28 2006 Subject: Changing Precedence to junk In-Reply-To: <001501c32e93$ef4061b0$9b01a8c0@home.middlefinger.net> References: <001501c32e93$ef4061b0$9b01a8c0@home.middlefinger.net> Message-ID: <5o0bevs6a0s1mol9ii3tt8otc8a8ts5sq0@4ax.com> On Mon, 9 Jun 2003 09:32:20 -0500, you wrote: >Mailman uses the precedence of either Bulk or List...can't remember which. My >question is this...WHY would you bounce spam? The large percentage of spam you >bounce more than likey comes from forged addresses. Therefore, attempting to >bounce them just generates more useless traffic on the net and your boxen (IMHO >of course). Spam isn't bounced but people using out-of-office assistance still send OOO messages to the address in the spam. I haven't been able to get a (good) instructionset to get the people use rules to limit the OOO's they send. -- Peter Peters, senior netwerkbeheerder Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/civ From tomas at SAP.SE Tue Jun 10 13:04:55 2003 From: tomas at SAP.SE (Tomas) Date: Thu Jan 12 21:18:28 2006 Subject: Notify only local senders Message-ID: I've been scanning the mail arcive for some time now. At last I found the function I've been looking for. I want to notify only local senders. Outside ->in notify postmaster, local recipient. No external senders notified. Inside -> out notify local sender, postmaster, no external recipients notified. The problem is I dont know how to use it, probobly simpel but I'm a newbee whith MS..... Please help some one.... I'm using RH 8, Postfix & MS 4.20 (The orig mail thred is from last summer, 25 Jun. Subject: Notify Senders) From marco at MUW.EDU Tue Jun 10 13:57:11 2003 From: marco at MUW.EDU (Marco Obaid) Date: Thu Jan 12 21:18:28 2006 Subject: Sophos-autoupdate on FreeBSD In-Reply-To: <3EE59B96.7030403@totalise.co.uk> References: <06EE2C86D3DAD5119A6C0060943F3C97055E6FF4@tormail1.algorithmics.com> <1055201977.3ee51ab9081c9@webmail.MUW.Edu> <3EE59B96.7030403@totalise.co.uk> Message-ID: <1055249831.3ee5d5a71c23b@webmail.MUW.Edu> Hi Martin, > If you want my version, or Julian wants me to create a patch file then > let me know.. Would you please send me your copy? On a related topic, Sophos has two versions for FreeBSD. I used freebsd.elf.tar.Z but there is a note in the manual about: "FreeBSD 4 and above: you may need to install the FreeBSD version 3.x compatibility libraries on your system." But they do not tell you how to install this compatibility library. Did you have to install it? Can I install the linux version of Sophos on FreeBSD? I tried it and it seemed to be working. However, I have not been able to get sophos-autoupdate to work. Thank you Marco _________________________________________________________________ This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail For the latest MUW Events, visit http://www.MUW.Edu/calendar From maxsec at TOTALISE.CO.UK Tue Jun 10 14:09:08 2003 From: maxsec at TOTALISE.CO.UK (Martin Hepworth) Date: Thu Jan 12 21:18:28 2006 Subject: Sophos-autoupdate on FreeBSD In-Reply-To: <1055249831.3ee5d5a71c23b@webmail.MUW.Edu> References: <06EE2C86D3DAD5119A6C0060943F3C97055E6FF4@tormail1.algorithmics.com> <1055201977.3ee51ab9081c9@webmail.MUW.Edu> <3EE59B96.7030403@totalise.co.uk> <1055249831.3ee5d5a71c23b@webmail.MUW.Edu> Message-ID: <3EE5D874.30405@totalise.co.uk> Marco Obaid wrote: > Hi Martin, > > >>If you want my version, or Julian wants me to create a patch file then >>let me know.. > > > Would you please send me your copy? > > On a related topic, Sophos has two versions for FreeBSD. I used > freebsd.elf.tar.Z but there is a note in the manual about: > "FreeBSD 4 and above: you may need to install the FreeBSD version 3.x > compatibility libraries on your system." But they do not tell you how to > install this compatibility library. Did you have to install it? > > Can I install the linux version of Sophos on FreeBSD? I tried it and it seemed > to be working. However, I have not been able to get sophos-autoupdate to work. > > Thank you > Marco > > > _________________________________________________________________ > This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail > For the latest MUW Events, visit http://www.MUW.Edu/calendar marco the elf one should work fine without anything else..run the sweep command on a directory to prove it. You'll also need to run the Sophos.install script beforehand to put Sophos where MS expects it. -- Martin -------------- next part -------------- #!/usr/bin/perl use Sys::Syslog; $SophosRoot = "/usr/local/Sophos"; $IDELink = "$SophosRoot/ide"; $VDLDir = "../lib"; #$Lynx = "/usr/local/bin/lynx -dump"; $Lynx = "/usr/bin/wget -q -O-"; # On Linux use this $Unzip = "/usr/bin/unzip -joqq"; $rm = "/bin/rm"; $LockFile = "/tmp/SophosBusy.lock"; $LOCK_SH = 1; $LOCK_EX = 2; $LOCK_NB = 4; $LOCK_UN = 8; Sys::Syslog::openlog("Sophos-autoupdate", 'pid, nowait', 'mail'); # Work out the current VDL (and hence Sophos Sweep) version number chdir "$SophosRoot/bin/$VDLDir"; opendir(LIBDIR, ".") || &BailOut("Cannot open Sophos/lib directory"); foreach $vdlname (sort readdir(LIBDIR)) { next unless $vdlname =~ /^vdl-(\d+)\.(\d+)([a-z]?)\.dat$/; $MajorVer = $1; $MinorVer = $2; $NSVFlag = $3; } closedir(LIBDIR); &BailOut("Could not calculate Sophos version number") unless defined($MajorVer) && defined($MinorVer); $SophosVersion = "$MajorVer$MinorVer"; $VDLVersion = "$MajorVer.$MinorVer"; # Derive other variables, filenames and URLs from the version numbers $ZipName = $SophosVersion . "_ides.zip"; $URL = "http://www.sophos.com/downloads/ide/$ZipName"; ($min,$hour,$date,$month,$year) = (localtime)[1,2,3,4,5]; $month++; $year+=1900; $IDEDir = $SophosRoot. "/idenew"; # If the directory already exists, then we have already done the update # for today, so quietly exit. Sys::Syslog::syslog('info', "Sophos already up-to-date"),exit 0 if -d $IDEDir; umask 0022; mkdir $IDEDir, 0755; chdir $IDEDir or &BailOut("Cannot cd $IDEDir, $!"); # Fetch and unpack the IDE zip file from Sophos #print STDERR "URL is $URL\n"; $result = system("$Lynx $URL > $ZipName"); if (($result>>8)==1) { Sys::Syslog::syslog('err', "Your Sophos installation may be too old. Please install the latest release of Sophos"); print STDERR "Your Sophos installation may be too old. Please install the latest release of Sophos"; } &BailOut("Lynx failed with error return " . ($result>>8) . "\n") if $result>>8; $result = system("$Unzip $ZipName"); if ($result>>8) { Sys::Syslog::syslog('err', "Unzipping the new Sophos IDE files failed. This may well be because your Sophos installation is too old. Please install the latest release of Sophos"); print STDERR "Unzipping the new Sophos IDE files failed. This may well be because your Sophos installation is too old. Please install the latest release of Sophos"; &BailOut("Unzip failed with error return " . ($result>>8) . "\n"); } symlink("$VDLDir/vdl-$VDLVersion$NSVFlag.dat", "vdl.dat"); # Add the new vdl*.vdb files if they are there foreach $number (1..99) { $string = "vdl" . sprintf("%02d", $number) . ".vdb"; symlink("$VDLDir/$string", $string) if -f "$VDLDir/$string"; } # Link in this new directory to Sophos #chdir $SophosRoot or &BailOut("Cannot cd $SophosRoot, $!"); #$OldLinkTarget = readlink $IDELink; &LockSophos(); $IDEold = $SophosRoot . "/ideold"; system("$rm -rf $IDEold"); rename $IDELink, $IDEold; rename $IDEDir, $IDELink; #unlink $IDELink if -l $IDELink; #symlink $IDEDir, $IDELink; &UnlockSophos(); #system("$rm -rf $OldLinkTarget") if defined $OldLinkTarget && -e $OldLinkTarget; Sys::Syslog::syslog('info', "Sophos successfully updated in $IDEDir"); Sys::Syslog::closelog(); exit 0; sub BailOut { Sys::Syslog::syslog('err', @_); Sys::Syslog::closelog(); warn "@_, $!"; chdir $SophosRoot or die "Cannot cd $SophosRoot, $!"; system("$rm -rf $IDEDir") if -d $IDEDir; exit 1; } sub LockSophos { open(LOCK, ">$LockFile") or return; flock(LOCK, $LOCK_EX); print LOCK "Locked for updating Sophos IDE files by $$\n"; } sub UnlockSophos { print LOCK "Unlocked after updating Sophos IDE files by $$\n"; unlink $LockFile; flock(LOCK, $LOCK_UN); close LOCK; } From marco at MUW.EDU Tue Jun 10 14:20:55 2003 From: marco at MUW.EDU (Marco Obaid) Date: Thu Jan 12 21:18:28 2006 Subject: Sophos-autoupdate on FreeBSD In-Reply-To: <5.2.1.1.2.20030610020718.024b14a8@imap.ecs.soton.ac.uk> References: <06EE2C86D3DAD5119A6C0060943F3C97055E6FF4@tormail1.algorithmics.com> <06EE2C86D3DAD5119A6C0060943F3C97055E6FF4@tormail1.algorithmics.com> <5.2.1.1.2.20030610020718.024b14a8@imap.ecs.soton.ac.uk> Message-ID: <1055251255.3ee5db3705ba2@webmail.MUW.Edu> Hi Julian, > Do you have "unzip" installed? Yes. All I had to do was symlink it to /usr/bin/unzip. Now it works !!! One issue though ... If I use freebsd.elf.tar.Z, the install completes fine and the IDEs are fetched. However, I get the following message if I run sweep: $ sweep /tmp/ /usr/libexec/ld-elf.so.1: Shared object "libc.so.3" not found I have no idea how to install this library. I know it has something to do with ELF executable, which look for this library. Out of desperation, I installed linux.intel.libc6.tar.Z (Sophos linux version) and it installed fine. Sweep appears to be running fine: $ sweep /tmp/ SWEEP virus detection utility Version 3.70, June 2003 [Linux/Intel] Includes detection for 82052 viruses, trojans and worms Copyright (c) 1989,2003 Sophos Plc, www.sophos.com System time 08:05:48, System date 10 June 2003 Quick Sweeping 1080 files swept in 6 seconds. No viruses were discovered. End of Sweep. Is it safe to stick with this version? Thank you Marco _________________________________________________________________ This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail For the latest MUW Events, visit http://www.MUW.Edu/calendar From marco at MUW.EDU Tue Jun 10 14:23:20 2003 From: marco at MUW.EDU (Marco Obaid) Date: Thu Jan 12 21:18:28 2006 Subject: Sophos-autoupdate on FreeBSD In-Reply-To: <3EE5D874.30405@totalise.co.uk> References: <06EE2C86D3DAD5119A6C0060943F3C97055E6FF4@tormail1.algorithmics.com> <1055201977.3ee51ab9081c9@webmail.MUW.Edu> <3EE59B96.7030403@totalise.co.uk> <1055249831.3ee5d5a71c23b@webmail.MUW.Edu> <3EE5D874.30405@totalise.co.uk> Message-ID: <1055251400.3ee5dbc8459fd@webmail.MUW.Edu> Hi Martin, > the elf one should work fine without anything else..run the sweep > command on a directory to prove it. Here is what I get when I run sweep: $ sweep /tmp/ /usr/libexec/ld-elf.so.1: Shared object "libc.so.3" not found Thank you for the script and for your time Marco _________________________________________________________________ This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail For the latest MUW Events, visit http://www.MUW.Edu/calendar From kusler at NSCL.MSU.EDU Tue Jun 10 14:11:26 2003 From: kusler at NSCL.MSU.EDU (No Name) Date: Thu Jan 12 21:18:28 2006 Subject: double messages? Message-ID: I installed MailScanner with Clamav on a Solaris 8 (sparc) box running Postfix as the MTA. Often, but not always, 2 messages are delivered instead of just one. The first has the 'real' message, and the second is empty. For example, a message just came through from this list from Marc Obaid, and it was double. The logs show the second blank message simply appearing, as best as I can tell, although it seems that there may be 2 instances of MailScanner trying to process the queue concurrently. Has anyone seen this behavior, and what can I do about it? Thanks, Jay Kusler NSCL Jun 10 08:53:48 jade postfix/smtpd[25820]: [ID 197553 mail.info] connect from smtp.jiscmail.ac.uk[130.246.192.48] Jun 10 08:53:48 jade postfix/smtpd[25820]: [ID 197553 mail.info] 4C8A6279: client=smtp.jiscmail.ac.uk[130.246.192.48] Jun 10 08:53:48 jade postfix/cleanup[25452]: [ID 197553 mail.info] 4C8A6279: message-id= <1055249831.3ee5d5a71c23b@webmail.MUW.Edu> Jun 10 08:53:48 jade postfix/qmgr[25436]: [ID 197553 mail.info] 4C8A6279: from=, size=3460, nrcpt=1 (queue active) Jun 10 08:53:48 jade postfix/qmgr[25436]: [ID 197553 mail.info] 4C8A6279: to=, relay=none, delay=0, status=deferred (deferred transport) Jun 10 08:53:49 jade postfix/smtpd[25820]: [ID 197553 mail.info] disconnect from smtp.jiscmail.ac.uk[130.246.192.48] Jun 10 08:53:52 jade.nscl.msu.edu MailScanner[25538]: New Batch: Scanning 1 messages, 3650 bytes Jun 10 08:53:53 jade.nscl.msu.edu MailScanner[25538]: Virus and Content Scanning: Starting Jun 10 08:53:53 jade.nscl.msu.edu MailScanner[25554]: New Batch: Scanning 1 messages, 3650 bytes Jun 10 08:53:53 jade.nscl.msu.edu MailScanner[25538]: Uninfected: Delivered 1 messages Jun 10 08:53:53 jade postfix/qmgr[25479]: [ID 197553 mail.info] 17D259380: from=, size=3467, nrcpt=1 (queue active) Jun 10 08:53:53 jade.nscl.msu.edu MailScanner[25554]: Virus and Content Scanning: Starting Jun 10 08:53:54 jade.nscl.msu.edu MailScanner[25554]: Uninfected: Delivered 1 messages Jun 10 08:53:54 jade postfix/qmgr[25479]: [ID 197553 mail.info] 5616F937E: from=, size=2603, nrcpt=1 (queue active) Jun 10 08:53:56 jade postfix/local[25558]: [ID 197553 mail.info] 17D259380: to=, relay=local, delay=8, status=sent ("|/usr/nsclsbin/procmail") Jun 10 08:54:03 jade postfix/local[25577]: [ID 197553 mail.info] 5616F937E: to=, relay=local, delay=15, status=sent ("|/usr/nsclsbin/procmail") From m.sapsed at BANGOR.AC.UK Tue Jun 10 14:22:44 2003 From: m.sapsed at BANGOR.AC.UK (Martin Sapsed) Date: Thu Jan 12 21:18:28 2006 Subject: Problem with Sophos 3.70 and sophossavi References: <5.2.1.1.2.20030607182149.03022720@imap.ecs.soton.ac.uk> Message-ID: <3EE5DBA4.4030208@bangor.ac.uk> Julian Field wrote: > There appears to be a problem with the most recent Sophos releases and the > sophossavi virus scanner. > MailScanner will segfault when it first tries to set up the sophossavi > scanner. > > The symptom is that MailScanner continually re-forks its child processes so > every 10 seconds you will get a notice in your maillog saying the > MailScanner is starting up, but no mail will be processed. I don't see this with 3.70 on Debian stable. I have the sav.conf file. Jun 10 11:48:33 epitaf MailScanner[7114]: MailScanner E-Mail Virus Scanner version 4.21-9 starting... Jun 10 11:48:41 epitaf MailScanner[7114]: SophosSAVI 3.70 (engine 2.14) recognizing 82079 viruses Jun 10 11:48:41 epitaf MailScanner[7114]: SophosSAVI using 27 IDE files Jun 10 11:48:41 epitaf MailScanner[7114]: Using locktype = flock > The workaround is very simple: > rm /etc/sav.conf > > The next release will include a new Sophos.install script which does this > step for you. As I also use one of my MailScanner installations of Sophos to provide an InterCheck server for my desktops, I might be concerned about an action which might break Sophos generally. Having said that though, I modify the install script to install InterCheck so maybe I'd just have to remember another mod! (Btw I see that Sophos.install is no longer a link to either the .linux or .solaris versions - is this intensional?) Cheers, Martin -- Martin Sapsed Information Services "Who do you say I am?" University of Wales, Bangor Jesus of Nazareth From Denis.Beauchemin at USHERBROOKE.CA Tue Jun 10 14:38:48 2003 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:18:28 2006 Subject: Whitelisting your domains? Message-ID: <1055252327.11990.25.camel@dbeauchemin.si.usherbrooke.ca> Hello, About a month ago I activated DCC, Razor2 and Pyzor in SA (just after the thread on this list). I was already using Bayes. In the last 2 weeks Razor began to flag internal innocent messages as spam and now Pyzor has joined it! Yesterday I deactivated them all! I do not whitelist my domains in SA. Should I be doing it to resolve those problems? If so, how should I do it: by source address or by domain name? Which one is the more robust? Thanks again! Denis -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x2252 F: 819.821.8045 From dlovelace at HOTELS.COM Tue Jun 10 14:56:12 2003 From: dlovelace at HOTELS.COM (Dale Lovelace) Date: Thu Jan 12 21:18:28 2006 Subject: MailScanner-mrtg-0.05 Is (finally) out! Message-ID: <20030610085612.721a66e9.dlovelace@hotels.com> I've just posted the latest MailScanner-mrtg to my SourceForge site at http://mailscannermrtg.sourceforge.net/ Notes: This is a maintenance release which fixes a few reported bugs, adds a new graph for systems that use tmpfs, and most importantly works correctly under Red Hat 9! You will probably want to "diff" your old config files and the new (.rpmsave) config files and merge them. If this is confusing just email and I will try to add more description here. Want to help with mailscanner-mrtg? I'm looking for a few good perl scripters who would like to make their mark on the Open Source community! Email dale@hotels.com and I will hook you up! Changes: 0.05 Added / to end of inqueue and outqueue paths for symlinks Add graph for space used in /dev/shm/ (Ram Disk) removed "use strict" since it doesn't work in Red Hat 9 Fixed viruses check to look for both "viruses" and "problems" MailBytes now reads in MBytes instead of Bytes Thanks to Denis Beauchemin Change "Restart Threshold" to 1 -- Dale Lovelace Linux System Administrator hotels.com (469) 335-1074 From mailscanner at ecs.soton.ac.uk Tue Jun 10 14:58:54 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:28 2006 Subject: double messages? In-Reply-To: Message-ID: <5.2.0.9.2.20030610145839.04bb8c60@imap.ecs.soton.ac.uk> What version of MailScanner are you running? What version of Postfix are you running? At 14:11 10/06/2003, you wrote: >I installed MailScanner with Clamav on a Solaris 8 (sparc) box running >Postfix as the MTA. Often, but not always, 2 messages are delivered instead >of just one. The first has the 'real' message, and the second is empty. >For example, a message just came through from this list from Marc Obaid, and >it was double. The logs show the second blank message simply appearing, as >best as I can tell, although it seems that there may be 2 instances of >MailScanner trying to process the queue concurrently. Has anyone seen >this behavior, and what can I do about it? > >Thanks, > >Jay Kusler >NSCL > >Jun 10 08:53:48 jade postfix/smtpd[25820]: [ID 197553 mail.info] connect >from smtp.jiscmail.ac.uk[130.246.192.48] >Jun 10 08:53:48 jade postfix/smtpd[25820]: [ID 197553 mail.info] 4C8A6279: >client=smtp.jiscmail.ac.uk[130.246.192.48] >Jun 10 08:53:48 jade postfix/cleanup[25452]: [ID 197553 mail.info] 4C8A6279: >message-id= <1055249831.3ee5d5a71c23b@webmail.MUW.Edu> >Jun 10 08:53:48 jade postfix/qmgr[25436]: [ID 197553 mail.info] 4C8A6279: >from=, size=3460, nrcpt=1 (queue active) >Jun 10 08:53:48 jade postfix/qmgr[25436]: [ID 197553 mail.info] 4C8A6279: >to=, relay=none, delay=0, status=deferred (deferred >transport) >Jun 10 08:53:49 jade postfix/smtpd[25820]: [ID 197553 mail.info] disconnect >from smtp.jiscmail.ac.uk[130.246.192.48] > >Jun 10 08:53:52 jade.nscl.msu.edu MailScanner[25538]: New Batch: Scanning 1 >messages, 3650 bytes >Jun 10 08:53:53 jade.nscl.msu.edu MailScanner[25538]: Virus and Content >Scanning: Starting >Jun 10 08:53:53 jade.nscl.msu.edu MailScanner[25554]: New Batch: Scanning 1 >messages, 3650 bytes >Jun 10 08:53:53 jade.nscl.msu.edu MailScanner[25538]: Uninfected: Delivered >1 messages >Jun 10 08:53:53 jade postfix/qmgr[25479]: [ID 197553 mail.info] 17D259380: >from=, size=3467, nrcpt=1 (queue active) >Jun 10 08:53:53 jade.nscl.msu.edu MailScanner[25554]: Virus and Content >Scanning: Starting >Jun 10 08:53:54 jade.nscl.msu.edu MailScanner[25554]: Uninfected: Delivered >1 messages >Jun 10 08:53:54 jade postfix/qmgr[25479]: [ID 197553 mail.info] 5616F937E: >from=, size=2603, nrcpt=1 (queue active) > >Jun 10 08:53:56 jade postfix/local[25558]: [ID 197553 mail.info] 17D259380: >to=, relay=local, delay=8, status=sent >("|/usr/nsclsbin/procmail") >Jun 10 08:54:03 jade postfix/local[25577]: [ID 197553 mail.info] 5616F937E: >to=, relay=local, delay=15, status=sent >("|/usr/nsclsbin/procmail") -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Tue Jun 10 15:00:54 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:28 2006 Subject: Whitelisting your domains? In-Reply-To: <1055252327.11990.25.camel@dbeauchemin.si.usherbrooke.ca> Message-ID: <5.2.0.9.2.20030610150021.04c49388@imap.ecs.soton.ac.uk> At 14:38 10/06/2003, you wrote: >Hello, > >About a month ago I activated DCC, Razor2 and Pyzor in SA (just after >the thread on this list). I was already using Bayes. > >In the last 2 weeks Razor began to flag internal innocent messages as >spam and now Pyzor has joined it! > >Yesterday I deactivated them all! > >I do not whitelist my domains in SA. Should I be doing it to resolve >those problems? If so, how should I do it: by source address or by >domain name? Which one is the more robust? If you whitelist your domains in MS, then this won't be a problem at all. I would advise whitelisting by IP address if you easily can. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Tue Jun 10 14:56:33 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:28 2006 Subject: Notify only local senders In-Reply-To: Message-ID: <5.2.0.9.2.20030610145351.03913240@imap.ecs.soton.ac.uk> At 13:04 10/06/2003, you wrote: >I've been scanning the mail arcive for some time now. At last I found the >function I've been looking for. > >I want to notify only local senders. > > Outside ->in notify postmaster, local recipient. No external senders >notified. Set Notify Senders = /etc/MailScanner/rules/notify.senders.rules and then put this in it: To: yourdomain.com yes FromOrTo: default no > Inside -> out notify local sender, postmaster, no external recipients >notified. Set Deliver Cleaned Messages = /etc/MailScanner/rules/deliver.cleaned.rules and then put this in it To: yourdomain.com yes FromOrTo: default no You could even put both of those rulesets in the same file if you like, but I would keep them separate for clarity. Should do what you want. >The problem is I dont know how to use it, probobly simpel but I'm a newbee >whith MS..... Please help some one.... > >I'm using RH 8, Postfix & MS 4.20 > >(The orig mail thred is from last summer, 25 Jun. Subject: Notify Senders) -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Tue Jun 10 15:00:05 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:28 2006 Subject: Problem with Sophos 3.70 and sophossavi In-Reply-To: <3EE5DBA4.4030208@bangor.ac.uk> References: <5.2.1.1.2.20030607182149.03022720@imap.ecs.soton.ac.uk> Message-ID: <5.2.0.9.2.20030610145926.03903600@imap.ecs.soton.ac.uk> At 14:22 10/06/2003, you wrote: >Julian Field wrote: >>There appears to be a problem with the most recent Sophos releases and the >>sophossavi virus scanner. >>MailScanner will segfault when it first tries to set up the sophossavi >>scanner. >> >>The symptom is that MailScanner continually re-forks its child processes so >>every 10 seconds you will get a notice in your maillog saying the >>MailScanner is starting up, but no mail will be processed. > >I don't see this with 3.70 on Debian stable. I have the sav.conf file. > >Jun 10 11:48:33 epitaf MailScanner[7114]: MailScanner E-Mail Virus >Scanner version 4.21-9 starting... >Jun 10 11:48:41 epitaf MailScanner[7114]: SophosSAVI 3.70 (engine 2.14) >recognizing 82079 viruses >Jun 10 11:48:41 epitaf MailScanner[7114]: SophosSAVI using 27 IDE files >Jun 10 11:48:41 epitaf MailScanner[7114]: Using locktype = flock > >>The workaround is very simple: >> rm /etc/sav.conf >> >>The next release will include a new Sophos.install script which does this >>step for you. > >As I also use one of my MailScanner installations of Sophos to provide >an InterCheck server for my desktops, I might be concerned about an >action which might break Sophos generally. Having said that though, I >modify the install script to install InterCheck so maybe I'd just have >to remember another mod! > >(Btw I see that Sophos.install is no longer a link to either the .linux >or .solaris versions - is this intensional?) You'll find it is the same (bar a version number in a comment) as one of the other files. CVS doesn't seem to know about links :( -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Tue Jun 10 14:58:21 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:28 2006 Subject: Sophos-autoupdate on FreeBSD In-Reply-To: <1055251400.3ee5dbc8459fd@webmail.MUW.Edu> References: <3EE5D874.30405@totalise.co.uk> <06EE2C86D3DAD5119A6C0060943F3C97055E6FF4@tormail1.algorithmics.com> <1055201977.3ee51ab9081c9@webmail.MUW.Edu> <3EE59B96.7030403@totalise.co.uk> <1055249831.3ee5d5a71c23b@webmail.MUW.Edu> <3EE5D874.30405@totalise.co.uk> Message-ID: <5.2.0.9.2.20030610145733.04acdb08@imap.ecs.soton.ac.uk> At 14:23 10/06/2003, you wrote: >Hi Martin, > > > the elf one should work fine without anything else..run the sweep > > command on a directory to prove it. > >Here is what I get when I run sweep: > >$ sweep /tmp/ >/usr/libexec/ld-elf.so.1: Shared object "libc.so.3" not found What happens if you run /usr/lib/MailScanner/sophos-wrapper /tmp instead? When Sophos is installed with Sophos.install, "sweep" won't work on its own as it doesn't know where to get the libraries from. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From marco at MUW.EDU Tue Jun 10 15:17:23 2003 From: marco at MUW.EDU (Marco Obaid) Date: Thu Jan 12 21:18:28 2006 Subject: Sophos-autoupdate on FreeBSD In-Reply-To: <5.2.0.9.2.20030610145733.04acdb08@imap.ecs.soton.ac.uk> References: <3EE5D874.30405@totalise.co.uk> <06EE2C86D3DAD5119A6C0060943F3C97055E6FF4@tormail1.algorithmics.com> <1055201977.3ee51ab9081c9@webmail.MUW.Edu> <3EE59B96.7030403@totalise.co.uk> <1055249831.3ee5d5a71c23b@webmail.MUW.Edu> <3EE5D874.30405@totalise.co.uk> <5.2.0.9.2.20030610145733.04acdb08@imap.ecs.soton.ac.uk> Message-ID: <1055254643.3ee5e8733939d@webmail.MUW.Edu> Hi Julian, > What happens if you run /usr/lib/MailScanner/sophos-wrapper /tmp instead? After running Sophos.install and installing freebsd.elf.tar.Z: #/opt/MailScanner/lib/sophos-wrapper /tmp/ /usr/libexec/ld-elf.so.1: Shared object "libc.so.3" not found Then after running Sophos.install.linux and installing linux.intel.libc6.tar.Z: # /opt/MailScanner/lib/sophos-wrapper /tmp/ SWEEP virus detection utility Version 3.70, June 2003 [Linux/Intel] Includes detection for 82079 viruses, trojans and worms Copyright (c) 1989,2003 Sophos Plc, www.sophos.com System time 09:08:01, System date 10 June 2003 IDE directory is: /usr/local/Sophos/ide Using IDE file mapson-a.ide Using IDE file pecdialb.ide Using IDE file mofei-a.ide Using IDE file bugbearb.ide Using IDE file mumu-a.ide Using IDE file tunnel-a.ide Using IDE file sobig-c.ide Using IDE file magold.ide Using IDE file fnight-d.ide Using IDE file holar-h.ide Using IDE file anacon-b.ide Using IDE file panjang.ide Using IDE file peido-b.ide Using IDE file lazy-c.ide Using IDE file ircbot-c.ide Using IDE file melare-a.ide Using IDE file lovgatel.ide Using IDE file palyh-a.ide Using IDE file fizzer-a.ide Using IDE file lovgatei.ide Using IDE file winur-d.ide Using IDE file lovgatej.ide Using IDE file randon-i.ide Using IDE file boa-a.ide Using IDE file kickin-a.ide Using IDE file sdbotfam.ide Quick Sweeping 1089 files swept in 5 seconds. No viruses were discovered. End of Sweep. It seems that the Linux version *is* working on my FreeBSD system. Thank you Marco _________________________________________________________________ This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail For the latest MUW Events, visit http://www.MUW.Edu/calendar From kusler at NSCL.MSU.EDU Tue Jun 10 15:15:33 2003 From: kusler at NSCL.MSU.EDU (Jay Kusler) Date: Thu Jan 12 21:18:28 2006 Subject: double messages? In-Reply-To: <5.2.0.9.2.20030610145839.04bb8c60@imap.ecs.soton.ac.uk> References: <5.2.0.9.2.20030610145839.04bb8c60@imap.ecs.soton.ac.uk> Message-ID: <38369.35.8.32.19.1055254533.squirrel@webmail.nscl.msu.edu> MailScanner-4.21-9 Postfix 1.1.11 Thanks Jay Julian Field said: > What version of MailScanner are you running? > What version of Postfix are you running? > > At 14:11 10/06/2003, you wrote: >>I installed MailScanner with Clamav on a Solaris 8 (sparc) box running >> Postfix as the MTA. Often, but not always, 2 messages are delivered >> instead of just one. The first has the 'real' message, and the second >> is empty. For example, a message just came through from this list from >> Marc Obaid, and it was double. The logs show the second blank message >> simply appearing, as best as I can tell, although it seems that there >> may be 2 instances of MailScanner trying to process the queue >> concurrently. Has anyone seen this behavior, and what can I do about >> it? >> >>Thanks, >> >>Jay Kusler >>NSCL >> >>Jun 10 08:53:48 jade postfix/smtpd[25820]: [ID 197553 mail.info] >> connect from smtp.jiscmail.ac.uk[130.246.192.48] >>Jun 10 08:53:48 jade postfix/smtpd[25820]: [ID 197553 mail.info] >> 4C8A6279: client=smtp.jiscmail.ac.uk[130.246.192.48] >>Jun 10 08:53:48 jade postfix/cleanup[25452]: [ID 197553 mail.info] >> 4C8A6279: message-id= <1055249831.3ee5d5a71c23b@webmail.MUW.Edu> >>Jun 10 08:53:48 jade postfix/qmgr[25436]: [ID 197553 mail.info] >> 4C8A6279: from=, size=3460, nrcpt=1 >> (queue active) Jun 10 08:53:48 jade postfix/qmgr[25436]: [ID 197553 >> mail.info] 4C8A6279: to=, relay=none, delay=0, >> status=deferred (deferred transport) >>Jun 10 08:53:49 jade postfix/smtpd[25820]: [ID 197553 mail.info] >> disconnect from smtp.jiscmail.ac.uk[130.246.192.48] >> >>Jun 10 08:53:52 jade.nscl.msu.edu MailScanner[25538]: New Batch: >> Scanning 1 messages, 3650 bytes >>Jun 10 08:53:53 jade.nscl.msu.edu MailScanner[25538]: Virus and Content >> Scanning: Starting >>Jun 10 08:53:53 jade.nscl.msu.edu MailScanner[25554]: New Batch: >> Scanning 1 messages, 3650 bytes >>Jun 10 08:53:53 jade.nscl.msu.edu MailScanner[25538]: Uninfected: >> Delivered 1 messages >>Jun 10 08:53:53 jade postfix/qmgr[25479]: [ID 197553 mail.info] >> 17D259380: from=, size=3467, nrcpt=1 >> (queue active) Jun 10 08:53:53 jade.nscl.msu.edu MailScanner[25554]: >> Virus and Content Scanning: Starting >>Jun 10 08:53:54 jade.nscl.msu.edu MailScanner[25554]: Uninfected: >> Delivered 1 messages >>Jun 10 08:53:54 jade postfix/qmgr[25479]: [ID 197553 mail.info] >> 5616F937E: from=, size=2603, nrcpt=1 >> (queue active) >> >>Jun 10 08:53:56 jade postfix/local[25558]: [ID 197553 mail.info] >> 17D259380: to=, relay=local, delay=8, status=sent >>("|/usr/nsclsbin/procmail") >>Jun 10 08:54:03 jade postfix/local[25577]: [ID 197553 mail.info] >> 5616F937E: to=, relay=local, delay=15, status=sent >>("|/usr/nsclsbin/procmail") > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support From Cleveland at MAIL.WINNEFOX.ORG Tue Jun 10 15:47:48 2003 From: Cleveland at MAIL.WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:18:28 2006 Subject: No subject Message-ID: <84CFA712F666B44A94CE6BE116BAF4B0B4E9D8@mail.winnefox.org> Hello, I'm running the current version of MailScanner, along with 2.55 of SpamAssassin. I'm trying to get spamassassin to use a mySQL database for user preferences. I followed the instructions on the SpamAssassin web site for setting that up, and added what they said to the local.cf file. It doesn't seem to be working. I was told in order for it to work, spamassassin needs to be run like this: /usr/local/bin/spamc -u $RECIPIENT My question is, how is spamc started with mailscanner? Is it possible to use a database for user preferences in spamassassin with mailscanner? -- Jody Cleveland (cleveland@mail.winnefox.org) From dean.plant at ROKE.CO.UK Tue Jun 10 15:50:08 2003 From: dean.plant at ROKE.CO.UK (Plant, Dean) Date: Thu Jan 12 21:18:28 2006 Subject: Notify only local senders Message-ID: Should the Notify Senders not be: From: yourdomain.com yes FromOrTo: default no Dean Plant -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: 10 June 2003 14:57 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Notify only local senders At 13:04 10/06/2003, you wrote: >I've been scanning the mail arcive for some time now. At last I found the >function I've been looking for. > >I want to notify only local senders. > > Outside ->in notify postmaster, local recipient. No external senders >notified. Set Notify Senders = /etc/MailScanner/rules/notify.senders.rules and then put this in it: To: yourdomain.com yes FromOrTo: default no > Inside -> out notify local sender, postmaster, no external recipients >notified. Set Deliver Cleaned Messages = /etc/MailScanner/rules/deliver.cleaned.rules and then put this in it To: yourdomain.com yes FromOrTo: default no You could even put both of those rulesets in the same file if you like, but I would keep them separate for clarity. Should do what you want. >The problem is I dont know how to use it, probobly simpel but I'm a newbee >whith MS..... Please help some one.... > >I'm using RH 8, Postfix & MS 4.20 > >(The orig mail thred is from last summer, 25 Jun. Subject: Notify Senders) -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support -------------- next part -------------- Registered Office: Roke Manor Research Ltd, Siemens House, Oldbury, Bracknell, Berkshire. RG12 8FZ The information contained in this e-mail and any attachments is confidential to Roke Manor Research Ltd and must not be passed to any third party without permission. This communication is for information only and shall not create or change any contractual relationship. From mailscanner at ecs.soton.ac.uk Tue Jun 10 16:25:25 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:28 2006 Subject: No subject In-Reply-To: <84CFA712F666B44A94CE6BE116BAF4B0B4E9D8@mail.winnefox.org> Message-ID: <5.2.0.9.2.20030610161200.04b44038@imap.ecs.soton.ac.uk> This won't work with MailScanner, as MailScanner doesn't use "spamc" (it's slow), and it is always run as the same user. You can fairly easily add code to MailScanner (see CustomConfig.pm) to read per-user settings from a SQL database. There will shortly be some code appearing to do this which you will just be able to use without playing around at all. In the mean time, I might be able to find you some, but it isn't polished yet. At 15:47 10/06/2003, you wrote: >Hello, > >I'm running the current version of MailScanner, along with 2.55 of >SpamAssassin. I'm trying to get spamassassin to use a mySQL database for >user preferences. I followed the instructions on the SpamAssassin web >site for setting that up, and added what they said to the local.cf file. >It doesn't seem to be working. > >I was told in order for it to work, spamassassin needs to be run like >this: >/usr/local/bin/spamc -u $RECIPIENT > >My question is, how is spamc started with mailscanner? Is it possible to >use a database for user preferences in spamassassin with mailscanner? > > >-- >Jody Cleveland >(cleveland@mail.winnefox.org) -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From TGFurnish at HERFF-JONES.COM Tue Jun 10 16:47:55 2003 From: TGFurnish at HERFF-JONES.COM (Furnish, Trever G) Date: Thu Jan 12 21:18:28 2006 Subject: f-prot's new mailbox licensing model Message-ID: <5D8D9455134FD211AE4900A0C9DED11E0AFDDBAC@indy1ntm.herffjones.hj-int> Actually, the impression I had was that Rishi may already have antivirus scanning elsewhere. Whether he does or not, that's the situation I'm concerned with - I want to filter spam ONLY, as an incoming relay for a set of destination servers that already have their own antivirus software installed. I'm evaluating options at this point, for a spam filter - are there any features that the mailscanner+spamassassin combo has beyond what spamassassin has on its own? I suppose there's really not much point in this message - I'm going to try mailscanner regardless - but if anyone is of the oppinion that mailscanner+spamassassin isn't worth the additional effort versus just spamassassin unless it's used for antivirus stuff, then I'd appreciate hearing that (even off list). -----Original Message----- From: Spicer, Kevin [mailto:Kevin.Spicer@BMRB.CO.UK] Sent: Tuesday, June 10, 2003 6:47 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: f-prot's new mailbox licensing model > Is this a good idea? No > Also, can it be done? Yes IMHO The costs of virus scanning (from one of the cheaper vendors) are considerably less than the impact in terms of support time and lost productivity or just one mass mailing work getting through (been there, done that!). It could also be a difficult decision to justify later! Even running just Clam (which is free) will help (although they are not always up to date) BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From mailscanner at ecs.soton.ac.uk Tue Jun 10 17:06:16 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:28 2006 Subject: f-prot's new mailbox licensing model In-Reply-To: <5D8D9455134FD211AE4900A0C9DED11E0AFDDBAC@indy1ntm.herffjon es.hj-int> Message-ID: <5.2.0.9.2.20030610170234.0c696d38@imap.ecs.soton.ac.uk> I probably can't be regarded as being completely objective in this area, but I think most people will agree that deploying SpamAssassin by installing MailScanner is *much* easier than playing around with all the procmail/spamc/spamd setups that people get into trying to deploy SpamAssassin on its own. You can get it all up and running in about 10 minutes flat. If you don't want any filename checking or virus scanning at all, just set "Virus Scanning = no" in /etc/MailScanner/MailScanner.conf. To enable SpamAssassin (once you have installed it, and you don't need to set up spamc or spamd or anything like that), just set "Use SpamAssassin = yes" in MailScanner.conf. At 16:47 10/06/2003, you wrote: >Actually, the impression I had was that Rishi may already have antivirus >scanning elsewhere. > >Whether he does or not, that's the situation I'm concerned with - I want to >filter spam ONLY, as an incoming relay for a set of destination servers that >already have their own antivirus software installed. > >I'm evaluating options at this point, for a spam filter - are there any >features that the mailscanner+spamassassin combo has beyond what >spamassassin has on its own? I suppose there's really not much point in >this message - I'm going to try mailscanner regardless - but if anyone is of >the oppinion that mailscanner+spamassassin isn't worth the additional effort >versus just spamassassin unless it's used for antivirus stuff, then I'd >appreciate hearing that (even off list). > >-----Original Message----- >From: Spicer, Kevin [mailto:Kevin.Spicer@BMRB.CO.UK] >Sent: Tuesday, June 10, 2003 6:47 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: f-prot's new mailbox licensing model > > > > Is this a good idea? >No > > Also, can it be done? >Yes > >IMHO The costs of virus scanning (from one of the cheaper vendors) are >considerably less than the impact in terms of support time and lost >productivity or just one mass mailing work getting through (been there, done >that!). It could also be a difficult decision to justify later! > >Even running just Clam (which is free) will help (although they are not >always up to date) > > > >BMRB International >http://www.bmrb.co.uk >+44 (0)20 8566 5000 >_________________________________________________________________ >This message (and any attachment) is intended only for the >recipient and may contain confidential and/or privileged >material. If you have received this in error, please contact the >sender and delete this message immediately. Disclosure, copying >or other action taken in respect of this email or in >reliance on it is prohibited. BMRB International Limited >accepts no liability in relation to any personal emails, or >content of any email which does not directly relate to our >business. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From robibaro at ROBIBARO.COM Tue Jun 10 17:14:43 2003 From: robibaro at ROBIBARO.COM (E R) Date: Thu Jan 12 21:18:28 2006 Subject: No subject References: <5.2.0.9.2.20030610161200.04b44038@imap.ecs.soton.ac.uk> Message-ID: <3EE603F3.30600@robibaro.com> Would it be possible to get a copy of this code? One of my clients wants me to write him something similar, and I'm wondering where to start Julian Field wrote: > This won't work with MailScanner, as MailScanner doesn't use "spamc" > (it's > slow), and it is always run as the same user. > > You can fairly easily add code to MailScanner (see CustomConfig.pm) to > read > per-user settings from a SQL database. There will shortly be some code > appearing to do this which you will just be able to use without playing > around at all. > > In the mean time, I might be able to find you some, but it isn't > polished yet. > > At 15:47 10/06/2003, you wrote: > >> Hello, >> >> I'm running the current version of MailScanner, along with 2.55 of >> SpamAssassin. I'm trying to get spamassassin to use a mySQL database for >> user preferences. I followed the instructions on the SpamAssassin web >> site for setting that up, and added what they said to the local.cf file. >> It doesn't seem to be working. >> >> I was told in order for it to work, spamassassin needs to be run like >> this: >> /usr/local/bin/spamc -u $RECIPIENT >> >> My question is, how is spamc started with mailscanner? Is it possible to >> use a database for user preferences in spamassassin with mailscanner? >> >> >> -- >> Jody Cleveland >> (cleveland@mail.winnefox.org) > > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support From Cleveland at MAIL.WINNEFOX.ORG Tue Jun 10 17:18:22 2003 From: Cleveland at MAIL.WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:18:28 2006 Subject: No subject Message-ID: <84CFA712F666B44A94CE6BE116BAF4B0B4E9DD@mail.winnefox.org> > Would it be possible to get a copy of this code? One of my > clients wants me to write him something similar, and I'm > wondering where to start Me too! Jody From rishi at THEARGONCOMPANY.COM Tue Jun 10 17:21:51 2003 From: rishi at THEARGONCOMPANY.COM (Rishi Gangoly) Date: Thu Jan 12 21:18:28 2006 Subject: f-prot's new mailbox licensing model In-Reply-To: <5.2.0.9.2.20030610170234.0c696d38@imap.ecs.soton.ac.uk> References: <5.2.0.9.2.20030610170234.0c696d38@imap.ecs.soton.ac.uk> Message-ID: <200306102151.51947.rishi@theargoncompany.com> On Tuesday 10 Jun 2003 9:36 pm, you wrote: > I probably can't be regarded as being completely objective in this area, > but I think most people will agree that deploying SpamAssassin by > installing MailScanner is *much* easier than playing around with all the > procmail/spamc/spamd setups that people get into trying to deploy > SpamAssassin on its own. You can get it all up and running in about 10 > minutes flat. I have to second this and agree with Julian here. However, I'd like to add one warning: Do not to try and use the SpamAssasin RPM. Just use the tar.gz from their website. The RPM led to a lot of problems on my Cobalt RaQ550 server. The tar.gz worked just fine. Regards Rishi From maxsec at TOTALISE.CO.UK Tue Jun 10 17:25:15 2003 From: maxsec at TOTALISE.CO.UK (Martin Hepworth) Date: Thu Jan 12 21:18:28 2006 Subject: disclaimer mail rules syntax error Message-ID: <3EE6066B.4000801@totalise.co.uk> Hi guys Ok the config continues.... I'm trying to addin a stddislaimer.h to outbound email only. SO I edit Mailscanner.conf and put in .. Inline HTML Signature = /opt/MailScanner/etc/rules/sig.text.rules Inline Text Signature = /opt/MailScanner/etc/rules/sig.text.rules in /opt/MailScanner/etc/rules/sig.text.rules I have.. From: *@mydomain.com /opt/Mailscanner/etc/reports/ssl.sig.txt But MS complains about a syntax error. What have I done wrong...?? -- martin From ragan_davis at COLSTATE.EDU Tue Jun 10 17:37:13 2003 From: ragan_davis at COLSTATE.EDU (Mack Ragan) Date: Thu Jan 12 21:18:28 2006 Subject: ran df2mbox -- now what? Message-ID: Thanks, Chris. That method works really well, and should come in very handy and save tons of time. Now I'm gonna try to figure out a way to provide on-campus users with a web interface to the stored messages. Any ideas on this are welcomed. I'm gonna try to do something from scratch though. thanks again, mack From richard_cipher at YAHOO.COM Tue Jun 10 17:33:56 2003 From: richard_cipher at YAHOO.COM (Evert Ford) Date: Thu Jan 12 21:18:28 2006 Subject: f-prot's new mailbox licensing model In-Reply-To: <5.2.0.9.2.20030610170234.0c696d38@imap.ecs.soton.ac.uk> Message-ID: <000401c32f6e$170ad600$3401a8c0@eford001> Julian gave you his non-objective opinion. Here is my opinion: I am running Redhat 7.2 with the latest version of Mailscanner, and spammassassin 2.54 and f-prot 3.13 My original setup of spamassassin with procmail took me about 2 hours to get working. On top of that, I had to spend time tweaking procmail and sendmail for whitelisting and blacklisting. I would say total time was 4 hours. It took me 15 minutes to get MS+spamassassin+f-prot up and running, including the time needed to tweak the config files. Even if virus-scanning were done elsewhere, what would it hurt to use a setup like this with ClamAV instead of f-prot? "Free" and "Open Source" are beautiful things. Evert Ford General-Purpose Computer Guy Westone Laboratories -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Julian Field Sent: Tuesday, June 10, 2003 10:06 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: f-prot's new mailbox licensing model I probably can't be regarded as being completely objective in this area, but I think most people will agree that deploying SpamAssassin by installing MailScanner is *much* easier than playing around with all the procmail/spamc/spamd setups that people get into trying to deploy SpamAssassin on its own. You can get it all up and running in about 10 minutes flat. If you don't want any filename checking or virus scanning at all, just set "Virus Scanning = no" in /etc/MailScanner/MailScanner.conf. To enable SpamAssassin (once you have installed it, and you don't need to set up spamc or spamd or anything like that), just set "Use SpamAssassin = yes" in MailScanner.conf. At 16:47 10/06/2003, you wrote: >Actually, the impression I had was that Rishi may already have antivirus >scanning elsewhere. > >Whether he does or not, that's the situation I'm concerned with - I want to >filter spam ONLY, as an incoming relay for a set of destination servers that >already have their own antivirus software installed. > >I'm evaluating options at this point, for a spam filter - are there any >features that the mailscanner+spamassassin combo has beyond what >spamassassin has on its own? I suppose there's really not much point in >this message - I'm going to try mailscanner regardless - but if anyone is of >the oppinion that mailscanner+spamassassin isn't worth the additional effort >versus just spamassassin unless it's used for antivirus stuff, then I'd >appreciate hearing that (even off list). > >-----Original Message----- >From: Spicer, Kevin [mailto:Kevin.Spicer@BMRB.CO.UK] >Sent: Tuesday, June 10, 2003 6:47 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: f-prot's new mailbox licensing model > > > > Is this a good idea? >No > > Also, can it be done? >Yes > >IMHO The costs of virus scanning (from one of the cheaper vendors) are >considerably less than the impact in terms of support time and lost >productivity or just one mass mailing work getting through (been there, done >that!). It could also be a difficult decision to justify later! > >Even running just Clam (which is free) will help (although they are not >always up to date) > > > >BMRB International >http://www.bmrb.co.uk >+44 (0)20 8566 5000 >_________________________________________________________________ >This message (and any attachment) is intended only for the >recipient and may contain confidential and/or privileged >material. If you have received this in error, please contact the >sender and delete this message immediately. Disclosure, copying >or other action taken in respect of this email or in >reliance on it is prohibited. BMRB International Limited >accepts no liability in relation to any personal emails, or >content of any email which does not directly relate to our >business. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.483 / Virus Database: 279 - Release Date: 5/19/03 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.483 / Virus Database: 279 - Release Date: 5/19/03 From mbowman at UDCOM.COM Tue Jun 10 17:46:11 2003 From: mbowman at UDCOM.COM (Matthew Bowman) Date: Thu Jan 12 21:18:28 2006 Subject: f-prot's new mailbox licensing model Message-ID: Agreed 15 minues to setup MS+SA+F-prot with tweaks. To carry on this conversation... I think of it more as 'lines of defence' 1st line - E-mail Gateway (running MailScanner/SpamAssassin/F-Prot) 2nd line - Client's PCs Having a AV solution with MailScanner hasn't hampered e-mail flow. If I were a client I would prefer my ISP to handle dodgy e-mail, especially if I'm paying hosting. Just my 2 pence --- Matthew K Bowman Systems Administrator, UDCom From mailscanner at ecs.soton.ac.uk Tue Jun 10 17:52:51 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:28 2006 Subject: disclaimer mail rules syntax error In-Reply-To: <3EE6066B.4000801@totalise.co.uk> Message-ID: <5.2.1.1.2.20030610175233.025cbd78@imap.ecs.soton.ac.uk> Does the maillog give any detail about where the syntax error is? At 17:25 10/06/2003, you wrote: >Hi guys > >Ok the config continues.... > >I'm trying to addin a stddislaimer.h to outbound email only. SO I edit >Mailscanner.conf and put in .. > >Inline HTML Signature = /opt/MailScanner/etc/rules/sig.text.rules >Inline Text Signature = /opt/MailScanner/etc/rules/sig.text.rules > > >in /opt/MailScanner/etc/rules/sig.text.rules I have.. > > >From: *@mydomain.com /opt/Mailscanner/etc/reports/ssl.sig.txt > > >But MS complains about a syntax error. What have I done wrong...?? > >-- >martin -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From maxsec at TOTALISE.CO.UK Tue Jun 10 17:58:18 2003 From: maxsec at TOTALISE.CO.UK (Martin Hepworth) Date: Thu Jan 12 21:18:28 2006 Subject: disclaimer mail rules syntax error In-Reply-To: <5.2.1.1.2.20030610175233.025cbd78@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030610175233.025cbd78@imap.ecs.soton.ac.uk> Message-ID: <3EE60E2A.8050109@totalise.co.uk> Julian Jun 10 17:20:06 soloman MailScanner[327]: Could not read file /opt/Mailscanner/etc/reports/ssl.sig.txt Jun 10 17:20:06 soloman MailScanner[327]: Syntax error in line 1 of ruleset file /opt/MailScanner/etc/rules/sig.text.rules for keyword inlinehtmlsig file is global read-able.. -- Martinh Julian Field wrote: > Does the maillog give any detail about where the syntax error is? > > At 17:25 10/06/2003, you wrote: > >> Hi guys >> >> Ok the config continues.... >> >> I'm trying to addin a stddislaimer.h to outbound email only. SO I edit >> Mailscanner.conf and put in .. >> >> Inline HTML Signature = /opt/MailScanner/etc/rules/sig.text.rules >> Inline Text Signature = /opt/MailScanner/etc/rules/sig.text.rules >> >> >> in /opt/MailScanner/etc/rules/sig.text.rules I have.. >> >> >> From: *@mydomain.com /opt/Mailscanner/etc/reports/ssl.sig.txt >> >> >> But MS complains about a syntax error. What have I done wrong...?? >> >> -- >> martin > > > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Tue Jun 10 18:03:58 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:28 2006 Subject: disclaimer mail rules syntax error In-Reply-To: <3EE60E2A.8050109@totalise.co.uk> References: <5.2.1.1.2.20030610175233.025cbd78@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030610175233.025cbd78@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030610180335.025e6ec8@imap.ecs.soton.ac.uk> At 17:58 10/06/2003, you wrote: >Julian > >Jun 10 17:20:06 soloman MailScanner[327]: Could not read file >/opt/Mailscanner/etc/reports/ssl.sig.txt Lower-case "s" in Mailscanner. >Jun 10 17:20:06 soloman MailScanner[327]: Syntax error in line 1 of >ruleset file /opt/MailScanner/etc/rules/sig.text.rules for keyword >inlinehtmlsig > > >file is global read-able.. > >-- >Martinh > >Julian Field wrote: >>Does the maillog give any detail about where the syntax error is? >> >>At 17:25 10/06/2003, you wrote: >> >>>Hi guys >>> >>>Ok the config continues.... >>> >>>I'm trying to addin a stddislaimer.h to outbound email only. SO I edit >>>Mailscanner.conf and put in .. >>> >>>Inline HTML Signature = /opt/MailScanner/etc/rules/sig.text.rules >>>Inline Text Signature = /opt/MailScanner/etc/rules/sig.text.rules >>> >>> >>>in /opt/MailScanner/etc/rules/sig.text.rules I have.. >>> >>> >>>From: *@mydomain.com /opt/Mailscanner/etc/reports/ssl.sig.txt >>> >>> >>>But MS complains about a syntax error. What have I done wrong...?? >>> >>>-- >>>martin >> >> >>-- >>Julian Field >>www.MailScanner.info >>Professional Support Services at www.MailScanner.biz >>MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From nejc.skoberne at guest.arnes.si Tue Jun 10 18:13:15 2003 From: nejc.skoberne at guest.arnes.si (Nejc Skoberne) Date: Thu Jan 12 21:18:28 2006 Subject: Strange postfix messages [OT?] Message-ID: <1743362120.20030610191315@guest.arnes.si> Hi. When receiving mail, my log looks like this: Jun 10 19:10:43 Illusion postfix/smtpd[22901]: connect from rigljica.arnes.si[193.2.1.82] Jun 10 19:10:43 Illusion postfix/smtpd[22901]: 51A1DDF884: client=rigljica.arnes.si[193.2.1.82] Jun 10 19:10:43 Illusion postfix/cleanup[22903]: 51A1DDF884: message-id=<867590449.20030610191035@guest.arnes.si> Jun 10 19:10:43 Illusion postfix/smtpd[22901]: disconnect from rigljica.arnes.si[193.2.1.82] Jun 10 19:10:43 Illusion postfix/qmgr[22846]: 51A1DDF884: from=, size=1120, nrcpt=1 (queue active) Jun 10 19:10:43 Illusion postfix/qmgr[22846]: 51A1DDF884: to=, relay=none, delay=0, status=deferred (deferred transport) Jun 10 19:10:45 Illusion MailScanner[22865]: Postfix queue structure is depth 1 Jun 10 19:10:46 Illusion MailScanner[22860]: Postfix queue structure is depth 1 Jun 10 19:10:48 Illusion MailScanner[22871]: Postfix queue structure is depth 1 Jun 10 19:10:48 Illusion MailScanner[22866]: Postfix queue structure is depth 1 Jun 10 19:10:48 Illusion MailScanner[22871]: New Batch: Scanning 1 messages, 1471 bytes Jun 10 19:10:49 Illusion MailScanner[22871]: Spam Checks: Starting Jun 10 19:10:54 Illusion MailScanner[22863]: Postfix queue structure is depth 1 Jun 10 19:11:05 Illusion ipop3d[22910]: pop3 service init from 192.168.12.4 Jun 10 19:11:05 Illusion ipop3d[22910]: Login user=nejko host=[192.168.12.4] nmsgs=0/0 Jun 10 19:11:05 Illusion ipop3d[22910]: Logout user=nejko host=[192.168.12.4] nmsgs=0 ndele=0 Jun 10 19:11:14 Illusion MailScanner[22871]: Virus and Content Scanning: Starting Jun 10 19:11:16 Illusion MailScanner[22871]: Uninfected: Delivered 1 messages Jun 10 19:11:16 Illusion postfix/qmgr[22766]: 8C37FDF885: from=, size=1226, nrcpt=2 (queue active) Jun 10 19:11:16 Illusion postfix/local[22917]: 8C37FDF885: to=, orig_to=, relay=local, delay=33, status=sent (mailbox) I am wondering what "Postfix queue structure is depth 1" means? Maybe this is not MailScanner problem at all, but Google says completely nothing about this. Is this somethink like an error? -- Nejc Skoberne Grajska 5 SI-5220 Tolmin E-mail: nejc.skoberne@guest.arnes.si From mailscanner at ecs.soton.ac.uk Tue Jun 10 18:18:23 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:28 2006 Subject: Strange postfix messages [OT?] In-Reply-To: <1743362120.20030610191315@guest.arnes.si> Message-ID: <5.2.1.1.2.20030610181715.0281fea8@imap.ecs.soton.ac.uk> At 18:13 10/06/2003, you wrote: >Hi. > >When receiving mail, my log looks like this: > >Jun 10 19:10:43 Illusion postfix/smtpd[22901]: connect from >rigljica.arnes.si[193.2.1.82] >Jun 10 19:10:43 Illusion postfix/smtpd[22901]: 51A1DDF884: >client=rigljica.arnes.si[193.2.1.82] >Jun 10 19:10:43 Illusion postfix/cleanup[22903]: 51A1DDF884: >message-id=<867590449.20030610191035@guest.arnes.si> >Jun 10 19:10:43 Illusion postfix/smtpd[22901]: disconnect from >rigljica.arnes.si[193.2.1.82] >Jun 10 19:10:43 Illusion postfix/qmgr[22846]: 51A1DDF884: >from=, size=1120, nrcpt=1 (queue active) >Jun 10 19:10:43 Illusion postfix/qmgr[22846]: 51A1DDF884: >to=, relay=none, delay=0, status=deferred (deferred >transport) >Jun 10 19:10:45 Illusion MailScanner[22865]: Postfix queue structure is >depth 1 >Jun 10 19:10:46 Illusion MailScanner[22860]: Postfix queue structure is >depth 1 >Jun 10 19:10:48 Illusion MailScanner[22871]: Postfix queue structure is >depth 1 >Jun 10 19:10:48 Illusion MailScanner[22866]: Postfix queue structure is >depth 1 >Jun 10 19:10:48 Illusion MailScanner[22871]: New Batch: Scanning 1 >messages, 1471 bytes >Jun 10 19:10:49 Illusion MailScanner[22871]: Spam Checks: Starting >Jun 10 19:10:54 Illusion MailScanner[22863]: Postfix queue structure is >depth 1 >Jun 10 19:11:05 Illusion ipop3d[22910]: pop3 service init from 192.168.12.4 >Jun 10 19:11:05 Illusion ipop3d[22910]: Login user=nejko >host=[192.168.12.4] nmsgs=0/0 >Jun 10 19:11:05 Illusion ipop3d[22910]: Logout user=nejko >host=[192.168.12.4] nmsgs=0 ndele=0 >Jun 10 19:11:14 Illusion MailScanner[22871]: Virus and Content Scanning: >Starting >Jun 10 19:11:16 Illusion MailScanner[22871]: Uninfected: Delivered 1 messages >Jun 10 19:11:16 Illusion postfix/qmgr[22766]: 8C37FDF885: >from=, size=1226, nrcpt=2 (queue active) >Jun 10 19:11:16 Illusion postfix/local[22917]: 8C37FDF885: >to=, orig_to=, relay=local, >delay=33, status=sent (mailbox) > >I am wondering what "Postfix queue structure is depth 1" means? Maybe >this is not MailScanner problem at all, but Google says completely >nothing about this. Is this somethink like an error? It's a bit of status output from MailScanner as it works out what version of Postfix you are running. Feel free to ignore it. I might take it out in a future release, but it was very handy while I was getting the Postfix code working. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From Cleveland at MAIL.WINNEFOX.ORG Tue Jun 10 19:44:00 2003 From: Cleveland at MAIL.WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:18:28 2006 Subject: Possible to have MailScanner use SA database? Message-ID: <84CFA712F666B44A94CE6BE116BAF4B0B4E9E1@mail.winnefox.org> Hello, I'm trying to setup a database for SpamAssassin for individual user preferences. I just realized that with how MailScanner calls sa, I don't think that's possible. Is there a way to tell MS to use that database for individual user preferences? -- Jody Cleveland (cleveland@mail.winnefox.org) From ryanb at AACRAO.ORG Tue Jun 10 19:48:16 2003 From: ryanb at AACRAO.ORG (Bingham, Ryan) Date: Thu Jan 12 21:18:28 2006 Subject: Possible to have MailScanner use SA database? Message-ID: To save Julian some work, here's his response to a similar question posted about three hours ago: Julian wrote: > This won't work with MailScanner, as MailScanner > doesn't use "spamc" (it's slow), and it is always > run as the same user. > You can fairly easily add code to MailScanner > (see CustomConfig.pm) to read per-user settings > from a SQL database. There will shortly be some code > appearing to do this which you will just be able > to use without playing around at all. > In the mean time, I might be able to find you some, > but it isn't polished yet. -----Original Message----- From: Jody Cleveland [mailto:Cleveland@MAIL.WINNEFOX.ORG] Sent: Tuesday, June 10, 2003 2:44 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Possible to have MailScanner use SA database? Hello, I'm trying to setup a database for SpamAssassin for individual user preferences. I just realized that with how MailScanner calls sa, I don't think that's possible. Is there a way to tell MS to use that database for individual user preferences? -- Jody Cleveland (cleveland@mail.winnefox.org) From rishi at THEARGONCOMPANY.COM Tue Jun 10 19:36:41 2003 From: rishi at THEARGONCOMPANY.COM (Rishi Gangoly) Date: Thu Jan 12 21:18:28 2006 Subject: f-prot's new mailbox licensing model In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0EBF63C@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB0EBF63C@pascal.priv.bmrb.co.uk> Message-ID: <200306110006.41984.rishi@theargoncompany.com> On Tuesday 10 Jun 2003 5:17 pm, you wrote: > Even running just Clam (which is free) will help (although they are not > always up to date) What happens when two or more AV scanners are used? Are both used OR if the first AV scanner (f-prot) detects a virus will the second AV scanner not be used? Has anyone deployed CLAM and are happy with the results? Does the "Silent Viruses =" feature work with clam? Regards -- Rishi Gangoly Manager - Technical Operations The Argon Company Phone: +91-22-56361313 From michele at BLACKNIGHTSOLUTIONS.COM Tue Jun 10 20:03:16 2003 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: BlacknightSolutions) Date: Thu Jan 12 21:18:28 2006 Subject: Panda frustration In-Reply-To: <011001c32ef2$fd4c5f70$6f01a8c0@Laptop1> Message-ID: <200306101903.h5AJ3FB30833@camelot.blacknightsolutions.com> I'm still waiting! Mr. Michele Neylon Blacknight Solutions http://www.blacknightsolutions.com/ > > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Sanjay Patel > Sent: 10 June 2003 03:53 > To: MAILSCANNER@JISCMAIL.AC.UK > > you should get a e-mail within 24hrs from them. > > -SKP > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Michele > Neylon :: BlacknightSolutions > Sent: Monday, June 09, 2003 7:58 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Panda frustration > > > OK. Now I am annoyed. > > Although the Panda software site clearly states command line > scanning for linux and win32 after purchasing the download is > win32 binary. So, I download the linux version, which seems > to be the same thing. It works fine with our fresh install of > MailScanner. Now to update... BIG problem! The command line > version does not contain an activation code in the email, so > registering on the website is impossible, and getting updates > is only possible via the website, so I can't update > > Any ideas????? > > Mr. Michele Neylon > Blacknight Solutions > http://www.blacknightsolutions.com/ > > > > > This message (and any attachment) is intended only for the > recipient and may contain confidential and/or privileged > material. If you have received this in error, please contact > the sender and delete this message immediately. > Disclosure, copying or other action taken in respect of this > email or in reliance on it is prohibited. > > ######################################################### This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance to it is prohibited. From maxsec at TOTALISE.CO.UK Tue Jun 10 20:03:23 2003 From: maxsec at TOTALISE.CO.UK (Martin Hepworth) Date: Thu Jan 12 21:18:28 2006 Subject: disclaimer mail rules syntax error In-Reply-To: <5.2.1.1.2.20030610180335.025e6ec8@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030610175233.025cbd78@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030610175233.025cbd78@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030610180335.025e6ec8@imap.ecs.soton.ac.uk> Message-ID: <3EE62B7B.6060604@totalise.co.uk> Julian Field wrote: > At 17:58 10/06/2003, you wrote: > >> Julian >> >> Jun 10 17:20:06 soloman MailScanner[327]: Could not read file >> /opt/Mailscanner/etc/reports/ssl.sig.txt > > > Lower-case "s" in Mailscanner. > D'oh (thud, thud) -- sound of head against brick wall... :-) Thanks Julian, sometimes ya get too close to the problem.. -- Martin From mailscanner at ecs.soton.ac.uk Tue Jun 10 20:05:38 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:28 2006 Subject: f-prot's new mailbox licensing model In-Reply-To: <200306110006.41984.rishi@theargoncompany.com> References: <5C0296D26910694BB9A9BBFC577E7AB0EBF63C@pascal.priv.bmrb.co.uk> <5C0296D26910694BB9A9BBFC577E7AB0EBF63C@pascal.priv.bmrb.co.uk> Message-ID: <5.2.1.1.2.20030610200458.02581e40@imap.ecs.soton.ac.uk> At 19:36 10/06/2003, you wrote: >On Tuesday 10 Jun 2003 5:17 pm, you wrote: > > Even running just Clam (which is free) will help (although they are not > > always up to date) > >What happens when two or more AV scanners are used? > >Are both used OR if the first AV scanner (f-prot) detects a virus will the >second AV scanner not be used? They are always all used. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From raymond at PROLOCATION.NET Tue Jun 10 20:13:57 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:28 2006 Subject: f-prot's new mailbox licensing model In-Reply-To: <200306110006.41984.rishi@theargoncompany.com> Message-ID: Hi! > What happens when two or more AV scanners are used? Both are used. > Are both used OR if the first AV scanner (f-prot) detects a virus will the > second AV scanner not be used? Both. > Has anyone deployed CLAM and are happy with the results? > > Does the "Silent Viruses =" feature work with clam? Yes yes. Thats got nothing to do with Clam, but with MS. Bye, Raymond. From forrie at FORRIE.COM Tue Jun 10 20:14:27 2003 From: forrie at FORRIE.COM (Forrest Aldrich) Date: Thu Jan 12 21:18:28 2006 Subject: OT (general interest): RAV antivirus In-Reply-To: <5.2.1.1.2.20030610200458.02581e40@imap.ecs.soton.ac.uk> References: <200306110006.41984.rishi@theargoncompany.com> <5C0296D26910694BB9A9BBFC577E7AB0EBF63C@pascal.priv.bmrb.co.uk> <5C0296D26910694BB9A9BBFC577E7AB0EBF63C@pascal.priv.bmrb.co.uk> Message-ID: <5.2.1.1.2.20030610151247.06410da8@192.168.1.1> This may be of general interest... I just received an email from RAV, indicating some acquisition of their technology by Microsoft. This probably means more scanners for the MS platform. Forrest === snippet === Dear RAV User, As you are aware, we at RAV have always maintained that our antivirus technology is amongst the best available. This is now testified by a recent announcement by Microsoft Corporation on acquiring our technology. More information about this is available at www.ravantivirus.com and at www.microsoft.com From Cleveland at MAIL.WINNEFOX.ORG Tue Jun 10 20:31:27 2003 From: Cleveland at MAIL.WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:18:28 2006 Subject: Possible to have MailScanner use SA database? Message-ID: <84CFA712F666B44A94CE6BE116BAF4B0B4E9E7@mail.winnefox.org> > To save Julian some work, here's his response to a similar > question posted about three hours ago: Sorry about that. Since that subject thread didn't have a subject, I had completely overlooked it. Do you know if it's possible to have a web interface so that users can add things to their own whitelist? Jody From dwinkler at ALGORITHMICS.COM Tue Jun 10 22:50:05 2003 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:18:28 2006 Subject: OT (general interest): RAV antivirus Message-ID: <06EE2C86D3DAD5119A6C0060943F3C97055E6FFD@tormail1.algorithmics.com> Microsoft is going to discontinue all of their products. More for Microsoft less for *nix. -----Original Message----- From: Forrest Aldrich [mailto:forrie@forrie.com] Sent: Tuesday, June 10, 2003 3:14 PM To: MAILSCANNER@jiscmail.ac.uk Subject: OT (general interest): RAV antivirus This may be of general interest... I just received an email from RAV, indicating some acquisition of their technology by Microsoft. This probably means more scanners for the MS platform. Forrest === snippet === Dear RAV User, As you are aware, we at RAV have always maintained that our antivirus technology is amongst the best available. This is now testified by a recent announcement by Microsoft Corporation on acquiring our technology. More information about this is available at www.ravantivirus.com and at www.microsoft.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030610/7510c6b2/attachment.html From brose at MED.WAYNE.EDU Tue Jun 10 23:13:20 2003 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:18:28 2006 Subject: Feature request for next version??? Message-ID: Can MS run virus checks first before Spam checks and if the message is infected, not Spam check it if MS is configured to delete or quaranteen? Virus checking is faster than spam checking but since the Spamassassin checks run first, it has been detecting these virus created messages based on Razor or DCC reports as Spam. Granted the stuff is still being caught but at a performance cost. -=Bobby -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030610/bf221c8c/attachment.html From mikew at CRUCIS.NET Wed Jun 11 01:19:07 2003 From: mikew at CRUCIS.NET (Mike Watson) Date: Thu Jan 12 21:18:28 2006 Subject: f-prot's new mailbox licensing model In-Reply-To: <000401c32f6e$170ad600$3401a8c0@eford001> References: <000401c32f6e$170ad600$3401a8c0@eford001> Message-ID: <200306101919.11081.mikew@crucis.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday 10 June 2003 11:33 am, you wrote: > Julian gave you his non-objective opinion. Here is my opinion: > I am running Redhat 7.2 with the latest version of Mailscanner, and > spammassassin 2.54 and f-prot 3.13 > > My original setup of spamassassin with procmail took me about 2 hours > to get working. On top of that, I had to spend time tweaking > procmail and sendmail for whitelisting and blacklisting. I would say > total time was 4 hours. > > It took me 15 minutes to get MS+spamassassin+f-prot up and running, > including the time needed to tweak the config files. > > Even if virus-scanning were done elsewhere, what would it hurt to use > a setup like this with ClamAV instead of f-prot? "Free" and "Open > Source" are beautiful things. > > Evert Ford > General-Purpose Computer Guy > Westone Laboratories > For one, F-Prot clean, disinfects, or quarantines emails with virus when found. All ClamAV does is report it. Mike W - -- Registered Linux - 256979 NRA Life ARS: W0TMW -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+5nV+5fq6h2uDDlQRAkFEAJ9x+dn2YAPJQTQ0/Dhct/n7q6vyvwCgigyC PyT+fZ0iQfQ3okj+ZBsA8+k= =8af9 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by F-Prot and MailScanner, and is believed to be clean. From mikew at CRUCIS.NET Wed Jun 11 01:21:55 2003 From: mikew at CRUCIS.NET (Mike Watson) Date: Thu Jan 12 21:18:29 2006 Subject: f-prot's new mailbox licensing model In-Reply-To: References: Message-ID: <200306101921.55918.mikew@crucis.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday 10 June 2003 02:13 pm, you wrote: > Hi! > > > What happens when two or more AV scanners are used? > > Both are used. > > > Are both used OR if the first AV scanner (f-prot) detects a virus > > will the second AV scanner not be used? > > Both. > > > Has anyone deployed CLAM and are happy with the results? > > > > Does the "Silent Viruses =" feature work with clam? > > Yes yes. Thats got nothing to do with Clam, but with MS. > > Bye, > Raymond. Julian, when you have more than one anti-virus, what order are they used? In the order listed in the config file? Mike W - -- Registered Linux - 256979 NRA Life ARS: W0TMW -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+5nYj5fq6h2uDDlQRAh9QAKCG5UcCN9sU/DyjDMe7Z/XqWlvjRACgwf5I L0uYMy1Pzkg2WxLCEka8pSg= =pqfO -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by F-Prot and MailScanner, and is believed to be clean. From rsiagian at prismasoftsolusi.com Wed Jun 11 01:59:26 2003 From: rsiagian at prismasoftsolusi.com (Rachmad Siagian) Date: Thu Jan 12 21:18:29 2006 Subject: Problems Installing Mailscanner 4.21.9 Message-ID: <000001c32fb5$7ca28e80$0100007f@enterprise> Hi, I'm trying to install Mailscanner 4.21.9 on a Redhat 6.2 but have hit problems. I have managed to run Update-MakeMaker.sh after installing FileSpec 0.82 and run install.sh again. After a lot of output on the screen, the program ended with: Installing tnef decoder error: failed dependencies: rpmlib(PayloadFilesHavePrefix) <= 4.0-1 is needed by tnef-1.1.4-sizelimi t1 rpmlib(CompressedFileNames) <= 3.0.4-1 is needed by tnef-1.1.4-sizelimit 1 Now to install MailScanner itself. error: failed dependencies: tnef >= 1.1.1 is needed by mailscanner-4.21-9 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 is needed by mailscanner-4.21-9 rpmlib(CompressedFileNames) <= 3.0.4-1 is needed by mailscanner-4.21-9 rpmlib(VersionedDependencies) <= 3.0.3-1 is needed by mailscanner-4.21-9 Please do not forget to kill your MailScanner version 3 processes before starting version 4. Any ideas? Cheers, Joe -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030611/28a67b00/attachment.html From ryanb at AACRAO.ORG Wed Jun 11 02:26:26 2003 From: ryanb at AACRAO.ORG (Ryan Bingham) Date: Thu Jan 12 21:18:29 2006 Subject: Possible to have MailScanner use SA database? References: <84CFA712F666B44A94CE6BE116BAF4B0B4E9E7@mail.winnefox.org> Message-ID: <001201c32fb8$7ac03290$f8240340@kh06s9> > Do you know if it's possible to have a web interface so that users can > add things to their own whitelist? > > Jody Hi Jody, There's been some talk on the list about this recently; I double-checked the archives and found some references to Webmin for MailScanner. Here's the MailScanner Webmin homepage: http://lushsoft.dyndns.org/mailscanner-webmin/ It looks like by default it's meant to administer global MailScanner settings, but one archive thread mentions being able to assign users in Webmin and letting them edit their own whitelist and blacklist rules. I've never used Webmin, though, so I'll shut up and invite other more knowledgeable people to jump in at this point. Hope that at least gets you started. Ryan From forrie at FORRIE.COM Wed Jun 11 04:50:03 2003 From: forrie at FORRIE.COM (Forrest Aldrich) Date: Thu Jan 12 21:18:29 2006 Subject: Possible to have MailScanner use SA database? In-Reply-To: <001201c32fb8$7ac03290$f8240340@kh06s9> References: <84CFA712F666B44A94CE6BE116BAF4B0B4E9E7@mail.winnefox.org> Message-ID: <5.2.1.1.2.20030610234843.064d6488@192.168.1.1> I've not used Webmin before, but I downloaded the Webmin MailScanner module (which is really a tar archive) and looked at it. It's a bunch of *.cgi scripts (perl, etc) -- so it could probably be easily broken down (with enough time and patience) to be a more generalized application. I personally would like to see something done in PHP - both for managing the server configurations and for individual users. Forrest At 09:26 PM 6/10/2003, Ryan Bingham wrote: > > Do you know if it's possible to have a web interface so that users can > > add things to their own whitelist? > > > > Jody > >Hi Jody, > >There's been some talk on the list about this recently; I double-checked the >archives and found some references to Webmin for MailScanner. Here's the >MailScanner Webmin homepage: > >http://lushsoft.dyndns.org/mailscanner-webmin/ > >It looks like by default it's meant to administer global MailScanner >settings, but one archive thread mentions being able to assign users in >Webmin and letting them edit their own whitelist and blacklist rules. > >I've never used Webmin, though, so I'll shut up and invite other more >knowledgeable people to jump in at this point. > >Hope that at least gets you started. > >Ryan From raymond at PROLOCATION.NET Wed Jun 11 06:57:53 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:29 2006 Subject: f-prot's new mailbox licensing model In-Reply-To: <200306101919.11081.mikew@crucis.net> Message-ID: Hi! > For one, F-Prot clean, disinfects, or quarantines emails with virus when > found. All ClamAV does is report it. Most worms are not even wanted to be cleaned i think, the time you could clean a virus is in my eyes past time. Bye, Raymond. From raymond at PROLOCATION.NET Wed Jun 11 06:58:32 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:29 2006 Subject: f-prot's new mailbox licensing model In-Reply-To: <200306101921.55918.mikew@crucis.net> Message-ID: Hi! > > > Does the "Silent Viruses =" feature work with clam? > > > > Yes yes. Thats got nothing to do with Clam, but with MS. > Julian, when you have more than one anti-virus, what order are they > used? In the order listed in the config file? Yes. Btw! It wont harm to simply try something for a change. Bye, Raymond. From Richard.Lush at HP.COM Wed Jun 11 08:14:36 2003 From: Richard.Lush at HP.COM (Lush, Richard) Date: Thu Jan 12 21:18:29 2006 Subject: Possible to have MailScanner use SA database? Message-ID: <13095CFC38D38E418844A18124E8EC7708778B@sdcexcea01.emea.cpqcorp.net> Hi All, The webmin module is just that, a group of perl cgi scripts for managing MailScanner. There is an option for editing the whitelists but it is a global whitelist, haven't tried creating user specific whitelists but I expect you could so this with a ruleset(?). If this is something that people want then I will look at adding it in to the module. I do have plans to create a standalone gui which will allow you to manage multiple MS servers - I'm looking at adding that functionality to the webmin module to. The new gui will be non-web based but I will notbe starting work on it until much later in the year. I'd love to hear from people as to what extra things they would like to see in front end. Please mail me on webmin@lushsoft.dyndns.org. There is a new version on the way which should (hopefully) be released this Friday. It does have a lot more functionality (ability to edit all rulesets is the main one). Forrest - I did try and email another reply but it is still being blocked. Richard Webmin module author http://lushsoft.dyndns.org/mailscanner-webmin -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Forrest Aldrich Sent: 11 June 2003 04:50 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Possible to have MailScanner use SA database? I've not used Webmin before, but I downloaded the Webmin MailScanner module (which is really a tar archive) and looked at it. It's a bunch of *.cgi scripts (perl, etc) -- so it could probably be easily broken down (with enough time and patience) to be a more generalized application. I personally would like to see something done in PHP - both for managing the server configurations and for individual users. Forrest At 09:26 PM 6/10/2003, Ryan Bingham wrote: > > Do you know if it's possible to have a web interface so that users > > can add things to their own whitelist? > > > > Jody > >Hi Jody, > >There's been some talk on the list about this recently; I >double-checked the archives and found some references to Webmin for >MailScanner. Here's the MailScanner Webmin homepage: > >http://lushsoft.dyndns.org/mailscanner-webmin/ > >It looks like by default it's meant to administer global MailScanner >settings, but one archive thread mentions being able to assign users in >Webmin and letting them edit their own whitelist and blacklist rules. > >I've never used Webmin, though, so I'll shut up and invite other more >knowledgeable people to jump in at this point. > >Hope that at least gets you started. > >Ryan From support at INVICTANET.CO.UK Wed Jun 11 09:56:20 2003 From: support at INVICTANET.CO.UK (InvictaNet Customer Support) Date: Thu Jan 12 21:18:29 2006 Subject: OT (general interest): RAV antivirus In-Reply-To: <06EE2C86D3DAD5119A6C0060943F3C97055E6FFD@tormail1.algorithmics.com> Message-ID: I tend to agree with Derek. I forsee Microsoft killing the non-windows versions within 6 months. Martyn Routley ----------------------------------------------------------------- InvictaNet - The Internet in Plain English, Guaranteed http://www.invictanet.co.uk martyn@support.invictanet.co.uk phone: 08707 440180 fax: 08707 440181 Ask us about our online Antivirus and Junk mail scanning service ----------------------------------------------------------------- -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Derek Winkler Sent: 10 June 2003 22:50 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: OT (general interest): RAV antivirus Microsoft is going to discontinue all of their products. More for Microsoft less for *nix. -----Original Message----- From: Forrest Aldrich [mailto:forrie@forrie.com] Sent: Tuesday, June 10, 2003 3:14 PM To: MAILSCANNER@jiscmail.ac.uk Subject: OT (general interest): RAV antivirus This may be of general interest... I just received an email from RAV, indicating some acquisition of their technology by Microsoft. This probably means more scanners for the MS platform. Forrest From rishi at THEARGONCOMPANY.COM Wed Jun 11 10:31:53 2003 From: rishi at THEARGONCOMPANY.COM (Rishi Gangoly) Date: Thu Jan 12 21:18:29 2006 Subject: f-prot's new mailbox licensing model In-Reply-To: References: Message-ID: <200306111501.53781.rishi@theargoncompany.com> On Tuesday 10 Jun 2003 5:17 pm, you wrote: > Naturally it CAN be done but i would stronlgy advice to keep running a > virus scanner also. If not f-prot then for example ClamAV... > > Bye, > Raymond. But what would happen if Clam AV or f-prot was not used? Wouldn't MailScanner catch / trap / quarantine all the viruses? The only viruses that would probably slip thru are macro viruses and those that are sent thru compressed files... correct? Or is there something else that may happen that I haven't thought of? Regards Rishi From raymond at PROLOCATION.NET Wed Jun 11 10:50:09 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:29 2006 Subject: f-prot's new mailbox licensing model In-Reply-To: <200306111501.53781.rishi@theargoncompany.com> Message-ID: Hi! > But what would happen if Clam AV or f-prot was not used? Wouldn't MailScanner > catch / trap / quarantine all the viruses? > > The only viruses that would probably slip thru are macro viruses and those > that are sent thru compressed files... correct? Or is there something else > that may happen that I haven't thought of? MS is NOT a virus scanner. That the filename rules catch some doesnt tell much. If you like to be secure, go for a virus scanner. Pretty simple. Bye, Raymond. From Kevin.Spicer at BMRB.CO.UK Wed Jun 11 10:52:15 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:18:29 2006 Subject: f-prot's new mailbox licensing model Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0A4AD9F@pascal.priv.bmrb.co.uk> > The only viruses that would probably slip thru are macro > viruses and those > that are sent thru compressed files... correct? Or is there > something else > that may happen that I haven't thought of? I'm firmly of the opinion that there is always something else that may happen that I haven't thought of! We don't know what the next exploit might be that gets exploited by virus writers. If you want to protect against all viruses without using a virus scanner then you should block all attachements and probably strip all html content too. Theres no telling for sure what attachements may have viruses in them. One example, theres a known vulnerability in Windows XP which can be exploited by a carefully constructed mp3 or wma file. Presumably that could be exploited by a virus writer, but who would have expected an mp3 file to contain a virus - its not even executable! BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From rishi at THEARGONCOMPANY.COM Wed Jun 11 11:25:24 2003 From: rishi at THEARGONCOMPANY.COM (Rishi Gangoly) Date: Thu Jan 12 21:18:29 2006 Subject: f-prot's new mailbox licensing model In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0A4AD9F@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB0A4AD9F@pascal.priv.bmrb.co.uk> Message-ID: <200306111555.24277.rishi@theargoncompany.com> On Wednesday 11 Jun 2003 3:22 pm, you wrote: > > The only viruses that would probably slip thru are macro > > viruses and those > > that are sent thru compressed files... correct? Or is there > > something else > > that may happen that I haven't thought of? > > I'm firmly of the opinion that there is always something else that may > happen that I haven't thought of! We don't know what the next exploit > might be that gets exploited by virus writers. If you want to protect > against all viruses without using a virus scanner then you should block all > attachements and probably strip all html content too. Theres no telling > for sure what attachements may have viruses in them. One example, theres a > known vulnerability in Windows XP which can be exploited by a carefully > constructed mp3 or wma file. Presumably that could be exploited by a virus > writer, but who would have expected an mp3 file to contain a virus - its > not even executable! WOW... now that I did not know. That is information that's of great value. Thanks a million Kevin. This was the kind of information I was looking for. Thanks Regards Rishi P.S. I'm glad I switched from Windows 98 to using Redhat 8.0 on my desktop. ;-) From o.pitzeier at UPTIME.AT Wed Jun 11 12:02:12 2003 From: o.pitzeier at UPTIME.AT (Oliver Pitzeier) Date: Thu Jan 12 21:18:29 2006 Subject: Black-/Whitelists in SQL Database (WAS: RE: SQL user options) In-Reply-To: <001501c32ebf$6a0109b0$0f11a8c0@pitzeier.priv.at> Message-ID: <001001c33008$e9c7e890$020b10ac@pitzeier.priv.at> Oliver Pitzeier wrote: > Julian Field wrote: > > At 20:03 09/06/2003, you wrote: [ ... ] > > >I just read, that it is possible to have user options in a SQL > > >database. I want to do that with whitelists, blacklists... > > > > > >How can I do that? And what other 'option' can be hold by a SQL > > >database? > > > > > >I would also need the possibility to have white-/blacklists on a > > >per-user-basis... > > > Take a look in CustomConfig.pm. There is per-user whitelist and > > blacklist code there, which will give you hints as to how to read > > config options from a SQL db. > > > > There will later be more code here to read data from SQL > > dbs, but not quite yet... > > I guessed such an answer... Not the one I hoped for, but it > means I have to get into MailScanner deeper. :-) OK. I did it. :-) I wrote some code (SQL_Backlist, SQL_Whitelist), which is - at least a bit - configurable trough variables in CustomConfig.pm. You can imagine what it does... Exactly what I wanted. :-) So... Is someone interessted in this code? Julian, you may add it - after investigating it - to the main tree!? I would be pleased to add more comments, add code that handles wildcards, and so on... If there are people who need those functions - else I let it as it is and just use it myself...... Best regards, Oliver PS: There is also a test-script, that can check if the database is set up correct and the data is read correct.... From Cleveland at MAIL.WINNEFOX.ORG Wed Jun 11 13:37:53 2003 From: Cleveland at MAIL.WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:18:29 2006 Subject: Black-/Whitelists in SQL Database (WAS: RE: SQL user options) Message-ID: <84CFA712F666B44A94CE6BE116BAF4B0B4E9ED@mail.winnefox.org> > OK. I did it. :-) I wrote some code (SQL_Backlist, > SQL_Whitelist), which is - at least a bit - configurable > trough variables in CustomConfig.pm. You can imagine what it > does... Exactly what I wanted. :-) > > So... Is someone interested in this code? I would love to have that. Thanks! -- Jody Cleveland (cleveland@mail.winnefox.org) From Cleveland at MAIL.WINNEFOX.ORG Wed Jun 11 13:45:08 2003 From: Cleveland at MAIL.WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:18:29 2006 Subject: Possible to have MailScanner use SA database? Message-ID: <84CFA712F666B44A94CE6BE116BAF4B0B4E9EE@mail.winnefox.org> > I personally would like to see something done in PHP - both > for managing the server configurations and for individual users. I'd have to say ditto on that. Ideally, I'd like a page users can go to, log in, and modify their white/ black lists. I know you can do it with spamassassin, so there's got to be a way with mailscanner. I'd rather stay away from webmin for users. That's the last place I want them. Jody From mbowman at UDCOM.COM Wed Jun 11 13:47:25 2003 From: mbowman at UDCOM.COM (Matthew Bowman) Date: Thu Jan 12 21:18:29 2006 Subject: Possible to have MailScanner use SA database? Message-ID: That is something I would be interested in to. Features: Admin Interface - Global rulesets - User Admin User Interface - Maintainance of white/black lists - Allowed filenames - Virus Notifications - Normal and High Scoring thresholds - Spam Actions --- Matthew K Bowman Systems Administrator, UDCom 174 Park Avenue West, Mansfield. Ohio 44902 Tel : 419-524-4330 Fax : 419-524-8757 Email : mbowman@udcom.com Web: http://www.udcom.com/ Jody Cleveland Sent by: MailScanner mailing list 06/11/2003 08:45 AM Please respond to MailScanner mailing list To: MAILSCANNER@JISCMAIL.AC.UK cc: Subject: Re: Possible to have MailScanner use SA database? > I personally would like to see something done in PHP - both > for managing the server configurations and for individual users. I'd have to say ditto on that. Ideally, I'd like a page users can go to, log in, and modify their white/ black lists. I know you can do it with spamassassin, so there's got to be a way with mailscanner. I'd rather stay away from webmin for users. That's the last place I want them. Jody From dwinkler at ALGORITHMICS.COM Wed Jun 11 13:48:43 2003 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:18:29 2006 Subject: OT (general interest): RAV antivirus Message-ID: <06EE2C86D3DAD5119A6C0060943F3C97055E6FFE@tormail1.algorithmics.com> Wasn't my opinion, Microsoft has stated this to the press. -----Original Message----- From: InvictaNet Customer Support [mailto:support@invictanet.co.uk] Sent: Wednesday, June 11, 2003 4:56 AM To: MAILSCANNER@jiscmail.ac.uk Subject: Re: OT (general interest): RAV antivirus I tend to agree with Derek. I forsee Microsoft killing the non-windows versions within 6 months. Martyn Routley ----------------------------------------------------------------- InvictaNet - The Internet in Plain English, Guaranteed http://www.invictanet.co.uk martyn@support.invictanet.co.uk phone: 08707 440180 fax: 08707 440181 Ask us about our online Antivirus and Junk mail scanning service ----------------------------------------------------------------- -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Derek Winkler Sent: 10 June 2003 22:50 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: OT (general interest): RAV antivirus Microsoft is going to discontinue all of their products. More for Microsoft less for *nix. -----Original Message----- From: Forrest Aldrich [mailto:forrie@forrie.com] Sent: Tuesday, June 10, 2003 3:14 PM To: MAILSCANNER@jiscmail.ac.uk Subject: OT (general interest): RAV antivirus This may be of general interest... I just received an email from RAV, indicating some acquisition of their technology by Microsoft. This probably means more scanners for the MS platform. Forrest -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030611/dcc5d98e/attachment.html From Cleveland at MAIL.WINNEFOX.ORG Wed Jun 11 13:53:57 2003 From: Cleveland at MAIL.WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:18:29 2006 Subject: Possible to have MailScanner use SA database? Message-ID: <84CFA712F666B44A94CE6BE116BAF4B0B4E9F1@mail.winnefox.org> > Features: > > Admin Interface > - Global rulesets > - User Admin > User Interface > - Maintainance of white/black lists > - Allowed filenames > - Virus Notifications > - Normal and High Scoring thresholds > - Spam Actions That's exactly everything I'd be looking for too. Unfortunately, I can't program, but I'd be willing to test anything someone made. -- Jody Cleveland (cleveland@mail.winnefox.org) From Richard.Lush at HP.COM Wed Jun 11 14:03:55 2003 From: Richard.Lush at HP.COM (Lush, Richard) Date: Thu Jan 12 21:18:29 2006 Subject: Possible to have MailScanner use SA database? Message-ID: <13095CFC38D38E418844A18124E8EC7708778D@sdcexcea01.emea.cpqcorp.net> I'll look into after I get the new version of the webmin module out this week. I expect it will run under Apache (or any thing that supports perl cgi). I'll keep you all posted. Please email me off list (webmin@lushsoft.dyndns.org) for ideas around the interface look and feel. Cheers Richard -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jody Cleveland Sent: 11 June 2003 13:54 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Possible to have MailScanner use SA database? > Features: > > Admin Interface > - Global rulesets > - User Admin > User Interface > - Maintainance of white/black lists > - Allowed filenames > - Virus Notifications > - Normal and High Scoring thresholds > - Spam Actions That's exactly everything I'd be looking for too. Unfortunately, I can't program, but I'd be willing to test anything someone made. -- Jody Cleveland (cleveland@mail.winnefox.org) From JEN at AH.DK Wed Jun 11 14:09:42 2003 From: JEN at AH.DK (Jan Elmqvist Nielsen) Date: Thu Jan 12 21:18:29 2006 Subject: Kaspersky 4.0.3, MS 4.21-9 and redhat 9 Message-ID: Is any of you running kaspersky 4.0.3, MS 4.2xx and redhat 9, and are you catching any virus? I tryed with kaspersky 3.0 build 136 without any luck. when I am running the kaspersky-wrapper it detects the virus! I have Kaspersky 3.0 build 136, MS 4.21-6 and redhat 7.3 installation, which is working fine!! Any ideas? Is it the redhat version? /Jan Elmqvist Nielsen From damian at WORKGROUPSOLUTIONS.COM Wed Jun 11 14:15:50 2003 From: damian at WORKGROUPSOLUTIONS.COM (Damian Mendoza) Date: Thu Jan 12 21:18:29 2006 Subject: F-Prot and Mail Scanner Message-ID: Hi, An update: End-User error as messages were not going thru MailScanner. MailScanner is working perfectly with F-Prot antivirus. Regards, Damian Workgroup Solutions 20532 El Toro Rd, Suite 107 Mission Viejo, CA 92692 949 586-2200 Developers of SpamGate - Stop SPAM today at the Gateway! -----Original Message----- From: Damian Mendoza Sent: Monday, June 09, 2003 4:43 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: F-Prot and Mail Scanner Hi, I installed F-Prot and MailScanner on an SMTP gateway for a customer. My customer tells me that F-Prot is only blocking 10% of the viruses. They had 9 messages get passed the F-Prot/MailScanner gateway and 1 message was stopped according to the maillog. Norton Antivirus on the Exchange server told us about the 9 messages. Any ideas? F-Prot is getting the updates based on the Maillog file. Thanks, Damian From y.huang at UTORONTO.CA Wed Jun 11 14:49:34 2003 From: y.huang at UTORONTO.CA (Bruce Huang) Date: Thu Jan 12 21:18:29 2006 Subject: Spam score not add up Message-ID: Dear all, One question hope anyone's advise: I start to add my own tests on spam.assassin.prefs.conf. The rule is body SPAM_SITE_001 /www.abc.com/i describe SPAM_SITE_001 Testing score 10.0 The /etc/mail/spamassassin/local.cf links to /opt/MailScanner/etc/spam.assassin.prefs.conf With a test, I expect to have a score greater than 10, instead of 3.6. See bellow for test result. X-mailer: Pegasus Mail for Windows (v4.01) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body X-MailScanner-Information: Please contact the ISP for more information X-MailScanner: Found to be clean X-MailScanner-SpamCheck: not spam, SpamAssassin (score=3.6, required 5, BAYES_00, SPAM_SITE_001) X-MailScanner-SpamScore: sss X-PMFLAGS: 34078848 0 1 Y0604D.CNM www.abc.com Thanks for any advise. Regards, Bruce From mailscanner at ecs.soton.ac.uk Wed Jun 11 14:43:08 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:29 2006 Subject: f-prot's new mailbox licensing model In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0A4AD9F@pascal.priv.bmrb.co .uk> Message-ID: <5.2.0.9.2.20030611144204.04958aa0@imap.ecs.soton.ac.uk> At 10:52 11/06/2003, you wrote: > > The only viruses that would probably slip thru are macro > > viruses and those > > that are sent thru compressed files... correct? Or is there > > something else > > that may happen that I haven't thought of? > >I'm firmly of the opinion that there is always something else that may >happen that I haven't thought of! We don't know what the next exploit >might be that gets exploited by virus writers. If you want to protect >against all viruses without using a virus scanner then you should block >all attachements and probably strip all html content too. Theres no >telling for sure what attachements may have viruses in them. One example, >theres a known vulnerability in Windows XP which can be exploited by a >carefully constructed mp3 or wma file. Presumably that could be exploited >by a virus writer, but who would have expected an mp3 file to contain a >virus - its not even executable! Many moons ago, I fell foul of this myself. Who would have thought that a plain-text email containing no MIME attachments or HTML could have contained a virus? Then "MyParty-A" appeared... -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Wed Jun 11 14:45:22 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:29 2006 Subject: Problems Installing Mailscanner 4.21.9 In-Reply-To: <000001c32fb5$7ca28e80$0100007f@enterprise> Message-ID: <5.2.0.9.2.20030611144444.038c29f8@imap.ecs.soton.ac.uk> You need a newer version of the "rpm" tool and its libraries. At 01:59 11/06/2003, you wrote: >Hi, > >I'm trying to install Mailscanner 4.21.9 on a Redhat 6.2 but have hit >problems. I have managed to run Update-MakeMaker.sh after installing >FileSpec 0.82 and run install.sh again. After a lot of output on the >screen, the program ended with: > >Installing tnef decoder > >error: failed dependencies: > rpmlib(PayloadFilesHavePrefix) <= 4.0-1 is needed by > tnef-1.1.4-sizelimi >t1 > rpmlib(CompressedFileNames) <= 3.0.4-1 is needed by > tnef-1.1.4-sizelimit >1 > >Now to install MailScanner itself. > >error: failed dependencies: > tnef >= 1.1.1 is needed by mailscanner-4.21-9 > rpmlib(PayloadFilesHavePrefix) <= 4.0-1 is needed by > mailscanner-4.21-9 > rpmlib(CompressedFileNames) <= 3.0.4-1 is needed by > mailscanner-4.21-9 > rpmlib(VersionedDependencies) <= 3.0.3-1 is needed by > mailscanner-4.21-9 >Please do not forget to kill your MailScanner version 3 processes >before starting version 4. > >Any ideas? > >Cheers, > >Joe -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030611/1edb5c15/attachment.html From dwinkler at ALGORITHMICS.COM Wed Jun 11 14:49:35 2003 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:18:29 2006 Subject: Spam score not add up Message-ID: <06EE2C86D3DAD5119A6C0060943F3C97055E7000@tormail1.algorithmics.com> score SPAM_SITE_001 10.0 not score 10.0 -----Original Message----- From: Bruce Huang [mailto:y.huang@UTORONTO.CA] Sent: Wednesday, June 11, 2003 9:50 AM To: MAILSCANNER@jiscmail.ac.uk Subject: Spam score not add up Dear all, One question hope anyone's advise: I start to add my own tests on spam.assassin.prefs.conf. The rule is body SPAM_SITE_001 /www.abc.com/i describe SPAM_SITE_001 Testing score 10.0 The /etc/mail/spamassassin/local.cf links to /opt/MailScanner/etc/spam.assassin.prefs.conf With a test, I expect to have a score greater than 10, instead of 3.6. See bellow for test result. X-mailer: Pegasus Mail for Windows (v4.01) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body X-MailScanner-Information: Please contact the ISP for more information X-MailScanner: Found to be clean X-MailScanner-SpamCheck: not spam, SpamAssassin (score=3.6, required 5, BAYES_00, SPAM_SITE_001) X-MailScanner-SpamScore: sss X-PMFLAGS: 34078848 0 1 Y0604D.CNM www.abc.com Thanks for any advise. Regards, Bruce -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030611/d827a791/attachment.html From mailscanner at ecs.soton.ac.uk Wed Jun 11 14:55:23 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:29 2006 Subject: Spam score not add up In-Reply-To: Message-ID: <5.2.0.9.2.20030611145429.04964370@imap.ecs.soton.ac.uk> At 14:49 11/06/2003, you wrote: >Dear all, > >One question hope anyone's advise: > >I start to add my own tests on spam.assassin.prefs.conf. >The rule is > >body SPAM_SITE_001 /www.abc.com/i >describe SPAM_SITE_001 Testing >score 10.0 > >The /etc/mail/spamassassin/local.cf links >to /opt/MailScanner/etc/spam.assassin.prefs.conf > >With a test, I expect to have a score greater than 10, instead of 3.6. See >bellow for test result. > >X-mailer: Pegasus Mail for Windows (v4.01) >Content-type: text/plain; charset=US-ASCII >Content-transfer-encoding: 7BIT >Content-description: Mail message body >X-MailScanner-Information: Please contact the ISP for more information >X-MailScanner: Found to be clean >X-MailScanner-SpamCheck: not spam, SpamAssassin (score=3.6, required 5, > BAYES_00, SPAM_SITE_001) >X-MailScanner-SpamScore: sss >X-PMFLAGS: 34078848 0 1 Y0604D.CNM But it hit the BAYES_00 rule as well, which has a negative score. If you have a very recent MailScanner, you can switch on an option that will show you the score of each rule that "hits". -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From y.huang at UTORONTO.CA Wed Jun 11 14:55:51 2003 From: y.huang at UTORONTO.CA (Bruce Huang) Date: Thu Jan 12 21:18:29 2006 Subject: Spam score not add up References: <06EE2C86D3DAD5119A6C0060943F3C97055E7000@tormail1.algorithmics.com> Message-ID: <002f01c33021$2d001520$5b426480@ad.geog.utoronto.ca> RE: Spam score not add upSorry for the information. The rule is body SPAM_SITE_001 /www.abc.com/i describe SPAM_SITE_001 Testing score SPAM_SITE_001 10.0 Regards, Bruce ----- Original Message ----- From: Derek Winkler To: MAILSCANNER@JISCMAIL.AC.UK Sent: Wednesday, June 11, 2003 9:49 AM Subject: Re: Spam score not add up score SPAM_SITE_001 10.0 not score 10.0 -----Original Message----- From: Bruce Huang [mailto:y.huang@UTORONTO.CA] Sent: Wednesday, June 11, 2003 9:50 AM To: MAILSCANNER@jiscmail.ac.uk Subject: Spam score not add up Dear all, One question hope anyone's advise: I start to add my own tests on spam.assassin.prefs.conf. The rule is body SPAM_SITE_001 /www.abc.com/i describe SPAM_SITE_001 Testing score 10.0 The /etc/mail/spamassassin/local.cf links to /opt/MailScanner/etc/spam.assassin.prefs.conf With a test, I expect to have a score greater than 10, instead of 3.6. See bellow for test result. X-mailer: Pegasus Mail for Windows (v4.01) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body X-MailScanner-Information: Please contact the ISP for more information X-MailScanner: Found to be clean X-MailScanner-SpamCheck: not spam, SpamAssassin (score=3.6, required 5, BAYES_00, SPAM_SITE_001) X-MailScanner-SpamScore: sss X-PMFLAGS: 34078848 0 1 Y0604D.CNM www.abc.com Thanks for any advise. Regards, Bruce -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030611/36bfb59d/attachment.html From y.huang at UTORONTO.CA Wed Jun 11 15:07:59 2003 From: y.huang at UTORONTO.CA (Bruce Huang) Date: Thu Jan 12 21:18:29 2006 Subject: Spam score not add up References: <5.2.0.9.2.20030611145429.04964370@imap.ecs.soton.ac.uk> Message-ID: <004901c33022$de035ed0$5b426480@ad.geog.utoronto.ca> > But it hit the BAYES_00 rule as well, which has a negative score. If you > have a very recent MailScanner, you can switch on an option that will show > you the score of each rule that "hits". I am using MailScanner 4.20-3, and can not find the option. Would you mind to let me know where it is? Thanks, Bruce From o.pitzeier at UPTIME.AT Wed Jun 11 15:08:46 2003 From: o.pitzeier at UPTIME.AT (Oliver Pitzeier) Date: Thu Jan 12 21:18:29 2006 Subject: Black-/Whitelists in SQL Database (WAS: RE: SQL user options) In-Reply-To: <84CFA712F666B44A94CE6BE116BAF4B0B4E9ED@mail.winnefox.org> Message-ID: <001901c33022$f99097d0$020b10ac@pitzeier.priv.at> > > OK. I did it. :-) I wrote some code (SQL_Backlist, SQL_Whitelist), > > which is - at least a bit - configurable trough variables in > > CustomConfig.pm. You can imagine what it does... Exactly what I > > wanted. :-) > > > > So... Is someone interested in this code? > > I would love to have that. Thanks! Please find it here: http://filelister.linux-kernel.at/?current=/tarballs/MailScanner/ Please keep in mind, that is is still some kind of beta stage... I have it running here, but I wrote it this night in about 1 hour. :-) For me it's stable, if Julian says it's fine. :-))) xs Best regards, Oliver From marco at MUW.EDU Wed Jun 11 15:19:32 2003 From: marco at MUW.EDU (Marco Obaid) Date: Thu Jan 12 21:18:29 2006 Subject: Using ramfs for incoming queue In-Reply-To: <002f01c33021$2d001520$5b426480@ad.geog.utoronto.ca> References: <06EE2C86D3DAD5119A6C0060943F3C97055E7000@tormail1.algorithmics.com> <002f01c33021$2d001520$5b426480@ad.geog.utoronto.ca> Message-ID: <1055341172.3ee73a7493594@webmail.MUW.Edu> Good day all, I am exploring using ramfs for MS incoming queue. This is a Redhat 7.3 system with 3GB RAM. I am using the following command: $ mount -t -o maxsize=n none /var/spool/MailScanner/incoming ramfs My question is, what is a decent size for n? I know that is probably site-dependent, but an advice is appreciated. This particular system handles an average of 20,000 messages per day. Thank you Marco _________________________________________________________________ This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail For the latest MUW Events, visit http://www.MUW.Edu/calendar From raymond at PROLOCATION.NET Wed Jun 11 15:18:34 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:29 2006 Subject: Using ramfs for incoming queue In-Reply-To: <1055341172.3ee73a7493594@webmail.MUW.Edu> Message-ID: Hi! > My question is, what is a decent size for n? > > I know that is probably site-dependent, but an advice is appreciated. This > particular system handles an average of 20,000 messages per day. If you look on your system now, i guess you can estimate ok :) Please also mind that in case of heavy incomming mail you will most likely be stuck if you push this too low. But thats no news to you i guess... Bye, Raymond. From FCaen at CI.LAKEWOOD.WA.US Wed Jun 11 15:20:44 2003 From: FCaen at CI.LAKEWOOD.WA.US (Francois Caen) Date: Thu Jan 12 21:18:29 2006 Subject: f-prot's new mailbox licensing model Message-ID: -----Original Message----- From: Spicer, Kevin [mailto:Kevin.Spicer@BMRB.CO.UK] > One example, theres a known vulnerability in Windows XP which can be > exploited by a carefully constructed mp3 or wma file. Presumably that > could be exploited by a virus writer, but who would have expected an > mp3 file to contain a virus - its not even executable! Yep. Same thing for PDFs. I even remember an article about trying to hide viruses in JPEGs. Can't remember if that was successful or not. But this all proves that even though filetype filtering is a great tool, it is not sufficient. --------------------------------------------- Francois Caen Network Information Systems Engineer - Webmaster City of Lakewood, WA (253) 512-2269 NOTICE: The Information contained in this transmission is privileged and confidential. It is intended for the use of the individual or entity named above. If the reader of this message is not the intended addressee or other legitimate recipient, the reader is hereby notified that any consideration, dissemination or duplication of this communication is strictly prohibited. If the addressee has received this communication in error, please return it to the above address by mail and notify this office by telephone. City of Lakewood From tony.johansson at SVENSKAKYRKAN.SE Wed Jun 11 15:25:49 2003 From: tony.johansson at SVENSKAKYRKAN.SE (Tony Johansson) Date: Thu Jan 12 21:18:29 2006 Subject: eTrust Inoculate Message-ID: <3C4F5084EF16D4119CE700508B6B8B10058D0D60@nt.svenskakyrkan.se> I have problems getting eTrust inoculate to work with MailScanner. Details: eTrust version: eTrust Antivirus for Linux (Build 1892) (from the eTrust AntiVirus version 7 CD) Os: Red Hat 7.3 with default sendmail MailScanner: 4.21-9 Virus scanner in MailScanner.conf is set to f-prot and inoculate. F-prot finds viruses, inoculate does not and theres nothing in the maillog about inoculate. incoulate-wrapper DOES work however, see following output: "[root@localhost viruses]# /usr/lib/MailScanner/inoculate-wrapper . File /tmp/viruses/./BUG.0LL is infected by virus: Win32/Bugbear.Worm File /tmp/viruses/./BUGBEAR.0OM is infected by virus: Win32/Bugbear.Worm File /tmp/viruses/./klez.0OM is infected by virus: Win32/Klez.H.Worm File /tmp/viruses/./sircam.0OM is infected by virus: Win32/SirCam.Worm Total Files Scanned: 8 Total Viruses Found: 4 Total Infected Files Found: 4 Scan Mode: Secure *** End Of Summary *** " Version info and options of inocmd32: [root@localhost MailScanner]# inocmd32 InoculateIT Engine version: 23.61.00 2003/04/08 InoculateIT Signature version: virsig.da0 23.61.46 2003/06/10 Usage:inocmd32 [ -options ] file|directory|drive ... -options: : ENG can be one of: Ino or Vet : MOD Scan mode can be one of: Secure or Reviewer (default Secure) : ACT Infected file action can be one of: Cure, Rename, Delete or Move : EXE Specified files (based on the 'Specified' extension list) : EXC Exclude files (based on the 'Exclude' extension list) : ARC Scan archive files : NEX Detect compressed files by content, not file extension : NOS No subdirectory traverse : FIL: Only scan files that match (shell wildcard) : SCA Special Cure Action (ACT must be set to Cure) can be one of: CB (Copy Before), DT (Delete Trojan), RF (Rename if cure fails) or MF (Move if cure fails) : MCA Macro Cure Action can be either: RA (remove all) or RI (remove infected) : SPM Special Mode can only be: H (heuristics) : SFI Stop at first infection in archive : SRF Skip regular file scanning of archives : LIS: Create scan report file : APP: Append scan report to file : UNI / is directory separator rather than switch introducer : VER Verbose mode : COU: Message every scanned files : COU Message every 1000 scanned files : SIG Display signature version numbers : SIG: Display signature version numbers of engine located in : HEL or ? Display this help file|directory|drive ...: Specify at least one file, directory or drive to scan regards, Tony From Kevin.Spicer at BMRB.CO.UK Wed Jun 11 15:32:24 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:18:29 2006 Subject: f-prot's new mailbox licensing model Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0EBF641@pascal.priv.bmrb.co.uk> > I even remember an article about trying to > hide viruses in JPEGs. That was largely marketing from one of the big AV vendors. There was a virus spreading through jpegs, but you had to already have been infected by another virus which then made you vulnerable to the jpeg one. Uninfected PC's had nothing to fear from that particular jpeg. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From lbergman at wtxs.net Wed Jun 11 15:44:23 2003 From: lbergman at wtxs.net (Lewis Bergman) Date: Thu Jan 12 21:18:29 2006 Subject: Black-/Whitelists in SQL Database (WAS: RE: SQL user options) In-Reply-To: <84CFA712F666B44A94CE6BE116BAF4B0B4E9ED@mail.winnefox.org> References: <84CFA712F666B44A94CE6BE116BAF4B0B4E9ED@mail.winnefox.org> Message-ID: <200306110944.23279.lbergman@wtxs.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday 11 June 2003 07:37 am, Jody Cleveland wrote: > > OK. I did it. :-) I wrote some code (SQL_Backlist, > > SQL_Whitelist), which is - at least a bit - configurable > > trough variables in CustomConfig.pm. You can imagine what it > > does... Exactly what I wanted. :-) > > > > So... Is someone interested in this code? > > I would love to have that. Thanks! I would second that. I am not ready to use it yet but I have been looking for a way to do per user black/white lists. Sounds very promising. - -- Lewis Bergman Texas Communications 4309 Maple St. Abilene, TX 79602-8044 915-695-6962 ext 115 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+50BHpT00mQjG01gRAn2FAJ0VmoFI/JBDVF/mHTLT1fwabMn0NgCgkCTA NeIOlKhOgRAQmHB0rNgpWJ0= =4x6i -----END PGP SIGNATURE----- From o.pitzeier at UPTIME.AT Wed Jun 11 15:47:22 2003 From: o.pitzeier at UPTIME.AT (Oliver Pitzeier) Date: Thu Jan 12 21:18:29 2006 Subject: Black-/Whitelists in SQL Database (WAS: RE: SQL user options) In-Reply-To: <200306110944.23279.lbergman@wtxs.net> Message-ID: <001e01c33028$5e03ac70$020b10ac@pitzeier.priv.at> Lewis Bergman wrote: > On Wednesday 11 June 2003 07:37 am, Jody Cleveland wrote: > > > OK. I did it. :-) I wrote some code (SQL_Backlist, > SQL_Whitelist), > > > which is - at least a bit - configurable trough variables in > > > CustomConfig.pm. You can imagine what it does... Exactly what I > > > wanted. :-) > > > > > > So... Is someone interested in this code? > > > > I would love to have that. Thanks! > > I would second that. I am not ready to use it yet but I have > been looking for a way to do per user black/white lists. > > Sounds very promising. Please see my other mail... I uploaded it to my server, so everyone can download it easily... Best regards, Oliver From kusler at NSCL.MSU.EDU Wed Jun 11 15:58:54 2003 From: kusler at NSCL.MSU.EDU (Jay Kusler) Date: Thu Jan 12 21:18:29 2006 Subject: double messages? Message-ID: I upgraded to Postfix 2.0.11 yesterday to see if that would fix things, but no luck. These second (empty) messages still happen. I've had 2 today, out of about 20 emails. Any hints on where I could look? Thanks, Jay Kusler On Tue, 10 Jun 2003 10:15:33 -0400, Jay Kusler wrote: >MailScanner-4.21-9 >Postfix 1.1.11 > >Thanks > >Jay > > > >Julian Field said: >> What version of MailScanner are you running? >> What version of Postfix are you running? >> >> At 14:11 10/06/2003, you wrote: >>>I installed MailScanner with Clamav on a Solaris 8 (sparc) box running >>> Postfix as the MTA. Often, but not always, 2 messages are delivered >>> instead of just one. The first has the 'real' message, and the second >>> is empty. For example, a message just came through from this list from >>> Marc Obaid, and it was double. The logs show the second blank message >>> simply appearing, as best as I can tell, although it seems that there >>> may be 2 instances of MailScanner trying to process the queue >>> concurrently. Has anyone seen this behavior, and what can I do about >>> it? >>> >>>Thanks, >>> >>>Jay Kusler >>>NSCL >>> >>>Jun 10 08:53:48 jade postfix/smtpd[25820]: [ID 197553 mail.info] >>> connect from smtp.jiscmail.ac.uk[130.246.192.48] >>>Jun 10 08:53:48 jade postfix/smtpd[25820]: [ID 197553 mail.info] >>> 4C8A6279: client=smtp.jiscmail.ac.uk[130.246.192.48] >>>Jun 10 08:53:48 jade postfix/cleanup[25452]: [ID 197553 mail.info] >>> 4C8A6279: message-id= <1055249831.3ee5d5a71c23b@webmail.MUW.Edu> >>>Jun 10 08:53:48 jade postfix/qmgr[25436]: [ID 197553 mail.info] >>> 4C8A6279: from=, size=3460, nrcpt=1 >>> (queue active) Jun 10 08:53:48 jade postfix/qmgr[25436]: [ID 197553 >>> mail.info] 4C8A6279: to=, relay=none, delay=0, >>> status=deferred (deferred transport) >>>Jun 10 08:53:49 jade postfix/smtpd[25820]: [ID 197553 mail.info] >>> disconnect from smtp.jiscmail.ac.uk[130.246.192.48] >>> >>>Jun 10 08:53:52 jade.nscl.msu.edu MailScanner[25538]: New Batch: >>> Scanning 1 messages, 3650 bytes >>>Jun 10 08:53:53 jade.nscl.msu.edu MailScanner[25538]: Virus and Content >>> Scanning: Starting >>>Jun 10 08:53:53 jade.nscl.msu.edu MailScanner[25554]: New Batch: >>> Scanning 1 messages, 3650 bytes >>>Jun 10 08:53:53 jade.nscl.msu.edu MailScanner[25538]: Uninfected: >>> Delivered 1 messages >>>Jun 10 08:53:53 jade postfix/qmgr[25479]: [ID 197553 mail.info] >>> 17D259380: from=, size=3467, nrcpt=1 >>> (queue active) Jun 10 08:53:53 jade.nscl.msu.edu MailScanner[25554]: >>> Virus and Content Scanning: Starting >>>Jun 10 08:53:54 jade.nscl.msu.edu MailScanner[25554]: Uninfected: >>> Delivered 1 messages >>>Jun 10 08:53:54 jade postfix/qmgr[25479]: [ID 197553 mail.info] >>> 5616F937E: from=, size=2603, nrcpt=1 >>> (queue active) >>> >>>Jun 10 08:53:56 jade postfix/local[25558]: [ID 197553 mail.info] >>> 17D259380: to=, relay=local, delay=8, status=sent >>>("|/usr/nsclsbin/procmail") >>>Jun 10 08:54:03 jade postfix/local[25577]: [ID 197553 mail.info] >>> 5616F937E: to=, relay=local, delay=15, status=sent >>>("|/usr/nsclsbin/procmail") >> >> -- >> Julian Field >> www.MailScanner.info >> MailScanner thanks transtec Computers for their support From Kevin.Spicer at BMRB.CO.UK Wed Jun 11 16:03:57 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:18:29 2006 Subject: double messages? Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0EBF642@pascal.priv.bmrb.co.uk> > > I upgraded to Postfix 2.0.11 yesterday to see if that would > fix things, but > no luck. These second (empty) messages still happen. I've > had 2 today, out > of about 20 emails. Any hints on where I could look? Probably way off base but... I had a similar problem months ago - but with sendmail. Turned out our exchange server was set to make ETRN requests to our Mailscanner box. Julian has since modified the sendmail startup scripts to defend against this, but I don't know whether it might affect other mailers. Probably not your problem but something to rule out at least! BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From forrie at FORRIE.COM Wed Jun 11 16:06:52 2003 From: forrie at FORRIE.COM (Forrest Aldrich) Date: Thu Jan 12 21:18:29 2006 Subject: OT (general interest): RAV antivirus In-Reply-To: <06EE2C86D3DAD5119A6C0060943F3C97055E6FFE@tormail1.algorith mics.com> Message-ID: <5.2.1.1.2.20030611110354.02008eb0@192.168.1.1> Interesting, since the customer support people at RAV haven't replied to my inquiry about this. This is their full statement about this. I would imagine it would be difficult to just "discontinue" other Unix-based products, since there are undoubtedly many service contracts and higher-end users that have paid a lot of $$ for the product and support - so either they will continue to operate independently as RAV, with MS licensing their technology for their own use, or MS will have to provide for some contingency/alternative. Forrest >>>>>>>>>>>>>>>>>>>>>>>> Dear RAV User, As you are aware, we at RAV have always maintained that our antivirus technology is amongst the best available. This is now testified by a recent announcement by Microsoft Corporation on acquiring our technology. More information about this is available at www.ravantivirus.com and at www.microsoft.com As always, we would like to reiterate that our customers are important to us and that we will continue to maintain and provide the same high level of service that we have had in the past. Technical support for the product will continue to be provided both by GeCAD and its authorised distributors. In addition, you will continue to receive virus signature updates, alerts and advisories. The company's web site www.ravantivirus.com will also continue to be available. Should you have any further questions, please do not hesitate to contact us. We continue to look forward to your ongoing support. Thank you. Sincerely Yours, Radu Georgescu President GeCAD Software s.r.l. Additional information on the transaction available on http://www.ravantivirus.com <<<<<<<<<<<<<<<<<<<<<<< At 08:48 AM 6/11/2003, Derek Winkler wrote: >Wasn't my opinion, Microsoft has stated this to the press. > >-----Original Message----- >From: InvictaNet Customer Support >[mailto:support@invictanet.co.uk] >Sent: Wednesday, June 11, 2003 4:56 AM >To: MAILSCANNER@jiscmail.ac.uk >Subject: Re: OT (general interest): RAV antivirus > >I tend to agree with Derek. I forsee Microsoft killing the non-windows >versions within 6 months. > >Martyn Routley >----------------------------------------------------------------- >InvictaNet - The Internet in Plain English, Guaranteed >http://www.invictanet.co.uk >martyn@support.invictanet.co.uk >phone: 08707 440180 >fax: 08707 440181 >Ask us about our online Antivirus and Junk mail scanning service >----------------------------------------------------------------- >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK]On >Behalf >Of Derek Winkler >Sent: 10 June 2003 22:50 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: OT (general interest): RAV antivirus > >Microsoft is going to discontinue all of their products. >More for Microsoft less for *nix. >-----Original Message----- >From: Forrest Aldrich [mailto:forrie@forrie.com] >Sent: Tuesday, June 10, 2003 3:14 PM >To: MAILSCANNER@jiscmail.ac.uk >Subject: OT (general interest): RAV antivirus > >This may be of general interest... I just received an email from RAV, >indicating some acquisition of their technology by Microsoft. This >probably means more scanners for the MS platform. > >Forrest From Denis.Beauchemin at USHERBROOKE.CA Wed Jun 11 16:24:06 2003 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:18:29 2006 Subject: Spam score not add up In-Reply-To: <004901c33022$de035ed0$5b426480@ad.geog.utoronto.ca> References: <5.2.0.9.2.20030611145429.04964370@imap.ecs.soton.ac.uk> <004901c33022$de035ed0$5b426480@ad.geog.utoronto.ca> Message-ID: <1055345046.16452.44.camel@dbeauchemin.si.usherbrooke.ca> I think it is not there. You need 4.21-9. The score for BAYES_00 can be found by: grep BAYES_00 /usr/share/spamassassin/50_scores.cf score BAYES_00 0 0 -5.300 -5.200 If the scores file is not located there, try a "locate 50_scores.cf" and then grep that file. Denis Le mer 11/06/2003 ? 10:07, Bruce Huang a ?crit : > > But it hit the BAYES_00 rule as well, which has a negative score. If you > > have a very recent MailScanner, you can switch on an option that will show > > you the score of each rule that "hits". > I am using MailScanner 4.20-3, and can not find the option. Would you mind > to let me know where it is? > > Thanks, > > Bruce -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x2252 F: 819.821.8045 From mailscanner at ecs.soton.ac.uk Wed Jun 11 16:16:49 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:29 2006 Subject: Black-/Whitelists in SQL Database (WAS: RE: SQL user options) In-Reply-To: <200306110944.23279.lbergman@wtxs.net> References: <84CFA712F666B44A94CE6BE116BAF4B0B4E9ED@mail.winnefox.org> <84CFA712F666B44A94CE6BE116BAF4B0B4E9ED@mail.winnefox.org> Message-ID: <5.2.0.9.2.20030611161617.038f1d28@imap.ecs.soton.ac.uk> At 15:44 11/06/2003, you wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >On Wednesday 11 June 2003 07:37 am, Jody Cleveland wrote: > > > OK. I did it. :-) I wrote some code (SQL_Backlist, > > > SQL_Whitelist), which is - at least a bit - configurable > > > trough variables in CustomConfig.pm. You can imagine what it > > > does... Exactly what I wanted. :-) > > > > > > So... Is someone interested in this code? > > > > I would love to have that. Thanks! >I would second that. I am not ready to use it yet but I have been looking for >a way to do per user black/white lists. Sounds very promising. If all you need is file-based per-user and per-domain black+whitelists, then there is already code in CustomConfig.pm to do this for you. It's only the SQL bit that's missing. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Wed Jun 11 16:13:21 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:29 2006 Subject: Spam score not add up In-Reply-To: <004901c33022$de035ed0$5b426480@ad.geog.utoronto.ca> References: <5.2.0.9.2.20030611145429.04964370@imap.ecs.soton.ac.uk> Message-ID: <5.2.0.9.2.20030611161259.0382b6c0@imap.ecs.soton.ac.uk> At 15:07 11/06/2003, you wrote: > > But it hit the BAYES_00 rule as well, which has a negative score. If you > > have a very recent MailScanner, you can switch on an option that will show > > you the score of each rule that "hits". >I am using MailScanner 4.20-3, and can not find the option. Would you mind >to let me know where it is? Sorry, just looked in the ChangeLog myself and I only introduced it in 4.21. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Wed Jun 11 16:14:52 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:29 2006 Subject: Using ramfs for incoming queue In-Reply-To: <1055341172.3ee73a7493594@webmail.MUW.Edu> References: <002f01c33021$2d001520$5b426480@ad.geog.utoronto.ca> <06EE2C86D3DAD5119A6C0060943F3C97055E7000@tormail1.algorithmics.com> <002f01c33021$2d001520$5b426480@ad.geog.utoronto.ca> Message-ID: <5.2.0.9.2.20030611161343.044c36d0@imap.ecs.soton.ac.uk> At 15:19 11/06/2003, you wrote: >Good day all, > >I am exploring using ramfs for MS incoming queue. > >This is a Redhat 7.3 system with 3GB RAM. I am using the following command: > >$ mount -t -o maxsize=n none /var/spool/MailScanner/incoming ramfs > >My question is, what is a decent size for n? > >I know that is probably site-dependent, but an advice is appreciated. This >particular system handles an average of 20,000 messages per day. Use tmpfs and not ramfs and you don't need to worry about it, the OS will expand and contract it dynamically for you. mount -t tmpfs tmpfs /var/spool/MailScanner/incoming (but obviously put the relevant info into your /etc/fstab so it gets mounted at boot-time). -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From marco at MUW.EDU Wed Jun 11 16:41:05 2003 From: marco at MUW.EDU (Marco Obaid) Date: Thu Jan 12 21:18:29 2006 Subject: Using ramfs for incoming queue In-Reply-To: <5.2.0.9.2.20030611161343.044c36d0@imap.ecs.soton.ac.uk> References: <002f01c33021$2d001520$5b426480@ad.geog.utoronto.ca> <06EE2C86D3DAD5119A6C0060943F3C97055E7000@tormail1.algorithmics.com> <002f01c33021$2d001520$5b426480@ad.geog.utoronto.ca> <5.2.0.9.2.20030611161343.044c36d0@imap.ecs.soton.ac.uk> Message-ID: <1055346065.3ee74d91433d8@webmail.MUW.Edu> Quoting Julian Field : > Use tmpfs and not ramfs and you don't need to worry about it, the OS will > expand and contract it dynamically for you. > mount -t tmpfs tmpfs /var/spool/MailScanner/incoming > (but obviously put the relevant info into your /etc/fstab so it gets > mounted at boot-time). Thank you Julian. You amaze me with your knowledge. I wonder what is your IQ? I tried it and I see significant improvment so far :) Marco _________________________________________________________________ This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail For the latest MUW Events, visit http://www.MUW.Edu/calendar From Cleveland at MAIL.WINNEFOX.ORG Wed Jun 11 16:47:25 2003 From: Cleveland at MAIL.WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:18:29 2006 Subject: Black-/Whitelists in SQL Database (WAS: RE: SQL user options) Message-ID: <84CFA712F666B44A94CE6BE116BAF4B0B4E9FD@mail.winnefox.org> > Please find it here: > http://filelister.linux-kernel.at/?current=/tarballs/MailScanner/ I've never seen a .patch file before. How do I apply that? Jody From mailscanner at ecs.soton.ac.uk Wed Jun 11 16:59:36 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:29 2006 Subject: Black-/Whitelists in SQL Database (WAS: RE: SQL user options) In-Reply-To: <84CFA712F666B44A94CE6BE116BAF4B0B4E9FD@mail.winnefox.org> Message-ID: <5.2.0.9.2.20030611165750.04fcc958@imap.ecs.soton.ac.uk> At 16:47 11/06/2003, you wrote: > > Please find it here: > > http://filelister.linux-kernel.at/?current=/tarballs/MailScanner/ > >I've never seen a .patch file before. How do I apply that? Using the "patch" command :-) Usual syntax is along the lines of one of these: patch < foobar.patch patch -p0 < foobar.patch patch -p1 < foobar.patch If it asks you for the name of the file to patch you are either in the wrong directory or got the "p" number wrong. "patch" files are just the output of the "diff" command. "patch" is more of a sentient life-form than a command, it's far too damn clever! :-) -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From lilvalo at MIKIBOY.COM Wed Jun 11 16:55:03 2003 From: lilvalo at MIKIBOY.COM (Valmiki N. Ramsewak) Date: Thu Jan 12 21:18:29 2006 Subject: mailscanner + procmail + gentoo Message-ID: <20030611155503.GA7343@mikiboy.com> Hi, I'm using gentoo. I got mcafee and sendmail working.. I also installed mailscanner, and made the changes to the /etc/conf.d/sendmail file (/etc/init.d/sendmail reads the options from there) It all starts up fine, but nothing gets scanned by mailscanner, and I'm not sure why.. I don't see it in the headers..... Thanks Valmiki Feel free to hit me upon AIM at lilvalo or MSN at this email. Thanks also any comments and tips welcome From raymond at PROLOCATION.NET Wed Jun 11 17:34:36 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:29 2006 Subject: mailscanner + procmail + gentoo In-Reply-To: <20030611155503.GA7343@mikiboy.com> Message-ID: Hi! > I'm using gentoo. I got mcafee and sendmail working.. I also installed > mailscanner, and made the changes to the /etc/conf.d/sendmail file > (/etc/init.d/sendmail reads the options from there) It all starts up fine, > but nothing gets scanned by mailscanner, and I'm not sure why.. I don't see > it in the headers..... You should STOP sendmail. The mailscanner script should run sendmail. Bye, Raymond. From TGFurnish at HERFF-JONES.COM Wed Jun 11 17:39:21 2003 From: TGFurnish at HERFF-JONES.COM (Furnish, Trever G) Date: Thu Jan 12 21:18:29 2006 Subject: Using ramfs for incoming queue Message-ID: <5D8D9455134FD211AE4900A0C9DED11E0AFDDBB9@indy1ntm.herffjones.hj-int> Julian Field said: > [...snip...] > mount -t tmpfs tmpfs /var/spool/MailScanner/incoming "tmpfs"? What's that? My mount manual page says nothing about that fs type, although it seems to work. Any idea where to get more info? -t. From marco at MUW.EDU Wed Jun 11 17:45:51 2003 From: marco at MUW.EDU (Marco Obaid) Date: Thu Jan 12 21:18:29 2006 Subject: Using ramfs for incoming queue In-Reply-To: <5D8D9455134FD211AE4900A0C9DED11E0AFDDBB9@indy1ntm.herffjones.hj-int> References: <5D8D9455134FD211AE4900A0C9DED11E0AFDDBB9@indy1ntm.herffjones.hj-int> Message-ID: <1055349951.3ee75cbf4c4cd@webmail.MUW.Edu> Hi, > "tmpfs"? What's that? My mount manual page says nothing about that fs > type, although it seems to work. Any idea where to get more info? Try this link: http://wks.uts.ohio-state.edu/sysadm_course/html/sysadm-66.html Or, google "tmpfs" ... Marco _________________________________________________________________ This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail For the latest MUW Events, visit http://www.MUW.Edu/calendar From Kevin.Spicer at BMRB.CO.UK Wed Jun 11 17:42:27 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:18:29 2006 Subject: Using ramfs for incoming queue Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0EBF644@pascal.priv.bmrb.co.uk> Old man page maybe? Here the relevent bits from mine (Mandrake 9.1).... Mount options for tmpfs The following parameters accept a suffix k, m or g for Ki, Mi, Gi (binary kilo, mega and giga) and can be changed on remount. size=nbytes Override default size of the filesystem. The size is given in bytes, and rounded down to entire pages. The default is half of the memory. nr_blocks= Set number of blocks. nr_inodes= Set number of inodes. mode= Set initial permissions of the root directory. > -----Original Message----- > From: Furnish, Trever G [mailto:TGFurnish@HERFF-JONES.COM] > Sent: 11 June 2003 17:39 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Using ramfs for incoming queue > > > Julian Field said: > > [...snip...] > > mount -t tmpfs tmpfs /var/spool/MailScanner/incoming > > "tmpfs"? What's that? My mount manual page says nothing > about that fs > type, although it seems to work. Any idea where to get more info? > > -t. > BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From mailscanner at ecs.soton.ac.uk Wed Jun 11 18:04:21 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:29 2006 Subject: Using ramfs for incoming queue In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0EBF644@pascal.priv.bmrb.co .uk> Message-ID: <5.2.1.1.2.20030611180250.025718a8@imap.ecs.soton.ac.uk> At 17:42 11/06/2003, you wrote: >Old man page maybe? Here the relevent bits from mine (Mandrake 9.1).... > > >Mount options for tmpfs > The following parameters accept a suffix k, m or g for Ki, > Mi, Gi > (binary kilo, mega and giga) and can be changed on remount. > > size=nbytes > Override default size of the filesystem. The size > is given in > bytes, and rounded down to entire pages. The default is > half of > the memory. Note this is the maximum size. It doesn't allocate half your RAM at startup, it just uses it as needed, allocated out of the spare RAM that is used for IO buffers and disk cache. There is not normally any reason to specify any mount options for tmpfs at all. It's best to leave the OS to manage it all for you. > nr_blocks= > Set number of blocks. > > nr_inodes= > Set number of inodes. > > mode= Set initial permissions of the root directory. > > > > > -----Original Message----- > > From: Furnish, Trever G [mailto:TGFurnish@HERFF-JONES.COM] > > Sent: 11 June 2003 17:39 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Using ramfs for incoming queue > > > > > > Julian Field said: > > > [...snip...] > > > mount -t tmpfs tmpfs /var/spool/MailScanner/incoming > > > > "tmpfs"? What's that? My mount manual page says nothing > > about that fs > > type, although it seems to work. Any idea where to get more info? > > > > -t. > > > > > >BMRB International >http://www.bmrb.co.uk >+44 (0)20 8566 5000 >_________________________________________________________________ >This message (and any attachment) is intended only for the >recipient and may contain confidential and/or privileged >material. If you have received this in error, please contact the >sender and delete this message immediately. Disclosure, copying >or other action taken in respect of this email or in >reliance on it is prohibited. BMRB International Limited >accepts no liability in relation to any personal emails, or >content of any email which does not directly relate to our >business. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From y.huang at UTORONTO.CA Wed Jun 11 18:14:03 2003 From: y.huang at UTORONTO.CA (Bruce Huang) Date: Thu Jan 12 21:18:29 2006 Subject: Spam score not add up References: <5.2.0.9.2.20030611145429.04964370@imap.ecs.soton.ac.uk> <004901c33022$de035ed0$5b426480@ad.geog.utoronto.ca> <1055345046.16452.44.camel@dbeauchemin.si.usherbrooke.ca> Message-ID: <00b901c3303c$dc4890a0$5b426480@ad.geog.utoronto.ca> Ahh, it make sense to me know. The score for BAYES in the 50_scores.cf says score BAYES_00 0 0 -6.400 -6.400 Therefore the score is correct. Thanks for all your advise. Cheers, Bruce ----- Original Message ----- From: "Denis Beauchemin" To: Sent: Wednesday, June 11, 2003 11:24 AM Subject: Re: Spam score not add up > I think it is not there. You need 4.21-9. > > The score for BAYES_00 can be found by: > grep BAYES_00 /usr/share/spamassassin/50_scores.cf > score BAYES_00 0 0 -5.300 -5.200 > > If the scores file is not located there, try a "locate 50_scores.cf" and > then grep that file. > > Denis > > Le mer 11/06/2003 ? 10:07, Bruce Huang a ?crit : > > > But it hit the BAYES_00 rule as well, which has a negative score. If you > > > have a very recent MailScanner, you can switch on an option that will show > > > you the score of each rule that "hits". > > I am using MailScanner 4.20-3, and can not find the option. Would you mind > > to let me know where it is? > > > > Thanks, > > > > Bruce > -- > Denis Beauchemin, analyste > Universit? de Sherbrooke, S.T.I. > T: 819.821.8000x2252 F: 819.821.8045 > From lilvalo at MIKIBOY.COM Wed Jun 11 17:56:11 2003 From: lilvalo at MIKIBOY.COM (Valmiki N. Ramsewak) Date: Thu Jan 12 21:18:29 2006 Subject: mailscanner + procmail + gentoo In-Reply-To: References: <20030611155503.GA7343@mikiboy.com> Message-ID: <20030611165611.GA8053@mikiboy.com> On Wed, Jun 11, 2003 at 06:34:36PM +0200, Raymond Dijkxhoorn wrote: > Hi! > > > I'm using gentoo. I got mcafee and sendmail working.. I also installed > > mailscanner, and made the changes to the /etc/conf.d/sendmail file > > (/etc/init.d/sendmail reads the options from there) It all starts up fine, > > but nothing gets scanned by mailscanner, and I'm not sure why.. I don't see > > it in the headers..... > > You should STOP sendmail. The mailscanner script should run sendmail. > Well yea I figured that out. But this is the problem. In gentoo you have a dir /etc/init.d with all the startup scripts, just like in redhat... then you use a script rc-update to add and remove programs you want to start on the different boot levels. I have been doing the check_mailscanner thing and then an nmap and no port 25 is open...... So i'm guessing something is wrong big time? Any help appreciated, I'll make a temp acct if someone wants to look around my system... Thanks Valmiki From mailscanner at ecs.soton.ac.uk Wed Jun 11 18:26:34 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:29 2006 Subject: mailscanner + procmail + gentoo In-Reply-To: <20030611165611.GA8053@mikiboy.com> References: <20030611155503.GA7343@mikiboy.com> Message-ID: <5.2.1.1.2.20030611182431.03be5d00@imap.ecs.soton.ac.uk> You need to start 3 processes: 1. A sendmail with "-bd" to supply the SMTP service. 2. A sendmail with "-q15m" (or some other time after the "-q" to deliver the outgoing messages. 3. A MailScanner to join the two together. "check_MailScanner" only starts up number 3. You need to start up numbers 1 and 2 as well. Sample command lines for these are in the installation documentation for the tar distribution. At 17:56 11/06/2003, you wrote: >On Wed, Jun 11, 2003 at 06:34:36PM +0200, Raymond Dijkxhoorn wrote: > > Hi! > > > > > I'm using gentoo. I got mcafee and sendmail working.. I also installed > > > mailscanner, and made the changes to the /etc/conf.d/sendmail file > > > (/etc/init.d/sendmail reads the options from there) It all starts up > fine, > > > but nothing gets scanned by mailscanner, and I'm not sure why.. I > don't see > > > it in the headers..... > > > > You should STOP sendmail. The mailscanner script should run sendmail. > > > >Well yea I figured that out. But this is the problem. In gentoo you have a >dir /etc/init.d with all the startup scripts, just like in redhat... >then you use a script rc-update to add and remove programs you want to >start on the different boot levels. >I have been doing the check_mailscanner thing and then an nmap and no port >25 is open...... So i'm guessing something is wrong big time? > >Any help appreciated, I'll make a temp acct if someone wants to look >around my system... > >Thanks > >Valmiki -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From lilvalo at MIKIBOY.COM Wed Jun 11 18:46:55 2003 From: lilvalo at MIKIBOY.COM (Valmiki N. Ramsewak) Date: Thu Jan 12 21:18:29 2006 Subject: mailscanner + procmail + gentoo In-Reply-To: <5.2.1.1.2.20030611182431.03be5d00@imap.ecs.soton.ac.uk> References: <20030611155503.GA7343@mikiboy.com> <5.2.1.1.2.20030611182431.03be5d00@imap.ecs.soton.ac.uk> Message-ID: <20030611174655.GA8562@mikiboy.com> And in that specific order? valmiki On Wed, Jun 11, 2003 at 06:26:34PM +0100, Julian Field wrote: > You need to start 3 processes: > > 1. A sendmail with "-bd" to supply the SMTP service. > 2. A sendmail with "-q15m" (or some other time after the "-q" to deliver > the outgoing messages. > 3. A MailScanner to join the two together. > > "check_MailScanner" only starts up number 3. You need to start up numbers 1 > and 2 as well. Sample command lines for these are in the installation > documentation for the tar distribution. > > At 17:56 11/06/2003, you wrote: > >On Wed, Jun 11, 2003 at 06:34:36PM +0200, Raymond Dijkxhoorn wrote: > >> Hi! > >> > >> > I'm using gentoo. I got mcafee and sendmail working.. I also installed > >> > mailscanner, and made the changes to the /etc/conf.d/sendmail file > >> > (/etc/init.d/sendmail reads the options from there) It all starts up > >fine, > >> > but nothing gets scanned by mailscanner, and I'm not sure why.. I > >don't see > >> > it in the headers..... > >> > >> You should STOP sendmail. The mailscanner script should run sendmail. > >> > > > >Well yea I figured that out. But this is the problem. In gentoo you have a > >dir /etc/init.d with all the startup scripts, just like in redhat... > >then you use a script rc-update to add and remove programs you want to > >start on the different boot levels. > >I have been doing the check_mailscanner thing and then an nmap and no port > >25 is open...... So i'm guessing something is wrong big time? > > > >Any help appreciated, I'll make a temp acct if someone wants to look > >around my system... > > > >Thanks > > > >Valmiki > > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Wed Jun 11 18:57:49 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:29 2006 Subject: mailscanner + procmail + gentoo In-Reply-To: <20030611174655.GA8562@mikiboy.com> References: <5.2.1.1.2.20030611182431.03be5d00@imap.ecs.soton.ac.uk> <20030611155503.GA7343@mikiboy.com> <5.2.1.1.2.20030611182431.03be5d00@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030611185712.03c07e78@imap.ecs.soton.ac.uk> Doesn't matter. I would personally start them up in the numeric order I gave, but it doesn't really make any difference. At 18:46 11/06/2003, you wrote: >And in that specific order? > >valmiki >On Wed, Jun 11, 2003 at 06:26:34PM +0100, Julian Field wrote: > > You need to start 3 processes: > > > > 1. A sendmail with "-bd" to supply the SMTP service. > > 2. A sendmail with "-q15m" (or some other time after the "-q" to deliver > > the outgoing messages. > > 3. A MailScanner to join the two together. > > > > "check_MailScanner" only starts up number 3. You need to start up numbers 1 > > and 2 as well. Sample command lines for these are in the installation > > documentation for the tar distribution. > > > > At 17:56 11/06/2003, you wrote: > > >On Wed, Jun 11, 2003 at 06:34:36PM +0200, Raymond Dijkxhoorn wrote: > > >> Hi! > > >> > > >> > I'm using gentoo. I got mcafee and sendmail working.. I also installed > > >> > mailscanner, and made the changes to the /etc/conf.d/sendmail file > > >> > (/etc/init.d/sendmail reads the options from there) It all starts up > > >fine, > > >> > but nothing gets scanned by mailscanner, and I'm not sure why.. I > > >don't see > > >> > it in the headers..... > > >> > > >> You should STOP sendmail. The mailscanner script should run sendmail. > > >> > > > > > >Well yea I figured that out. But this is the problem. In gentoo you have a > > >dir /etc/init.d with all the startup scripts, just like in redhat... > > >then you use a script rc-update to add and remove programs you want to > > >start on the different boot levels. > > >I have been doing the check_mailscanner thing and then an nmap and no port > > >25 is open...... So i'm guessing something is wrong big time? > > > > > >Any help appreciated, I'll make a temp acct if someone wants to look > > >around my system... > > > > > >Thanks > > > > > >Valmiki > > > > -- > > Julian Field > > www.MailScanner.info > > Professional Support Services at www.MailScanner.biz > > MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From steve.douglas at SBIINCORPORATED.COM Wed Jun 11 19:56:10 2003 From: steve.douglas at SBIINCORPORATED.COM (Steve Douglas) Date: Thu Jan 12 21:18:29 2006 Subject: F-Prot and Mail Scanner Message-ID: <3963522F0E71474CB14C0FF54A6914F701114FEC@omar.schtre.com> Is your gateway configured with F-Prot "file server" or with F-Prot eMail gateway version? Just curious? Thanks. > -----Original Message----- > From: Damian Mendoza [mailto:damian@WORKGROUPSOLUTIONS.COM] > Sent: Wednesday, June 11, 2003 8:16 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: F-Prot and Mail Scanner > > Hi, > > An update: End-User error as messages were not going thru MailScanner. > MailScanner is working perfectly with F-Prot antivirus. > > Regards, > > Damian > > Workgroup Solutions > 20532 El Toro Rd, Suite 107 > Mission Viejo, CA 92692 > 949 586-2200 > Developers of SpamGate - Stop SPAM today at the Gateway! > > -----Original Message----- > From: Damian Mendoza > Sent: Monday, June 09, 2003 4:43 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: F-Prot and Mail Scanner > > > Hi, > > I installed F-Prot and MailScanner on an SMTP gateway for a customer. My > customer tells me that F-Prot is only blocking 10% of the viruses. They > had 9 messages get passed the F-Prot/MailScanner gateway and 1 message was > stopped according to the maillog. > > Norton Antivirus on the Exchange server told us about the 9 messages. > > Any ideas? F-Prot is getting the updates based on the Maillog file. > > Thanks, > > Damian From kvue at WADSNET.COM Wed Jun 11 20:03:06 2003 From: kvue at WADSNET.COM (Kham Vue) Date: Thu Jan 12 21:18:29 2006 Subject: how to disable Fragmented file option References: <5.2.1.1.2.20030611182431.03be5d00@imap.ecs.soton.ac.uk> <20030611155503.GA7343@mikiboy.com> <5.2.1.1.2.20030611182431.03be5d00@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030611185712.03c07e78@imap.ecs.soton.ac.uk> Message-ID: <01cc01c3304c$1a56f4e0$fa00010a@THINKPAD1800> I'm running MaiLScanner Version 3.27-1. Where is the option to not check or delete fragmented files. Some employees send large files and break it using Outlook Express. MailScanner can't read these files and mark them as possible viruses. Thankx in advance From mailscanner at ecs.soton.ac.uk Wed Jun 11 20:22:11 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:29 2006 Subject: how to disable Fragmented file option In-Reply-To: <01cc01c3304c$1a56f4e0$fa00010a@THINKPAD1800> References: <5.2.1.1.2.20030611182431.03be5d00@imap.ecs.soton.ac.uk> <20030611155503.GA7343@mikiboy.com> <5.2.1.1.2.20030611182431.03be5d00@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030611185712.03c07e78@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030611202041.0265ee98@imap.ecs.soton.ac.uk> I can't remember whether you can disable this in the old version 3. If you upgrade to 4, this is very easy. Discouraging people from splitting emails this way is a better idea. There is no way that any system can reliably virus-check these files without being open to denial-of-service attacks. At 20:03 11/06/2003, you wrote: >I'm running MaiLScanner Version 3.27-1. >Where is the option to not check or delete fragmented files. > >Some employees send large files and break it using Outlook Express. > >MailScanner can't read these files and mark them as possible viruses. > > >Thankx in advance -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From guymon at RAEINTERNET.COM Wed Jun 11 21:13:58 2003 From: guymon at RAEINTERNET.COM (Jon Guymon) Date: Thu Jan 12 21:18:29 2006 Subject: AV plugins and loggin References: <5.2.1.1.2.20030611182431.03be5d00@imap.ecs.soton.ac.uk> <20030611155503.GA7343@mikiboy.com> <5.2.1.1.2.20030611182431.03be5d00@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030611185712.03c07e78@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030611202041.0265ee98@imap.ecs.soton.ac.uk> Message-ID: <3EE78D86.6000303@raeinternet.com> Recently installed MailScanner, no errors, mail flows freely. Installed RAV and Sophos AV products, each works properly. Added "-r" to syslog to facilitate MailScanner logging. Unfortunately eicar passes right through without incident, and nothing is logged to syslog (except for the regular sendmail messages). I'm not sure that the 2-phase sendmail setup is doing what it should, but I'm not sure how to check. I'm pretty sure I can trouble-shoot this, but I need to know where to look. The install docs aren't too telling. Any pointers would be great! Scanned by RAV AntiVirus for MailServers. AntiVirus, AntiSpam, Content Filtering. http://raeinternet.com From kusler at NSCL.MSU.EDU Wed Jun 11 21:27:35 2003 From: kusler at NSCL.MSU.EDU (Jay Kusler) Date: Thu Jan 12 21:18:29 2006 Subject: double messages? Message-ID: On Wed, 11 Jun 2003 16:03:57 +0100, Spicer, Kevin wrote: >> >> I upgraded to Postfix 2.0.11 yesterday to see if that would >> fix things, but >> no luck. These second (empty) messages still happen. I've >> had 2 today, out >> of about 20 emails. Any hints on where I could look? > >Probably way off base but... >I had a similar problem months ago - but with sendmail. Turned out our >exchange server was set to make ETRN requests to our Mailscanner box. >Julian has since modified the sendmail startup scripts to defend against >this, but I don't know whether it might affect other mailers. Probably not >your problem but something to rule out at least! Thanks Kevin. I don't think that's the problem here: one box does everything. This is the sequence of events I'm seeing. I guess, if I'm right, that the real question is 'why does that second MailScanner instance start up 1 second after the other one?'. I tried upping the Queue Scan Interval to 20 seconds hoping that would help, but it doesn't seem to. I have not tried cutting Max Children back to 1, but perhaps that's next: somewhat of a waste on a dual-cpu box. Perhaps there is a lock not getting set, or some race condition with locking? I'm at a loss what to look at next. Thanks for your help, Jay Kusler ----------------------------------------------------------------------- Annotated /var/log/syslog follows: Connect to the mail server (jade) smtpd and stick the incoming message into /var/spool/postfix.in/deferred rather than deliver it ---------------------------------------------------------------------- Jun 11 15:20:22 jade postfix/smtpd[13517]: [ID 197553 mail.info] disconnect from sys10.mail.msu.edu[35.9.75.110] Jun 11 15:20:22 jade postfix/qmgr[4999]: [ID 197553 mail.info] AF3D0F3: from=, size=1167, nrcpt=1 (queue active) Jun 11 15:20:22 jade postfix/qmgr[4999]: [ID 197553 mail.info] AF3D0F3: to=, relay=none, delay=0, status=deferred (deferred transport) MailScanner (pid 5146) starts up and scans /var/spool/postfix.in/deferred and finds the message to me ---------------------------------------------------------------------- Jun 11 15:20:26 jade.nscl.msu.edu MailScanner[5146]: New Batch: Scanning 1 messages, 1505 bytes Jun 11 15:20:26 jade.nscl.msu.edu MailScanner[5146]: Virus and Content Scanning: Starting Here is the funky part: another MailScanner process (pid 5095) starts up and tries to process the same mail message ------------------------------------------------------------------------ Jun 11 15:20:27 jade.nscl.msu.edu MailScanner[5095]: New Batch: Scanning 1 messages, 1505 bytes The first MailScanner process declares all to be well, and (presumably) puts the uninfected message into /var/spool/postfix/incoming ----------------------------------------------------------------------- Jun 11 15:20:27 jade.nscl.msu.edu MailScanner[5146]: Uninfected: Delivered 1 messages The qmgr notices the message and hands it off to procmail to actually deliver ----------------------------------------------------------------------- Jun 11 15:20:27 jade postfix/qmgr[5040]: [ID 197553 mail.info] 09432938B: from=, size=1261, nrcpt=2 (queue active) Meanwhile the second MailScanner instance (pid 5095) scans the same message, which for some reason is nothing but a header with no body and puts it also into /var/spool/postfix/incoming where qmgr finds it and also hands it off to procmail for delivery ----------------------------------------------------------------------- 11 15:20:27 jade.nscl.msu.edu MailScanner[5095]: Virus and Content Scanning: Starting Jun 11 15:20:28 jade.nscl.msu.edu MailScanner[5095]: Uninfected: Delivered 1 messages Jun 11 15:20:28 jade postfix/qmgr[5040]: [ID 197553 mail.info] A167D9380: from=, size=1111, nrcpt=2 (queue active) Finally, both messages are delivered, 7 seconds apart. ------------------------------------------------------------------------- Jun 11 15:20:29 jade postfix/local[16398]: [ID 197553 mail.info] 09432938B: to=, relay=local, delay=7, status=sent ("|/usr/nsclsbin/procmail") Jun 11 15:20:36 jade postfix/local[17949]: [ID 197553 mail.info] A167D9380: to=, relay=local, delay=14, status=sent ("|/usr/nsclsbin/procmail") From mailscanner at ecs.soton.ac.uk Wed Jun 11 21:30:02 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:30 2006 Subject: AV plugins and loggin In-Reply-To: <3EE78D86.6000303@raeinternet.com> References: <5.2.1.1.2.20030611182431.03be5d00@imap.ecs.soton.ac.uk> <20030611155503.GA7343@mikiboy.com> <5.2.1.1.2.20030611182431.03be5d00@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030611185712.03c07e78@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030611202041.0265ee98@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030611212920.026573d8@imap.ecs.soton.ac.uk> You should see MailScanner headers in the messages coming out. Did you stop the original sendmail process before starting up MailScanner and its 2 sendmail processes? At 21:13 11/06/2003, you wrote: >Recently installed MailScanner, no errors, mail flows freely. >Installed RAV and Sophos AV products, each works properly. >Added "-r" to syslog to facilitate MailScanner logging. > >Unfortunately eicar passes right through without incident, and nothing >is logged to syslog (except for the regular sendmail messages). > >I'm not sure that the 2-phase sendmail setup is doing what it should, >but I'm not sure how to check. > >I'm pretty sure I can trouble-shoot this, but I need to know where to >look. The install docs aren't too telling. > >Any pointers would be great! > > > > >Scanned by RAV AntiVirus for MailServers. AntiVirus, AntiSpam, Content >Filtering. http://raeinternet.com -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From hciss at HCIWS.COM Wed Jun 11 21:43:55 2003 From: hciss at HCIWS.COM (Matt) Date: Thu Jan 12 21:18:30 2006 Subject: Autoupdate Message-ID: <001901c3305a$302ea8e0$7801a8c0@matthew> I am using autoupdate script provided with mailscanner to keep f-prot up to date. What has been strange lately is that it always says that everything is already up to date and there is nothing to be done. It does seem to be updating on occassion though because the files have been kept up to date. Any idea why? I use this script to call autoupdate in cron.daily. #!/bin/bash perl /usr/local/f-prot/autoupdate exit 0 The other thing. I noticed there is a quiet option in the autoupdate script. Right now I have it set to 0 since I want to know its working. Getting an email in my admin account everyday gets old though. It would be so much nicer if it was silent unless it actually found an update. That way I would only get a message every few days when it did actually update and I could check for updates more frequently. Is that possible? Matt From kevins at BMRB.CO.UK Wed Jun 11 21:50:00 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:30 2006 Subject: double messages? In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0011758CA@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB0011758CA@pascal.priv.bmrb.co.uk> Message-ID: <1055364600.11842.18.camel@bach.kevinspicer.co.uk> >I tried upping the Queue Scan Interval to 20 seconds hoping that >would help, but it doesn't seem to. I have not tried cutting Max >Children back to 1, but perhaps that's next: somewhat of a waste on a >dual-cpu box. Perhaps there is a lock not getting set, or some race >condition with locking? locking would seem like the obvious choice, wouldn't it. I'm not sure which kind of locking MailScanner uses by defaultwith Postfix. One (probably obvious) check - this is a local drive isn't it (I know its unlikely anyone would be using NFS for a mail queue, but worth making sure). I notice from your original post that you are running Solaris 8, I've just found this little snippet with Google... "Welcome to the world of POSIX fcntl() locking, which is the only locking that Postfix can use on System-V systems such as Solaris, HP-UX and others." I'm taking it out of context, but it came from the keyboard of Wietse Venema so it should be reliable information (heres the link http://archives.neohapsis.com/archives/postfix/2000-12/0521.html) Now, if MailScanner is using flock (which it does by default for sendmail I can see this might be the problem. You might like to try setting Lock Type = posix where #Lock Type = flock appears (commented out) near the end of MailScanner.conf. One word of caution, I'm guessing completely(!) and screwing with locking could make things much worse :( Maybe worth waiting for a second opinion or two from others! BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From lilvalo at MIKIBOY.COM Wed Jun 11 21:51:20 2003 From: lilvalo at MIKIBOY.COM (Valmiki N. Ramsewak) Date: Thu Jan 12 21:18:30 2006 Subject: Autoupdate In-Reply-To: <001901c3305a$302ea8e0$7801a8c0@matthew> References: <001901c3305a$302ea8e0$7801a8c0@matthew> Message-ID: <20030611205120.GD8996@mikiboy.com> On Wed, Jun 11, 2003 at 03:43:55PM -0500, Matt wrote: > I am using autoupdate script provided with mailscanner to keep f-prot up to > date. What has been strange lately is that it always says that everything > is already up to date and there is nothing to be done. It does seem to be > updating on occassion though because the files have been kept up to date. > Any idea why? > > I use this script to call autoupdate in cron.daily. > > #!/bin/bash > perl /usr/local/f-prot/autoupdate > exit 0 > > The other thing. I noticed there is a quiet option in the autoupdate > script. Right now I have it set to 0 since I want to know its working. > Getting an email in my admin account everyday gets old though. It would be > so much nicer if it was silent unless it actually found an update. That way > I would only get a message every few days when it did actually update and I > could check for updates more frequently. Is that possible? > Sure it is. I'm not sure what the output looks like. But essentially compare the two outputs.... look for something different and run a an if statement thru..... thats how i would do it valmiki From kevins at BMRB.CO.UK Wed Jun 11 21:53:54 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:30 2006 Subject: Autoupdate In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0011758CC@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB0011758CC@pascal.priv.bmrb.co.uk> Message-ID: <1055364834.11845.22.camel@bach.kevinspicer.co.uk> >I use this script to call autoupdate in cron.daily. >#!/bin/bash >perl /usr/local/f-prot/autoupdate >exit 0 Do you by any chance have update_virus_scanners in /etc/cron.hourly ? That will update f-prot hourly which is probably why your (nightly) cron.daily script doesn't find any update required. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From mailscanner at ecs.soton.ac.uk Wed Jun 11 21:58:54 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:30 2006 Subject: Autoupdate In-Reply-To: <001901c3305a$302ea8e0$7801a8c0@matthew> Message-ID: <5.2.1.1.2.20030611215716.03d6c930@imap.ecs.soton.ac.uk> At 21:43 11/06/2003, you wrote: >I am using autoupdate script provided with mailscanner to keep f-prot up to >date. What has been strange lately is that it always says that everything >is already up to date and there is nothing to be done. It does seem to be >updating on occassion though because the files have been kept up to date. >Any idea why? > >I use this script to call autoupdate in cron.daily. > >#!/bin/bash >perl /usr/local/f-prot/autoupdate >exit 0 If you are using MailScanner version 4, then you should have a cron job in /etc/cron.hourly which calls my global updater (update_virus_scanners) which updates all the scanners that are installed. You should have deleted your cron job to call f-prot/autoupdate when you upgraded from version 3 to 4. >The other thing. I noticed there is a quiet option in the autoupdate >script. Right now I have it set to 0 since I want to know its working. >Getting an email in my admin account everyday gets old though. It would be >so much nicer if it was silent unless it actually found an update. That way >I would only get a message every few days when it did actually update and I >could check for updates more frequently. Is that possible? See above. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From guymon at RAEINTERNET.COM Wed Jun 11 22:00:59 2003 From: guymon at RAEINTERNET.COM (Jon Guymon) Date: Thu Jan 12 21:18:30 2006 Subject: AV plugins and loggin References: <5.2.1.1.2.20030611182431.03be5d00@imap.ecs.soton.ac.uk> <20030611155503.GA7343@mikiboy.com> <5.2.1.1.2.20030611182431.03be5d00@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030611185712.03c07e78@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030611202041.0265ee98@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030611212920.026573d8@imap.ecs.soton.ac.uk> Message-ID: <3EE7988B.2060006@raeinternet.com> Yeah. Stopped sendmail, started MailScanner. Did it all again to make sure, but no help. The messages have no MailScanner header. Does MailScanner installation make sendmail.(mc|cf) changes so the two sendmails get along? Sorry to seem like a tool. Even if someone just pointed me to documentation a little more thorough than the various install FAQs and quickstart guides, that would help. Thanks! Julian Field wrote: > You should see MailScanner headers in the messages coming out. Did you > stop > the original sendmail process before starting up MailScanner and its 2 > sendmail processes? > > At 21:13 11/06/2003, you wrote: > >> Recently installed MailScanner, no errors, mail flows freely. >> Installed RAV and Sophos AV products, each works properly. >> Added "-r" to syslog to facilitate MailScanner logging. >> >> Unfortunately eicar passes right through without incident, and nothing >> is logged to syslog (except for the regular sendmail messages). >> >> I'm not sure that the 2-phase sendmail setup is doing what it should, >> but I'm not sure how to check. >> >> I'm pretty sure I can trouble-shoot this, but I need to know where to >> look. The install docs aren't too telling. >> >> Any pointers would be great! >> >> >> >> >> Scanned by RAV AntiVirus for MailServers. AntiVirus, AntiSpam, Content >> Filtering. http://raeinternet.com > > > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > > > Scanned by RAV AntiVirus for MailServers. AntiVirus, AntiSpam, Content > Filtering. http://raeinternet.com Scanned by RAV AntiVirus for MailServers. AntiVirus, AntiSpam, Content Filtering. http://raeinternet.com From kevins at BMRB.CO.UK Wed Jun 11 22:09:43 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:30 2006 Subject: AV plugins and loggin In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0011758D1@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB0011758D1@pascal.priv.bmrb.co.uk> Message-ID: <1055365784.15883.2.camel@bach.kevinspicer.co.uk> >On Wed, 2003-06-11 at 22:00, Jon Guymon wrote: >Yeah. Stopped sendmail, started MailScanner. Did it all again to make >sure, but no help. The messages have no MailScanner header. Did you make sure there were no sendmail processes running before starting MailScanner? I've seen the init scripts not properly kill sendmail. Stop both mailscanner and sendmail, make sure all sendmail processes are gone then start MailScanner. You shouldn't need to touch sendmail mc|cf files, MailScanner adds the necessary arguments on the command line. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From lilvalo at MIKIBOY.COM Wed Jun 11 22:20:10 2003 From: lilvalo at MIKIBOY.COM (Valmiki N. Ramsewak) Date: Thu Jan 12 21:18:30 2006 Subject: mailscanner + procmail + gentoo In-Reply-To: <5.2.1.1.2.20030611185712.03c07e78@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030611182431.03be5d00@imap.ecs.soton.ac.uk> <20030611155503.GA7343@mikiboy.com> <5.2.1.1.2.20030611182431.03be5d00@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030611185712.03c07e78@imap.ecs.soton.ac.uk> Message-ID: <20030611212010.GA10680@mikiboy.com> Ok I finally got it working, thanks for the general outlay Julian. And thanks for such a great project. Gentoo users, just in case you're new, you need to place this file in the /etc/init.d/ dir, give it a chmod 755 and then add it to the startup.I name the file mailscanner so rc-update add mailscanner and remember to stop sendmail fromstarting up rc-update del sendmail have fun Valmiki ----- start file-------- #!/sbin/runscript # Distributed under the terms of the GNU General Public License, v2 or later # Created by Valmiki N. Ramsewak for use with the mailscanner and sendmail. # Basically everything is just like the other init scripts in gentoo, everything # else is just paths to sendmail and the check_mailscanner script from the # the mailscanner file. depend() { need net use logger } start() { echo "Starting MailScanner daemons" /usr/bin/newaliases > /dev/null 2>&1 (cd /var/spool/mqueue; rm -f xf*) ebegin " incoming sendmail: " /usr/sbin/sendmail -bd -OPrivacyOptions=noetrn -ODeliveryMode=queueonly -OQueueDirectory=/var/spool/mqueue.in eend $? ebegin " outgoing sendmail: " /usr/sbin/sendmail -q15m eend $? ebegin " MailScanner: " /opt/MailScanner/bin/check_mailscanner > /dev/null eend $? } stop() { echo "Shutting down MailScanner daemons:" ebegin " sendmail: " killall -9 sendmail eend $? ebegin " MailScanner: " killall -9 MailScanner eend $? } ---------end file ---------- From guymon at RAEINTERNET.COM Wed Jun 11 22:22:14 2003 From: guymon at RAEINTERNET.COM (Jon Guymon) Date: Thu Jan 12 21:18:30 2006 Subject: AV plugins and loggin References: <5C0296D26910694BB9A9BBFC577E7AB0011758D1@pascal.priv.bmrb.co.uk> <1055365784.15883.2.camel@bach.kevinspicer.co.uk> Message-ID: <3EE79D86.9040107@raeinternet.com> Kevin Spicer wrote: >Did you make sure there were no sendmail processes running before >starting MailScanner? I've seen the init scripts not properly kill >sendmail. Stop both mailscanner and sendmail, make sure all sendmail >processes are gone then start MailScanner. > Yep, nothing left running. MailScanner starts normally, logging: Jun 11 16:16:24 localhost MailScanner[16605]: MailScanner E-Mail Virus Scanner version 4.21-9 starting... Jun 11 16:16:24 localhost MailScanner[16605]: Using locktype = flock five times (normal right?). From then on mail flows normally, but there are no added headers, and no eicar stoppage. >You shouldn't need to touch sendmail mc|cf files, MailScanner adds the >necessary arguments on the command line. > > > Scanned by RAV AntiVirus for MailServers. AntiVirus, AntiSpam, Content Filtering. http://raeinternet.com From kevins at BMRB.CO.UK Wed Jun 11 22:26:41 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:30 2006 Subject: double messages? In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0011758CD@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB0011758CD@pascal.priv.bmrb.co.uk> Message-ID: <1055366802.15994.6.camel@bach.kevinspicer.co.uk> >locking would seem like the obvious choice, wouldn't it. I'm not sure >which kind of locking MailScanner uses by default with Postfix. Digging around a bit in a box with postfix (but not MS) installed, you can find which kind of locking your postfix install can use by doing a postconf -l BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From kevins at BMRB.CO.UK Wed Jun 11 22:32:26 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:30 2006 Subject: AV plugins and loggin In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0011758D4@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB0011758D4@pascal.priv.bmrb.co.uk> Message-ID: <1055367147.15883.12.camel@bach.kevinspicer.co.uk> >Yep, nothing left running. MailScanner starts normally, logging: >Jun 11 16:16:24 localhost MailScanner[16605]: MailScanner E-Mail Virus >Scanner version 4.21-9 starting... >Jun 11 16:16:24 localhost MailScanner[16605]: Using locktype = flock >five times (normal right?). Yes, 1 for each child. > From then on mail flows normally, but there are no added headers, and > no eicar stoppage. Whats this in your sig...? Is this on your MS machine or elsewhere? >Scanned by RAV AntiVirus for MailServers. AntiVirus, AntiSpam, Content > Filtering. http://raeinternet.com If that doesn't help could you post enough of your mail log to show the sequence of events when a mail is recieved and dispatched. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From peter at UCGBOOK.COM Wed Jun 11 22:55:08 2003 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:18:30 2006 Subject: AV plugins and loggin In-Reply-To: <3EE79D86.9040107@raeinternet.com> References: <5C0296D26910694BB9A9BBFC577E7AB0011758D1@pascal.priv.bmrb.co.uk> <1055365784.15883.2.camel@bach.kevinspicer.co.uk> <3EE79D86.9040107@raeinternet.com> Message-ID: <1055368508.1981.1.camel@rocco.bonivart.home> Could you post how you start Sendmail? Have you separated it into two commands? One listening on port 25 and queueing to mqueue.in and one delivering from mqueue? /Peter Bonivart --Unix lovers do it in the Sun On Wed, 2003-06-11 at 23:22, Jon Guymon wrote: > Kevin Spicer wrote: > > >Did you make sure there were no sendmail processes running before > >starting MailScanner? I've seen the init scripts not properly kill > >sendmail. Stop both mailscanner and sendmail, make sure all sendmail > >processes are gone then start MailScanner. > > > Yep, nothing left running. MailScanner starts normally, logging: > > Jun 11 16:16:24 localhost MailScanner[16605]: MailScanner E-Mail Virus > Scanner version 4.21-9 starting... > Jun 11 16:16:24 localhost MailScanner[16605]: Using locktype = flock > > five times (normal right?). > > From then on mail flows normally, but there are no added headers, and > no eicar stoppage. > > >You shouldn't need to touch sendmail mc|cf files, MailScanner adds the > >necessary arguments on the command line. > > > > > > > > > > > > > Scanned by RAV AntiVirus for MailServers. AntiVirus, AntiSpam, Content Filtering. http://raeinternet.com From peter at UCGBOOK.COM Wed Jun 11 22:59:55 2003 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:18:30 2006 Subject: logging problem In-Reply-To: <3EE4E5DD.7010800@dalsemi.com> References: <3EE4E5DD.7010800@dalsemi.com> Message-ID: <1055368795.1980.6.camel@rocco.bonivart.home> Strange, I have a similar setup (Solaris 9, Sendmail 8.12.9, MailScanner 4.21-6 and SpamAssassin 2.54). The only thing I changed in MailScanner.conf regarding this was "Log Spam = yes". Nothing is changed in the system and everything is logged. Do you get any logs at all from sendmail/mailscanner/spamassassin? /Peter Bonivart --Unix lovers do it in the Sun On Mon, 2003-06-09 at 21:54, David Vosburgh wrote: > I have installed MailScanner-4.21-9, Mail-SpamAssassin-2.55, and all the > related perl modules on a Sun system recently jumpstarted with 2.8 and a > recent patch cluster. Sendmail is v8.12.9. > > Everything seems to be working as advertised, with the exception of > logging. I am using the default "Syslog Facility = mail" option, and > have turned on spam logging with "Log Spam = yes". My syslog.conf has a > single entry for mail logging: > > mail.info /var/adm/maillog > > I read the FAQ and some posts on this list, and have tried the following > without success (always re-starting MailScanner after the change): > > 1) starting syslog without the "-t" option > 2) removed the syslog patch 110945-07 (now -05) > 3) removed the "eval" from the setlogsock syslog command under the Start > section of Log.pm > 4) added a "mail.debug /opt/MailScanner/var/log" to syslog.conf > > Any ideas on where to go from here? > > Thanks, > > Dave From guymon at RAEINTERNET.COM Wed Jun 11 23:00:12 2003 From: guymon at RAEINTERNET.COM (Jon Guymon) Date: Thu Jan 12 21:18:30 2006 Subject: AV plugins and loggin References: <5C0296D26910694BB9A9BBFC577E7AB0011758D4@pascal.priv.bmrb.co.uk> <1055367147.15883.12.camel@bach.kevinspicer.co.uk> Message-ID: <3EE7A66C.5010100@raeinternet.com> Forgive the long message. The sig is added by a different server, I'm not using the MailScanner server in production yet. What follows is a transcript of stopping MailScanner, starting it, examining the maillog while sending an eicar message, and the header of the message when it reaches its destination. enjoy :] [root@wayne init.d]# /etc/init.d/MailScanner stop Shutting down MailScanner daemons: MailScanner: [ OK ] incoming sendmail: [ OK ] outgoing sendmail: [ OK ] [root@wayne init.d]# /etc/init.d/sendmail stop Shutting down sendmail: [FAILED] [root@wayne init.d]# ps afx | grep sendmail [root@wayne init.d]# /etc/init.d/MailScanner start Starting MailScanner daemons: incoming sendmail: [ OK ] outgoing sendmail: [ OK ] MailScanner: [ OK ] [root@wayne init.d]# ps afx | grep sendmail 16817 ? S 0:00 sendmail: accepting connections 16826 ? S 0:00 /usr/sbin/sendmail -q15m -OPidFile /var/run/sendmail. [root@wayne init.d]# tail -f /var/log/maillog Jun 11 16:52:05 localhost MailScanner[16603]: MailScanner child caught a SIGHUP Jun 11 16:52:05 localhost MailScanner[16602]: MailScanner child caught a SIGHUP Jun 11 16:52:25 localhost sendmail[16808]: alias database /etc/aliases rebuilt by gnarg Jun 11 16:52:25 localhost sendmail[16808]: /etc/aliases: 42 aliases, longest 57 bytes, 489 bytes total Jun 11 16:52:26 localhost sendmail[16817]: starting daemon (8.11.6): SMTP Jun 11 16:52:26 localhost sendmail[16826]: starting daemon (8.11.6): queueing@00:15:00 Jun 11 16:52:27 localhost MailScanner[16845]: MailScanner E-Mail Virus Scanner version 4.21-9 starting... Jun 11 16:52:27 localhost MailScanner[16845]: Using locktype = flock Jun 11 16:52:37 localhost MailScanner[16851]: MailScanner E-Mail Virus Scanner version 4.21-9 starting... Jun 11 16:52:37 localhost MailScanner[16851]: Using locktype = flock Jun 11 16:52:47 localhost MailScanner[16853]: MailScanner E-Mail Virus Scanner version 4.21-9 starting... Jun 11 16:52:47 localhost MailScanner[16853]: Using locktype = flock Jun 11 16:52:57 localhost MailScanner[16854]: MailScanner E-Mail Virus Scanner version 4.21-9 starting... Jun 11 16:52:57 localhost MailScanner[16854]: Using locktype = flock Jun 11 16:53:07 localhost MailScanner[16855]: MailScanner E-Mail Virus Scanner version 4.21-9 starting... Jun 11 16:53:07 localhost MailScanner[16855]: Using locktype = flock Jun 11 16:55:03 localhost sendmail[16867]: h5BKt2x16867: from=root, size=96, class=0, nrcpts=1, msgid=<200306112055.h5BKt2x16867@wayne.raeinternet.com>, relay=root@localhost Jun 11 16:55:03 localhost sendmail[16870]: h5BKt2x16867: to=XXXX@slackworks.com, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:00, mailer=esmtp, pri=30096, relay=chopper.slackworks.com. [64.244.30.42], dsn=2.0.0, stat=Sent (h5BLswi7027397 Message accepted for delivery) --------- From - Wed Jun 11 17:54:30 2003 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Return-Path: Received: from wayne.raeinternet.com (raeinternet.com [216.150.133.100]) by chopper.slackworks.com (8.12.8/8.12.8) with ESMTP id h5BLswi7027397 for Message-Id: <200306112055.h5BKt2x16867@wayne.raeinternet.com> To: XXXX@slackworks.com X-DCC-servers-Metrics: chopper.slackworks.com 1049; Body=9 Fuz1=9 X-Spam-Status: No, hits=0.0 required=10.0 tests=none version=2.52 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.52 (1.174.2.8-2003-03-24-exp) Kevin Spicer wrote >If that doesn't help could you post enough of your mail log to show the >sequence of events when a mail is recieved and dispatched. > > > Scanned by RAV AntiVirus for MailServers. AntiVirus, AntiSpam, Content Filtering. http://raeinternet.com From kevins at BMRB.CO.UK Wed Jun 11 23:10:15 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:30 2006 Subject: AV plugins and loggin In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0011758D9@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB0011758D9@pascal.priv.bmrb.co.uk> Message-ID: <1055369416.15883.18.camel@bach.kevinspicer.co.uk> Jun 11 16:55:03 localhost sendmail[16867]: h5BKt2x16867: from=root, ^^^^ A-Ha(?) You're sending mail out from the machine itself to test, which means that your MUA is probably invoking sendmail directly and so it never touches mqueue.in and hence never goes through mailscanner. Try using an MUA that you can configure to connect to localhost:25 via SMTP, it'll probably work. Or even just telnet to localhost:25 if you know how to speak SMTP. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From kevins at BMRB.CO.UK Wed Jun 11 23:14:52 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:30 2006 Subject: AV plugins and loggin In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0011758D7@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB0011758D7@pascal.priv.bmrb.co.uk> Message-ID: <1055369693.15883.23.camel@bach.kevinspicer.co.uk> On Wed, 2003-06-11 at 22:55, Peter Bonivart wrote: Could you post how you start Sendmail? Have you separated it into two commands? One listening on port 25 and queueing to mqueue.in and one delivering from mqueue? Basically... # incoming mail /usr/lib/sendmail -bd -OPrivacyOptions=noetrn \ -ODeliveryMode=queueonly \ -OQueueDirectory=/var/spool/mqueue.in # queue runner for outgoing mail /usr/lib/sendmail -q15m But theres some good init scripts for most systems kicking around that deal with MailScanner and the MTA. Theres probably one in your mailscanner distribution. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From TGFurnish at HERFF-JONES.COM Wed Jun 11 23:31:46 2003 From: TGFurnish at HERFF-JONES.COM (Furnish, Trever G) Date: Thu Jan 12 21:18:30 2006 Subject: sophos licensing - one user or per "address"? Message-ID: <5D8D9455134FD211AE4900A0C9DED11E0AFDDBC9@indy1ntm.herffjones.hj-int> I'm curious - for those of you using sophos on a mailscanner system acting only as a relay (not a "mailbox server"), did you license it based on the number of recipients for whom you would deliver email or did you get a single-user license (or something else I'm failing to imagine)? Considering that we're talking about a mail relay, I personally think it's silly to license a package based on the number of destination addresses being protected by the product, given that the number includes not only your internal users but also the people they send email to (assuming that you filter outbound mail as well as inbound mail). Sophos sales rep would obviously like me to license based on the number of internal users I have on my destination system, which seems rather ridiculous. -t. From lists at STHOMAS.NET Wed Jun 11 23:47:25 2003 From: lists at STHOMAS.NET (Steve Thomas) Date: Thu Jan 12 21:18:30 2006 Subject: sophos licensing - one user or per "address"? In-Reply-To: <5D8D9455134FD211AE4900A0C9DED11E0AFDDBC9@indy1ntm.herffjones.hj-int>; from TGFurnish@HERFF-JONES.COM on Wed, Jun 11, 2003 at 05:31:46PM -0500 References: <5D8D9455134FD211AE4900A0C9DED11E0AFDDBC9@indy1ntm.herffjones.hj-int> Message-ID: <20030611154725.A1127@sthomas.net> We have a license that covers all our users, however, we use it on the desktops as well. When I was setting up the license with the Sophos rep, I asked about the mail server and he told me that because we were licensing each user's desktop, we'd be able to use it on the mail server without any problem. I know that doesn't do much to answer your question, but I thought I'd throw it out there. On Wed, Jun 11, 2003 at 05:31:46PM -0500, Furnish, Trever G is rumored to have said: > > I'm curious - for those of you using sophos on a mailscanner system acting > only as a relay (not a "mailbox server"), did you license it based on the > number of recipients for whom you would deliver email or did you get a > single-user license (or something else I'm failing to imagine)? > > Considering that we're talking about a mail relay, I personally think it's > silly to license a package based on the number of destination addresses > being protected by the product, given that the number includes not only your > internal users but also the people they send email to (assuming that you > filter outbound mail as well as inbound mail). > > Sophos sales rep would obviously like me to license based on the number of > internal users I have on my destination system, which seems rather > ridiculous. > > -t. -- Steve Thomas ---------------------------------------------------------- "...subatomic matter in a particle accelerator that exists for only a few microseconds seems to exhibit more uptime than the RIAA's website." -- Andrew Orlowski TheRegister.co.uk From richard.lush at NTLWORLD.COM Wed Jun 11 23:38:01 2003 From: richard.lush at NTLWORLD.COM (Richard Lush) Date: Thu Jan 12 21:18:30 2006 Subject: MailScanner Webmin Module 0.6 BETA Released Message-ID: Hi All, I am pleased to announce the release of the next version of the webmin module. This version has all the latest options for MailScanner 4.21, and the abilty to text edit all the ruleset options. Please email me webmin@lushsoft.dyndns.org of any issues you find (hopefully there are non) and any additional features you want to see etc. Regards Richard From mike at CAMAROSS.NET Wed Jun 11 23:54:28 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:18:30 2006 Subject: sophos licensing - one user or per "address"? In-Reply-To: <5D8D9455134FD211AE4900A0C9DED11E0AFDDBC9@indy1ntm.herffjones.hj-int> Message-ID: <001d01c3306c$6a0a7fa0$6701a8c0@home.middlefinger.net> Their licensing scheme is so cryptic, I almost got pissed enough to not use their product. After a few conversations back and forth with the rep, I finally licensed a single user...since only one user is running sweep per machine. Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Furnish, Trever G Sent: Wednesday, June 11, 2003 5:32 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: sophos licensing - one user or per "address"? I'm curious - for those of you using sophos on a mailscanner system acting only as a relay (not a "mailbox server"), did you license it based on the number of recipients for whom you would deliver email or did you get a single-user license (or something else I'm failing to imagine)? Considering that we're talking about a mail relay, I personally think it's silly to license a package based on the number of destination addresses being protected by the product, given that the number includes not only your internal users but also the people they send email to (assuming that you filter outbound mail as well as inbound mail). Sophos sales rep would obviously like me to license based on the number of internal users I have on my destination system, which seems rather ridiculous. -t. From kusler at NSCL.MSU.EDU Thu Jun 12 05:13:46 2003 From: kusler at NSCL.MSU.EDU (Jay Kusler) Date: Thu Jan 12 21:18:30 2006 Subject: double messages? In-Reply-To: <1055364600.11842.18.camel@bach.kevinspicer.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB0011758CA@pascal.priv.bmrb.co.uk> <1055364600.11842.18.camel@bach.kevinspicer.co.uk> Message-ID: <20030612041346.GA27522@nscl.msu.edu> Thanks Kevin. I bit the bullet and switched to posix locking: no help. I also changed the number of children to 1: no help I'm stumped. Anybody? Thanks, Jay On Wed, Jun 11, 2003 at 09:50:00PM +0100, Kevin Spicer wrote: > Date: Wed, 11 Jun 2003 21:50:00 +0100 > Subject: Re: double messages? > From: Kevin Spicer > To: MAILSCANNER@JISCMAIL.AC.UK > > >I tried upping the Queue Scan Interval to 20 seconds hoping that > >would help, but it doesn't seem to. I have not tried cutting Max > >Children back to 1, but perhaps that's next: somewhat of a waste on a > >dual-cpu box. Perhaps there is a lock not getting set, or some race > >condition with locking? > > locking would seem like the obvious choice, wouldn't it. I'm not sure > which kind of locking MailScanner uses by defaultwith Postfix. One > (probably obvious) check - this is a local drive isn't it (I know its > unlikely anyone would be using NFS for a mail queue, but worth making > sure). > > I notice from your original post that you are running Solaris 8, I've > just found this little snippet with Google... > > "Welcome to the world of POSIX fcntl() locking, which is the only > locking that Postfix can use on System-V systems such as Solaris, HP-UX > and others." > > I'm taking it out of context, but it came from the keyboard of Wietse > Venema so it should be reliable information (heres the link > http://archives.neohapsis.com/archives/postfix/2000-12/0521.html) > > Now, if MailScanner is using flock (which it does by default for > sendmail I can see this might be the problem. You might like to try > setting > Lock Type = posix > where > #Lock Type = flock > appears (commented out) near the end of MailScanner.conf. > > One word of caution, I'm guessing completely(!) and screwing with > locking could make things much worse :( Maybe worth waiting for a > second opinion or two from others! > > > > > BMRB International > http://www.bmrb.co.uk > +44 (0)20 8566 5000 > _________________________________________________________________ > This message (and any attachment) is intended only for the > recipient and may contain confidential and/or privileged > material. If you have received this in error, please contact the > sender and delete this message immediately. Disclosure, copying > or other action taken in respect of this email or in > reliance on it is prohibited. BMRB International Limited > accepts no liability in relation to any personal emails, or > content of any email which does not directly relate to our > business. ---end quoted text--- From tomas at SAP.SE Thu Jun 12 07:21:53 2003 From: tomas at SAP.SE (Tomas Hellberg) Date: Thu Jan 12 21:18:30 2006 Subject: Notify only local senders Message-ID: It looks like I?ve got every thing working. Exept for one smal thing my users don?t get any mail from my mailgate. If I send a virus mail from local it gets stopt. The log tells me that MS send a mail to the sender, but the sender never gets any mail. I get a mail as admin. Mail from the Internet works just fine. My users get a warning and the sender don?t get annything. I think I is something wrong whith my sendmail path? I?m using postfix 2.0.8 on a RH 8 system. Help annyone .. PS thanx so far .. On Tue, 10 Jun 2003 15:50:08 +0100, Plant, Dean wrote: >Should the Notify Senders not be: > >From: yourdomain.com yes >FromOrTo: default no > >Dean Plant > >-----Original Message----- >From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] >Sent: 10 June 2003 14:57 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Notify only local senders > > >At 13:04 10/06/2003, you wrote: >>I've been scanning the mail arcive for some time now. At last I found the >>function I've been looking for. >> >>I want to notify only local senders. >> >> Outside ->in notify postmaster, local recipient. No external senders >>notified. > >Set > Notify Senders = /etc/MailScanner/rules/notify.senders.rules >and then put this in it: >To: yourdomain.com yes >FromOrTo: default no > >> Inside -> out notify local sender, postmaster, no external recipients >>notified. > >Set > Deliver Cleaned Messages = >/etc/MailScanner/rules/deliver.cleaned.rules >and then put this in it >To: yourdomain.com yes >FromOrTo: default no > >You could even put both of those rulesets in the same file if you like, but >I would keep them separate for clarity. > >Should do what you want. > > > >>The problem is I dont know how to use it, probobly simpel but I'm a newbee >>whith MS..... Please help some one.... >> >>I'm using RH 8, Postfix & MS 4.20 >> >>(The orig mail thred is from last summer, 25 Jun. Subject: Notify Senders) > >-- >Julian Field >www.MailScanner.info >MailScanner thanks transtec Computers for their support > >Registered Office: Roke Manor Research Ltd, Siemens House, Oldbury, Bracknell, >Berkshire. RG12 8FZ > >The information contained in this e-mail and any attachments is confidential to Roke >Manor Research Ltd and must not be passed to any third party without permission. This >communication is for information only and shall not create or change any contractual >relationship. > From o.pitzeier at UPTIME.AT Thu Jun 12 10:14:27 2003 From: o.pitzeier at UPTIME.AT (Oliver Pitzeier) Date: Thu Jan 12 21:18:30 2006 Subject: Black-/Whitelists in SQL Database (WAS: RE: SQL user options) In-Reply-To: <5.2.0.9.2.20030611161617.038f1d28@imap.ecs.soton.ac.uk> Message-ID: <001d01c330c3$06fd85e0$020b10ac@pitzeier.priv.at> Hi Julian! Hi folks! Julian Field wrote: > >On Wednesday 11 June 2003 07:37 am, Jody Cleveland wrote: > > > > OK. I did it. :-) I wrote some code (SQL_Backlist, > > > > SQL_Whitelist), > > > > which is - at least a bit - configurable trough variables in > > > > CustomConfig.pm. You can imagine what it does... Exactly what I > > > > wanted. :-) > > > > > > > > So... Is someone interested in this code? > > > > > > I would love to have that. Thanks! > > I would second that. I am not ready to use it yet but I have been > > looking for a way to do per user black/white lists. Sounds very > > promising. > > If all you need is file-based per-user and per-domain > black+whitelists, then there is already code in > CustomConfig.pm to do this for you. It's only the SQL bit > that's missing. First: It's the SQL bit, which was - as I told you - really easy to code, since MailScanner is Perl! :-) Second: You can easily create a frontend (which will follow within the next days) with SQL-based black-/whitelists, to let your users do the black-/whitelisting theirself. I do use a Cyrus IMAPd/Sendmail combination here, which is fine, since we do use Sieve as well... Now I do also have the posibility to give my users the option to not only add some Sieve-rules, but add black-/whitelists. You cannot imagine how happy my users are. :-)))) Best regards, Oliver From o.pitzeier at UPTIME.AT Thu Jun 12 10:18:58 2003 From: o.pitzeier at UPTIME.AT (Oliver Pitzeier) Date: Thu Jan 12 21:18:30 2006 Subject: Black-/Whitelists in SQL Database (WAS: RE: SQL user options) In-Reply-To: <84CFA712F666B44A94CE6BE116BAF4B0B4E9FD@mail.winnefox.org> Message-ID: <001e01c330c3$a8cb0820$020b10ac@pitzeier.priv.at> Jody Cleveland wrote: > > Please find it here: > > http://filelister.linux-kernel.at/?current=/tarballs/MailScanner/ > > I've never seen a .patch file before. How do I apply that? See Julian's answer. I also added the whole CustomConfig.pm, so you can simply overwrite the old one (please make a backup of that file before!). You may give "diff" a try so you see the differences between the old and the new file... Best regards, Oliver From maxsec at TOTALISE.CO.UK Thu Jun 12 10:53:50 2003 From: maxsec at TOTALISE.CO.UK (Martin Hepworth) Date: Thu Jan 12 21:18:30 2006 Subject: sophos licensing - one user or per "address"? In-Reply-To: <5D8D9455134FD211AE4900A0C9DED11E0AFDDBC9@indy1ntm.herffjones.hj-int> References: <5D8D9455134FD211AE4900A0C9DED11E0AFDDBC9@indy1ntm.herffjones.hj-int> Message-ID: <3EE84DAE.1060402@totalise.co.uk> Furnish, Trever G wrote: > I'm curious - for those of you using sophos on a mailscanner system acting > only as a relay (not a "mailbox server"), did you license it based on the > number of recipients for whom you would deliver email or did you get a > single-user license (or something else I'm failing to imagine)? > > Considering that we're talking about a mail relay, I personally think it's > silly to license a package based on the number of destination addresses > being protected by the product, given that the number includes not only your > internal users but also the people they send email to (assuming that you > filter outbound mail as well as inbound mail). > > Sophos sales rep would obviously like me to license based on the number of > internal users I have on my destination system, which seems rather > ridiculous. > > -t. Hi cheapest way is to use the savi licence and for that you'll pay for each user protected. Other way is per machine proctected but this tends to be more expensive. eg our 101 user SAVI licence costs around 500.00 UK pounds per year for a two year licence. -- martin From mailscanner at ecs.soton.ac.uk Thu Jun 12 11:13:43 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:30 2006 Subject: Notify only local senders In-Reply-To: Message-ID: <5.2.1.1.2.20030612111255.0421d958@imap.ecs.soton.ac.uk> Most common cause of this is that you have edited the reports/xx/sender* files and screwed up the headers in them. At 07:21 12/06/2003, you wrote: >It looks like I?ve got every thing working. Exept for one smal thing my >users don?t get any mail from my mailgate. > >If I send a virus mail from local it gets stopt. The log tells me that MS >send a mail to the sender, but the sender never gets any mail. I get a mail >as admin. > >Mail from the Internet works just fine. My users get a warning and the >sender don?t get annything. > >I think I is something wrong whith my sendmail path? I?m using postfix >2.0.8 on a RH 8 system. > >Help annyone .. > >PS thanx so far .. > > >On Tue, 10 Jun 2003 15:50:08 +0100, Plant, Dean >wrote: > > >Should the Notify Senders not be: > > > >From: yourdomain.com yes > >FromOrTo: default no > > > >Dean Plant > > > >-----Original Message----- > >From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > >Sent: 10 June 2003 14:57 > >To: MAILSCANNER@JISCMAIL.AC.UK > >Subject: Re: Notify only local senders > > > > > >At 13:04 10/06/2003, you wrote: > >>I've been scanning the mail arcive for some time now. At last I found the > >>function I've been looking for. > >> > >>I want to notify only local senders. > >> > >> Outside ->in notify postmaster, local recipient. No external senders > >>notified. > > > >Set > > Notify Senders = /etc/MailScanner/rules/notify.senders.rules > >and then put this in it: > >To: yourdomain.com yes > >FromOrTo: default no > > > >> Inside -> out notify local sender, postmaster, no external recipients > >>notified. > > > >Set > > Deliver Cleaned Messages = > >/etc/MailScanner/rules/deliver.cleaned.rules > >and then put this in it > >To: yourdomain.com yes > >FromOrTo: default no > > > >You could even put both of those rulesets in the same file if you like, but > >I would keep them separate for clarity. > > > >Should do what you want. > > > > > > > >>The problem is I dont know how to use it, probobly simpel but I'm a newbee > >>whith MS..... Please help some one.... > >> > >>I'm using RH 8, Postfix & MS 4.20 > >> > >>(The orig mail thred is from last summer, 25 Jun. Subject: Notify Senders) > > > >-- > >Julian Field > >www.MailScanner.info > >MailScanner thanks transtec Computers for their support > > > >Registered Office: Roke Manor Research Ltd, Siemens House, Oldbury, >Bracknell, > >Berkshire. RG12 8FZ > > > >The information contained in this e-mail and any attachments is >confidential to Roke > >Manor Research Ltd and must not be passed to any third party without >permission. This > >communication is for information only and shall not create or change any >contractual > >relationship. > > -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From vosburgh at DALSEMI.COM Thu Jun 12 12:32:15 2003 From: vosburgh at DALSEMI.COM (David Vosburgh) Date: Thu Jan 12 21:18:30 2006 Subject: logging problem References: <3EE4E5DD.7010800@dalsemi.com> <1055368795.1980.6.camel@rocco.bonivart.home> Message-ID: <3EE864BF.80305@dalsemi.com> I get the normal sendmail logs to maillog, but nothing from mailscanner/spamassassin. I did some testing with Sys::Syslog and I think that's where the problem is. Even extremely simple attempts to log a message failed (without errors). A quick look on SunSolve didn't reveal any known compatibility issues with syslogd, although there was a very current patch for syslog out there. Because we need to get the spam logging working to collect metrics prior to a production roll-out, I brute forced it by changing a few of the Sys:Syslog calls in Log.pm to use system calls to logger instead. Dave Peter Bonivart wrote: >Strange, I have a similar setup (Solaris 9, Sendmail 8.12.9, MailScanner >4.21-6 and SpamAssassin 2.54). The only thing I changed in >MailScanner.conf regarding this was "Log Spam = yes". Nothing is changed >in the system and everything is logged. > >Do you get any logs at all from sendmail/mailscanner/spamassassin? > >/Peter Bonivart > >--Unix lovers do it in the Sun > >On Mon, 2003-06-09 at 21:54, David Vosburgh wrote: > > >>I have installed MailScanner-4.21-9, Mail-SpamAssassin-2.55, and all the >>related perl modules on a Sun system recently jumpstarted with 2.8 and a >>recent patch cluster. Sendmail is v8.12.9. >> >>Everything seems to be working as advertised, with the exception of >>logging. I am using the default "Syslog Facility = mail" option, and >>have turned on spam logging with "Log Spam = yes". My syslog.conf has a >>single entry for mail logging: >> >>mail.info /var/adm/maillog >> >>I read the FAQ and some posts on this list, and have tried the following >>without success (always re-starting MailScanner after the change): >> >>1) starting syslog without the "-t" option >>2) removed the syslog patch 110945-07 (now -05) >>3) removed the "eval" from the setlogsock syslog command under the Start >>section of Log.pm >>4) added a "mail.debug /opt/MailScanner/var/log" to syslog.conf >> >>Any ideas on where to go from here? >> >>Thanks, >> >>Dave >> >> > > > -- Dave Vosburgh Sr. Unix System Administrator Dallas Semiconductor vosburgh@dalsemi.com 972-371-4418 From mailscanner at ecs.soton.ac.uk Thu Jun 12 13:47:38 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:30 2006 Subject: logging problem In-Reply-To: <3EE864BF.80305@dalsemi.com> References: <3EE4E5DD.7010800@dalsemi.com> <1055368795.1980.6.camel@rocco.bonivart.home> Message-ID: <5.2.0.9.2.20030612134554.04e9cd18@imap.ecs.soton.ac.uk> Have you read the syslogd man page and added the "-T" option to the syslogd command in /etc/init.d/syslog. I seem to remember you usually need to turn this on. At 12:32 12/06/2003, you wrote: >I get the normal sendmail logs to maillog, but nothing from >mailscanner/spamassassin. > >I did some testing with Sys::Syslog and I think that's where the problem >is. Even extremely simple attempts to log a message failed (without >errors). A quick look on SunSolve didn't reveal any known compatibility >issues with syslogd, although there was a very current patch for syslog >out there. Because we need to get the spam logging working to collect >metrics prior to a production roll-out, I brute forced it by changing a >few of the Sys:Syslog calls in Log.pm to use system calls to logger instead. > >Dave > >Peter Bonivart wrote: > >>Strange, I have a similar setup (Solaris 9, Sendmail 8.12.9, MailScanner >>4.21-6 and SpamAssassin 2.54). The only thing I changed in >>MailScanner.conf regarding this was "Log Spam = yes". Nothing is changed >>in the system and everything is logged. >> >>Do you get any logs at all from sendmail/mailscanner/spamassassin? >> >>/Peter Bonivart >> >>--Unix lovers do it in the Sun >> >>On Mon, 2003-06-09 at 21:54, David Vosburgh wrote: >> >> >>>I have installed MailScanner-4.21-9, Mail-SpamAssassin-2.55, and all the >>>related perl modules on a Sun system recently jumpstarted with 2.8 and a >>>recent patch cluster. Sendmail is v8.12.9. >>> >>>Everything seems to be working as advertised, with the exception of >>>logging. I am using the default "Syslog Facility = mail" option, and >>>have turned on spam logging with "Log Spam = yes". My syslog.conf has a >>>single entry for mail logging: >>> >>>mail.info /var/adm/maillog >>> >>>I read the FAQ and some posts on this list, and have tried the following >>>without success (always re-starting MailScanner after the change): >>> >>>1) starting syslog without the "-t" option >>>2) removed the syslog patch 110945-07 (now -05) >>>3) removed the "eval" from the setlogsock syslog command under the Start >>>section of Log.pm >>>4) added a "mail.debug /opt/MailScanner/var/log" to syslog.conf >>> >>>Any ideas on where to go from here? >>> >>>Thanks, >>> >>>Dave >>> >> >> > >-- > >Dave Vosburgh >Sr. Unix System Administrator >Dallas Semiconductor >vosburgh@dalsemi.com 972-371-4418 -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From vosburgh at DALSEMI.COM Thu Jun 12 14:30:08 2003 From: vosburgh at DALSEMI.COM (David Vosburgh) Date: Thu Jan 12 21:18:30 2006 Subject: logging problem References: <3EE4E5DD.7010800@dalsemi.com> <1055368795.1980.6.camel@rocco.bonivart.home> <5.2.0.9.2.20030612134554.04e9cd18@imap.ecs.soton.ac.uk> Message-ID: <3EE88060.20306@dalsemi.com> I have, but there is no "-T" option to syslogd for Solaris (at least from 2.6 through 2.8). There is a "-t" option (disable the syslogd UPD port), which is the default, and the way syslogd was running when I first started MailScanner. When that didn't work, I read the FAQ, which suggested removing it. I did, but it didn't fix the logging problem. Dave Julian Field wrote: > Have you read the syslogd man page and added the "-T" option to the > syslogd > command in /etc/init.d/syslog. I seem to remember you usually need to > turn > this on. > > At 12:32 12/06/2003, you wrote: > >> I get the normal sendmail logs to maillog, but nothing from >> mailscanner/spamassassin. >> >> I did some testing with Sys::Syslog and I think that's where the problem >> is. Even extremely simple attempts to log a message failed (without >> errors). A quick look on SunSolve didn't reveal any known compatibility >> issues with syslogd, although there was a very current patch for syslog >> out there. Because we need to get the spam logging working to collect >> metrics prior to a production roll-out, I brute forced it by changing a >> few of the Sys:Syslog calls in Log.pm to use system calls to logger >> instead. >> >> Dave >> >> Peter Bonivart wrote: >> >>> Strange, I have a similar setup (Solaris 9, Sendmail 8.12.9, >>> MailScanner >>> 4.21-6 and SpamAssassin 2.54). The only thing I changed in >>> MailScanner.conf regarding this was "Log Spam = yes". Nothing is >>> changed >>> in the system and everything is logged. >>> >>> Do you get any logs at all from sendmail/mailscanner/spamassassin? >>> >>> /Peter Bonivart >>> >>> --Unix lovers do it in the Sun >>> >>> On Mon, 2003-06-09 at 21:54, David Vosburgh wrote: >>> >>> >>>> I have installed MailScanner-4.21-9, Mail-SpamAssassin-2.55, and >>>> all the >>>> related perl modules on a Sun system recently jumpstarted with 2.8 >>>> and a >>>> recent patch cluster. Sendmail is v8.12.9. >>>> >>>> Everything seems to be working as advertised, with the exception of >>>> logging. I am using the default "Syslog Facility = mail" option, and >>>> have turned on spam logging with "Log Spam = yes". My syslog.conf >>>> has a >>>> single entry for mail logging: >>>> >>>> mail.info /var/adm/maillog >>>> >>>> I read the FAQ and some posts on this list, and have tried the >>>> following >>>> without success (always re-starting MailScanner after the change): >>>> >>>> 1) starting syslog without the "-t" option >>>> 2) removed the syslog patch 110945-07 (now -05) >>>> 3) removed the "eval" from the setlogsock syslog command under the >>>> Start >>>> section of Log.pm >>>> 4) added a "mail.debug /opt/MailScanner/var/log" to syslog.conf >>>> >>>> Any ideas on where to go from here? >>>> >>>> Thanks, >>>> >>>> Dave >>>> >>> >>> >> >> -- >> >> Dave Vosburgh >> Sr. Unix System Administrator >> Dallas Semiconductor >> vosburgh@dalsemi.com 972-371-4418 > > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > -- Dave Vosburgh Sr. Unix System Administrator Dallas Semiconductor vosburgh@dalsemi.com 972-371-4418 From damian at WORKGROUPSOLUTIONS.COM Thu Jun 12 14:43:53 2003 From: damian at WORKGROUPSOLUTIONS.COM (Damian Mendoza) Date: Thu Jan 12 21:18:30 2006 Subject: F-Prot and Mail Scanner Message-ID: F-Prot file Server -----Original Message----- From: Steve Douglas [mailto:steve.douglas@SBIINCORPORATED.COM] Sent: Wednesday, June 11, 2003 11:56 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: F-Prot and Mail Scanner Is your gateway configured with F-Prot "file server" or with F-Prot eMail gateway version? Just curious? Thanks. > -----Original Message----- > From: Damian Mendoza [mailto:damian@WORKGROUPSOLUTIONS.COM] > Sent: Wednesday, June 11, 2003 8:16 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: F-Prot and Mail Scanner > > Hi, > > An update: End-User error as messages were not going thru MailScanner. > MailScanner is working perfectly with F-Prot antivirus. > > Regards, > > Damian > > Workgroup Solutions > 20532 El Toro Rd, Suite 107 > Mission Viejo, CA 92692 > 949 586-2200 > Developers of SpamGate - Stop SPAM today at the Gateway! > > -----Original Message----- > From: Damian Mendoza > Sent: Monday, June 09, 2003 4:43 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: F-Prot and Mail Scanner > > > Hi, > > I installed F-Prot and MailScanner on an SMTP gateway for a customer. My > customer tells me that F-Prot is only blocking 10% of the viruses. They > had 9 messages get passed the F-Prot/MailScanner gateway and 1 message was > stopped according to the maillog. > > Norton Antivirus on the Exchange server told us about the 9 messages. > > Any ideas? F-Prot is getting the updates based on the Maillog file. > > Thanks, > > Damian From Richard.Hopkins at BRISTOL.AC.UK Thu Jun 12 14:40:41 2003 From: Richard.Hopkins at BRISTOL.AC.UK (Richard Hopkins) Date: Thu Jan 12 21:18:30 2006 Subject: logging problem In-Reply-To: <3EE88060.20306@dalsemi.com> References: <3EE88060.20306@dalsemi.com> Message-ID: <281421572.1055428841@rjh1.cse.bris.ac.uk> For us, SpamAssassin stopped logging when syslogd was restarted with a "-t" (Solaris 2.8 systems). Richard --On Thursday, June 12, 2003 8:30 AM -0500 David Vosburgh wrote: > I have, but there is no "-T" option to syslogd for Solaris (at least > from 2.6 through 2.8). There is a "-t" option (disable the syslogd UPD > port), which is the default, and the way syslogd was running when I > first started MailScanner. When that didn't work, I read the FAQ, which > suggested removing it. I did, but it didn't fix the logging problem. > > Dave > > Julian Field wrote: > >> Have you read the syslogd man page and added the "-T" option to the >> syslogd >> command in /etc/init.d/syslog. I seem to remember you usually need to >> turn >> this on. >> >> At 12:32 12/06/2003, you wrote: >> >>> I get the normal sendmail logs to maillog, but nothing from >>> mailscanner/spamassassin. >>> >>> I did some testing with Sys::Syslog and I think that's where the problem >>> is. Even extremely simple attempts to log a message failed (without >>> errors). A quick look on SunSolve didn't reveal any known compatibility >>> issues with syslogd, although there was a very current patch for syslog >>> out there. Because we need to get the spam logging working to collect >>> metrics prior to a production roll-out, I brute forced it by changing a >>> few of the Sys:Syslog calls in Log.pm to use system calls to logger >>> instead. >>> >>> Dave >>> >>> Peter Bonivart wrote: >>> >>>> Strange, I have a similar setup (Solaris 9, Sendmail 8.12.9, >>>> MailScanner >>>> 4.21-6 and SpamAssassin 2.54). The only thing I changed in >>>> MailScanner.conf regarding this was "Log Spam = yes". Nothing is >>>> changed >>>> in the system and everything is logged. >>>> >>>> Do you get any logs at all from sendmail/mailscanner/spamassassin? >>>> >>>> /Peter Bonivart >>>> >>>> --Unix lovers do it in the Sun >>>> >>>> On Mon, 2003-06-09 at 21:54, David Vosburgh wrote: >>>> >>>> >>>>> I have installed MailScanner-4.21-9, Mail-SpamAssassin-2.55, and >>>>> all the >>>>> related perl modules on a Sun system recently jumpstarted with 2.8 >>>>> and a >>>>> recent patch cluster. Sendmail is v8.12.9. >>>>> >>>>> Everything seems to be working as advertised, with the exception of >>>>> logging. I am using the default "Syslog Facility = mail" option, and >>>>> have turned on spam logging with "Log Spam = yes". My syslog.conf >>>>> has a >>>>> single entry for mail logging: >>>>> >>>>> mail.info /var/adm/maillog >>>>> >>>>> I read the FAQ and some posts on this list, and have tried the >>>>> following >>>>> without success (always re-starting MailScanner after the change): >>>>> >>>>> 1) starting syslog without the "-t" option >>>>> 2) removed the syslog patch 110945-07 (now -05) >>>>> 3) removed the "eval" from the setlogsock syslog command under the >>>>> Start >>>>> section of Log.pm >>>>> 4) added a "mail.debug /opt/MailScanner/var/log" to syslog.conf >>>>> >>>>> Any ideas on where to go from here? >>>>> >>>>> Thanks, >>>>> >>>>> Dave >>>>> >>>> >>>> >>> >>> -- >>> >>> Dave Vosburgh >>> Sr. Unix System Administrator >>> Dallas Semiconductor >>> vosburgh@dalsemi.com 972-371-4418 >> >> >> -- >> Julian Field >> www.MailScanner.info >> MailScanner thanks transtec Computers for their support >> > > -- > > Dave Vosburgh > Sr. Unix System Administrator > Dallas Semiconductor > vosburgh@dalsemi.com 972-371-4418 > Richard Hopkins, Information Services, Computer Centre, University of Bristol, Bristol, BS8 1UD, UK Tel +44 117 928 7859 Fax +44 117 929 1576 From Jan-Peter.Koopmann at SECEIDOS.DE Thu Jun 12 14:54:26 2003 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:18:30 2006 Subject: FreeBSD port: 4.21-9 Message-ID: <1BC1890A8420BD4B87C157DE2243A66164FC@ghost.intern.akctech.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, the current version can be downloaded here: http://www.seceidos.de/downloads/freebsd/ports/mailscanner-4.21.9.tgz or http://www.seceidos.de/downloads/freebsd/ports/mailscanner-current.tgz Regards, JP -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.2 iQA/AwUBPuiGEMljry2L+pqYEQJj7wCgyCPiclOnx/IIZnIbCOzlZCz/NfMAoPmb 0Xvl3wNyj6liOYc1r8ZttZnm =mZqu -----END PGP SIGNATURE----- From zabriskw at ITECH.NET Thu Jun 12 15:43:38 2003 From: zabriskw at ITECH.NET (Kris Zabriskie) Date: Thu Jan 12 21:18:30 2006 Subject: Quarantine Removal Tool Message-ID: <000501c330f1$03a914d0$0c02a8c0@itech.dom> Hey guys. I am currently working on a PHP page that will parse a mail.log and retrieve spam (as determined by SA and MailScanner). Currently I am developing it on a Tru64 machine running Sendmail. I am just curious if anyone would be interested in obtaining a copy. If there is enough of a desire for it, I will continually work on it in my spare time, and make the documentation a little better, and all of that fun stuff. **DISCLAIMER** I am not the worlds best programmer!!! In fact, I really don't know PHP =) I'm sure most of you could do a better job, but I am hoping that it will get the job done. Also, I will NOT release this to anyone unless it is all right with Julian. Kris Zabriskie Network Admin / Consultant I-Tech Inc. zabriskw@itech.net 717-657-3035 From maxsec at TOTALISE.CO.UK Thu Jun 12 15:54:46 2003 From: maxsec at TOTALISE.CO.UK (Martin Hepworth) Date: Thu Jan 12 21:18:30 2006 Subject: Quarantine Removal Tool In-Reply-To: <000501c330f1$03a914d0$0c02a8c0@itech.dom> References: <000501c330f1$03a914d0$0c02a8c0@itech.dom> Message-ID: <3EE89436.7070208@totalise.co.uk> Kris Zabriskie wrote: > Hey guys. I am currently working on a PHP page that will parse a mail.log > and retrieve spam (as determined by SA and MailScanner). Currently I am > developing it on a Tru64 machine running Sendmail. I am just curious if > anyone would be interested in obtaining a copy. If there is enough of a > desire for it, I will continually work on it in my spare time, and make the > documentation a little better, and all of that fun stuff. > > **DISCLAIMER** > I am not the worlds best programmer!!! In fact, I really don't know PHP =) > I'm sure most of you could do a better job, but I am hoping that it will get > the job done. Also, I will NOT release this to anyone unless it is all > right with Julian. > > > Kris Zabriskie > Network Admin / Consultant > I-Tech Inc. > zabriskw@itech.net > 717-657-3035 Kris me me me me damn will have to install php/apache on server.... cd /usr/port.... :-) -- Martin From dan at OXNARDSD.ORG Thu Jun 12 16:02:00 2003 From: dan at OXNARDSD.ORG (Dan Kubilos) Date: Thu Jan 12 21:18:30 2006 Subject: Quarantine Removal Tool In-Reply-To: <000501c330f1$03a914d0$0c02a8c0@itech.dom> Message-ID: I'd be happy to have such a thing. On Thu, 12 Jun 2003, Kris Zabriskie wrote: > Hey guys. I am currently working on a PHP page that will parse a mail.log > and retrieve spam (as determined by SA and MailScanner). Currently I am > developing it on a Tru64 machine running Sendmail. I am just curious if > anyone would be interested in obtaining a copy. If there is enough of a > desire for it, I will continually work on it in my spare time, and make the > documentation a little better, and all of that fun stuff. > > **DISCLAIMER** > I am not the worlds best programmer!!! In fact, I really don't know PHP =) > I'm sure most of you could do a better job, but I am hoping that it will get > the job done. Also, I will NOT release this to anyone unless it is all > right with Julian. > > > Kris Zabriskie > Network Admin / Consultant > I-Tech Inc. > zabriskw@itech.net > 717-657-3035 > -- Dan Kubilos __\o_ ^ K-8 Tech Coord http://www.oxnardsd.org From marco at MUW.EDU Thu Jun 12 17:08:11 2003 From: marco at MUW.EDU (Marco Obaid) Date: Thu Jan 12 21:18:30 2006 Subject: Acceptance of Domain Literals In-Reply-To: References: Message-ID: <1055434091.3ee8a56bc93b3@webmail.MUW.Edu> Hi, Does anyone know how to make sendmail accept domain literals? DNSreport.com gives me this warning: **************************************************************** WARN: One or more of your mailservers does not accept mail in the domain literal format (user@[0.0.0.0]). Mailservers are technically required RFC1123 5.2.17 to accept mail to domain literals for any of its IP addresses. Not accepting domain literals can make it more difficult to test your mailserver, and can prevent you from receiving E-mail from people reporting problems with your mailserver. However, it is unlikely that any problems will occur if the domain literals are not accepted. wso.muw.edu's postmaster@[209.147.208.15] response: >>> RCPT TO: <<< 550 5.7.1 ... Relaying denied. IP name possibly forged [69.2.200.182] ***************************************************************** This machine is a Redhat 9 patched up-to-date. Is this worth worrying about? I noticed that many mailservers have the same warning. My FreeBSD system appears to be "Accepting Domain Literals". I compared "sendmail.cf" from both machines and nothing too obvious about it. Thank you for any advice Marco _________________________________________________________________ This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail For the latest MUW Events, visit http://www.MUW.Edu/calendar From mbowman at UDCOM.COM Thu Jun 12 17:14:59 2003 From: mbowman at UDCOM.COM (Matthew Bowman) Date: Thu Jan 12 21:18:30 2006 Subject: Enabling/Disabling Spam Filtering Message-ID: Hello If I wanted to disable spam filtering for a domain passing through an e-mail gateway would all I have to do is add a line in spam.whitelist.rules FromOrTo: @domain.tld yes Then service MailScanner reload ? The objective is to setup all domains to pass thru a gateway but only enable spam filtering for some of them. That is the default would be disabled. -- Virus Scanning would be on for all domains.. Is there a better way of doing this without routing the MX to the recipient's mail server ? Thanks Matthew From ryanb at AACRAO.ORG Thu Jun 12 17:35:50 2003 From: ryanb at AACRAO.ORG (Bingham, Ryan) Date: Thu Jan 12 21:18:30 2006 Subject: Enabling/Disabling Spam Filtering Message-ID: Hi Matthew, I think you could do this in MailScanner.conf. Take a look at this section: # Do you want to check messages to see if they are spam? # This can also be the filename of a ruleset. Spam checks = yes Instead of "Spam checks = yes" you could specify a ruleset instead: Spam checks = /etc/MailScanner/rules/spamdomains.rules Then in your spamdomains.rules file you could have entries like FromOrTo: somedomain.com no FromOrTo: mydomain.com yes FromOrTo: default yes Everyone feel free to correct me if I messed something up. Ryan -----Original Message----- From: Matthew Bowman [mailto:mbowman@UDCOM.COM] Sent: Thursday, June 12, 2003 12:15 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Enabling/Disabling Spam Filtering Hello If I wanted to disable spam filtering for a domain passing through an e-mail gateway would all I have to do is add a line in spam.whitelist.rules FromOrTo: @domain.tld yes Then service MailScanner reload ? The objective is to setup all domains to pass thru a gateway but only enable spam filtering for some of them. That is the default would be disabled. -- Virus Scanning would be on for all domains.. Is there a better way of doing this without routing the MX to the recipient's mail server ? Thanks Matthew From mbowman at UDCOM.COM Thu Jun 12 17:39:26 2003 From: mbowman at UDCOM.COM (Matthew Bowman) Date: Thu Jan 12 21:18:31 2006 Subject: Enabling/Disabling Spam Filtering Message-ID: Arggg... ok doh! i should RTFM next time.. silly me :) "Bingham, Ryan" Sent by: MailScanner mailing list 06/12/2003 12:35 PM Please respond to MailScanner mailing list To: MAILSCANNER@JISCMAIL.AC.UK cc: Subject: Re: Enabling/Disabling Spam Filtering Hi Matthew, I think you could do this in MailScanner.conf. Take a look at this section: # Do you want to check messages to see if they are spam? # This can also be the filename of a ruleset. Spam checks = yes Instead of "Spam checks = yes" you could specify a ruleset instead: Spam checks = /etc/MailScanner/rules/spamdomains.rules Then in your spamdomains.rules file you could have entries like FromOrTo: somedomain.com no FromOrTo: mydomain.com yes FromOrTo: default yes Everyone feel free to correct me if I messed something up. Ryan -----Original Message----- From: Matthew Bowman [mailto:mbowman@UDCOM.COM] Sent: Thursday, June 12, 2003 12:15 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Enabling/Disabling Spam Filtering Hello If I wanted to disable spam filtering for a domain passing through an e-mail gateway would all I have to do is add a line in spam.whitelist.rules FromOrTo: @domain.tld yes Then service MailScanner reload ? The objective is to setup all domains to pass thru a gateway but only enable spam filtering for some of them. That is the default would be disabled. -- Virus Scanning would be on for all domains.. Is there a better way of doing this without routing the MX to the recipient's mail server ? Thanks Matthew From ryanb at AACRAO.ORG Thu Jun 12 17:44:32 2003 From: ryanb at AACRAO.ORG (Bingham, Ryan) Date: Thu Jan 12 21:18:31 2006 Subject: Enabling/Disabling Spam Filtering Message-ID: Actually, that's one of the things I like most about this list. Rarely do you get the typical, in-your-face RTFM when you ask an innocent question. So, in that spirit, glad I could help! Ryan -----Original Message----- From: Matthew Bowman [mailto:mbowman@UDCOM.COM] Sent: Thursday, June 12, 2003 12:39 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Enabling/Disabling Spam Filtering Arggg... ok doh! i should RTFM next time.. silly me :) "Bingham, Ryan" Sent by: MailScanner mailing list 06/12/2003 12:35 PM Please respond to MailScanner mailing list To: MAILSCANNER@JISCMAIL.AC.UK cc: Subject: Re: Enabling/Disabling Spam Filtering Hi Matthew, I think you could do this in MailScanner.conf. Take a look at this section: # Do you want to check messages to see if they are spam? # This can also be the filename of a ruleset. Spam checks = yes Instead of "Spam checks = yes" you could specify a ruleset instead: Spam checks = /etc/MailScanner/rules/spamdomains.rules Then in your spamdomains.rules file you could have entries like FromOrTo: somedomain.com no FromOrTo: mydomain.com yes FromOrTo: default yes Everyone feel free to correct me if I messed something up. Ryan -----Original Message----- From: Matthew Bowman [mailto:mbowman@UDCOM.COM] Sent: Thursday, June 12, 2003 12:15 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Enabling/Disabling Spam Filtering Hello If I wanted to disable spam filtering for a domain passing through an e-mail gateway would all I have to do is add a line in spam.whitelist.rules FromOrTo: @domain.tld yes Then service MailScanner reload ? The objective is to setup all domains to pass thru a gateway but only enable spam filtering for some of them. That is the default would be disabled. -- Virus Scanning would be on for all domains.. Is there a be