From gsmithe at OFALLON90.NET Sun Jun 1 03:28:06 2003 From: gsmithe at OFALLON90.NET (Gary Smithe) Date: Thu Jan 12 21:18:20 2006 Subject: redhat 9 n00b problem Message-ID: -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: Sat 5/31/2003 3:36 PM To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Re: redhat 9 n00b problem At 21:15 31/05/2003, you wrote: >Hi all, > This is my first posting to a mailing list, so please excuse any > errs I make... > >I have stock RH9, MailScanner-4.20-3, and SpamAssassin-2.55, >postfix-1.1.11-11. This box will be a relay for an internal M$Exchange box. > >When I installed RH9, I installed postfix and spamassassin. RH9 >apparently sets up postfix chrooted, so I followed the MailScanner >document for setting up MS with postfix, using the MailScanner rpm >file. All seemed to go fine. I changed some postfix stuff to get >relaying going, and that works fine. I'm not getting any odd messages in >/var/log/maillog (I think...). Check that when you changed the postfix setup, you did a service MailScanner restart on not "service postfix restart". - I restart things via their scripts in init.d, and yes, I did restart MailScanner (I even removed the link to rc3.d for postfix). > >Anyway, I have two main issues: > >1.- MS seems to be scanning, but is not marking up the subject header: I'm >currently testing it by "sending mail" via telnet. I have my >Mailscanner.conf file set to yes for "Spam Modify Subject" nad {Spam?}for >the text. >Here's the full transaction from /var/log/maillog: > > >May 31 14:35:53 mail1 postfix/smtpd[11554]: connect from >MV1-24.217.77.228.charter-stl.com[24.217.77.228] >May 31 14:36:43 mail1 postfix/smtpd[11554]: 0891D4BB4E: >client=MV1-24.217.77.228.charter-stl.com[24.217.77.228] >May 31 14:36:43 mail1 postfix/cleanup[11555]: 0891D4BB4E: >message-id=<20030531193643.0891D4BB4E@mail1.ofallon90.net> >May 31 14:36:43 mail1 postfix/nqmgr[9716]: 0891D4BB4E: >from=, size=686, nrcpt=1 (queue >active) >May 31 14:36:43 mail1 postfix/nqmgr[9716]: 0891D4BB4E: >to=, relay=none, delay=0, status=deferred (deferred >transport) >May 31 14:36:43 mail1 MailScanner[9804]: New Batch: Scanning 1 messages, >877 bytes >May 31 14:36:43 mail1 MailScanner[9804]: Spam Checks: Starting >May 31 14:36:49 mail1 MailScanner[9804]: Message 0891D4BB4E from >[24.217.77.228] (not_a_user@not_a_machine_fake_domain.dom) to >ofallon90.net is spam, SpamAssassin (score=8.3, required 5, >ALL_CAPS_HEADER, GUARANTEE, LINES_OF_YELLING, NO_MX_FOR_FROM, >NO_REAL_NAME, SPAM_PHRASE_02_03, SUBJ_ALL_CAPS, UPPERCASE_75_100) >May 31 14:36:49 mail1 MailScanner[9804]: Spam Checks: Found 1 spam messages >May 31 14:36:49 mail1 MailScanner[9804]: Spam Actions: message 0891D4BB4E >actions are deliver >May 31 14:36:49 mail1 MailScanner[9804]: Virus and Content Scanning: Starting >May 31 14:36:49 mail1 MailScanner[9804]: Filename Checks: Allowing >msg-9804-1.txt >May 31 14:36:49 mail1 postfix/nqmgr[9786]: 9D3BEAF5B2: >from=, size=1028, nrcpt=1 (queue >active) >May 31 14:36:49 mail1 MailScanner[9804]: Uninfected: Delivered 1 messages >May 31 14:36:49 mail1 postfix/smtp[11563]: 9D3BEAF5B2: >to=, relay=216.124.194.5[216.124.194.5], delay=6, >status=sent (250 2.6.0 <20030531193643.0891D4BB4E@mail1.ofallon90.net> >Queued mail for delivery) > >When I get the mail, however, the subject line is intact, exactly as I >sent it (i.e. no "{Spam?}" text) We cannot tell what is wrong without the relevant section of the MailScanner.conf file. You have a mistake there somewhere, it works for everyone else. - Well, I hate posting the entire MailScanner.conf file. I can assure you that the obvious things are set to "yes" that would enable the above. Is there any section in particular you want me to post, or just include the whole thing? > 2 - anything that is truly spam we don't want to go to users (i.e. > delete), but we'd like a copy to go to a designated account (i.e. > forward) so we can review to make sure it IS spam. If I specify forward > AND delete for spam actions (or high scoring spam actions) , maillog > states the only action as forward, and hence the user gets the message > too. Is it possible to perform the actions I'm asking it? Are you sure the user really gets the message? Could it just be missing from the log? Yes, the user (me) gets the message, and as above, it is unmarked as spam. Should I try the whole shebang from scratch (i.e. not use any rpms?). I figured since RedHat 9 includes postfix and Spamassassin that everything would be smoother, but I'm thinking that would be flawed. I agree that it seems to be a conf problem, but I've looked the darn thing over so many times... > > >Thanks, > >Gary -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Sun Jun 1 12:14:26 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:20 2006 Subject: redhat 9 n00b problem In-Reply-To: Message-ID: <5.2.1.1.2.20030601121003.02452dc8@imap.ecs.soton.ac.uk> At 03:28 01/06/2003, you wrote: > > > -----Original Message----- > From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > Sent: Sat 5/31/2003 3:36 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Cc: > Subject: Re: redhat 9 n00b problem > > > > At 21:15 31/05/2003, you wrote: > >Hi all, > > This is my first posting to a mailing list, so please > excuse any > > errs I make... > > > >I have stock RH9, MailScanner-4.20-3, and SpamAssassin-2.55, > >postfix-1.1.11-11. This box will be a relay for an internal > M$Exchange box. > > > >When I installed RH9, I installed postfix and spamassassin. RH9 > >apparently sets up postfix chrooted, so I followed the MailScanner > >document for setting up MS with postfix, using the MailScanner rpm > >file. All seemed to go fine. I changed some postfix stuff to get > >relaying going, and that works fine. I'm not getting any odd > messages in > >/var/log/maillog (I think...). > > Check that when you changed the postfix setup, you did a > service MailScanner restart > on not "service postfix restart". > > - I restart things via their scripts in init.d, and yes, I did > restart MailScanner (I even removed the link to rc3.d for postfix). The tidy way to remove the rc*.d links is with chkconfig postfix off > > > > > > >Anyway, I have two main issues: > > > >1.- MS seems to be scanning, but is not marking up the subject > header: I'm > >currently testing it by "sending mail" via telnet. I have my > >Mailscanner.conf file set to yes for "Spam Modify Subject" nad > {Spam?}for > >the text. > >Here's the full transaction from /var/log/maillog: > > > > > >May 31 14:35:53 mail1 postfix/smtpd[11554]: connect from > >MV1-24.217.77.228.charter-stl.com[24.217.77.228] > >May 31 14:36:43 mail1 postfix/smtpd[11554]: 0891D4BB4E: > >client=MV1-24.217.77.228.charter-stl.com[24.217.77.228] > >May 31 14:36:43 mail1 postfix/cleanup[11555]: 0891D4BB4E: > >message-id=<20030531193643.0891D4BB4E@mail1.ofallon90.net> > >May 31 14:36:43 mail1 postfix/nqmgr[9716]: 0891D4BB4E: > >from=, size=686, > nrcpt=1 (queue > >active) > >May 31 14:36:43 mail1 postfix/nqmgr[9716]: 0891D4BB4E: > >to=, relay=none, delay=0, status=deferred > (deferred > >transport) > >May 31 14:36:43 mail1 MailScanner[9804]: New Batch: Scanning 1 > messages, > >877 bytes > >May 31 14:36:43 mail1 MailScanner[9804]: Spam Checks: Starting > >May 31 14:36:49 mail1 MailScanner[9804]: Message 0891D4BB4E from > >[24.217.77.228] (not_a_user@not_a_machine_fake_domain.dom) to > >ofallon90.net is spam, SpamAssassin (score=8.3, required 5, > >ALL_CAPS_HEADER, GUARANTEE, LINES_OF_YELLING, NO_MX_FOR_FROM, > >NO_REAL_NAME, SPAM_PHRASE_02_03, SUBJ_ALL_CAPS, UPPERCASE_75_100) > >May 31 14:36:49 mail1 MailScanner[9804]: Spam Checks: Found 1 > spam messages > >May 31 14:36:49 mail1 MailScanner[9804]: Spam Actions: message > 0891D4BB4E > >actions are deliver > >May 31 14:36:49 mail1 MailScanner[9804]: Virus and Content > Scanning: Starting > >May 31 14:36:49 mail1 MailScanner[9804]: Filename Checks: Allowing > >msg-9804-1.txt > >May 31 14:36:49 mail1 postfix/nqmgr[9786]: 9D3BEAF5B2: > >from=, size=1028, > nrcpt=1 (queue > >active) > >May 31 14:36:49 mail1 MailScanner[9804]: Uninfected: Delivered 1 > messages > >May 31 14:36:49 mail1 postfix/smtp[11563]: 9D3BEAF5B2: > >to=, relay=216.124.194.5[216.124.194.5], > delay=6, > >status=sent (250 > 2.6.0 <20030531193643.0891D4BB4E@mail1.ofallon90.net> > >Queued mail for delivery) > > > >When I get the mail, however, the subject line is intact, > exactly as I > >sent it (i.e. no "{Spam?}" text) > > > > We cannot tell what is wrong without the relevant section of the > MailScanner.conf file. You have a mistake there somewhere, it > works for > everyone else. > > - Well, I hate posting the entire MailScanner.conf file. I can > assure you that the obvious things are set to "yes" that would enable the > above. Is there any section in particular you want me to post, or just > include the whole thing? You can always post it to me off-list. > > > 2 - anything that is truly spam we don't want to go to users (i.e. > > delete), but we'd like a copy to go to a designated account (i.e. > > forward) so we can review to make sure it IS spam. If I > specify forward > > AND delete for spam actions (or high scoring spam actions) , > maillog > > states the only action as forward, and hence the user gets the > message > > too. Is it possible to perform the actions I'm asking it? > > Are you sure the user really gets the message? Could it just be > missing > from the log? > > Yes, the user (me) gets the message, and as above, it is unmarked > as spam. > > Should I try the whole shebang from scratch (i.e. not use any > rpms?). I figured since RedHat 9 includes postfix and Spamassassin that > everything would be smoother, but I'm thinking that would be flawed. I > agree that it seems to be a conf problem, but I've looked the darn thing > over so many times... Definitely use the RPMs, it makes things a lot simpler. But the one exception is SpamAssassin. Remove the SA rpm (with rpm -e) and build and install from source. And I don't know what mailer you are using, but please can you configure it to quote text correctly. There is currently no difference between your additional content and the content you are replying to. Makes it very hard to read your postings. And "n00b" is spelt "newbie". > > > > > > >Thanks, > > > >Gary > > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Sun Jun 1 12:47:10 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:20 2006 Subject: ANNOUNCE: Version 4.21 released Message-ID: <5.2.1.1.2.20030601122421.0248d3f8@imap.ecs.soton.ac.uk> I have just released version 4.21-8 as "stable". Main new features for this release are: - Can now handle non-spam messages with the same options as spam messages. - When using SophosSAVI virus scanner and updating virus definitions very frequently, MailScanner will only be reset when the zip file of definitions actually changes. - Added new "Spam Lists To Reach High Score" setting so that "Spam List" hits can cause a message to be considered to be High Scoring Spam. - Added "Include Scores In SpamAssassin Report" option to allow the inclusion of numerical score values in SpamAssassin reports. - Added "attachment" Spam/Ham action allowing original message to be turned into an RFC822 attachment. Download as usual from www.mailscanner.info Notes: to answer everyone's usual first question, the only RPM to have changed from the previous release is the MailScanner rpm itself. All the other RPMs are the same as 4.20. The entire ChangeLog is this: * New Features and Improvements * - Can now handle non-spam messages with the same options as spam messages. This allows you to archive non-spam separately so you can spot missed spam messages in it and feed them into SpamAssassin or adjust your configuration. Note: bouncing non-spam is not available as it makes no sense. - When using SophosSAVI virus scanner and updating virus definitions very frequently, MailScanner will only be reset when the zip file of definitions actually changes. No reset is done if you downloaded the same set of definitions as you already have. - Added new "Spam Lists To Reach High Score" setting so that "Spam List" hits can cause a message to be considered to be High Scoring Spam. Default is high enough that it won't ever be reached. Setting this to 1 might have uses in setting all Spam List messages to be treated as high scoring. - Added "Include Scores In SpamAssassin Report" option to allow the inclusion of numerical score values in SpamAssassin reports. Default is yes. - Added "attachment" Spam/Ham action allowing original message to be turned into an RFC822 attachment of itself, with a configurable warning file placed at the top of the message. This stops web bugs dead in their tracks. - Added support for 15th virus scanner, Bitdefender. - Now support IPv6 addresses completely. - Cron job will not start MailScanner if it has been stopped manually with the init.d script. This protects you while you are in the middle of upgrading. - SpamAssassin configuration no longer zeros out DCC rules and specifies normal path to dccproc. - McAfee autoupdater script replaced by much better one from Tony Finch. - Better handling of virus scanner lock files when not running as root. - Improved logging and handling of child process exit codes. - Added Hungarian (hu) translation of reports. - Added "Report" to the languages.conf so it can be translated. - Added "inline.spam.warning.txt" to all languages. Needs translating! - Added special keywords "HTML-IFrame" and "HTML-Codebase" to the list of "Silent Viruses" so that senders may not be warned about breaking these rules as they may be mailing lists that don't care anyway. - Improvement to Exim documentation, courtesy of Tony Finch. - Directory cleanup done by "service MailScanner stop" is safer. - Reduced timeout limits for RBL's and Razor in spam.assassin.prefs.conf. - "Spam List" support now supports JANET mirror of MAPS RBL+ with OPS list. - Improvement to Perl modules installation docs. - README.sql-logging now includes correct SQL setup code. * Fixes * - RedHat init.d script works quietly on systems without submit.cf. - F-Secure code for versions before 4.50 fixed. - SophosSAVI no longer reports 1 infection on some systems, when there is actually zero. - Fixed missing Welsh reports. - "Home directory is writable" check not done if not using SpamAssassin. - HTML stripping now available to spam that is not virus-scanned. - f-prot-autoupdate will now work properly on FreeBSD. - Locking problem with Archive Mail fixed when using sendmail on some OS's on which flock() is based on lockf() and/or POSIX locks. - Fixed problem where Sign Cleaned Messages didn't work on messages without a message body. - Postfix support now has extra permissions parameter on "mkdir" calls, solving a syntax error on some versions of Perl. - Postfix support now won't abandon a message because it could not get the SMTP client IP address out of it. Will insert 0.0.0.0 if no IP address could be found. - Postfix will always pick up IP address of locally-generated mail. - Postfix detects hash directory depth more cleanly. - Postfix handles queue files which are still being written. - Postfix bug fixed when processing messages with no body. - Postfix support client IP extraction bug fixed. - Postfix dual recipient lists now handled correctly, so that "original recipients" in 'O' records are managed as well as 'R' records. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From raymond at PROLOCATION.NET Sun Jun 1 13:15:59 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:20 2006 Subject: No subject In-Reply-To: <5.2.1.1.2.20030601122421.0248d3f8@imap.ecs.soton.ac.uk> Message-ID: Hi! I noticed that spamcop.net had a lot of timeouts ... are more people seeing this ? Also, Julian, i didnt see a notice in the changed files for the last release on WIREHUB, some people might be surprised that the entry changed... -> EASYNET ... bye, Raymond. From michele at BLACKNIGHTSOLUTIONS.COM Sun Jun 1 13:35:19 2003 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: BlacknightSolutions) Date: Thu Jan 12 21:18:20 2006 Subject: ANNOUNCE: Version 4.21 released In-Reply-To: <5.2.1.1.2.20030601122421.0248d3f8@imap.ecs.soton.ac.uk> Message-ID: <200306011235.h51CZRF25980@camelot.blacknightsolutions.com> Excellent! We'll be upgrading our installed versions as soon as we get a chance. Thanks again for all your hard work Mr. Michele Neylon Blacknight Solutions http://www.blacknightsolutions.com/ ######################################################### This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance to it is prohibited. From raymond at PROLOCATION.NET Sun Jun 1 13:43:39 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:20 2006 Subject: your mail In-Reply-To: Message-ID: Hi! > I noticed that spamcop.net had a lot of timeouts ... are more people > seeing this ? In addition to this, i cant even resolve bl.spamcop.net I tried on various networks... Bye, Raymond. From raymond at PROLOCATION.NET Sun Jun 1 14:06:30 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:20 2006 Subject: your mail In-Reply-To: Message-ID: Hi! > > I noticed that spamcop.net had a lot of timeouts ... are more people > > seeing this ? > > In addition to this, i cant even resolve bl.spamcop.net > I tried on various networks... This might explain, on their site: SpamCop down for maintenance Please be patient while anunexpected database problem is repaired. SpamCop Mail system is working normally. I disabled it in the checks to avoid delays... Bye, Raymond. From jaearick at COLBY.EDU Sun Jun 1 14:21:37 2003 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:18:20 2006 Subject: your mail In-Reply-To: References: Message-ID: check the spamcop webpage... They are having database problems. I had to remove spamcop from my dnsbl's this morning to get my email moving again. Hope they fix this soon... --- Jeff Earickson On Sun, 1 Jun 2003, Raymond Dijkxhoorn wrote: > Date: Sun, 1 Jun 2003 14:43:39 +0200 > From: Raymond Dijkxhoorn > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: your mail > > Hi! > > > I noticed that spamcop.net had a lot of timeouts ... are more people > > seeing this ? > > In addition to this, i cant even resolve bl.spamcop.net > I tried on various networks... > > Bye, > Raymond. > From mike at ZANKER.ORG Sun Jun 1 15:29:25 2003 From: mike at ZANKER.ORG (Mike Zanker) Date: Thu Jan 12 21:18:20 2006 Subject: ANNOUNCE: Version 4.21 released In-Reply-To: <5.2.1.1.2.20030601122421.0248d3f8@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030601122421.0248d3f8@imap.ecs.soton.ac.uk> Message-ID: <25671546.1054481365@jemima.zanker.org> On 01 June 2003 12:47 +0100 Julian Field wrote: > I have just released version 4.21-8 as "stable". I upgraded using the RPM and it barfed upon starting because /var/spool/MailScanner/incoming was missing. Shouldn't this get created during installation? Mike. From mailscanner at ecs.soton.ac.uk Sun Jun 1 15:37:43 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:20 2006 Subject: ANNOUNCE: Version 4.21 released In-Reply-To: <25671546.1054481365@jemima.zanker.org> References: <5.2.1.1.2.20030601122421.0248d3f8@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030601122421.0248d3f8@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030601153552.027b7b28@imap.ecs.soton.ac.uk> At 15:29 01/06/2003, you wrote: >On 01 June 2003 12:47 +0100 Julian Field >wrote: > >>I have just released version 4.21-8 as "stable". > >I upgraded using the RPM and it barfed upon starting because >/var/spool/MailScanner/incoming was missing. Shouldn't this get created >during installation? Yes, it should be. Can you just try upgrading again, in case it's a one-off problem. Do a rpm -Uvh --force mailscanner*rpm and see if it complains again. I'm trying to make it intelligent so that if you have set the permissions and ownership on this directory to be correct for your MTA, then it doesn't over-write it during installation. What version of what OS are you using? -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From MWeiner at AG.COM Sun Jun 1 15:43:45 2003 From: MWeiner at AG.COM (MW Mike Weiner (5028)) Date: Thu Jan 12 21:18:20 2006 Subject: ANNOUNCE: Version 4.21 released Message-ID: Would it be appropriate to use the RPM to upgrade an existing 4.20 install that was done via tarball?? And if so, what "gotchas" should i be looking out for? Things are running pretty well, but it seems that there are some "features" in 4.21 that i can use. I used the install.sh script for the installation of 4.20 out of the tarball, which i have appeneded to this message, in case anyone wondered where things were installed in the previous version. In other words, i am not using the PREFIX of /opt for this install, rather the directories as spelled out in the attached install.sh script provided with 4.20. I just want to make sure the RPM will not break whats already working!! Any help would be greatly appreciated. Michael Weiner --- $cat install.sh #!/bin/sh echo if [ -x /bin/rpmbuild ]; then RPMBUILD=/bin/rpmbuild elif [ -x /usr/bin/rpmbuild ]; then RPMBUILD=/usr/bin/rpmbuild elif [ -x /bin/rpm ]; then RPMBUILD=/bin/rpm elif [ -x /usr/bin/rpm ]; then RPMBUILD=/usr/bin/rpm else echo I cannot find any rpm or rpmbuild command on your path. echo Please check you are definitely using an RPM-based system. echo If you are, then please install the RPMs called rpm and echo rpm-build, then try running this script again. echo exit 1 fi echo if [ -x /bin/patch -o -x /usr/bin/patch ]; then echo Good. You have the patch command. else echo You need to install the patch command from your Linux distribution. echo Once you have done that, please try running this script again. exit 1 fi # Check that /usr/src/redhat exists echo if [ -d /usr/src/redhat ]; then echo Good, you have /usr/src/redhat in place. RPMROOT=/usr/src/redhat elif [ -d /usr/src/RPM ]; then echo Okay, you have /usr/src/RPM. RPMROOT=/usr/src/RPM elif [ -d /usr/src/packages ]; then echo Okay, you have /usr/src/packages. RPMROOT=/usr/src/packages else echo Your /usr/src/redhat, /usr/src/RPM or /usr/src/packages echo tree is missing. echo If you have access to an RPM called rpm-build echo install it first and come back and try again. echo exit 1 fi # Ensure that the RPM macro # %_unpackaged_files_terminate_build 1 # is set. Otherwise package building will fail. echo if grep -qs '%_unpackaged_files_terminate_build[ ][ ]*0' ~/.rpmmacros then echo Good, unpackaged files will not break the build process. else echo Writing a .rpmmacros file in your home directory to stop echo unpackaged files breaking the build process. echo You can delete it once MailScanner is installed if you want to. echo '%_unpackaged_files_terminate_build 0' >> ~/.rpmmacros echo sleep 10 fi # Check they don't have 2 Perl installations, this will cause all sorts # of grief later. echo if [ \! "x$1" = "xignore-perl" ] ; then if [ -x /usr/bin/perl -a -f /usr/local/bin/perl -a -x /usr/local/bin/perl ] ; then echo You appear to have 2 versions of Perl installed, echo the normal one in /usr/bin and one in /usr/local. echo This often happens if you have used CPAN to install modules. echo I strongly advise you remove all traces of perl from echo within /usr/local and then run this script again. echo echo If you do not want to do that, and really want to continue, echo then you will need to run this script as echo ' ./install.sh ignore-perl' echo exit 1 else echo Good, you appear to only have 1 copy of Perl installed. fi fi # Check to see if they want to ignore dependencies in the final # MailScanner RPM install. if [ "x$1" = "xnodeps" -o "x$2" = "xnodeps" ] then NODEPS='--nodeps' else NODEPS= fi # Check that they aren't on a RaQ3 with a broken copy of Perl 5.005003. if [ -d /usr/lib/perl5/5.00503/i386-linux/CORE ]; then echo echo I think you are running Perl 5.00503. echo Ensuring that you have all the header files that are needed echo to build HTML-Parser which is used by both MailScanner and echo SpamAssassin. touch /usr/lib/perl5/5.00503/i386-linux/CORE/opnames.h touch /usr/lib/perl5/5.00503/i386-linux/CORE/perlapi.h touch /usr/lib/perl5/5.00503/i386-linux/CORE/utf8.h touch /usr/lib/perl5/5.00503/i386-linux/CORE/warnings.h fi # Check that they aren't missing pod2text but have pod2man. if [ -x /usr/bin/pod2man -a \! -x /usr/bin/podtext ] ; then echo echo You appear to have pod2man but not pod2text. echo Creating pod2text for you. fi # Check they have the development tools installed on SuSE if [ -f /etc/SuSE-release -o -f /etc/redhat-release ]; then echo echo I think you are running on RedHat Linux or SuSE Linux. GCC=gcc if [ -f /etc/redhat-release ] && fgrep -q ' 6.' /etc/redhat-release ; then # RedHat used egcs in RedHat 6 and not gcc GCC=egcs fi if rpm -q binutils glibc-devel $GCC make >/dev/null 2>&1 ; then echo Good, you appear to have the basic development tools installed. sleep 5 else echo You must have the following RPM packages installed before echo you try and do anything else: echo ' binutils glibc-devel' $GCC 'make' echo You are missing at least 1 of these. echo Please install them all echo '(Read the manuals if you do not know how to do this).' echo Then come back and run this install.sh script again. echo exit 1 fi fi # Check they have an up to date copy of ExtUtils::MakeMaker or else they # will start generating duff Makefiles. echo if ./CheckModuleVersion ExtUtils::MakeMaker 6.05; then echo Good, your version of ExtUtils::MakeMaker is up to date else echo Your copy of the Perl module ExtUtils::MakeMaker is out of date. echo If you try to use an old one, it will generate bad code for the echo rest of this, and possibly make a mess of your Perl installation. echo echo Please install a new one. You can do this very easily with the echo command: echo ' ./Update-MakeMaker.sh' echo and then come back and run this install.sh script again. echo exit 1 fi echo echo This script will pause for a few seconds after each major step, echo so do not worry if it appears to stop for a while. echo If you want it to stop so you can scroll back through the output echo then press Ctrl-S to stop the output and Ctrl-Q to start it again. echo sleep 10 echo echo If this fails due to dependency checks, and you wish to ignore echo these problems, you can run echo ' ./install.sh nodeps' sleep 5 echo echo Rebuilding all the Perl RPMs for your version of Perl echo sleep 5 while read MODNAME MODFILE VERS BUILD ARC do # If the module version is already installed, go onto the next one # (unless it is MIME-tools which is always rebuilt. if ./CheckModuleVersion ${MODNAME} ${VERS} ; then echo Oh good, module ${MODNAME} version ${VERS} is already installed. echo sleep 5 else FILEPREFIX=perl-${MODFILE}-${VERS}-${BUILD} echo Attempting to build and install ${FILEPREFIX} if [ -f ${FILEPREFIX}.src.rpm ]; then $RPMBUILD --rebuild ${FILEPREFIX}.src.rpm sleep 10 echo echo echo else echo Missing file ${FILEPREFIX}.src.rpm. Are you in the right directory\? sleep 10 echo fi if [ -f ${RPMROOT}/RPMS/${ARC}/${FILEPREFIX}.${ARC}.rpm ]; then echo echo Do not worry too much about errors from the next command. echo It is quite likely that some of the Perl modules are echo already installed on your system. echo echo The important ones are HTML-Parser and MIME-tools. echo sleep 10 rpm -Uvh ${NODEPS} ${RPMROOT}/RPMS/${ARC}/${FILEPREFIX}.${ARC}.rpm sleep 10 echo echo echo else echo Missing file ${RPMROOT}/RPMS/${ARC}/${FILEPREFIX}.${ARC}.rpm. echo Maybe it did not build correctly\? sleep 10 echo fi fi done << EOF IsABundle IO-stringy 2.108 1 noarch MIME::Base64 MIME-Base64 2.12 1 i386 IsABundle TimeDate 1.1301 2 noarch IsABundle MailTools 1.50 1 noarch File::Spec File-Spec 0.82 1 noarch File::Temp File-Temp 0.12 1 noarch HTML::Tagset HTML-Tagset 3.03 1 noarch HTML::Parser HTML-Parser 3.26 2 i386 IsABundle MIME-tools 5.411 pl4.2 noarch Convert::TNEF Convert-TNEF 0.17 1 noarch EOF echo echo Installing tnef decoder echo rpm -Uvh tnef*i386.rpm echo echo Now to install MailScanner itself. echo if [ -d /usr/local/MailScanner ] ; then echo echo echo Please remember to kill all the old mailscanner version 3 echo processes before you start the new version. echo fi rpm -Uvh ${NODEPS} mailscanner*noarch.rpm echo Please do not forget to kill your MailScanner version 3 processes echo before starting version 4. From MWeiner at ag.com Sun Jun 1 15:43:45 2003 From: MWeiner at ag.com (MW Mike Weiner (5028)) Date: Thu Jan 12 21:18:20 2006 Subject: ANNOUNCE: Version 4.21 released Message-ID: Would it be appropriate to use the RPM to upgrade an existing 4.20 install that was done via tarball?? And if so, what "gotchas" should i be looking out for? Things are running pretty well, but it seems that there are some "features" in 4.21 that i can use. I used the install.sh script for the installation of 4.20 out of the tarball, which i have appeneded to this message, in case anyone wondered where things were installed in the previous version. In other words, i am not using the PREFIX of /opt for this install, rather the directories as spelled out in the attached install.sh script provided with 4.20. I just want to make sure the RPM will not break whats already working!! Any help would be greatly appreciated. Michael Weiner --- $cat install.sh #!/bin/sh echo if [ -x /bin/rpmbuild ]; then RPMBUILD=/bin/rpmbuild elif [ -x /usr/bin/rpmbuild ]; then RPMBUILD=/usr/bin/rpmbuild elif [ -x /bin/rpm ]; then RPMBUILD=/bin/rpm elif [ -x /usr/bin/rpm ]; then RPMBUILD=/usr/bin/rpm else echo I cannot find any rpm or rpmbuild command on your path. echo Please check you are definitely using an RPM-based system. echo If you are, then please install the RPMs called rpm and echo rpm-build, then try running this script again. echo exit 1 fi echo if [ -x /bin/patch -o -x /usr/bin/patch ]; then echo Good. You have the patch command. else echo You need to install the patch command from your Linux distribution. echo Once you have done that, please try running this script again. exit 1 fi # Check that /usr/src/redhat exists echo if [ -d /usr/src/redhat ]; then echo Good, you have /usr/src/redhat in place. RPMROOT=/usr/src/redhat elif [ -d /usr/src/RPM ]; then echo Okay, you have /usr/src/RPM. RPMROOT=/usr/src/RPM elif [ -d /usr/src/packages ]; then echo Okay, you have /usr/src/packages. RPMROOT=/usr/src/packages else echo Your /usr/src/redhat, /usr/src/RPM or /usr/src/packages echo tree is missing. echo If you have access to an RPM called rpm-build echo install it first and come back and try again. echo exit 1 fi # Ensure that the RPM macro # %_unpackaged_files_terminate_build 1 # is set. Otherwise package building will fail. echo if grep -qs '%_unpackaged_files_terminate_build[ ][ ]*0' ~/.rpmmacros then echo Good, unpackaged files will not break the build process. else echo Writing a .rpmmacros file in your home directory to stop echo unpackaged files breaking the build process. echo You can delete it once MailScanner is installed if you want to. echo '%_unpackaged_files_terminate_build 0' >> ~/.rpmmacros echo sleep 10 fi # Check they don't have 2 Perl installations, this will cause all sorts # of grief later. echo if [ \! "x$1" = "xignore-perl" ] ; then if [ -x /usr/bin/perl -a -f /usr/local/bin/perl -a -x /usr/local/bin/perl ] ; then echo You appear to have 2 versions of Perl installed, echo the normal one in /usr/bin and one in /usr/local. echo This often happens if you have used CPAN to install modules. echo I strongly advise you remove all traces of perl from echo within /usr/local and then run this script again. echo echo If you do not want to do that, and really want to continue, echo then you will need to run this script as echo ' ./install.sh ignore-perl' echo exit 1 else echo Good, you appear to only have 1 copy of Perl installed. fi fi # Check to see if they want to ignore dependencies in the final # MailScanner RPM install. if [ "x$1" = "xnodeps" -o "x$2" = "xnodeps" ] then NODEPS='--nodeps' else NODEPS= fi # Check that they aren't on a RaQ3 with a broken copy of Perl 5.005003. if [ -d /usr/lib/perl5/5.00503/i386-linux/CORE ]; then echo echo I think you are running Perl 5.00503. echo Ensuring that you have all the header files that are needed echo to build HTML-Parser which is used by both MailScanner and echo SpamAssassin. touch /usr/lib/perl5/5.00503/i386-linux/CORE/opnames.h touch /usr/lib/perl5/5.00503/i386-linux/CORE/perlapi.h touch /usr/lib/perl5/5.00503/i386-linux/CORE/utf8.h touch /usr/lib/perl5/5.00503/i386-linux/CORE/warnings.h fi # Check that they aren't missing pod2text but have pod2man. if [ -x /usr/bin/pod2man -a \! -x /usr/bin/podtext ] ; then echo echo You appear to have pod2man but not pod2text. echo Creating pod2text for you. fi # Check they have the development tools installed on SuSE if [ -f /etc/SuSE-release -o -f /etc/redhat-release ]; then echo echo I think you are running on RedHat Linux or SuSE Linux. GCC=gcc if [ -f /etc/redhat-release ] && fgrep -q ' 6.' /etc/redhat-release ; then # RedHat used egcs in RedHat 6 and not gcc GCC=egcs fi if rpm -q binutils glibc-devel $GCC make >/dev/null 2>&1 ; then echo Good, you appear to have the basic development tools installed. sleep 5 else echo You must have the following RPM packages installed before echo you try and do anything else: echo ' binutils glibc-devel' $GCC 'make' echo You are missing at least 1 of these. echo Please install them all echo '(Read the manuals if you do not know how to do this).' echo Then come back and run this install.sh script again. echo exit 1 fi fi # Check they have an up to date copy of ExtUtils::MakeMaker or else they # will start generating duff Makefiles. echo if ./CheckModuleVersion ExtUtils::MakeMaker 6.05; then echo Good, your version of ExtUtils::MakeMaker is up to date else echo Your copy of the Perl module ExtUtils::MakeMaker is out of date. echo If you try to use an old one, it will generate bad code for the echo rest of this, and possibly make a mess of your Perl installation. echo echo Please install a new one. You can do this very easily with the echo command: echo ' ./Update-MakeMaker.sh' echo and then come back and run this install.sh script again. echo exit 1 fi echo echo This script will pause for a few seconds after each major step, echo so do not worry if it appears to stop for a while. echo If you want it to stop so you can scroll back through the output echo then press Ctrl-S to stop the output and Ctrl-Q to start it again. echo sleep 10 echo echo If this fails due to dependency checks, and you wish to ignore echo these problems, you can run echo ' ./install.sh nodeps' sleep 5 echo echo Rebuilding all the Perl RPMs for your version of Perl echo sleep 5 while read MODNAME MODFILE VERS BUILD ARC do # If the module version is already installed, go onto the next one # (unless it is MIME-tools which is always rebuilt. if ./CheckModuleVersion ${MODNAME} ${VERS} ; then echo Oh good, module ${MODNAME} version ${VERS} is already installed. echo sleep 5 else FILEPREFIX=perl-${MODFILE}-${VERS}-${BUILD} echo Attempting to build and install ${FILEPREFIX} if [ -f ${FILEPREFIX}.src.rpm ]; then $RPMBUILD --rebuild ${FILEPREFIX}.src.rpm sleep 10 echo echo echo else echo Missing file ${FILEPREFIX}.src.rpm. Are you in the right directory\? sleep 10 echo fi if [ -f ${RPMROOT}/RPMS/${ARC}/${FILEPREFIX}.${ARC}.rpm ]; then echo echo Do not worry too much about errors from the next command. echo It is quite likely that some of the Perl modules are echo already installed on your system. echo echo The important ones are HTML-Parser and MIME-tools. echo sleep 10 rpm -Uvh ${NODEPS} ${RPMROOT}/RPMS/${ARC}/${FILEPREFIX}.${ARC}.rpm sleep 10 echo echo echo else echo Missing file ${RPMROOT}/RPMS/${ARC}/${FILEPREFIX}.${ARC}.rpm. echo Maybe it did not build correctly\? sleep 10 echo fi fi done << EOF IsABundle IO-stringy 2.108 1 noarch MIME::Base64 MIME-Base64 2.12 1 i386 IsABundle TimeDate 1.1301 2 noarch IsABundle MailTools 1.50 1 noarch File::Spec File-Spec 0.82 1 noarch File::Temp File-Temp 0.12 1 noarch HTML::Tagset HTML-Tagset 3.03 1 noarch HTML::Parser HTML-Parser 3.26 2 i386 IsABundle MIME-tools 5.411 pl4.2 noarch Convert::TNEF Convert-TNEF 0.17 1 noarch EOF echo echo Installing tnef decoder echo rpm -Uvh tnef*i386.rpm echo echo Now to install MailScanner itself. echo if [ -d /usr/local/MailScanner ] ; then echo echo echo Please remember to kill all the old mailscanner version 3 echo processes before you start the new version. echo fi rpm -Uvh ${NODEPS} mailscanner*noarch.rpm echo Please do not forget to kill your MailScanner version 3 processes echo before starting version 4. From jfalgout at CO.JEFFERSON.CO.US Sun Jun 1 15:58:32 2003 From: jfalgout at CO.JEFFERSON.CO.US (Jeff Falgout) Date: Thu Jan 12 21:18:20 2006 Subject: No subject Message-ID: >>> raymond@PROLOCATION.NET 06/01/03 6:15 AM >>> >Hi! >I noticed that spamcop.net had a lot of timeouts ... >are more people >seeing this ? Yup! From jfalgout at CO.JEFFERSON.CO.US Sun Jun 1 16:05:44 2003 From: jfalgout at CO.JEFFERSON.CO.US (Jeff Falgout) Date: Thu Jan 12 21:18:20 2006 Subject: Spamcop down for maintenance Message-ID: >>> raymond@PROLOCATION.NET 06/01/03 6:15 AM >>> >Hi! >I noticed that spamcop.net had a lot of timeouts ... >are more people >seeing this ? SpamCop down for maintenance Update 8:01am Pacific: Still working, 85%. Please be patient while anunexpected database problem is repaired. SpamCop Mail system is working normally. http://www.julianhaight.com/spamcop_down.shtml? From MWeiner at AG.COM Sun Jun 1 16:16:56 2003 From: MWeiner at AG.COM (MW Mike Weiner (5028)) Date: Thu Jan 12 21:18:20 2006 Subject: ANNOUNCE: Version 4.21 released Message-ID: D'UH, i am sorry, after a bit more review, it does appear that the install.sh script does an RPM install .. missed that before (lack of caffeine dyslexia). But i do see a potential issue, reminds me of what redhat did to the mysql installs. The original RPMS were mailscanner, and the new ones are MailScanner - my last experience with RedHat-MySQL was similar (redhat packages were mysql and MySQL's were MySQL and that caused some rpm -Uvvh problems). I just want to be sure i dont break an already working "production" install. Thanks Michael Weiner From MWeiner at ag.com Sun Jun 1 16:16:56 2003 From: MWeiner at ag.com (MW Mike Weiner (5028)) Date: Thu Jan 12 21:18:20 2006 Subject: ANNOUNCE: Version 4.21 released Message-ID: D'UH, i am sorry, after a bit more review, it does appear that the install.sh script does an RPM install .. missed that before (lack of caffeine dyslexia). But i do see a potential issue, reminds me of what redhat did to the mysql installs. The original RPMS were mailscanner, and the new ones are MailScanner - my last experience with RedHat-MySQL was similar (redhat packages were mysql and MySQL's were MySQL and that caused some rpm -Uvvh problems). I just want to be sure i dont break an already working "production" install. Thanks Michael Weiner From mike at ZANKER.ORG Sun Jun 1 16:26:58 2003 From: mike at ZANKER.ORG (Mike Zanker) Date: Thu Jan 12 21:18:20 2006 Subject: ANNOUNCE: Version 4.21 released In-Reply-To: <5.2.1.1.2.20030601153552.027b7b28@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030601122421.0248d3f8@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030601122421.0248d3f8@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030601153552.027b7b28@imap.ecs.soton.ac.uk> Message-ID: <29124718.1054484818@jemima.zanker.org> On 01 June 2003 15:37 +0100 Julian Field wrote: > Yes, it should be. > Can you just try upgrading again, in case it's a one-off problem. Do a > rpm -Uvh --force mailscanner*rpm > and see if it complains again. I'm trying to make it intelligent so > that if you have set the permissions and ownership on this directory > to be correct for your MTA, then it doesn't over-write it during > installation. OK, thanks - it worked fine second time around. > What version of what OS are you using? Red Hat Enterprise Linux ES 2.1 (which is based on 7.2, I believe). The permissions on /var/spool/MailScanner are drwxr-xr-x 4 root root 4096 Jun 1 16:21 MailScanner/ Mike. From mailscanner at ecs.soton.ac.uk Sun Jun 1 16:34:09 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:20 2006 Subject: ANNOUNCE: Version 4.21 released In-Reply-To: Message-ID: <5.2.1.1.2.20030601163146.0246a5c8@imap.ecs.soton.ac.uk> At 16:16 01/06/2003, you wrote: >D'UH, i am sorry, after a bit more review, it does appear that the >install.sh script does an RPM install .. missed that before (lack of >caffeine dyslexia). > >But i do see a potential issue, reminds me of what redhat did to the mysql >installs. The original RPMS were mailscanner, and the new ones are >MailScanner - my last experience with RedHat-MySQL was similar (redhat >packages were mysql and MySQL's were MySQL and that caused some rpm -Uvvh >problems). I just want to be sure i dont break an already working >"production" install. The RPM of MailScanner itself has all lowercase in the name, and always has. All the distributions of MailScanner are tarballs, but the Linux dists are full of RPMs. >Thanks >Michael Weiner -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From hunter at userfriendly.net Sun Jun 1 17:33:17 2003 From: hunter at userfriendly.net (Michael Weiner) Date: Thu Jan 12 21:18:20 2006 Subject: ANNOUNCE: Version 4.21 released In-Reply-To: <5.2.1.1.2.20030601163146.0246a5c8@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030601163146.0246a5c8@imap.ecs.soton.ac.uk> Message-ID: <1054485196.2373.33.camel@nomad.userfriendly.net> Did the upgrade, and all is well :-) And i see the feature for treating nonspam, i LOVE it, makes working and training Bayes a lot easier. THANKS is extended to the entire MS Teat for all their hard work. Michael Weiner -- On Sun, 2003-06-01 at 11:34, Julian Field wrote: > The RPM of MailScanner itself has all lowercase in the name, and always has. > > All the distributions of MailScanner are tarballs, but the Linux dists are > full of RPMs. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030601/781f4624/attachment.bin From raymond at PROLOCATION.NET Sun Jun 1 18:56:00 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:20 2006 Subject: your mail In-Reply-To: Message-ID: Hi! > > I noticed that spamcop.net had a lot of timeouts ... are more people > > seeing this ? > > In addition to this, i cant even resolve bl.spamcop.net > I tried on various networks... Update 10:47am Pacific: System repaired, everything should be back to normal. If you still see this page when loading spamcop, try clearing your cache. Bye, Raymond. From mailscanner at ecs.soton.ac.uk Mon Jun 2 10:08:32 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:20 2006 Subject: ANNOUNCE: Version 4.21 released In-Reply-To: <5.2.1.1.2.20030601122421.0248d3f8@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030602100655.04c37dd0@imap.ecs.soton.ac.uk> I've just posted 4.21-9. The *only* change to the code is to fix 1 bug in the new "attachment" spam action. So if you already have downloaded 4.21-8, then don't bother with 4.21-9 unless you are going to be using the new "attachment" spam action before the 1st of July. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From JEN at AH.DK Mon Jun 2 10:49:55 2003 From: JEN at AH.DK (Jan Elmqvist Nielsen) Date: Thu Jan 12 21:18:20 2006 Subject: Kaspersky 4.0 Message-ID: Has anyone experience with Kaspersky 4.0 for Linux together with mailscanner 4.21? My installation dosn't scan mail attachment if there are .zip or .822 files If the attachment is a .exe it is caught by kaspersky If I run kavscanner it cached the virus in .zip and .822 files I have try to copy ther defunix.prf from /opt/avp/etc to /usr/lib/mailscanner/kaspersky.prf without any luck I have a Kaspersky 3.0 installation which are working fine together with mailscanner 4.21! /Jan From JEN at AH.DK Mon Jun 2 11:06:13 2003 From: JEN at AH.DK (Jan Elmqvist Nielsen) Date: Thu Jan 12 21:18:20 2006 Subject: Vedr.: Kaspersky 4.0 Message-ID: If the attachment is .exe it is not caught p? kaspersky! It was mailscanner rules! >>> JEN@AH.DK 02-06-2003 11:49:55 >>> Has anyone experience with Kaspersky 4.0 for Linux together with mailscanner 4.21? My installation dosn't scan mail attachment if there are .zip or .822 files If the attachment is a .exe it is caught by kaspersky If I run kavscanner it cached the virus in .zip and .822 files I have try to copy ther defunix.prf from /opt/avp/etc to /usr/lib/mailscanner/kaspersky.prf without any luck I have a Kaspersky 3.0 installation which are working fine together with mailscanner 4.21! /Jan From derek at CSOLVE.NET Mon Jun 2 13:28:29 2003 From: derek at CSOLVE.NET (Derek Buttineau) Date: Thu Jan 12 21:18:20 2006 Subject: SQL Logging In-Reply-To: <5.2.1.1.2.20030530231151.03d0b5b0@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030530231151.03d0b5b0@imap.ecs.soton.ac.uk> Message-ID: <3EDB42ED.8030809@csolve.net> Yeah, running on FreeBSD, however the module is installed and works fine on its own. I wrote a small script to test the same process as the CustomConfig.pm module is doing and it works like a charm and on the same server, it just won't work within the confines of the layout. Derek Julian Field wrote: > Are you running on BSD by any chance? > If so, there is a known problem with Perl up to and including 5.8.0 with > the IO::File module. If you download and try to build the IO::File > module, > you will find it won't compile :-( > > From lbergman at wtxs.net Mon Jun 2 13:33:44 2003 From: lbergman at wtxs.net (Lewis Bergman) Date: Thu Jan 12 21:18:20 2006 Subject: Fwd: F-Prot Antivirus - Changed versions of UNIX products In-Reply-To: References: Message-ID: <200306020733.49643.lbergman@wtxs.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday 31 May 2003 02:07 pm, Gerry Doris wrote: > Sorry for the top posting but it seemed that it would be lost at the > bottom. > > I checked the F-Prot website and there wasn't a mention of this. Do you > know if they will continue to permit free use of their product for > home/personal use? Don't know anything. I received this as a registered user of the small enterprise deal. And of course, according to the letter, they are ditching that license. Nothing about what the price will be. Just an ominous note about a discount. Which to me means more money being demanded. We shall see if it is reasonable. - -- Lewis Bergman Texas Communications 4309 Maple St. Abilene, TX 79602-8044 915-695-6962 ext 115 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+20QtpT00mQjG01gRAtwOAKCEgu4WvqZ6+DCdJdfz8tb7bE7RnACgjUNN Q0m3x2hi2epUKmDl/de/5I4= =y1PR -----END PGP SIGNATURE----- From David.Sullivan at BARNET.AC.UK Mon Jun 2 13:25:25 2003 From: David.Sullivan at BARNET.AC.UK (David Sullivan) Date: Thu Jan 12 21:18:20 2006 Subject: minor isse with sophos-autoupdate script In-Reply-To: <3EDB3F9D.3050507@itss.nerc.ac.uk> Message-ID: On 2 Jun 2003 at 13:14, Ron Campbell wrote: > We had a few instance of Sobig-C which got through this morning ! > > Sophos sent out an alert at 3:54 am. I have this arranged (via a mail > alias) to run sophos-autoupdate immediately. However, we did not > detect any Sobig-C viruses until after 8 am (when MS was automatically > restarted, as happens every 4 hours). > > Perhaps sophos-autoupdate should restart MS ? > If you're running sophos in the "normal" mode this shouldn't be necessary at all since it executes sweep each time it scans a batch of messages (picking up on whatever ides are present at the time when it is executed). This is probably not the case if you're running sophossavi if my understanding of how it works is cirrect but I couldn't say for sure since we don't use this yet. Incidentally Sophos seem to have taken longer than usual on getting this virus update out (which also occurred with another e-mail worm several weeks back) Symantec had an update and advisory for Sobig-C yesterday and we were certainly blocking pif attachments of this all of yesterday. Regards. David. ============================================================== This communication may contain privileged or confidential information which is for the exclusive use of the intended recipient. If you are not the intended recipient, please note that you may not distribute or use this communication or the information it contains. If this e-mail has reached you in error, please delete it and any attachment. Internet communications are not secure and Barnet College does not accept legal responsibility for the content of this message. Any views or opinions expressed are those of the author and not necessarily those of Barnet College. Please note that Barnet College reserves the right to monitor the source/destinations of all incoming or outgoing e-mail communications. ============================================================== From rc at ITSS.NERC.AC.UK Mon Jun 2 13:14:21 2003 From: rc at ITSS.NERC.AC.UK (Ron Campbell) Date: Thu Jan 12 21:18:20 2006 Subject: minor isse with sophos-autoupdate script Message-ID: <3EDB3F9D.3050507@itss.nerc.ac.uk> We had a few instance of Sobig-C which got through this morning ! Sophos sent out an alert at 3:54 am. I have this arranged (via a mail alias) to run sophos-autoupdate immediately. However, we did not detect any Sobig-C viruses until after 8 am (when MS was automatically restarted, as happens every 4 hours). Perhaps sophos-autoupdate should restart MS ? Cheers ... Ron From mailscanner at LISTS.COM.AR Mon Jun 2 13:52:50 2003 From: mailscanner at LISTS.COM.AR (Mariano Absatz) Date: Thu Jan 12 21:18:20 2006 Subject: ANNOUNCE: Version 4.21 released In-Reply-To: <5.2.1.1.2.20030602100655.04c37dd0@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030601122421.0248d3f8@imap.ecs.soton.ac.uk> Message-ID: <3EDB1E72.22559.481952B0@localhost> Hi Julian, I guess I screwed last version of ZMailer.pm I sent you... I had added only one of the patches, so 4.21-9 still has a ZMailer bug (my fault, obviously). You should add the following patch to it. Just in case, I'm attaching the completely patched ZMailer.pm... hope this makes it into 4.22 :-) *** ZMailer.pm.ORI Mon Jun 2 09:44:42 2003 --- ZMailer.pm Mon Jun 2 09:45:07 2003 *************** *** 274,279 **** --- 274,284 ---- $message->{from} = lc($from); $FROMFound = 1; # We have found the sender } + if ($Line =~ /^channel error/) { + $from = ""; + $message->{from} = lc($from); + $FROMFound = 1; # We have found the (NULL) sender + } if ($Line =~ /^rcvdfrom /i) { $ip = $Line; #chomp $ip; El 2 Jun 2003 a las 10:08, Julian Field escribi?: > I've just posted 4.21-9. > The *only* change to the code is to fix 1 bug in the new "attachment" spam > action. > So if you already have downloaded 4.21-8, then don't bother with 4.21-9 > unless you are going to be using the new "attachment" spam action before > the 1st of July. -- Mariano Absatz El Baby ---------------------------------------------------------- Here I am! Now what are your other two wishes? -------------- next part -------------- A non-text attachment was scrubbed... Name: ZMailer.pm.NEW Type: application/octet-stream Size: 26592 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030602/ac7b5818/ZMailer.pm.obj From dean.plant at ROKE.CO.UK Mon Jun 2 13:58:08 2003 From: dean.plant at ROKE.CO.UK (Plant, Dean) Date: Thu Jan 12 21:18:20 2006 Subject: Disclaimer problem Message-ID: <76C92FBBFB58D411AE760090271ED41805B33A34@rsys002a.roke.co.uk> I have upgraded to v4.21-9 but mail still goes out without being signed when I have an attachment but no message body text. Below is shows the header of a mail which is not signed Return-Path: Received: from rsys000x.roke.co.uk (193.118.201.103) by mk-cpfrontend.uk.tiscali.com (6.7.018) id 3ED7738504402501 for dean_plant@lineone.net; Mon, 2 Jun 2003 13:41:01 +0100 Received: from rsys002a.roke.co.uk (rsys002a.roke.co.uk [193.118.192.251]) by rsys000x.roke.co.uk (8.12.8/8.12.8) with ESMTP id h52CjOQ5004085 for ; Mon, 2 Jun 2003 13:45:24 +0100 Received: by rsys002a.roke.co.uk with Internet Mail Service (5.5.2653.19) id ; Mon, 2 Jun 2003 13:44:16 +0100 Message-ID: <76C92FBBFB58D411AE760090271ED41805B33A33@rsys002a.roke.co.uk> From: "Plant, Dean" To: "Dean Plant Lineone (E-mail)" Subject: Date: Mon, 2 Jun 2003 13:44:15 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: image/jpeg; name="fluorescence6.jpg" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="fluorescence6.jpg" X-MailScanner: Found to be clean And this header shows mail which is correctly signed. Return-Path: Received: from rsys000x.roke.co.uk (193.118.201.103) by mk-cpfrontend.uk.tiscali.com (6.7.018) id 3ED765CA042FB1B4 for dean_plant@lineone.net; Mon, 2 Jun 2003 13:00:51 +0100 Received: from rsys002a.roke.co.uk (rsys002a.roke.co.uk [193.118.192.251]) by rsys000x.roke.co.uk (8.12.8/8.12.8) with ESMTP id h52C5sO9003378 for ; Mon, 2 Jun 2003 13:05:54 +0100 Received: by rsys002a.roke.co.uk with Internet Mail Service (5.5.2653.19) id ; Mon, 2 Jun 2003 13:04:47 +0100 Message-ID: <76C92FBBFB58D411AE760090271ED41805B33A31@rsys002a.roke.co.uk> From: "Plant, Dean" To: "Dean Plant Lineone (E-mail)" Subject: Date: Mon, 2 Jun 2003 13:04:47 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/mixed; boundary="----_=_NextPart_000_01C328FF.28639AF6" X-MailScanner: Found to be clean -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: 30 May 2003 09:32 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Disclaimer problem At 08:39 30/05/2003, you wrote: >Hello, > >I am currently evaluating MailScanner and have come across a small problem >regarding signing of mail. I have added a disclaimer to all out going mail >using a ruleset but have noticed that any mail that has an attachment but >does not have any body text does not get signed. All other mail is signed >correctly. > >I have upgraded to the latest version and started with an new >MailScanner.conf but the problem persists. > >I am using Redhat8/Sendmail/F-prot. > >Does anyone have any idea's as to what I may be doing wrong. > >Thanks in advance. > >Dean Plant Try applying this patch to /usr/lib/MailScanner/MailScanner/Message.pm. Read the man page for the "patch" command if you don't know how to drive it, saves you doing it by hand :) It appears to work okay for me, and will be in the next stable release (due this weekend). --- Message.pm 2003-05-30 09:09:21.000000000 +0100 +++ Message.pm.new2 2003-05-30 09:24:43.000000000 +0100 @@ -1447,6 +1447,7 @@ # If multipart, try to sign our first part if ($top->is_multipart) { + my $sigcounter = 0; # JKF Signed and encrypted multiparts must not be touched. # JKF Instead put the sig in the epilogue. Breaks the RFC # JKF but in a harmless way. @@ -1456,18 +1457,33 @@ @signature = map { "$_\n" } split(/\n/, $signature); unshift @signature, "\n"; $top->epilogue(\@signature); - return; + return 1; } - $this->SignCleanEntity($top->parts(0)); - $this->SignCleanEntity($top->parts(1)) + $sigcounter += $this->SignCleanEntity($top->parts(0)); + $sigcounter += $this->SignCleanEntity($top->parts(1)) if $top->head and $top->effective_type =~ /multipart\/alternative/i; - return; + + if ($sigcounter == 0) { + # If we haven't signed anything by now, it must be a multipart + # message containing only things we can't sign. So add a text/plain + # section on the front and sign that. + my $text = $this->ReadVirusWarning('inlinetextsig') . "\n\n"; + my $newpart = build MIME::Entity + Type => 'text/plain', + Disposition => 'inline', + Data => $text, + Encoding => 'quoted-printable', + Top => 0; + $top->add_part($newpart, 0); + $sigcounter = 1; + } + return $sigcounter; } $MimeType = $top->head->mime_type if $top->head; - return unless $MimeType =~ m{text/}i; # Won't sign non-text message. + return 0 unless $MimeType =~ m{text/}i; # Won't sign non-text message. # Won't sign attachments. - return if $top->head->mime_attr('content-disposition') =~ /attachment/i; + return 0 if $top->head->mime_attr('content-disposition') =~ /attachment/i; # Get body data as array of newline-terminated lines $top->bodyhandle or return undef; @@ -1489,6 +1505,9 @@ $io->print("\n$signature\n"); } $io->close; + + # We signed something + return 1; } -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support -------------- next part -------------- Registered Office: Roke Manor Research Ltd, Siemens House, Oldbury, Bracknell, Berkshire. RG12 8FZ The information contained in this e-mail and any attachments is confidential to Roke Manor Research Ltd and must not be passed to any third party without permission. This communication is for information only and shall not create or change any contractual relationship. From dot at DOTAT.AT Mon Jun 2 14:01:07 2003 From: dot at DOTAT.AT (Tony Finch) Date: Thu Jan 12 21:18:20 2006 Subject: Exim+MailScanner - not always queuing mail on "in" side In-Reply-To: Message-ID: Tim Bishop wrote: > >I'm running MailScanner with Exim on FreeBSD. This isn't strictly a >MailScanner problem, but I suspect it's related to the way I've set Exim >up to work with MailScanner. Yes. >The problem is that occasionally (but not always) locally generated >messages such as cron output don't get deferred by the incoming exim. >From my understanding of Exim it seems that it's ignored the queue_only, >then tried to defer it. Then, for some reason, it's decided to fail >the message. This is probably because the hints database for the incoming exim says that addresses have been failing for such a long time that they bounce immediately. You need to check that the spool directory configurations for the incoming and outgoing exims are correct and that they are being run with the correct commands, and check that /var/spool/exim_incoming/db is empty (as it should be if the queue_only option is working). Tony. -- f.a.n.finch http://dotat.at/ CAPE WRATH TO RATTRAY HEAD INCLUDING ORKNEY: MAINLY SOUTHEAST TO SOUTH OR SOUTHWEST 4 OR 5 BUT VARIABLE 2 OR 3 FOR A TIME IN THE NORTH AND WEST. THUNDERY RAIN AT FIRST WITH MIST OR FOG PATCHES, MAINLY FAIR LATER. MODERATE OR POOR BECOMING MAINLY GOOD. SLIGHT TO MODERATE. From mailscanner at ecs.soton.ac.uk Mon Jun 2 13:47:59 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:20 2006 Subject: minor isse with sophos-autoupdate script In-Reply-To: <3EDB3F9D.3050507@itss.nerc.ac.uk> Message-ID: <5.2.0.9.2.20030602134615.04e24280@imap.ecs.soton.ac.uk> At 13:14 02/06/2003, you wrote: >We had a few instance of Sobig-C which got through this morning ! > >Sophos sent out an alert at 3:54 am. I have this arranged (via a mail >alias) to run sophos-autoupdate immediately. However, we did not detect >any Sobig-C viruses until after 8 am (when MS was automatically >restarted, as happens every 4 hours). > >Perhaps sophos-autoupdate should restart MS ? If using "sophos" rather than "sophossavi", then the command-line scanner is run separately for each batch of messages. So there isn't anything to restart, the new IDE files will get picked up immediately. If you are using "sophossavi" then MailScanner will notice that the Sophos files have been modified and will restart immediately. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From moffelist at AMAGERKOLLEGIET.DK Mon Jun 2 16:09:05 2003 From: moffelist at AMAGERKOLLEGIET.DK (=?iso-8859-1?q?Rasmus_B=F8g_Hansen?=) Date: Thu Jan 12 21:18:20 2006 Subject: Exim+MailScanner - not always queuing mail on "in" side In-Reply-To: (Tony Finch's message of "Mon, 2 Jun 2003 14:01:07 +0100") References: Message-ID: <87y90kldny.fsf@grignard.amagerkollegiet.dk> Tony Finch writes: > Tim Bishop wrote: >> >>I'm running MailScanner with Exim on FreeBSD. This isn't strictly a >>MailScanner problem, but I suspect it's related to the way I've set Exim >>up to work with MailScanner. > > Yes. > >>The problem is that occasionally (but not always) locally generated >>messages such as cron output don't get deferred by the incoming exim. >>From my understanding of Exim it seems that it's ignored the queue_only, >>then tried to defer it. Then, for some reason, it's decided to fail >>the message. > > This is probably because the hints database for the incoming exim says > that addresses have been failing for such a long time that they bounce > immediately. You need to check that the spool directory configurations > for the incoming and outgoing exims are correct and that they are being > run with the correct commands, and check that /var/spool/exim_incoming/db > is empty (as it should be if the queue_only option is working). I have the same problem. The files in the db directory does not exist - but show up after some time. Could they appear due to this: root@gere:/etc# grep incoming /etc/cron.daily/exim exim_tidydb /var/spool/exim_incoming retry >/dev/null exim_tidydb /var/spool/exim_incoming wait-remote_smtp >/dev/null root@gere:/etc# This is Debian Woody with MailScanner 3.27.1-1 and exim 3.35-1. /Rasmus -- -- [ Rasmus "M?ffe" B?g Hansen ] --------------------------------------- Just install Windows. It will crash once a day, and your hardware will no longer be the poblem. ----------------------------------[ moffe at amagerkollegiet dot dk ] -- From tim-lists at BISHNET.NET Mon Jun 2 16:01:59 2003 From: tim-lists at BISHNET.NET (Tim Bishop) Date: Thu Jan 12 21:18:20 2006 Subject: Exim+MailScanner - not always queuing mail on "in" side In-Reply-To: References: Message-ID: <20030602150159.GB13592@carrick.bishnet.net> On Mon, Jun 02, 2003 at 02:01:07PM +0100, Tony Finch wrote: > Tim Bishop wrote: > > >The problem is that occasionally (but not always) locally generated > >messages such as cron output don't get deferred by the incoming exim. > >From my understanding of Exim it seems that it's ignored the queue_only, > >then tried to defer it. Then, for some reason, it's decided to fail > >the message. > > This is probably because the hints database for the incoming exim says > that addresses have been failing for such a long time that they bounce > immediately. You need to check that the spool directory configurations > for the incoming and outgoing exims are correct and that they are being > run with the correct commands, and check that /var/spool/exim_incoming/db > is empty (as it should be if the queue_only option is working). I did have a retry file in the exim.in/db directory - which was causing the bouncing. However, I think I know how this got there. Cron on FreeBSD runs sendmail (well, exim) with the -odi flag, which causes a second exim process to attempt delivery - even with the queue_only option switched on. Turning off this flag seems to have gone part way to fixing this... but it's still not entirely happy. It'd be nice if exim had a queue_only_always flag which would make it queue every time, and not permit anything else. Tim. -- Tim Bishop http://www.bishnet.net/tim PGP Key: 0x5AE7D984 From FCaen at CI.LAKEWOOD.WA.US Mon Jun 2 16:29:55 2003 From: FCaen at CI.LAKEWOOD.WA.US (Francois Caen) Date: Thu Jan 12 21:18:20 2006 Subject: New F-Prot Message-ID: Well, the new F-Prot line-up is up on f-prot.com Question is, which one to use with Mailscanner? The AV for Mail Servers seems to be overkill with its own daemon. The workstation version at $29 seems to be sufficient! Any comments? --------------------------------------------- Francois Caen Network Information Systems Engineer - Webmaster City of Lakewood, WA (253) 512-2269 NOTICE: The Information contained in this transmission is privileged and confidential. It is intended for the use of the individual or entity named above. If the reader of this message is not the intended addressee or other legitimate recipient, the reader is hereby notified that any consideration, dissemination or duplication of this communication is strictly prohibited. If the addressee has received this communication in error, please return it to the above address by mail and notify this office by telephone. City of Lakewood From mailscanner at ecs.soton.ac.uk Mon Jun 2 16:45:29 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:20 2006 Subject: New F-Prot In-Reply-To: Message-ID: <5.2.0.9.2.20030602164413.04339ba8@imap.ecs.soton.ac.uk> At 16:29 02/06/2003, you wrote: >Well, the new F-Prot line-up is up on f-prot.com > >Question is, which one to use with Mailscanner? The AV for Mail Servers >seems to be overkill with its own daemon. The workstation version at $29 >seems to be sufficient! From what I can see the only functionality you need is provided by the workstation edition. Can someone extract a copy of the licence from them and mail it to me, so I can whether they have anything to say on the subject of scanning mail attachments with it. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From lbergman at wtxs.net Mon Jun 2 16:55:33 2003 From: lbergman at wtxs.net (Lewis Bergman) Date: Thu Jan 12 21:18:20 2006 Subject: New F-Prot In-Reply-To: References: Message-ID: <200306021055.36753.lbergman@wtxs.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday 02 June 2003 10:29 am, Francois Caen wrote: > Well, the new F-Prot line-up is up on f-prot.com > > Question is, which one to use with Mailscanner? The AV for Mail Servers > seems to be overkill with its own daemon. The workstation version at $29 > seems to be sufficient! > > Any comments? Yes. Here is the biggest difference. $1920 for 500 mailboxes. For a price quote for a license for more than 500 mailboxes of F-Prot Antivirus for Linux Mail Servers, please contact our sales department. Looks like the license strategy of one low server fee is history. Time to take another look at Sophos again. - -- Lewis Bergman Texas Communications 4309 Maple St. Abilene, TX 79602-8044 915-695-6962 ext 115 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+23N4pT00mQjG01gRAqa+AJ9V6C/tWDQWpdV6+zz88y3w+8cn2QCdFsmM siC2WCwpk/XazQykFdUGc/A= =Ayku -----END PGP SIGNATURE----- From Kevin.Spicer at BMRB.CO.UK Mon Jun 2 16:58:12 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:18:20 2006 Subject: New F-Prot Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0A4AD96@pascal.priv.bmrb.co.uk> Its good to see that they've kept the personal version free for 'personal workstations' ( a bit of a grey area that since my personal workstation at home happens to also be a proxy server, file server, print server, web server for my home network!) Their mail solution seems a bit pricy at $1920 (based on 500 users) for something that seems to be a script which hooks into procmail. They also appear to be offering a .so file with the server version - I wonder if we'll see a perl wrapper API for that (like with SophosSavi)? > At 16:29 02/06/2003, you wrote: > >Well, the new F-Prot line-up is up on f-prot.com > > > >Question is, which one to use with Mailscanner? The AV for > Mail Servers > >seems to be overkill with its own daemon. The workstation > version at $29 > >seems to be sufficient! > > From what I can see the only functionality you need is > provided by the > workstation edition. > > Can someone extract a copy of the licence from them and mail > it to me, so I > can whether they have anything to say on the subject of scanning mail > attachments with it. > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From mailscanner at ecs.soton.ac.uk Mon Jun 2 17:17:45 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:20 2006 Subject: New F-Prot In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0A4AD96@pascal.priv.bmrb.co .uk> Message-ID: <5.2.0.9.2.20030602171518.04ee1d78@imap.ecs.soton.ac.uk> At 16:58 02/06/2003, you wrote: >Its good to see that they've kept the personal version free for 'personal >workstations' ( a bit of a grey area that since my personal workstation at >home happens to also be a proxy server, file server, print server, web >server for my home network!) > >Their mail solution seems a bit pricy at $1920 (based on 500 users) for >something that seems to be a script which hooks into procmail. > >They also appear to be offering a .so file with the server version - I >wonder if we'll see a perl wrapper API for that (like with SophosSavi)? The .so file is actually only a frontend for open() and a couple of other calls. It catches these calls and connects to the scanning *daemon* to ask it to do the scanning, before falling into the standard system open() call. It isn't actually the same thing as SophosSAVI at all. I hoped it would be like SophosSAVI, but I read the docs half an hour ago and it's no help at all. Might as well call the daemon myself. > > At 16:29 02/06/2003, you wrote: > > >Well, the new F-Prot line-up is up on f-prot.com > > > > > >Question is, which one to use with Mailscanner? The AV for > > Mail Servers > > >seems to be overkill with its own daemon. The workstation > > version at $29 > > >seems to be sufficient! > > > > From what I can see the only functionality you need is > > provided by the > > workstation edition. > > > > Can someone extract a copy of the licence from them and mail > > it to me, so I > > can whether they have anything to say on the subject of scanning mail > > attachments with it. > > -- > > Julian Field > > www.MailScanner.info > > MailScanner thanks transtec Computers for their support > > > > > >BMRB International >http://www.bmrb.co.uk >+44 (0)20 8566 5000 >_________________________________________________________________ >This message (and any attachment) is intended only for the >recipient and may contain confidential and/or privileged >material. If you have received this in error, please contact the >sender and delete this message immediately. Disclosure, copying >or other action taken in respect of this email or in >reliance on it is prohibited. BMRB International Limited >accepts no liability in relation to any personal emails, or >content of any email which does not directly relate to our >business. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Mon Jun 2 17:15:14 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:20 2006 Subject: New F-Prot In-Reply-To: <200306021055.36753.lbergman@wtxs.net> References: Message-ID: <5.2.0.9.2.20030602171438.042d92a0@imap.ecs.soton.ac.uk> At 16:55 02/06/2003, you wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >On Monday 02 June 2003 10:29 am, Francois Caen wrote: > > Well, the new F-Prot line-up is up on f-prot.com > > > > Question is, which one to use with Mailscanner? The AV for Mail Servers > > seems to be overkill with its own daemon. The workstation version at $29 > > seems to be sufficient! > > > > Any comments? >Yes. Here is the biggest difference. >$1920 for 500 mailboxes. >For a price quote for a license for more than 500 mailboxes of F-Prot >Antivirus for Linux Mail Servers, please contact our sales department. However, the "Mail Server" version isn't actually what you want, you just want to scan files. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From raymond at PROLOCATION.NET Mon Jun 2 17:29:11 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:20 2006 Subject: New F-Prot In-Reply-To: <5.2.0.9.2.20030602171438.042d92a0@imap.ecs.soton.ac.uk> Message-ID: Hi! > >For a price quote for a license for more than 500 mailboxes of F-Prot > >Antivirus for Linux Mail Servers, please contact our sales department. > > However, the "Mail Server" version isn't actually what you want, you just > want to scan files. Jesuz, a clueless droid made their new webpage :) For Linix / BSD Mail Servers we offer Linix haha. However the F-Prot Antivirus for Linux Workstations should do: F-Prot Antivirus for Linux Workstations therefore provides the same best of breed features as found throughout the F-Prot product line. It contains the F-Prot Antivirus Command-line Scanner and the F-prot Antivirus Updater. Thats the command line scanner. And it comes for just 29 USD :) Cool. Their pricing tool is nuts btw, one workstation is 29 and 2 x = 75 ? I'll order 10 seperate ones i think hahahaha. Its that i KNOW their product is good :) smile ... Bye, Raymond. From raymond at PROLOCATION.NET Mon Jun 2 17:30:01 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:20 2006 Subject: New F-Prot In-Reply-To: <5.2.0.9.2.20030602164413.04339ba8@imap.ecs.soton.ac.uk> Message-ID: Hi! > From what I can see the only functionality you need is provided by the > workstation edition. > > Can someone extract a copy of the licence from them and mail it to me, so I > can whether they have anything to say on the subject of scanning mail > attachments with it. Its plain files we scan. We dont scan mail do we ? =)) Bye, Raymond. From FCaen at CI.LAKEWOOD.WA.US Mon Jun 2 17:40:35 2003 From: FCaen at CI.LAKEWOOD.WA.US (Francois Caen) Date: Thu Jan 12 21:18:20 2006 Subject: New F-Prot Message-ID: -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > However, the "Mail Server" version isn't actually what you want, you just want to scan files. Yep. Especially if you run MS/F-Prot in front of an actual mailbox server (Exchange,...) and you have no mailboxes on the MS machine itself. Per-mailbox licensing is just ridiculous for proxies. --------------------------------------------- Francois Caen Network Information Systems Engineer - Webmaster City of Lakewood, WA (253) 512-2269 NOTICE: The Information contained in this transmission is privileged and confidential. It is intended for the use of the individual or entity named above. If the reader of this message is not the intended addressee or other legitimate recipient, the reader is hereby notified that any consideration, dissemination or duplication of this communication is strictly prohibited. If the addressee has received this communication in error, please return it to the above address by mail and notify this office by telephone. City of Lakewood From FCaen at CI.LAKEWOOD.WA.US Mon Jun 2 17:42:58 2003 From: FCaen at CI.LAKEWOOD.WA.US (Francois Caen) Date: Thu Jan 12 21:18:20 2006 Subject: New F-Prot Message-ID: -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > Can someone extract a copy of the licence from them and mail it to me, > so I can whether they have anything to say on the subject of scanning > mail attachments with it. I just emailed their sales folks asking for a license. I will let you know if/when I get a response. --------------------------------------------- Francois Caen Network Information Systems Engineer - Webmaster City of Lakewood, WA (253) 512-2269 NOTICE: The Information contained in this transmission is privileged and confidential. It is intended for the use of the individual or entity named above. If the reader of this message is not the intended addressee or other legitimate recipient, the reader is hereby notified that any consideration, dissemination or duplication of this communication is strictly prohibited. If the addressee has received this communication in error, please return it to the above address by mail and notify this office by telephone. City of Lakewood From cparker at SWATGEAR.COM Mon Jun 2 17:41:51 2003 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:18:20 2006 Subject: Safe to upgrade SpamAssassin? Message-ID: <001BD19C96E6E64E8750D72C2EA0ECEE1AE082@ati-ex-01.ati.local> Hello. I'm pretty new to MailScanner (I really like it so far) so I'm surveying the list about whether or not I can upgrade SpamAssassin. Currently I'm using SA 2.31, MS 4.20-3, on RH 8. I'd like to upgrade SA to the latest version (2.55). Aside from downloading the rpm and installing is there anything else I should do? And is there anything I should look out for? Thanks, Chris. From raymond at PROLOCATION.NET Mon Jun 2 17:55:24 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:20 2006 Subject: Safe to upgrade SpamAssassin? In-Reply-To: <001BD19C96E6E64E8750D72C2EA0ECEE1AE082@ati-ex-01.ati.local> Message-ID: Hi! > I'm pretty new to MailScanner (I really like it so far) so I'm > surveying the list about whether or not I can upgrade SpamAssassin. > Currently I'm using SA 2.31, MS 4.20-3, on RH 8. I'd like to upgrade SA > to the latest version (2.55). > > Aside from downloading the rpm and installing is there anything else I > should do? And is there anything I should look out for? You have to install spamassassin via CPAN. Install Mail::SpamAssassin Dont use the RPM's to avoid trouble. Bye, Raymond. From cparker at SWATGEAR.COM Mon Jun 2 18:15:55 2003 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:18:20 2006 Subject: Safe to upgrade SpamAssassin? Message-ID: <001BD19C96E6E64E8750D72C2EA0ECEE2B7BC3@ati-ex-01.ati.local> Raymond Dijkxhoorn wrote: > > I'm pretty new to MailScanner (I really like it so far) so I'm > > surveying the list about whether or not I can upgrade SpamAssassin. > > Currently I'm using SA 2.31, MS 4.20-3, on RH 8. I'd like to > > upgrade SA to the latest version (2.55). > > > > Aside from downloading the rpm and installing is there anything > > else I should do? And is there anything I should look out for? > > You have to install spamassassin via CPAN. > Install Mail::SpamAssassin > > Dont use the RPM's to avoid trouble. Ok, I think I can do that. One last bit of clarification though, does it cause a problem that the initial install of SA was done via RPM? Thanks, Chris. From mailscanner at ecs.soton.ac.uk Mon Jun 2 18:19:07 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:20 2006 Subject: Safe to upgrade SpamAssassin? In-Reply-To: <001BD19C96E6E64E8750D72C2EA0ECEE2B7BC3@ati-ex-01.ati.local > Message-ID: <5.2.1.1.2.20030602181810.02858b40@imap.ecs.soton.ac.uk> At 18:15 02/06/2003, you wrote: >Raymond Dijkxhoorn wrote: > > > > I'm pretty new to MailScanner (I really like it so far) so I'm > > > surveying the list about whether or not I can upgrade SpamAssassin. > > > Currently I'm using SA 2.31, MS 4.20-3, on RH 8. I'd like to > > > upgrade SA to the latest version (2.55). > > > > > > Aside from downloading the rpm and installing is there anything > > > else I should do? And is there anything I should look out for? > > > > You have to install spamassassin via CPAN. > > Install Mail::SpamAssassin > > > > Dont use the RPM's to avoid trouble. > >Ok, I think I can do that. One last bit of clarification though, does it >cause a problem that the initial install of SA was done via RPM? Delete the RPM before you start installing the new version. I can't remember the capitalisation used in the RPM, but one of these will do it: rpm -e spamassassin rpm -e SpamAssassin -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From raymond at PROLOCATION.NET Mon Jun 2 18:24:29 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:21 2006 Subject: Safe to upgrade SpamAssassin? In-Reply-To: <5.2.1.1.2.20030602181810.02858b40@imap.ecs.soton.ac.uk> Message-ID: Hi! > >Ok, I think I can do that. One last bit of clarification though, does it > >cause a problem that the initial install of SA was done via RPM? > Delete the RPM before you start installing the new version. I can't > remember the capitalisation used in the RPM, but one of these will do it: > rpm -e spamassassin > rpm -e SpamAssassin grep spam /var/log/rpmpkgs =) On one of my older boxes i had: [raymond@fallback log]$ grep spam /var/log/rpmpkgs spamassassin-2.53-1.i386.rpm spamassassin-tools-2.53-1.i386.rpm Bye, Raymond. From cparker at SWATGEAR.COM Mon Jun 2 18:31:01 2003 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:18:21 2006 Subject: Safe to upgrade SpamAssassin? Message-ID: <001BD19C96E6E64E8750D72C2EA0ECEE2B7BC6@ati-ex-01.ati.local> Julian Field wrote: > > > > Aside from downloading the rpm and installing is there anything > > > > else I should do? And is there anything I should look out for? > > > > > > You have to install spamassassin via CPAN. > > > Install Mail::SpamAssassin > > > > > > Dont use the RPM's to avoid trouble. > > > > Ok, I think I can do that. One last bit of clarification though, > > does it cause a problem that the initial install of SA was done via > > RPM? > > Delete the RPM before you start installing the new version. I can't > remember the capitalisation used in the RPM, but one of these will do > it: rpm -e spamassassin > rpm -e SpamAssassin I'll give it a shot and let everyone know how it goes. Thanks, Chris. From mbowman at UDCOM.COM Mon Jun 2 18:55:57 2003 From: mbowman at UDCOM.COM (Matthew Bowman) Date: Thu Jan 12 21:18:21 2006 Subject: New F-Prot Message-ID: Hello F-Prot are doing what Sophos have been doing - charging by mailbox. This is not suitable for an ISP with a Mail Gateway that has no mailboxes. Like ourselves. So is it the general opinon that all one has to purchase is the workstation version at $29 per Mail Gateway ? Matthew Bowman -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030602/bd1b47d6/attachment.html From lbergman at wtxs.net Mon Jun 2 19:12:05 2003 From: lbergman at wtxs.net (Lewis Bergman) Date: Thu Jan 12 21:18:21 2006 Subject: New F-Prot In-Reply-To: References: Message-ID: <200306021312.10504.lbergman@wtxs.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday 02 June 2003 12:55 pm, Matthew Bowman wrote: > Hello > > F-Prot are doing what Sophos have been doing - charging by mailbox. This > is not suitable for an ISP with a Mail Gateway that has no mailboxes. Like > ourselves. So is it the general opinon that all one has to purchase is > the workstation version at $29 per Mail Gateway ? I haven't seen the license. The license, not general opinion, would determine this I would think. - -- Lewis Bergman Texas Communications 4309 Maple St. Abilene, TX 79602-8044 915-695-6962 ext 115 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+25N6pT00mQjG01gRAgcbAJ9IneyL0d26XISf5sa0tW/ef+BnygCfU1Ac Yoc1fXZh8ksSUztkhDCb5YA= =YiHZ -----END PGP SIGNATURE----- From brian at UNEARTHED.ORG Mon Jun 2 19:21:05 2003 From: brian at UNEARTHED.ORG (Brian May) Date: Thu Jan 12 21:18:21 2006 Subject: Upgrade problem... Message-ID: <007801c32933$c27bf3c0$9701020a@brianmay> for some reason after the upgrade to the latest and greatest.. the command: /etc/init.d/MailScanner start starts two instances of sendmail in and out... but if I call: /etc/init.d/MailScanner startin /etc/init.d/MailScanner startout /usr/sbin/check_mailscanner it works fine... which is extremely odd.. since that's what '/etc/init.d/MailScanner start' does... And yes, before I started '/etc/init.d/MailScanner start' I made sure that no rouge copies of sendmail or mailscanner were running... From michele at BLACKNIGHTSOLUTIONS.COM Mon Jun 2 19:26:07 2003 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: BlacknightSolutions) Date: Thu Jan 12 21:18:21 2006 Subject: Upgrade problem... In-Reply-To: <007801c32933$c27bf3c0$9701020a@brianmay> Message-ID: <200306021826.h52IQHp30573@camelot.blacknightsolutions.com> > for some reason after the upgrade to the latest and > greatest.. the command: > > /etc/init.d/MailScanner start > > starts two instances of sendmail in and out... > > but if I call: > /etc/init.d/MailScanner startin > /etc/init.d/MailScanner startout > /usr/sbin/check_mailscanner > > it works fine... which is extremely odd.. since that's what > '/etc/init.d/MailScanner start' does... > > And yes, before I started '/etc/init.d/MailScanner start' I > made sure that no rouge copies of sendmail or mailscanner > were running... > What about the command: service MailScanner restart ? Does that also bork? ######################################################### This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance to it is prohibited. From email at ace.net.au Mon Jun 2 19:28:50 2003 From: email at ace.net.au (Peter Nitschke) Date: Thu Jan 12 21:18:21 2006 Subject: Safe to upgrade SpamAssassin? In-Reply-To: References: Message-ID: <200306030358500848.00B35541@smtp1.ace.net.au> I used the source RPM and it has worked just fine on both RH7.3 and RH9 Peter *********** REPLY SEPARATOR *********** On 2/06/2003 at 6:55 PM Raymond Dijkxhoorn wrote: >Hi! > >> I'm pretty new to MailScanner (I really like it so far) so I'm >> surveying the list about whether or not I can upgrade SpamAssassin. >> Currently I'm using SA 2.31, MS 4.20-3, on RH 8. I'd like to upgrade SA >> to the latest version (2.55). >> >> Aside from downloading the rpm and installing is there anything else I >> should do? And is there anything I should look out for? > >You have to install spamassassin via CPAN. >Install Mail::SpamAssassin > >Dont use the RPM's to avoid trouble. > >Bye, >Raymond. From brian at UNEARTHED.ORG Mon Jun 2 19:44:14 2003 From: brian at UNEARTHED.ORG (Brian May) Date: Thu Jan 12 21:18:21 2006 Subject: Upgrade problem... References: <200306021826.h52IQHp30573@camelot.blacknightsolutions.com> Message-ID: <00b701c32938$ede87dd0$9701020a@brianmay> Must have been something else that was mucking stuff up.. service MailScanner restart and /etc/init.d/MailScanner restart (which I assume is the exact same thing) work fine now.. *shrug* Brian ----- Original Message ----- From: "Michele Neylon :: BlacknightSolutions" To: Sent: Monday, June 02, 2003 11:26 AM Subject: Re: Upgrade problem... > for some reason after the upgrade to the latest and > greatest.. the command: > > /etc/init.d/MailScanner start > > starts two instances of sendmail in and out... > > but if I call: > /etc/init.d/MailScanner startin > /etc/init.d/MailScanner startout > /usr/sbin/check_mailscanner > > it works fine... which is extremely odd.. since that's what > '/etc/init.d/MailScanner start' does... > > And yes, before I started '/etc/init.d/MailScanner start' I > made sure that no rouge copies of sendmail or mailscanner > were running... > What about the command: service MailScanner restart ? Does that also bork? ######################################################### This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance to it is prohibited. From cparker at SWATGEAR.COM Mon Jun 2 20:32:14 2003 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:18:21 2006 Subject: Safe to upgrade SpamAssassin? Message-ID: <001BD19C96E6E64E8750D72C2EA0ECEE2B7BC9@ati-ex-01.ati.local> Chris W. Parker <> wrote: > I'll give it a shot and let everyone know how it goes. The CPAN thing didn't work. It continuously timed out when trying to connect to ftp.cpan.org. So I tried rebuilding the source rpm, that didn't work either*. Then I just downloaded the i386.rpm and installed that. As far as I know it's installed and working. How can I verify what version of SA is being used? Thanks, Chris. * Probably user error. From mailscanner at ecs.soton.ac.uk Mon Jun 2 20:45:22 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:21 2006 Subject: Safe to upgrade SpamAssassin? In-Reply-To: <001BD19C96E6E64E8750D72C2EA0ECEE2B7BC9@ati-ex-01.ati.local > Message-ID: <5.2.1.1.2.20030602204155.023901f0@imap.ecs.soton.ac.uk> At 20:32 02/06/2003, you wrote: >Chris W. Parker <> wrote: > > > I'll give it a shot and let everyone know how it goes. > >The CPAN thing didn't work. It continuously timed out when trying to >connect to ftp.cpan.org. So I tried rebuilding the source rpm, that didn't >work either*. Then I just downloaded the i386.rpm and installed that. As >far as I know it's installed and working. How can I verify what version of >SA is being used? The problem with the i386.rpm is that on many versions of many OS's it gets the paths wrong and won't actually work. If you are lucky, then perl use Mail::SpamAssassin; print $Mail::SpamAssassin::VERSION . "\n"; (then press Ctrl-D and it will print the version number). >Thanks, >Chris. > >* Probably user error. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From cparker at SWATGEAR.COM Mon Jun 2 20:54:28 2003 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:18:21 2006 Subject: Safe to upgrade SpamAssassin? Message-ID: <001BD19C96E6E64E8750D72C2EA0ECEE2B7BCA@ati-ex-01.ati.local> Julian Field wrote: > At 20:32 02/06/2003, you wrote: > > Chris W. Parker <> wrote: > > > > > I'll give it a shot and let everyone know how it goes. > > > > The CPAN thing didn't work. It continuously timed out when trying to > > connect to ftp.cpan.org. So I tried rebuilding the source rpm, that > > didn't work either*. Then I just downloaded the i386.rpm and > > installed that. As far as I know it's installed and working. How > > can I verify what version of SA is being used? > > The problem with the i386.rpm is that on many versions of many OS's > it gets the paths wrong and won't actually work. If you are lucky, > then perl use Mail::SpamAssassin; > print $Mail::SpamAssassin::VERSION . "\n"; > (then press Ctrl-D and it will print the version number). Says 2.55. Does that indicate all is well? Chris. From cparker at SWATGEAR.COM Mon Jun 2 20:59:20 2003 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:18:21 2006 Subject: SpamAssassin timed out and was killed... box too slow? Message-ID: <001BD19C96E6E64E8750D72C2EA0ECEE1AE087@ati-ex-01.ati.local> Hello. We have relatively low email traffic (approx. 450/day on work days) and I receive quite a few of these in my /var/log/maillog: May 17 04:03:08 filter MailScanner[3324]: SpamAssassin timed out and was killed, consecutive failure 1 of 20 Does this mean my computer is too slow? It's a 200mhz pentium!!! :) I can imagine that it IS too slow, but I just want to make sure it's not a configuration problem. Do you think increasing the timeout would help or would that make it worse? Thaks, Chris. From kevins at BMRB.CO.UK Mon Jun 2 21:10:37 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:21 2006 Subject: SpamAssassin timed out and was killed... box too slow? In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0011756CA@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB0011756CA@pascal.priv.bmrb.co.uk> Message-ID: <1054584637.4655.9.camel@bach.kevinspicer.co.uk> >On Mon, 2003-06-02 at 20:59, Chris W. Parker wrote: Hello. We have relatively low email traffic (approx. 450/day on work days) and I receive quite a few of these in my /var/log/maillog: >May 17 04:03:08 filter MailScanner[3324]: SpamAssassin timed out and >was killed, consecutive failure 1 of 20 >Does this mean my computer is too slow? It's a 200mhz pentium!!! Probably not - more likely this was an RBL which failed to respond in a timely fashion. It probably a good idea to tweak the SpamAssassin Timeout in MailScanner.conf to 40s (if its not there already) as some internal SpamAssassin timeouts are 30s. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From mailscanner at ecs.soton.ac.uk Mon Jun 2 21:14:54 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:21 2006 Subject: SpamAssassin timed out and was killed... box too slow? In-Reply-To: <001BD19C96E6E64E8750D72C2EA0ECEE1AE087@ati-ex-01.ati.local > Message-ID: <5.2.1.1.2.20030602211319.0254b960@imap.ecs.soton.ac.uk> At 20:59 02/06/2003, you wrote: >Hello. > >We have relatively low email traffic (approx. 450/day on work days) and I >receive quite a few of these in my /var/log/maillog: > >May 17 04:03:08 filter MailScanner[3324]: SpamAssassin timed out and was >killed, consecutive failure 1 of 20 > >Does this mean my computer is too slow? It's a 200mhz pentium!!! :) I can >imagine that it IS too slow, but I just want to make sure it's not a >configuration problem. Do you think increasing the timeout would help or >would that make it worse? In MailScanner.conf, set the SpamAssassin timeout to 40 seconds. SA has internal 30 second timeouts, hence the 40 seconds. The other thing to try is skip_rbl_checks 1 in spam.assassin.prefs.conf to see if it is RBL checks that are timing out. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From cparker at SWATGEAR.COM Mon Jun 2 21:14:49 2003 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:18:21 2006 Subject: SpamAssassin timed out and was killed... box too slow? Message-ID: <001BD19C96E6E64E8750D72C2EA0ECEE2B7BCC@ati-ex-01.ati.local> Kevin Spicer wrote: > > On Mon, 2003-06-02 at 20:59, Chris W. Parker wrote: > > Hello. > > We have relatively low email traffic (approx. 450/day on work days) > and I receive quite a few of these in my /var/log/maillog: > > > May 17 04:03:08 filter MailScanner[3324]: SpamAssassin timed out and > > was killed, consecutive failure 1 of 20 > > > Does this mean my computer is too slow? It's a 200mhz pentium!!! > > Probably not - more likely this was an RBL which failed to respond in > a timely fashion. It probably a good idea to tweak the SpamAssassin > Timeout in MailScanner.conf to 40s (if its not there already) as some > internal SpamAssassin timeouts are 30s. Actually I've got RBL checking turned off and my SA timeout is already set at 60s. Any other ideas? Chris. From mailscanner at ecs.soton.ac.uk Mon Jun 2 21:12:59 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:21 2006 Subject: Safe to upgrade SpamAssassin? In-Reply-To: <001BD19C96E6E64E8750D72C2EA0ECEE2B7BCA@ati-ex-01.ati.local > Message-ID: <5.2.1.1.2.20030602211234.04178e58@imap.ecs.soton.ac.uk> At 20:54 02/06/2003, you wrote: >Julian Field wrote: > > > At 20:32 02/06/2003, you wrote: > > > Chris W. Parker <> wrote: > > > > > > > I'll give it a shot and let everyone know how it goes. > > > > > > The CPAN thing didn't work. It continuously timed out when trying to > > > connect to ftp.cpan.org. So I tried rebuilding the source rpm, that > > > didn't work either*. Then I just downloaded the i386.rpm and > > > installed that. As far as I know it's installed and working. How > > > can I verify what version of SA is being used? > > > > The problem with the i386.rpm is that on many versions of many OS's > > it gets the paths wrong and won't actually work. If you are lucky, > > then perl use Mail::SpamAssassin; > > print $Mail::SpamAssassin::VERSION . "\n"; > > (then press Ctrl-D and it will print the version number). > >Says 2.55. Does that indicate all is well? Sounds promising :) -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mikea at MIKEA.ATH.CX Mon Jun 2 21:17:32 2003 From: mikea at MIKEA.ATH.CX (mikea) Date: Thu Jan 12 21:18:21 2006 Subject: SpamAssassin timed out and was killed... box too slow? In-Reply-To: <001BD19C96E6E64E8750D72C2EA0ECEE1AE087@ati-ex-01.ati.local>; from cparker@SWATGEAR.COM on Mon, Jun 02, 2003 at 12:59:20PM -0700 References: <001BD19C96E6E64E8750D72C2EA0ECEE1AE087@ati-ex-01.ati.local> Message-ID: <20030602151732.A35280@mikea.ath.cx> On Mon, Jun 02, 2003 at 12:59:20PM -0700, Chris W. Parker wrote: > Hello. > We have relatively low email traffic (approx. 450/day on work days) > and I receive quite a few of these in my /^/> /var/log/maillog: > May 17 04:03:08 filter MailScanner[3324]: SpamAssassin timed out and > was killed, consecutive failure 1 of 20 > Does this mean my computer is too slow? It's a 200mhz pentium!!! :) > I can imagine that it IS too slow, but I just want to make sure it's > not a configuration problem. Do you think increasing the timeout > would help or would that make it worse? It more probably means that sometimes the first attempt to check some IP address or machine name in a DNSbl is timing out. If you see things like : consecutive failure 1 of 20 : consecutive failure 2 of 20 : consecutive failure 3 of 20 : consecutive failure 4 of 20 : ... : consecutive failure 20 of 20 then you have a problem and need to fix it. If the box isn't keeping up with incoming mail, than that can be a problem, too, and you may want to review your DNSbl configuration. But it you're just seeing the occasional "failure 1 of 20" and the box is keepnig up, things probably are OK. As to box speed, that's not really a consideration: my 233 MHz P-III keeps up nicely with about about 6K inbound mails each workday, of which about 20 to 25% are spam on any given workday. it's memory size that's the worst constraint, with swap device speed being next in my experience. CPU speed is way down on the list. -- Mike Andrews mikea@mikea.ath.cx Tired old sysadmin since 1964 From jase at SENSIS.COM Mon Jun 2 21:22:59 2003 From: jase at SENSIS.COM (Desai, Jason) Date: Thu Jan 12 21:18:21 2006 Subject: SpamAssassin timed out and was killed... box to o slow? Message-ID: > > > On Mon, 2003-06-02 at 20:59, Chris W. Parker wrote: > > > > Hello. > > > > We have relatively low email traffic (approx. 450/day on work days) > > and I receive quite a few of these in my /var/log/maillog: > > > > > May 17 04:03:08 filter MailScanner[3324]: SpamAssassin > timed out and > > > was killed, consecutive failure 1 of 20 > > > > > Does this mean my computer is too slow? It's a 200mhz pentium!!! > > > > Probably not - more likely this was an RBL which failed to > respond in > > a timely fashion. It probably a good idea to tweak the SpamAssassin > > Timeout in MailScanner.conf to 40s (if its not there > already) as some > > internal SpamAssassin timeouts are 30s. > > Actually I've got RBL checking turned off and my SA timeout > is already set at 60s. > > Any other ideas? > > > Chris. You can try turning off bayes checking in spam assassin by setting use_bayes 0 in spam.assasin.prefs.conf Jason From mailscanner at ecs.soton.ac.uk Mon Jun 2 21:23:03 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:21 2006 Subject: SpamAssassin timed out and was killed... box too slow? In-Reply-To: <001BD19C96E6E64E8750D72C2EA0ECEE2B7BCC@ati-ex-01.ati.local > Message-ID: <5.2.1.1.2.20030602211938.04172c88@imap.ecs.soton.ac.uk> At 21:14 02/06/2003, you wrote: >Kevin Spicer wrote: > > > > On Mon, 2003-06-02 at 20:59, Chris W. Parker wrote: > > > > Hello. > > > > We have relatively low email traffic (approx. 450/day on work days) > > and I receive quite a few of these in my /var/log/maillog: > > > > > May 17 04:03:08 filter MailScanner[3324]: SpamAssassin timed out and > > > was killed, consecutive failure 1 of 20 > > > > > Does this mean my computer is too slow? It's a 200mhz pentium!!! > > > > Probably not - more likely this was an RBL which failed to respond in > > a timely fashion. It probably a good idea to tweak the SpamAssassin > > Timeout in MailScanner.conf to 40s (if its not there already) as some > > internal SpamAssassin timeouts are 30s. > >Actually I've got RBL checking turned off and my SA timeout is already set >at 60s. > >Any other ideas? Kill all the MailScanner processes (some of them will take several seconds to die, let them get on with it). Edit /etc/MailScanner/MailScanner.conf. Set Debug = yes Set Debug SpamAssassin = yes Wait until you have a few messages collected in /var/spool/mqueue.in. Then run "check_MailScanner". It should spew output about SpamAssassin, during which it will hopefully pause, waiting for something to happen. The output when it pauses should hopefully give you some clue about why it is timing out. It will run 1 batch of messages and then quit. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From kevins at BMRB.CO.UK Mon Jun 2 21:26:37 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:21 2006 Subject: SpamAssassin timed out and was killed... box too slow? In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0011756CE@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB0011756CE@pascal.priv.bmrb.co.uk> Message-ID: <1054585598.4655.15.camel@bach.kevinspicer.co.uk> >Actually I've got RBL checking turned off and my SA timeout is already >set at 60s. >Any other ideas? Well, IIRC SA does some lookups anyway (even with rbls turned off), not to mention any of the razor, pyzor, dcc checks you may or may not be using. Anyway its nothing to worry about if its just the occasional message. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From moffelist at AMAGERKOLLEGIET.DK Mon Jun 2 21:32:59 2003 From: moffelist at AMAGERKOLLEGIET.DK (=?iso-8859-1?q?Rasmus_B=F8g_Hansen?=) Date: Thu Jan 12 21:18:21 2006 Subject: Exim+MailScanner - not always queuing mail on "in" side In-Reply-To: <20030602150159.GB13592@carrick.bishnet.net> (Tim Bishop's message of "Mon, 2 Jun 2003 16:01:59 +0100") References: <20030602150159.GB13592@carrick.bishnet.net> Message-ID: <871xyckyo4.fsf@grignard.amagerkollegiet.dk> Tim Bishop writes: > I did have a retry file in the exim.in/db directory - which was > causing the bouncing. However, I think I know how this got there. > > Cron on FreeBSD runs sendmail (well, exim) with the -odi flag, which > causes a second exim process to attempt delivery - even with the > queue_only option switched on. Turning off this flag seems to have > gone part way to fixing this... but it's still not entirely happy. How do you turn off -odi? It seems that one must recompile cron to do this - but of course, cron on Debian Linux may be different... /Rasmus -- -- [ Rasmus "M?ffe" B?g Hansen ] --------------------------------------- Defense?? What am I to defend?? Am I in war?? ----------------------------------[ moffe at amagerkollegiet dot dk ] -- From cparker at SWATGEAR.COM Mon Jun 2 21:53:03 2003 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:18:21 2006 Subject: SpamAssassin timed out and was killed... box too slow? Message-ID: <001BD19C96E6E64E8750D72C2EA0ECEE1AE088@ati-ex-01.ati.local> Kevin Spicer wrote: > > Actually I've got RBL checking turned off and my SA timeout is > > already set at 60s. > > > Any other ideas? > > Well, IIRC SA does some lookups anyway (even with rbls turned off), > not to mention any of the razor, pyzor, dcc checks you may or may not > be using. Anyway its nothing to worry about if its just the > occasional message. I would agree except that I think it happens more than occasionally. Let me ask this question, even though it seems to time out frequently the consecutive failure count usually doesn't go past one. Here is an example, a few lines from my log. (i modified each line to try and shorten it as much as I could.) (These are all from today.) Jun 2 12:23:03 MS[nn]: SA timed out and was killed, consecutive failure 1 of 20 Jun 2 12:23:36 MS[nn]: SA timed out and was killed, consecutive failure 1 of 20 Jun 2 12:46:38 MS[nn]: SA timed out and was killed, consecutive failure 1 of 20 Jun 2 12:48:21 MS[nn]: SA timed out and was killed, consecutive failure 1 of 20 Jun 2 13:16:31 MS[nn]: SA timed out and was killed, consecutive failure 1 of 20 Jun 2 13:16:36 MS[nn]: SA timed out and was killed, consecutive failure 1 of 20 Jun 2 13:16:36 MS[nn]: SA timed out and was killed, consecutive failure 1 of 20 Jun 2 13:27:05 MS[nn]: SA timed out and was killed, consecutive failure 1 of 20 Jun 2 13:29:03 MS[nn]: SA timed out and was killed, consecutive failure 2 of 20 Jun 2 13:33:22 MS[nn]: SA timed out and was killed, consecutive failure 2 of 20 Jun 2 13:35:12 MS[nn]: SA timed out and was killed, consecutive failure 2 of 20 Jun 2 13:42:31 MS[nn]: SA timed out and was killed, consecutive failure 3 of 20 Does the consecutive failure count get reset every few minutes or something? Otherwise I don't understand why the number stays at 1 so much. It looks like it is well on it's way to 20 but the last timeout only shows 3. It seems to me that if the count went to 20 all the time it would indicate that the box is indeed too slow. Thanks, Chris. From Andrew.Magnusson at COCC.COM Mon Jun 2 21:59:58 2003 From: Andrew.Magnusson at COCC.COM (Magnusson, Andrew) Date: Thu Jan 12 21:18:21 2006 Subject: MailScanner delivering blocked attachments? Message-ID: We've got two email gateways, both running MailScanner 4.20-3. This afternoon we had a strange occurrence: an .exe (banned attachment) was tagged by the outside gateway as banned, yet still delivered to the inside gateway with the attachment intact. (See log snippets.) THEN, as this user is apparently nonexistent, the bounce message, with attachment intact, passed back through the internal gateway! This time, however, the attachment was stripped. Any idea why this might have happened? Never seen this before; all other EXEs and other banned filetypes have been dropped with no problem. External gateway ("1.1.1.2"): Jun 2 15:58:30 external-smtp sendmail[29916]: h52JwT829916: from=, size=10272, class=0, nrcpts=1, msgid=<4F043329520A7A4D997C792418D9E552010991CC@osgood.yyy.com>, proto=SMTP, daemon=MTA, relay=mail.yyy.com [000.000.000.000] Jun 2 15:58:30 external-smtp sendmail[29916]: h52JwT829916: to=, delay=00:00:01, mailer=esmtp, pri=40272, stat=queued Jun 2 15:58:33 external-smtp MailScanner[18247]: Saved entire message to /var/spool/MailScanner/quarantine/20030602/h52JwT829916 Jun 2 15:58:33 external-smtp MailScanner[18247]: Saved infected "REPAIR.EXE" to /var/spool/MailScanner/quarantine/20030602/h52JwT829916 Jun 2 15:59:33 external-smtp sendmail[29990]: h52JwT829916: to=, delay=00:01:04, xdelay=00:00:00, mailer=esmtp, pri=130272, relay=[1.1.1.1] [1.1.1.1], dsn=2.0.0, stat=Sent (h52JxX5j021222 Message accepted for delivery) Internal gateway ("1.1.1.1"): Jun 2 15:59:33 smtp sendmail[21222]: h52JxX5j021222: from=, size=1977, class=0, nrcpts=1, msgid=<4F043329520A7A4D997C792418D9E552010991CC@osgood.yyy.com>, proto=ESMTP, daemon=MTA, relay=external-smtp.cocci.com [1.1.1.2] Jun 2 15:59:33 smtp sendmail[21222]: h52JxX5j021222: to=, delay=00:00:00, mailer=esmtp, pri=31029, stat=queued Jun 2 15:59:35 smtp MailScanner[21082]: Saved entire message to /var/spool/MailScanner/quarantine/20030602/h52JxX5j021222 Jun 2 15:59:35 smtp MailScanner[21082]: Saved infected "REPAIR.EXE" to /var/spool/MailScanner/quarantine/20030602/h52JxX5j021222 Jun 2 16:00:52 smtp sendmail[21488]: h52JxX5j021222: to=, delay=00:01:19, xdelay=00:00:00, mailer=esmtp, pri=121029, relay=[2.2.2.2] [2.2.2.2], dsn=2.0.0, stat=Sent (Ok) Then, on the internal: Jun 2 16:00:53 smtp sendmail[21520]: h52K0r5f021520: from=<>, size=2793, class=0, nrcpts=1, msgid=, proto=SMTP, daemon=MTA, relay=[2.2.2.2] Jun 2 16:00:53 smtp sendmail[21520]: h52K0r5f021520: to=, delay=00:00:00, mailer=relay, pri=30430, stat=queued Jun 2 16:00:54 smtp MailScanner[20490]: Saved entire message to /var/spool/MailScanner/quarantine/20030602/h52K0r5f021520 Jun 2 16:00:54 smtp MailScanner[20490]: Saved infected "REPAIR.EXE" to /var/spool/MailScanner/quarantine/20030602/h52K0r5f021520 Jun 2 16:01:38 smtp sendmail[21721]: h52K0r5f021520: to=, delay=00:00:45, xdelay=00:00:00, mailer=relay, pri=120430, relay=[1.1.1.2] [1.1.1.2], dsn=2.0.0, stat=Sent (h52K1c830645 Message accepted for delivery) Andrew Magnusson Internet Product Analyst COCC 1-877-678-0444 extension 640 *** This message originates from COCC, Inc. If the reader of this message, regardless of the address or routing, is not an intended recipient, you are hereby notified that you have received this transmittal in error and any review; use, distribution, dissemination or copying is strictly prohibited. If you have received this message in error, please delete this e-mail and all files transmitted with it from your system and immediately notify COCC, Inc. by sending reply e-mail to the sender of this message. Thank you. *** From mikea at MIKEA.ATH.CX Mon Jun 2 22:00:58 2003 From: mikea at MIKEA.ATH.CX (mikea) Date: Thu Jan 12 21:18:21 2006 Subject: SpamAssassin timed out and was killed... box too slow? In-Reply-To: <001BD19C96E6E64E8750D72C2EA0ECEE1AE088@ati-ex-01.ati.local>; from cparker@SWATGEAR.COM on Mon, Jun 02, 2003 at 01:53:03PM -0700 References: <001BD19C96E6E64E8750D72C2EA0ECEE1AE088@ati-ex-01.ati.local> Message-ID: <20030602160058.A35731@mikea.ath.cx> On Mon, Jun 02, 2003 at 01:53:03PM -0700, Chris W. Parker wrote: > Kevin Spicer wrote: > > > > Actually I've got RBL checking turned off and my SA timeout is > > > already set at 60s. > > > > > Any other ideas? > > > > Well, IIRC SA does some lookups anyway (even with rbls turned off), > > not to mention any of the razor, pyzor, dcc checks you may or may not > > be using. Anyway its nothing to worry about if its just the > > occasional message. > > I would agree except that I think it happens more than occasionally. Let me ask this question, even though it seems to time out frequently the consecutive failure count usually doesn't go past one. Here is an example, a few lines from my log. (i modified each line to try and shorten it as much as I could.) (These are all from today.) > > Jun 2 12:23:03 MS[nn]: SA timed out and was killed, consecutive failure 1 of 20 > Jun 2 12:23:36 MS[nn]: SA timed out and was killed, consecutive failure 1 of 20 > Jun 2 12:46:38 MS[nn]: SA timed out and was killed, consecutive failure 1 of 20 > Jun 2 12:48:21 MS[nn]: SA timed out and was killed, consecutive failure 1 of 20 > Jun 2 13:16:31 MS[nn]: SA timed out and was killed, consecutive failure 1 of 20 > Jun 2 13:16:36 MS[nn]: SA timed out and was killed, consecutive failure 1 of 20 > Jun 2 13:16:36 MS[nn]: SA timed out and was killed, consecutive failure 1 of 20 > Jun 2 13:27:05 MS[nn]: SA timed out and was killed, consecutive failure 1 of 20 > Jun 2 13:29:03 MS[nn]: SA timed out and was killed, consecutive failure 2 of 20 > Jun 2 13:33:22 MS[nn]: SA timed out and was killed, consecutive failure 2 of 20 > Jun 2 13:35:12 MS[nn]: SA timed out and was killed, consecutive failure 2 of 20 > Jun 2 13:42:31 MS[nn]: SA timed out and was killed, consecutive failure 3 of 20 > > Does the consecutive failure count get reset every few minutes or something? Otherwise I don't understand why the number stays at 1 so much. It looks like it is well on it's way to 20 but the last timeout only shows 3. > > It seems to me that if the count went to 20 all the time it would indicate that the box is indeed too slow. The [nn] is the process ID for the process that is timing out. Every time MS starts a new MS process, the timer restarts. It would be nice if you would wrap your lines somewhere around 65 to 75 characters, possibly excepting quoted or copied lines such as maillog entries, so that they don't wind up looking like this, because not everyone can read terribly long lines with the same degree of ease, and indeed some people can't read them at all. OK? Thanks. -- Mike Andrews mikea@mikea.ath.cx Tired old sysadmin since 1964 From mailscanner at ecs.soton.ac.uk Mon Jun 2 22:00:41 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:21 2006 Subject: SpamAssassin timed out and was killed... box too slow? In-Reply-To: <001BD19C96E6E64E8750D72C2EA0ECEE1AE088@ati-ex-01.ati.local > Message-ID: <5.2.1.1.2.20030602220000.041548b8@imap.ecs.soton.ac.uk> At 21:53 02/06/2003, you wrote: >Kevin Spicer wrote: > > > > Actually I've got RBL checking turned off and my SA timeout is > > > already set at 60s. > > > > > Any other ideas? > > > > Well, IIRC SA does some lookups anyway (even with rbls turned off), > > not to mention any of the razor, pyzor, dcc checks you may or may not > > be using. Anyway its nothing to worry about if its just the > > occasional message. > >I would agree except that I think it happens more than occasionally. Let >me ask this question, even though it seems to time out frequently the >consecutive failure count usually doesn't go past one. Here is an example, >a few lines from my log. (i modified each line to try and shorten it as >much as I could.) (These are all from today.) > >Jun 2 12:23:03 MS[nn]: SA timed out and was killed, consecutive failure 1 >of 20 >Jun 2 12:23:36 MS[nn]: SA timed out and was killed, consecutive failure 1 >of 20 >Jun 2 12:46:38 MS[nn]: SA timed out and was killed, consecutive failure 1 >of 20 >Jun 2 12:48:21 MS[nn]: SA timed out and was killed, consecutive failure 1 >of 20 >Jun 2 13:16:31 MS[nn]: SA timed out and was killed, consecutive failure 1 >of 20 >Jun 2 13:16:36 MS[nn]: SA timed out and was killed, consecutive failure 1 >of 20 >Jun 2 13:16:36 MS[nn]: SA timed out and was killed, consecutive failure 1 >of 20 >Jun 2 13:27:05 MS[nn]: SA timed out and was killed, consecutive failure 1 >of 20 >Jun 2 13:29:03 MS[nn]: SA timed out and was killed, consecutive failure 2 >of 20 >Jun 2 13:33:22 MS[nn]: SA timed out and was killed, consecutive failure 2 >of 20 >Jun 2 13:35:12 MS[nn]: SA timed out and was killed, consecutive failure 2 >of 20 >Jun 2 13:42:31 MS[nn]: SA timed out and was killed, consecutive failure 3 >of 20 > >Does the consecutive failure count get reset every few minutes or >something? Otherwise I don't understand why the number stays at 1 so much. >It looks like it is well on it's way to 20 but the last timeout only shows 3. > >It seems to me that if the count went to 20 all the time it would indicate >that the box is indeed too slow. Was the value of "nn" always the same? If not, then it is all different independent MailScanner processes timing out. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Mon Jun 2 22:05:52 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:21 2006 Subject: MailScanner delivering blocked attachments? In-Reply-To: Message-ID: <5.2.1.1.2.20030602220529.0418ce48@imap.ecs.soton.ac.uk> Has anyone else seen this happening? At 21:59 02/06/2003, you wrote: >We've got two email gateways, both running MailScanner 4.20-3. This >afternoon we had a strange occurrence: an .exe (banned attachment) was >tagged by the outside gateway as banned, yet still delivered to the inside >gateway with the attachment intact. (See log snippets.) THEN, as this user >is apparently nonexistent, the bounce message, with attachment intact, >passed back through the internal gateway! This time, however, the attachment >was stripped. > >Any idea why this might have happened? Never seen this before; all other >EXEs and other banned filetypes have been dropped with no problem. > >External gateway ("1.1.1.2"): > >Jun 2 15:58:30 external-smtp sendmail[29916]: h52JwT829916: >from=, size=10272, class=0, nrcpts=1, >msgid=<4F043329520A7A4D997C792418D9E552010991CC@osgood.yyy.com>, proto=SMTP, >daemon=MTA, relay=mail.yyy.com [000.000.000.000] >Jun 2 15:58:30 external-smtp sendmail[29916]: h52JwT829916: >to=, delay=00:00:01, mailer=esmtp, pri=40272, stat=queued >Jun 2 15:58:33 external-smtp MailScanner[18247]: Saved entire message to >/var/spool/MailScanner/quarantine/20030602/h52JwT829916 >Jun 2 15:58:33 external-smtp MailScanner[18247]: Saved infected >"REPAIR.EXE" to /var/spool/MailScanner/quarantine/20030602/h52JwT829916 >Jun 2 15:59:33 external-smtp sendmail[29990]: h52JwT829916: >to=, delay=00:01:04, xdelay=00:00:00, mailer=esmtp, pri=130272, >relay=[1.1.1.1] [1.1.1.1], dsn=2.0.0, stat=Sent (h52JxX5j021222 Message >accepted for delivery) > >Internal gateway ("1.1.1.1"): > >Jun 2 15:59:33 smtp sendmail[21222]: h52JxX5j021222: from=, >size=1977, class=0, nrcpts=1, >msgid=<4F043329520A7A4D997C792418D9E552010991CC@osgood.yyy.com>, >proto=ESMTP, daemon=MTA, relay=external-smtp.cocci.com [1.1.1.2] >Jun 2 15:59:33 smtp sendmail[21222]: h52JxX5j021222: to=, >delay=00:00:00, mailer=esmtp, pri=31029, stat=queued >Jun 2 15:59:35 smtp MailScanner[21082]: Saved entire message to >/var/spool/MailScanner/quarantine/20030602/h52JxX5j021222 >Jun 2 15:59:35 smtp MailScanner[21082]: Saved infected "REPAIR.EXE" to >/var/spool/MailScanner/quarantine/20030602/h52JxX5j021222 >Jun 2 16:00:52 smtp sendmail[21488]: h52JxX5j021222: to=, >delay=00:01:19, xdelay=00:00:00, mailer=esmtp, pri=121029, relay=[2.2.2.2] >[2.2.2.2], dsn=2.0.0, stat=Sent (Ok) > >Then, on the internal: > >Jun 2 16:00:53 smtp sendmail[21520]: h52K0r5f021520: from=<>, size=2793, >class=0, nrcpts=1, msgid=, proto=SMTP, >daemon=MTA, relay=[2.2.2.2] >Jun 2 16:00:53 smtp sendmail[21520]: h52K0r5f021520: to=, >delay=00:00:00, mailer=relay, pri=30430, stat=queued >Jun 2 16:00:54 smtp MailScanner[20490]: Saved entire message to >/var/spool/MailScanner/quarantine/20030602/h52K0r5f021520 >Jun 2 16:00:54 smtp MailScanner[20490]: Saved infected "REPAIR.EXE" to >/var/spool/MailScanner/quarantine/20030602/h52K0r5f021520 >Jun 2 16:01:38 smtp sendmail[21721]: h52K0r5f021520: to=, >delay=00:00:45, xdelay=00:00:00, mailer=relay, pri=120430, relay=[1.1.1.2] >[1.1.1.2], dsn=2.0.0, stat=Sent (h52K1c830645 Message accepted for delivery) > >Andrew Magnusson >Internet Product Analyst >COCC >1-877-678-0444 extension 640 > > > >*** This message originates from COCC, Inc. > >If the reader of this message, regardless of the address or routing, is >not an intended recipient, you are hereby notified that you have received >this transmittal in error and any review; use, distribution, dissemination >or copying is strictly prohibited. If you have received this message in >error, please delete this e-mail and all files transmitted with it from >your system and immediately notify COCC, Inc. by sending reply e-mail to >the sender of this message. > >Thank you. *** -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From tim-lists at BISHNET.NET Mon Jun 2 22:20:29 2003 From: tim-lists at BISHNET.NET (Tim Bishop) Date: Thu Jan 12 21:18:21 2006 Subject: Exim+MailScanner - not always queuing mail on "in" side In-Reply-To: <871xyckyo4.fsf@grignard.amagerkollegiet.dk> References: <20030602150159.GB13592@carrick.bishnet.net> <871xyckyo4.fsf@grignard.amagerkollegiet.dk> Message-ID: <20030602212029.GA17784@carrick.bishnet.net> On Mon, Jun 02, 2003 at 10:32:59PM +0200, Rasmus B?g Hansen wrote: > Tim Bishop writes: > > > I did have a retry file in the exim.in/db directory - which was > > causing the bouncing. However, I think I know how this got there. > > > > Cron on FreeBSD runs sendmail (well, exim) with the -odi flag, which > > causes a second exim process to attempt delivery - even with the > > queue_only option switched on. Turning off this flag seems to have > > gone part way to fixing this... but it's still not entirely happy. > > How do you turn off -odi? It seems that one must recompile cron to do > this - but of course, cron on Debian Linux may be different... That's what I did - it was slightly annoying to had to do so. I changed MAILARGS in: /usr/src/usr.sbin/cron/cron/config.h Hardly ideal - but it does at least work. This sort of thing really should be configurable at runtime. Tim. -- Tim Bishop http://www.bishnet.net/tim PGP Key: 0x5AE7D984 From tim-lists at BISHNET.NET Mon Jun 2 22:24:58 2003 From: tim-lists at BISHNET.NET (Tim Bishop) Date: Thu Jan 12 21:18:21 2006 Subject: SpamAssassin timed out and was killed... box too slow? In-Reply-To: <20030602160058.A35731@mikea.ath.cx> References: <001BD19C96E6E64E8750D72C2EA0ECEE1AE088@ati-ex-01.ati.local> <20030602160058.A35731@mikea.ath.cx> Message-ID: <20030602212458.GB17784@carrick.bishnet.net> On Mon, Jun 02, 2003 at 04:00:58PM -0500, mikea wrote: > > It would be nice if you would wrap your lines somewhere around 65 > to 75 characters, possibly excepting quoted or copied lines such > as maillog entries, so that they don't wind up looking like this, > because not everyone can read terribly long lines with the same > degree of ease, and indeed some people can't read them at all. OK? > Thanks. I'd say nearer 75 to 80 characters (fits my terminal then :-). However, when it comes to pasting log lines, etc, it's often easier to read when it is on one line. Any sensible mail client will line wrap to something the user has defined (even if it's just the size of the window). Tim. -- Tim Bishop http://www.bishnet.net/tim PGP Key: 0x5AE7D984 From newsletters at PCSITES.COM Tue Jun 3 05:37:15 2003 From: newsletters at PCSITES.COM (Richard Ahlquist) Date: Thu Jan 12 21:18:21 2006 Subject: MS-SA Individual User Prefs? Message-ID: Is it possible to use individual spamassassin settings files for each user when calling it from MailScanner? I currently have my system setup running MS and SA(spamd) seperately and SA for only one of my email accounts(gets about 400 spams a day). Not everyone wants SA but I want to be able to see some decent stats. I'd like to just turn on SA in MS and disable SA for those users who dont want it. Any suggestions? From tim-lists at BISHNET.NET Tue Jun 3 08:25:30 2003 From: tim-lists at BISHNET.NET (Tim Bishop) Date: Thu Jan 12 21:18:21 2006 Subject: Exim+MailScanner - not always queuing mail on "in" side In-Reply-To: <20030602150159.GB13592@carrick.bishnet.net> References: <20030602150159.GB13592@carrick.bishnet.net> Message-ID: <20030603072530.GH17784@carrick.bishnet.net> On Mon, Jun 02, 2003 at 04:01:59PM +0100, Tim Bishop wrote: > On Mon, Jun 02, 2003 at 02:01:07PM +0100, Tony Finch wrote: > > Tim Bishop wrote: > > > > >The problem is that occasionally (but not always) locally generated > > >messages such as cron output don't get deferred by the incoming exim. > > >From my understanding of Exim it seems that it's ignored the queue_only, > > >then tried to defer it. Then, for some reason, it's decided to fail > > >the message. > > > > This is probably because the hints database for the incoming exim says > > that addresses have been failing for such a long time that they bounce > > immediately. You need to check that the spool directory configurations > > for the incoming and outgoing exims are correct and that they are being > > run with the correct commands, and check that /var/spool/exim_incoming/db > > is empty (as it should be if the queue_only option is working). > > I did have a retry file in the exim.in/db directory - which was > causing the bouncing. However, I think I know how this got there. And this morning it has magically returned. :/ I suppose a cron job could deal with this, but I'd prefer a tidier solution really. Tim. -- Tim Bishop http://www.bishnet.net/tim PGP Key: 0x5AE7D984 From tim-lists at BISHNET.NET Tue Jun 3 08:42:04 2003 From: tim-lists at BISHNET.NET (Tim Bishop) Date: Thu Jan 12 21:18:21 2006 Subject: MS and sa-learn Message-ID: <20030603074204.GI17784@carrick.bishnet.net> How do people use sa-learn with mailscanner? In my setup the bayesian files are in /var/spool/MailScanner somewhere, and not writeable by normal users. So I can't easily have users run sa-learn. Any thoughts? Tim. -- Tim Bishop http://www.bishnet.net/tim PGP Key: 0x5AE7D984 From moffelist at AMAGERKOLLEGIET.DK Tue Jun 3 09:08:37 2003 From: moffelist at AMAGERKOLLEGIET.DK (=?iso-8859-1?q?Rasmus_B=F8g_Hansen?=) Date: Thu Jan 12 21:18:21 2006 Subject: Exim+MailScanner - not always queuing mail on "in" side In-Reply-To: <20030603072530.GH17784@carrick.bishnet.net> (Tim Bishop's message of "Tue, 3 Jun 2003 08:25:30 +0100") References: <20030602150159.GB13592@carrick.bishnet.net> <20030603072530.GH17784@carrick.bishnet.net> Message-ID: <87el2bwpkq.fsf@grignard.amagerkollegiet.dk> Tim Bishop writes: >> I did have a retry file in the exim.in/db directory - which was >> causing the bouncing. However, I think I know how this got there. > > And this morning it has magically returned. :/ Mine did too. However there are no addresses in the files. > I suppose a cron job could deal with this, but I'd prefer a tidier > solution really. As per the mailscanner instructions, I have "exim_tidydb /var/spool/exim_incoming retry >/dev/null" in cron.daily. Running these jobs manually make the files appear. Can they safely be omitted from cron.daily? They do not seem to make any sense to me, as there should be no database in the incoming queue to tidy up... /Rasmus -- -- [ Rasmus "M?ffe" B?g Hansen ] --------------------------------------- Life is that property, which a being will lose as a result of falling out of a cold and mysterious cave 30 miles above ground level. - HitchHikers Guide to the Galaxy, Douglas Adams ----------------------------------[ moffe at amagerkollegiet dot dk ] -- From moffelist at AMAGERKOLLEGIET.DK Tue Jun 3 09:16:50 2003 From: moffelist at AMAGERKOLLEGIET.DK (=?iso-8859-1?q?Rasmus_B=F8g_Hansen?=) Date: Thu Jan 12 21:18:21 2006 Subject: MS and sa-learn In-Reply-To: <20030603074204.GI17784@carrick.bishnet.net> (Tim Bishop's message of "Tue, 3 Jun 2003 08:42:04 +0100") References: <20030603074204.GI17784@carrick.bishnet.net> Message-ID: <87adczwp71.fsf@grignard.amagerkollegiet.dk> Tim Bishop writes: > How do people use sa-learn with mailscanner? In my setup the bayesian > files are in /var/spool/MailScanner somewhere, and not writeable by > normal users. So I can't easily have users run sa-learn. > > Any thoughts? I run sa-learn on quarantined messages, which are clearly spam. Just a few days ago, I took all read mailboxes and ran them through sa-learn as ham - however this is a place with only few people, so it was pretty easy to have them agree doing so. /Rasmus -- -- [ Rasmus "M?ffe" B?g Hansen ] --------------------------------------- [...]but more than 5,000 known bugs from Windows 95 still exist in Windows 98, because Microsoft views bug fixes as unprofitable. -- osdata.com ----------------------------------[ moffe at amagerkollegiet dot dk ] -- From mailscanner at ecs.soton.ac.uk Tue Jun 3 08:34:32 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:21 2006 Subject: MS-SA Individual User Prefs? In-Reply-To: Message-ID: <5.2.0.9.2.20030603083328.042933a8@imap.ecs.soton.ac.uk> At 05:37 03/06/2003, you wrote: >Is it possible to use individual spamassassin settings files for each user >when calling it from MailScanner? I currently have my system setup running >MS and SA(spamd) seperately and SA for only one of my email accounts(gets >about 400 spams a day). Not everyone wants SA but I want to be able to see >some decent stats. > >I'd like to just turn on SA in MS and disable SA for those users who dont >want it. > >Any suggestions? Take a look at "rulesets". These will do just what you need. See /etc/MailScanner/rules. Also, if you want to read the settings from a database or something like that, see the "Custom Functions" in /usr/lib/MailScanner/MailScanner/CustomConfig.pm. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From dot at DOTAT.AT Tue Jun 3 10:01:37 2003 From: dot at DOTAT.AT (Tony Finch) Date: Thu Jan 12 21:18:21 2006 Subject: Exim+MailScanner - not always queuing mail on "in" side In-Reply-To: References: <20030602150159.GB13592@carrick.bishnet.net> <20030603072530.GH17784@carrick.bishnet.net> <20030603072530.GH17784@carrick.bishnet.net> Message-ID: =?iso-8859-1?q?Rasmus_B=F8g_Hansen?= wrote: > >As per the mailscanner instructions, I have=20 >"exim_tidydb /var/spool/exim_incoming retry >/dev/null" in >cron.daily. Running these jobs manually make the files appear. Can >they safely be omitted from cron.daily? They do not seem to make any >sense to me, as there should be no database in the incoming queue to >tidy up... Yes. I think I left that in my revised Exim installation guide for reasons of safety, but experience seems to have shown that it hides a problem... Tony. -- f.a.n.finch http://dotat.at/ ARDNAMURCHAN POINT TO CAPE WRATH INCLUDING THE OUTER HEBRIDES: SOUTHEAST TO SOUTH 4 OR 5 GRADUALLY VEERING SOUTH TO SOUTHWEST 4 OR 5 LOCALLY 6 WEATHER: RATHER CLOUDY, OCCASIONAL SHOWERS, CLOUDY WITH RAIN LATER. GOOD FALLING MODERATE IN SHOWERS OR RAIN. MODERATE LATER MODERATE TO ROUGH. From dot at DOTAT.AT Tue Jun 3 10:03:17 2003 From: dot at DOTAT.AT (Tony Finch) Date: Thu Jan 12 21:18:21 2006 Subject: MS-SA Individual User Prefs? In-Reply-To: Message-ID: Richard Ahlquist wrote: > >Is it possible to use individual spamassassin settings files for each user >when calling it from MailScanner? No. >I'd like to just turn on SA in MS and disable SA for those users who dont >want it. Use a MailScanner ruleset. Tony. -- f.a.n.finch http://dotat.at/ COLWYN BAY TO THE MULL OF GALLOWAY INCLUDING THE ISLE OF MAN: SOUTHEAST 3 OR 4 INCREASING 5 OR 6, LOCALLY 7 LATER VEERING SOUTH 4 OR 5 THEN BACKING SOUTHEAST 3 OR 4. FAIR AT FIRST, RAIN OR SHOWERS FOR A TIME, FAIR AGAIN BY EVENING. GOOD BECOMING MODERATE FOR A TIME. SLIGHT TO MODERATE, LOCALLY MODERATE TO ROUGH. From nejc.skoberne at guest.arnes.si Tue Jun 3 10:26:13 2003 From: nejc.skoberne at guest.arnes.si (Nejc Skoberne) Date: Thu Jan 12 21:18:21 2006 Subject: MS-SA Individual User Prefs? In-Reply-To: <5.2.0.9.2.20030603083328.042933a8@imap.ecs.soton.ac.uk> References: <5.2.0.9.2.20030603083328.042933a8@imap.ecs.soton.ac.uk> Message-ID: <1339754712.20030603112613@guest.arnes.si> Zdravo. V=PI*r^2*l = 0.000000015 m^3 m=V*ro=0.000000015m^3*7800kg/m^3=0.000117kg =~ 0.117g =~ 0.12g. -- Nejc Skoberne Grajska ulica 5 SI-5220 Tolmin E-mail: nejc.skoberne@guest.arnes.si From dean.plant at ROKE.CO.UK Tue Jun 3 10:54:30 2003 From: dean.plant at ROKE.CO.UK (Plant, Dean) Date: Thu Jan 12 21:18:21 2006 Subject: Disclaimer problem Message-ID: <76C92FBBFB58D411AE760090271ED41805B33A3F@rsys002a.roke.co.uk> Julian, I still find that mail goes through unsigned with version 4.21-9 when there is no body text and an attachment. The only exception is if the attachment is a text file. Is there anything I may have setup incorrectly. Thanks Dean Plant. -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: 30 May 2003 09:32 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Disclaimer problem At 08:39 30/05/2003, you wrote: >Hello, > >I am currently evaluating MailScanner and have come across a small problem >regarding signing of mail. I have added a disclaimer to all out going mail >using a ruleset but have noticed that any mail that has an attachment but >does not have any body text does not get signed. All other mail is signed >correctly. > >I have upgraded to the latest version and started with an new >MailScanner.conf but the problem persists. > >I am using Redhat8/Sendmail/F-prot. > >Does anyone have any idea's as to what I may be doing wrong. > >Thanks in advance. > >Dean Plant Try applying this patch to /usr/lib/MailScanner/MailScanner/Message.pm. Read the man page for the "patch" command if you don't know how to drive it, saves you doing it by hand :) It appears to work okay for me, and will be in the next stable release (due this weekend). --- Message.pm 2003-05-30 09:09:21.000000000 +0100 +++ Message.pm.new2 2003-05-30 09:24:43.000000000 +0100 @@ -1447,6 +1447,7 @@ # If multipart, try to sign our first part if ($top->is_multipart) { + my $sigcounter = 0; # JKF Signed and encrypted multiparts must not be touched. # JKF Instead put the sig in the epilogue. Breaks the RFC # JKF but in a harmless way. @@ -1456,18 +1457,33 @@ @signature = map { "$_\n" } split(/\n/, $signature); unshift @signature, "\n"; $top->epilogue(\@signature); - return; + return 1; } - $this->SignCleanEntity($top->parts(0)); - $this->SignCleanEntity($top->parts(1)) + $sigcounter += $this->SignCleanEntity($top->parts(0)); + $sigcounter += $this->SignCleanEntity($top->parts(1)) if $top->head and $top->effective_type =~ /multipart\/alternative/i; - return; + + if ($sigcounter == 0) { + # If we haven't signed anything by now, it must be a multipart + # message containing only things we can't sign. So add a text/plain + # section on the front and sign that. + my $text = $this->ReadVirusWarning('inlinetextsig') . "\n\n"; + my $newpart = build MIME::Entity + Type => 'text/plain', + Disposition => 'inline', + Data => $text, + Encoding => 'quoted-printable', + Top => 0; + $top->add_part($newpart, 0); + $sigcounter = 1; + } + return $sigcounter; } $MimeType = $top->head->mime_type if $top->head; - return unless $MimeType =~ m{text/}i; # Won't sign non-text message. + return 0 unless $MimeType =~ m{text/}i; # Won't sign non-text message. # Won't sign attachments. - return if $top->head->mime_attr('content-disposition') =~ /attachment/i; + return 0 if $top->head->mime_attr('content-disposition') =~ /attachment/i; # Get body data as array of newline-terminated lines $top->bodyhandle or return undef; @@ -1489,6 +1505,9 @@ $io->print("\n$signature\n"); } $io->close; + + # We signed something + return 1; } -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support -------------- next part -------------- Registered Office: Roke Manor Research Ltd, Siemens House, Oldbury, Bracknell, Berkshire. RG12 8FZ The information contained in this e-mail and any attachments is confidential to Roke Manor Research Ltd and must not be passed to any third party without permission. This communication is for information only and shall not create or change any contractual relationship. From mailscanner at ecs.soton.ac.uk Tue Jun 3 11:13:23 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:21 2006 Subject: MS and sa-learn In-Reply-To: <20030603074204.GI17784@carrick.bishnet.net> Message-ID: <5.2.0.9.2.20030603111100.07575930@imap.ecs.soton.ac.uk> At 08:42 03/06/2003, you wrote: >How do people use sa-learn with mailscanner? In my setup the bayesian >files are in /var/spool/MailScanner somewhere, and not writeable by >normal users. So I can't easily have users run sa-learn. > >Any thoughts? Create a "spam" and a "notspam" email address, and have people bounce/redirect (you can't do it in Outlook) wrongly tagged mail into them. Then have a cron job which picks up the mailboxes and runs them through sa-learn. I have published a script to do this on this list several times already and can't be bothered to do it again :-) -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From raymond at PROLOCATION.NET Tue Jun 3 10:48:12 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:21 2006 Subject: Safe to upgrade SpamAssassin? In-Reply-To: <200306030358500848.00B35541@smtp1.ace.net.au> Message-ID: Hi! > I used the source RPM and it has worked just fine on both RH7.3 and RH9 To avoid trouble, dont use them. There are various weird quircs reported. If it works for ou, fine, but i'd rather use the CPAN version. Bye, Raymond. From raymond at PROLOCATION.NET Tue Jun 3 10:49:16 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:21 2006 Subject: Safe to upgrade SpamAssassin? In-Reply-To: <001BD19C96E6E64E8750D72C2EA0ECEE2B7BC9@ati-ex-01.ati.local> Message-ID: Hi! > > I'll give it a shot and let everyone know how it goes. > > The CPAN thing didn't work. It continuously timed out when trying to > connect to ftp.cpan.org. So I tried rebuilding the source rpm, that > didn't work either*. Then I just downloaded the i386.rpm and installed > that. As far as I know it's installed and working. How can I verify what > version of SA is being used? You can configure CPAN, so it uses a different server. spamassassin -V will report the version Bye, Raymond. From newsletters at PCSITES.COM Tue Jun 3 12:35:15 2003 From: newsletters at PCSITES.COM (Richard Ahlquist) Date: Thu Jan 12 21:18:21 2006 Subject: MS-SA Individual User Prefs? Message-ID: On Tue, 3 Jun 2003 08:34:32 +0100, Julian Field wrote: >At 05:37 03/06/2003, you wrote: >>Is it possible to use individual spamassassin settings files for each user >>when calling it from MailScanner? I currently have my system setup running >>MS and SA(spamd) seperately and SA for only one of my email accounts(gets >>about 400 spams a day). Not everyone wants SA but I want to be able to see >>some decent stats. >> >>I'd like to just turn on SA in MS and disable SA for those users who dont >>want it. >> >>Any suggestions? > >Take a look at "rulesets". These will do just what you need. See >/etc/MailScanner/rules. > >Also, if you want to read the settings from a database or something like >that, see the "Custom Functions" in >/usr/lib/MailScanner/MailScanner/CustomConfig.pm. >-- >Julian Field >www.MailScanner.info >MailScanner thanks transtec Computers for their support Ok, so if I am reading this right I would probably want something like; in MailScanner.conf Use SpamAssassin = /etc/MailScanner/rules/spamassassin.use.rules and in the spamassassin.use.rules file To: myspamaccount@mydomain.com yes Is that correct? From maxsec at TOTALISE.CO.UK Tue Jun 3 12:58:47 2003 From: maxsec at TOTALISE.CO.UK (Martin Hepworth) Date: Thu Jan 12 21:18:21 2006 Subject: MIME::Pasrser errors.. In-Reply-To: <3ED9149B.5010207@totalise.co.uk> References: <5.2.0.9.2.20030528160133.042fd540@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030528160133.042fd540@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030528193245.025141a0@imap.ecs.soton.ac.uk> <3ED9149B.5010207@totalise.co.uk> Message-ID: <3EDC8D77.7060508@totalise.co.uk> Julian Ok back on this task now (had to install a web based email system yesterday).. So done a little googling and it seems the IO:File might be a little more picky about spaces in BSD than Linux. I've got no idea how Mailscanner does its stuff from the Miailscanner script as I'm 1) crap^Winexperienced at perl 2) not found a good reason to learn perl yet:-) So where abouts does'/opt/Mailscanner/bin/Mailscanner' do the actual scanning, I can see it damonising itself and creating children etc but I stuffed if i can figure out where it's creating tmp files, calling RBL's etc.... -- martin Martin Hepworth wrote: > Ohh deep joy > > I'll see if I can get any head way from the London perl mongers...So > much for portability with Perl then :-( > > -- > Martin > > Julian Field wrote: > >> I'm seeing exactly the same behaviour on a BSD box with Perl 5.8.0 on it. >> It claims to have the latest IO::File as well, but even running as >> root.wheel it still produces the same error you are getting. >> >> I can't see the problem. I didn't really want to have to dig into the >> innards of IO::File :-( >> >> If you find a cure, please let me know! >> >> At 16:14 28/05/2003, you wrote: >> >>> Julian >>> >>> well I tried with Run As User = root and group = wheel and it still >>> complains. What's the second most commons reason :-) >>> >>> Right now I'm upping to Perl 5.8 from 5.6.1 and will see if that makes >>> any difference.. >>> >>> -- >>> martin >>> >>> Julian Field wrote: >>> >>>> These usually turn out to be incorrect permissions problems. >>>> If there was a single reason which caused this to happen, I would >>>> re-write >>>> the error message, but I have yet to find 1 cause of it. >>>> Check your configuration and permissions *very* carefully. >>>> >>>> At 15:18 28/05/2003, you wrote: >>>> >>>>> Hi all >>>>> >>>>> well back again after a break of a couple of years... >>>>> >>>>> OK I'm trying to install MS 4.20 from the freeBSD port recently >>>>> announced on the mailing list. This is on a freeBSD 5.0 box and after >>>>> tweeking with postfix etc i've to the stage where MS is seeing the >>>>> inbound traffic trying to deal with. However I'm getting the following >>>>> errors.... >>>>> >>>>> >>>>> May 28 15:12:45 soloman MailScanner[97693]: MailScanner E-Mail Virus >>>>> Scanner version 4.20-3 starting... >>>>> May 28 15:12:45 soloman MailScanner[97693]: Using locktype = flock >>>>> May 28 15:12:45 soloman MailScanner[97693]: New Batch: Scanning 4 >>>>> messages, 4826 bytes >>>>> May 28 15:12:46 soloman MailScanner[97693]: Cannot parse >>>>> /var/spool/MailScanner/incoming/97693/19DC0175D45.header and , >>>>> MIME::Parser: can't open tmpfile: Invalid argument >>>>> May 28 15:12:46 soloman MailScanner[97693]: Cannot parse >>>>> /var/spool/MailScanner/incoming/97693/0BFE2175D70.header and , >>>>> MIME::Parser: can't open tmpfile: Invalid argument >>>>> May 28 15:12:46 soloman MailScanner[97693]: Cannot parse >>>>> /var/spool/MailScanner/incoming/97693/AFFFF175D4E.header and , >>>>> MIME::Parser: can't open tmpfile: Invalid argument >>>>> May 28 15:12:46 soloman MailScanner[97693]: Cannot parse >>>>> /var/spool/MailScanner/incoming/97693/24B0E175D3B.header and , >>>>> MIME::Parser: can't open tmpfile: Invalid argument >>>>> >>>>> >>>>> I saw that someone else got the same errors with fBSD 5.0 back in >>>>> march, >>>>> but I couldn't a solution to it.. >>>>> >>>>> Any idea how is was solved - assuming it was.. >>>>> >>>>> -- >>>>> martin >>>>> (at home) >>>> >>>> >>>> >>>> >>>> -- >>>> Julian Field >>>> www.MailScanner.info >>>> MailScanner thanks transtec Computers for their support >> >> >> >> -- >> Julian Field >> www.MailScanner.info >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support From j.figueira at mail.pt Tue Jun 3 13:00:53 2003 From: j.figueira at mail.pt (J. Figueira) Date: Thu Jan 12 21:18:21 2006 Subject: Huge delay delivering mail Message-ID: <200306031201.h53C10S22931@ori.rl.ac.uk> Hello, I've installed mailscanner some time ago, (and I am quite happy with it ;) ). The problem is that it takes too long between receiving the mail message and delivering it to the recipient. At first I thought it could be the batch mode. I configured it to scan all the messages at the moment they arrive. It still takes a lot of time to deliver... any tips or ideas? thank you jfigueira -- Adira já ao Net Dialup Light. Acesso profissional gratuito. NovisNet, a Internet de quem trabalha. http://www.novisnet.pt From mailscanner at ecs.soton.ac.uk Tue Jun 3 13:57:20 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:21 2006 Subject: MS-SA Individual User Prefs? In-Reply-To: Message-ID: <5.2.0.9.2.20030603135638.0430f760@imap.ecs.soton.ac.uk> At 12:35 03/06/2003, you wrote: >On Tue, 3 Jun 2003 08:34:32 +0100, Julian Field > wrote: > > >At 05:37 03/06/2003, you wrote: > >>Is it possible to use individual spamassassin settings files for each user > >>when calling it from MailScanner? I currently have my system setup running > >>MS and SA(spamd) seperately and SA for only one of my email accounts(gets > >>about 400 spams a day). Not everyone wants SA but I want to be able to see > >>some decent stats. > >> > >>I'd like to just turn on SA in MS and disable SA for those users who dont > >>want it. > >> > >>Any suggestions? > > > >Take a look at "rulesets". These will do just what you need. See > >/etc/MailScanner/rules. > > > >Also, if you want to read the settings from a database or something like > >that, see the "Custom Functions" in > >/usr/lib/MailScanner/MailScanner/CustomConfig.pm. > >-- > >Julian Field > >www.MailScanner.info > >MailScanner thanks transtec Computers for their support > >Ok, so if I am reading this right I would probably want something like; >in MailScanner.conf >Use SpamAssassin = /etc/MailScanner/rules/spamassassin.use.rules > >and in the spamassassin.use.rules file >To: myspamaccount@mydomain.com yes > >Is that correct? Yes. In addition, it is always a good idea to include the "default" setting as well, which in your case will probably be this: FromOrTo: default no -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Tue Jun 3 13:59:26 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:21 2006 Subject: Huge delay delivering mail In-Reply-To: <200306031201.h53C10S22931@ori.rl.ac.uk> Message-ID: <5.2.0.9.2.20030603135814.0785aaf8@imap.ecs.soton.ac.uk> At 13:00 03/06/2003, you wrote: >Hello, > >I've installed mailscanner some time ago, (and I am quite happy with it ;) >). The problem is that it takes too long between receiving the mail message >and delivering it to the recipient. > >At first I thought it could be the batch mode. I configured it to scan all >the messages at the moment they arrive. It still takes a lot of time to >deliver... > >any tips or ideas? Check the "Sendmail" and "Sendmail2" settings. Particularly if you aren't using sendmail as your MTA. If these are wrong, it can end up waiting until the next queue run happens before delivering your messages. On a lightly loaded system, the latency through MailScanner should be 1 or 2 seconds. Anything much longer than that is wrong. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From MWeiner at AG.COM Tue Jun 3 14:40:45 2003 From: MWeiner at AG.COM (MW Mike Weiner (5028)) Date: Thu Jan 12 21:18:21 2006 Subject: NDR delivery Message-ID: Julian - I have a somewhat silly question. OK, here is the scoop. I have a domain, bmarts.com that is going through the MailScanner box before being forwarded to an exchange server. That is all working beautifully. What I want to do is take all the truly non-deliverable email addresses (those that don't have real users behind it) and send those to /dev/null, while still delivering to the valid email addresses for that specific domain. Is this best done using the whitelist and blacklists?? Is there a cleaner way to do this? Thanks in advance Michael Weiner From derek at CSOLVE.NET Tue Jun 3 14:57:43 2003 From: derek at CSOLVE.NET (Derek Buttineau) Date: Thu Jan 12 21:18:21 2006 Subject: SQL Logging In-Reply-To: <5.2.1.1.2.20030530231151.03d0b5b0@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030530231151.03d0b5b0@imap.ecs.soton.ac.uk> Message-ID: <3EDCA957.3050709@csolve.net> Just an update on this, moved the included script from using IO::File to use File::Temp and now it's working fine and dandy. :) Still strange though, since I can use IO::File fine outside of the MailScanner environment on the same box. *shrug* Derek Julian Field wrote: > Are you running on BSD by any chance? > If so, there is a known problem with Perl up to and including 5.8.0 with > the IO::File module. If you download and try to build the IO::File > module, > you will find it won't compile :-( > > From mailscanner at ecs.soton.ac.uk Tue Jun 3 15:00:23 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:21 2006 Subject: NDR delivery In-Reply-To: Message-ID: <5.2.0.9.2.20030603144859.0786afa0@imap.ecs.soton.ac.uk> This is the job of the MTA, not MailScanner. If there aren't many users, you could knock up something with a Spam Actions ruleset and a Non Spam Actions ruleset (set the default to "delete" and create explicit "deliver" rules for the users who actually exist). At 14:40 03/06/2003, you wrote: >Julian - > >I have a somewhat silly question. OK, here is the scoop. I have a domain, >bmarts.com that is going through the MailScanner box before being forwarded >to an exchange server. That is all working beautifully. What I want to do is >take all the truly non-deliverable email addresses (those that don't have >real users behind it) and send those to /dev/null, while still delivering to >the valid email addresses for that specific domain. Is this best done using >the whitelist and blacklists?? Is there a cleaner way to do this? > >Thanks in advance >Michael Weiner -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From MWeiner at AG.COM Tue Jun 3 15:21:01 2003 From: MWeiner at AG.COM (MW Mike Weiner (5028)) Date: Thu Jan 12 21:18:21 2006 Subject: NDR delivery Message-ID: Can you possibly give me a hint or a place to start?? Meaning, where would I find the Nonspam/Spam Action ruleset?? Michael -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: Tuesday, June 03, 2003 10:00 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: NDR delivery This is the job of the MTA, not MailScanner. If there aren't many users, you could knock up something with a Spam Actions ruleset and a Non Spam Actions ruleset (set the default to "delete" and create explicit "deliver" rules for the users who actually exist). From zabriskw at ITECH.NET Tue Jun 3 15:21:28 2003 From: zabriskw at ITECH.NET (Kris Zabriskie) Date: Thu Jan 12 21:18:21 2006 Subject: MailScanner and SpamAssassin Message-ID: <000501c329db$6c701fd0$0c02a8c0@itech.dom> I am running MailScanner and SpamAssassin, and am VERY pleased with the results! All though, I have noticed a problem, which is probably something in my configuration. Every once and awhile some spam will come through with a rating of 19 or 21, which is well above the limit I have set at 5. If you look in the header it looks like this: X-Priority: 1 X-MSMail-Priority: High X-MailScanner-Information: Please contact the ISP for more information X-MailScanner: Found to be clean X-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (score=19.5, required 5, ALL_NATURAL, BANG_EXERCISE, BAYES_90, CLICK_BELOW_CAPS, DATE_IN_PAST_06_12, DRASTIC_REDUCED, FORGED_MUA_OUTLOOK, FROM_HAS_MIXED_NUMS, HTML_40_50, HTML_FONT_BIG, HTML_FONT_COLOR_BLUE, HTML_FONT_COLOR_RED, HTML_LINK_CLICK_CAPS, HTML_LINK_CLICK_HERE, MANY_EXCLAMATIONS, MIME_HTML_ONLY, MISSING_MIMEOLE, MLM, X_MSMAIL_PRIORITY_HIGH, X_PRIORITY_HIGH) Obviously it is getting through because it is whitelisted. I dont have these guys whitelisted anywhere though. Can someone please point me in the right direction? Any help, as always, will be GREATLY appreciated. Thanks! From mbowman at UDCOM.COM Tue Jun 3 15:22:02 2003 From: mbowman at UDCOM.COM (Matthew Bowman) Date: Thu Jan 12 21:18:21 2006 Subject: MailScanner and SpamAssassin Message-ID: If they are not in your MS whitelist are they in your SA autowhitelist db ? Matthew Kris Zabriskie Sent by: MailScanner mailing list 06/03/2003 10:21 AM Please respond to MailScanner mailing list To: MAILSCANNER@JISCMAIL.AC.UK cc: Subject: MailScanner and SpamAssassin I am running MailScanner and SpamAssassin, and am VERY pleased with the results! All though, I have noticed a problem, which is probably something in my configuration. Every once and awhile some spam will come through with a rating of 19 or 21, which is well above the limit I have set at 5. If you look in the header it looks like this: X-Priority: 1 X-MSMail-Priority: High X-MailScanner-Information: Please contact the ISP for more information X-MailScanner: Found to be clean X-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (score=19.5, required 5, ALL_NATURAL, BANG_EXERCISE, BAYES_90, CLICK_BELOW_CAPS, DATE_IN_PAST_06_12, DRASTIC_REDUCED, FORGED_MUA_OUTLOOK, FROM_HAS_MIXED_NUMS, HTML_40_50, HTML_FONT_BIG, HTML_FONT_COLOR_BLUE, HTML_FONT_COLOR_RED, HTML_LINK_CLICK_CAPS, HTML_LINK_CLICK_HERE, MANY_EXCLAMATIONS, MIME_HTML_ONLY, MISSING_MIMEOLE, MLM, X_MSMAIL_PRIORITY_HIGH, X_PRIORITY_HIGH) Obviously it is getting through because it is whitelisted. I dont have these guys whitelisted anywhere though. Can someone please point me in the right direction? Any help, as always, will be GREATLY appreciated. Thanks! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030603/0f43b8e6/attachment.html From dwinkler at ALGORITHMICS.COM Tue Jun 3 15:24:06 2003 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:18:21 2006 Subject: MailScanner and SpamAssassin Message-ID: <06EE2C86D3DAD5119A6C0060943F3C97055E6FBC@tormail1.algorithmics.com> Check out the auto whitelisting feature of Spam Assassin. Generally a good idead to turn this off in MailScanner config... SpamAssassin Auto Whitelist = no -----Original Message----- From: Kris Zabriskie [mailto:zabriskw@itech.net] Sent: Tuesday, June 03, 2003 10:21 AM To: MAILSCANNER@jiscmail.ac.uk Subject: MailScanner and SpamAssassin I am running MailScanner and SpamAssassin, and am VERY pleased with the results! All though, I have noticed a problem, which is probably something in my configuration. Every once and awhile some spam will come through with a rating of 19 or 21, which is well above the limit I have set at 5. If you look in the header it looks like this: X-Priority: 1 X-MSMail-Priority: High X-MailScanner-Information: Please contact the ISP for more information X-MailScanner: Found to be clean X-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (score=19.5, required 5, ALL_NATURAL, BANG_EXERCISE, BAYES_90, CLICK_BELOW_CAPS, DATE_IN_PAST_06_12, DRASTIC_REDUCED, FORGED_MUA_OUTLOOK, FROM_HAS_MIXED_NUMS, HTML_40_50, HTML_FONT_BIG, HTML_FONT_COLOR_BLUE, HTML_FONT_COLOR_RED, HTML_LINK_CLICK_CAPS, HTML_LINK_CLICK_HERE, MANY_EXCLAMATIONS, MIME_HTML_ONLY, MISSING_MIMEOLE, MLM, X_MSMAIL_PRIORITY_HIGH, X_PRIORITY_HIGH) Obviously it is getting through because it is whitelisted. I dont have these guys whitelisted anywhere though. Can someone please point me in the right direction? Any help, as always, will be GREATLY appreciated. Thanks! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030603/c21d12d3/attachment.html From zabriskw at ITECH.NET Tue Jun 3 15:28:42 2003 From: zabriskw at ITECH.NET (Kris Zabriskie) Date: Thu Jan 12 21:18:21 2006 Subject: MailScanner and SpamAssassin References: <06EE2C86D3DAD5119A6C0060943F3C97055E6FBC@tormail1.algorithmics.com> Message-ID: <000a01c329dc$6edff1e0$0c02a8c0@itech.dom> RE: MailScanner and SpamAssassinDerek, Thanks for your help. I double checked my MailScanner.conf file and SpamAssassin Auto Whitelist = no is set! Thanks for your time! ----- Original Message ----- From: Derek Winkler To: MAILSCANNER@JISCMAIL.AC.UK Sent: Tuesday, June 03, 2003 10:24 AM Subject: Re: MailScanner and SpamAssassin Check out the auto whitelisting feature of Spam Assassin. Generally a good idead to turn this off in MailScanner config... SpamAssassin Auto Whitelist = no -----Original Message----- From: Kris Zabriskie [mailto:zabriskw@itech.net] Sent: Tuesday, June 03, 2003 10:21 AM To: MAILSCANNER@jiscmail.ac.uk Subject: MailScanner and SpamAssassin I am running MailScanner and SpamAssassin, and am VERY pleased with the results! All though, I have noticed a problem, which is probably something in my configuration. Every once and awhile some spam will come through with a rating of 19 or 21, which is well above the limit I have set at 5. If you look in the header it looks like this: X-Priority: 1 X-MSMail-Priority: High X-MailScanner-Information: Please contact the ISP for more information X-MailScanner: Found to be clean X-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (score=19.5, required 5, ALL_NATURAL, BANG_EXERCISE, BAYES_90, CLICK_BELOW_CAPS, DATE_IN_PAST_06_12, DRASTIC_REDUCED, FORGED_MUA_OUTLOOK, FROM_HAS_MIXED_NUMS, HTML_40_50, HTML_FONT_BIG, HTML_FONT_COLOR_BLUE, HTML_FONT_COLOR_RED, HTML_LINK_CLICK_CAPS, HTML_LINK_CLICK_HERE, MANY_EXCLAMATIONS, MIME_HTML_ONLY, MISSING_MIMEOLE, MLM, X_MSMAIL_PRIORITY_HIGH, X_PRIORITY_HIGH) Obviously it is getting through because it is whitelisted. I dont have these guys whitelisted anywhere though. Can someone please point me in the right direction? Any help, as always, will be GREATLY appreciated. Thanks! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030603/44fdd2dc/attachment.html From zabriskw at ITECH.NET Tue Jun 3 15:30:15 2003 From: zabriskw at ITECH.NET (Kris Zabriskie) Date: Thu Jan 12 21:18:21 2006 Subject: MailScanner and SpamAssassin References: Message-ID: <001101c329dc$a6758750$0c02a8c0@itech.dom> Mathew, I have Auto Whitelisting by SpamAssasin disabled. Just out of curiosity, where would the SA autowhitelist db be located? Thanks for your time! I do appreciate the help! ----- Original Message ----- From: Matthew Bowman To: MAILSCANNER@JISCMAIL.AC.UK Sent: Tuesday, June 03, 2003 10:22 AM Subject: Re: MailScanner and SpamAssassin If they are not in your MS whitelist are they in your SA autowhitelist db ? Matthew Kris Zabriskie Sent by: MailScanner mailing list 06/03/2003 10:21 AM Please respond to MailScanner mailing list To: MAILSCANNER@JISCMAIL.AC.UK cc: Subject: MailScanner and SpamAssassin I am running MailScanner and SpamAssassin, and am VERY pleased with the results! All though, I have noticed a problem, which is probably something in my configuration. Every once and awhile some spam will come through with a rating of 19 or 21, which is well above the limit I have set at 5. If you look in the header it looks like this: X-Priority: 1 X-MSMail-Priority: High X-MailScanner-Information: Please contact the ISP for more information X-MailScanner: Found to be clean X-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (score=19.5, required 5, ALL_NATURAL, BANG_EXERCISE, BAYES_90, CLICK_BELOW_CAPS, DATE_IN_PAST_06_12, DRASTIC_REDUCED, FORGED_MUA_OUTLOOK, FROM_HAS_MIXED_NUMS, HTML_40_50, HTML_FONT_BIG, HTML_FONT_COLOR_BLUE, HTML_FONT_COLOR_RED, HTML_LINK_CLICK_CAPS, HTML_LINK_CLICK_HERE, MANY_EXCLAMATIONS, MIME_HTML_ONLY, MISSING_MIMEOLE, MLM, X_MSMAIL_PRIORITY_HIGH, X_PRIORITY_HIGH) Obviously it is getting through because it is whitelisted. I dont have these guys whitelisted anywhere though. Can someone please point me in the right direction? Any help, as always, will be GREATLY appreciated. Thanks! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030603/24ce796b/attachment.html From dwinkler at ALGORITHMICS.COM Tue Jun 3 15:30:19 2003 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:18:21 2006 Subject: MailScanner and SpamAssassin Message-ID: <06EE2C86D3DAD5119A6C0060943F3C97055E6FBE@tormail1.algorithmics.com> Did you check their envelope address versus the whitelist? We had a spammer faking their envelope address as someone on our whitelist. -----Original Message----- From: Kris Zabriskie [mailto:zabriskw@itech.net] Sent: Tuesday, June 03, 2003 10:21 AM To: MAILSCANNER@jiscmail.ac.uk Subject: MailScanner and SpamAssassin I am running MailScanner and SpamAssassin, and am VERY pleased with the results! All though, I have noticed a problem, which is probably something in my configuration. Every once and awhile some spam will come through with a rating of 19 or 21, which is well above the limit I have set at 5. If you look in the header it looks like this: X-Priority: 1 X-MSMail-Priority: High X-MailScanner-Information: Please contact the ISP for more information X-MailScanner: Found to be clean X-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (score=19.5, required 5, ALL_NATURAL, BANG_EXERCISE, BAYES_90, CLICK_BELOW_CAPS, DATE_IN_PAST_06_12, DRASTIC_REDUCED, FORGED_MUA_OUTLOOK, FROM_HAS_MIXED_NUMS, HTML_40_50, HTML_FONT_BIG, HTML_FONT_COLOR_BLUE, HTML_FONT_COLOR_RED, HTML_LINK_CLICK_CAPS, HTML_LINK_CLICK_HERE, MANY_EXCLAMATIONS, MIME_HTML_ONLY, MISSING_MIMEOLE, MLM, X_MSMAIL_PRIORITY_HIGH, X_PRIORITY_HIGH) Obviously it is getting through because it is whitelisted. I dont have these guys whitelisted anywhere though. Can someone please point me in the right direction? Any help, as always, will be GREATLY appreciated. Thanks! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030603/26819dc7/attachment.html From mbowman at UDCOM.COM Tue Jun 3 15:31:16 2003 From: mbowman at UDCOM.COM (Matthew Bowman) Date: Thu Jan 12 21:18:21 2006 Subject: MailScanner and SpamAssassin Message-ID: In my install its /root/.spamassassin/auto-whitelist.db Do a locate auto-whitelist.db on your server that should confirm its location (which maybe different to mine) Matthew Kris Zabriskie Sent by: MailScanner mailing list 06/03/2003 10:30 AM Please respond to MailScanner mailing list To: MAILSCANNER@JISCMAIL.AC.UK cc: Subject: Re: MailScanner and SpamAssassin Mathew, I have Auto Whitelisting by SpamAssasin disabled. Just out of curiosity, where would the SA autowhitelist db be located? Thanks for your time! I do appreciate the help! ----- Original Message ----- From: Matthew Bowman To: MAILSCANNER@JISCMAIL.AC.UK Sent: Tuesday, June 03, 2003 10:22 AM Subject: Re: MailScanner and SpamAssassin If they are not in your MS whitelist are they in your SA autowhitelist db ? Matthew Kris Zabriskie Sent by: MailScanner mailing list 06/03/2003 10:21 AM Please respond to MailScanner mailing list To: MAILSCANNER@JISCMAIL.AC.UK cc: Subject: MailScanner and SpamAssassin I am running MailScanner and SpamAssassin, and am VERY pleased with the results! All though, I have noticed a problem, which is probably something in my configuration. Every once and awhile some spam will come through with a rating of 19 or 21, which is well above the limit I have set at 5. If you look in the header it looks like this: X-Priority: 1 X-MSMail-Priority: High X-MailScanner-Information: Please contact the ISP for more information X-MailScanner: Found to be clean X-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (score=19.5, required 5, ALL_NATURAL, BANG_EXERCISE, BAYES_90, CLICK_BELOW_CAPS, DATE_IN_PAST_06_12, DRASTIC_REDUCED, FORGED_MUA_OUTLOOK, FROM_HAS_MIXED_NUMS, HTML_40_50, HTML_FONT_BIG, HTML_FONT_COLOR_BLUE, HTML_FONT_COLOR_RED, HTML_LINK_CLICK_CAPS, HTML_LINK_CLICK_HERE, MANY_EXCLAMATIONS, MIME_HTML_ONLY, MISSING_MIMEOLE, MLM, X_MSMAIL_PRIORITY_HIGH, X_PRIORITY_HIGH) Obviously it is getting through because it is whitelisted. I dont have these guys whitelisted anywhere though. Can someone please point me in the right direction? Any help, as always, will be GREATLY appreciated. Thanks! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030603/26f179ea/attachment.html From mailscanner at ecs.soton.ac.uk Tue Jun 3 15:32:50 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:21 2006 Subject: NDR delivery In-Reply-To: Message-ID: <5.2.0.9.2.20030603153238.043ffb38@imap.ecs.soton.ac.uk> Please read the docs in /etc/MailScanner/rules. At 15:21 03/06/2003, you wrote: >Can you possibly give me a hint or a place to start?? Meaning, where would I >find the Nonspam/Spam Action ruleset?? > >Michael >-----Original Message----- >From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] >Sent: Tuesday, June 03, 2003 10:00 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: NDR delivery > >This is the job of the MTA, not MailScanner. >If there aren't many users, you could knock up something with a Spam >Actions ruleset and a Non Spam Actions ruleset (set the default to "delete" >and create explicit "deliver" rules for the users who actually exist). -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From zabriskw at ITECH.NET Tue Jun 3 15:47:16 2003 From: zabriskw at ITECH.NET (Kris Zabriskie) Date: Thu Jan 12 21:18:22 2006 Subject: MailScanner and SpamAssassin References: <06EE2C86D3DAD5119A6C0060943F3C97055E6FBE@tormail1.algorithmics.com> Message-ID: <000801c329df$06f919a0$0c02a8c0@itech.dom> RE: MailScanner and SpamAssassinYes. None of it matches anything in the spam.whitelist.rules file. It is a funny thing! ----- Original Message ----- From: Derek Winkler To: MAILSCANNER@JISCMAIL.AC.UK Sent: Tuesday, June 03, 2003 10:30 AM Subject: Re: MailScanner and SpamAssassin Did you check their envelope address versus the whitelist? We had a spammer faking their envelope address as someone on our whitelist. -----Original Message----- From: Kris Zabriskie [mailto:zabriskw@itech.net] Sent: Tuesday, June 03, 2003 10:21 AM To: MAILSCANNER@jiscmail.ac.uk Subject: MailScanner and SpamAssassin I am running MailScanner and SpamAssassin, and am VERY pleased with the results! All though, I have noticed a problem, which is probably something in my configuration. Every once and awhile some spam will come through with a rating of 19 or 21, which is well above the limit I have set at 5. If you look in the header it looks like this: X-Priority: 1 X-MSMail-Priority: High X-MailScanner-Information: Please contact the ISP for more information X-MailScanner: Found to be clean X-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (score=19.5, required 5, ALL_NATURAL, BANG_EXERCISE, BAYES_90, CLICK_BELOW_CAPS, DATE_IN_PAST_06_12, DRASTIC_REDUCED, FORGED_MUA_OUTLOOK, FROM_HAS_MIXED_NUMS, HTML_40_50, HTML_FONT_BIG, HTML_FONT_COLOR_BLUE, HTML_FONT_COLOR_RED, HTML_LINK_CLICK_CAPS, HTML_LINK_CLICK_HERE, MANY_EXCLAMATIONS, MIME_HTML_ONLY, MISSING_MIMEOLE, MLM, X_MSMAIL_PRIORITY_HIGH, X_PRIORITY_HIGH) Obviously it is getting through because it is whitelisted. I dont have these guys whitelisted anywhere though. Can someone please point me in the right direction? Any help, as always, will be GREATLY appreciated. Thanks! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030603/dc31c28a/attachment.html From MWeiner at AG.COM Tue Jun 3 15:47:41 2003 From: MWeiner at AG.COM (MW Mike Weiner (5028)) Date: Thu Jan 12 21:18:22 2006 Subject: NDR delivery Message-ID: Thanks, been looking at that and staring for sometime trying to see how the heck MS will use that to decide delivery options. If I understand you correctly, I would need to set the default delivery option in the white and black lists to delete, and add the deliverable users to the whitelist and NDRs in wildcard format to the blacklist. Here is the snippet from my conf file: # Spam Whitelist: # Make this point to a ruleset, and anything in that ruleset whose value # is "yes" will *never* be marked as spam. # This can also be the filename of a ruleset. #Is Definitely Not Spam = no Is Definitely Not Spam = /etc/MailScanner/rules/spam.whitelist.rules # Spam Blacklist: # Make this point to a ruleset, and anything in that ruleset whose value # is "yes" will *always* be marked as spam. # This can also be the filename of a ruleset. # Is Definitely Spam = no Is Definitely Spam = /etc/MailScanner/rules/blacklist.rules And snippet from the spam.whitelist.rules # This is where you can build a Spam WhiteList # Addresses matching in here, with the value # "yes" will never be marked as spam. # Set "Is Definitely Not Spam = /opt/MailScanner/etc/rules/whitelist.rules". # Set addresses to be whitelisted using rules such as From: 152.78. yes #From: 130.246. yes FromOrTo: default no <-- set this to delete?!?!? And add the valid deliverable users here? Then what about the blacklist.rules file?!? I am somewhat confused at this point. Probably due to lack of caffeine dyslexia Thanks as always! Michael Weiner -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: Tuesday, June 03, 2003 10:33 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: NDR delivery Please read the docs in /etc/MailScanner/rules. At 15:21 03/06/2003, you wrote: >Can you possibly give me a hint or a place to start?? Meaning, where would I >find the Nonspam/Spam Action ruleset?? > >Michael >-----Original Message----- >From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] >Sent: Tuesday, June 03, 2003 10:00 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: NDR delivery > >This is the job of the MTA, not MailScanner. >If there aren't many users, you could knock up something with a Spam >Actions ruleset and a Non Spam Actions ruleset (set the default to "delete" >and create explicit "deliver" rules for the users who actually exist). -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From ryanb at AACRAO.ORG Tue Jun 3 15:53:36 2003 From: ryanb at AACRAO.ORG (Bingham, Ryan) Date: Thu Jan 12 21:18:22 2006 Subject: MailScanner and SpamAssassin Message-ID: Check /usr/share/spamassassin/60_whitelist.cf (or wherever you might have the file) This file contains the default SA whitelist. You can either comment out the hosts you don't want (keep in mind that re-installing or upgrading SA will overwrite this file), or I believe you can override these settings with the following entry in your spamassassin.prefs.conf file: unwhitelist_from add@ress.com Julian can confirm if this setting will work in work in spamassassin.prefs.conf. Ryan -----Original Message----- From: Kris Zabriskie [mailto:zabriskw@ITECH.NET] Sent: Tuesday, June 03, 2003 10:47 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MailScanner and SpamAssassin Yes.? None of it matches anything in the spam.whitelist.rules file.? It is a funny thing! ? ? ----- Original Message ----- From: Derek Winkler To: MAILSCANNER@JISCMAIL.AC.UK Sent: Tuesday, June 03, 2003 10:30 AM Subject: Re: MailScanner and SpamAssassin Did you check their envelope address versus the whitelist? We had a spammer faking their envelope address as someone on our whitelist. -----Original Message----- From: Kris Zabriskie [mailto:zabriskw@itech.net] Sent: Tuesday, June 03, 2003 10:21 AM To: MAILSCANNER@jiscmail.ac.uk Subject: MailScanner and SpamAssassin I am running MailScanner and SpamAssassin, and am VERY pleased with the results!? All though, I have noticed a problem, which is probably something in my configuration.? Every once and awhile some spam will come through with a rating of 19 or 21, which is well above the limit I have set at 5.? If you look in the header it looks like this: X-Priority: 1 X-MSMail-Priority: High X-MailScanner-Information: Please contact the ISP for more information X-MailScanner: Found to be clean X-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (score=19.5, ??????? required 5, ALL_NATURAL, BANG_EXERCISE, BAYES_90, CLICK_BELOW_CAPS, ??????? DATE_IN_PAST_06_12, DRASTIC_REDUCED, FORGED_MUA_OUTLOOK, ??????? FROM_HAS_MIXED_NUMS, HTML_40_50, HTML_FONT_BIG, HTML_FONT_COLOR_BLUE, ??????? HTML_FONT_COLOR_RED, HTML_LINK_CLICK_CAPS, HTML_LINK_CLICK_HERE, ??????? MANY_EXCLAMATIONS, MIME_HTML_ONLY, MISSING_MIMEOLE, MLM, ??????? X_MSMAIL_PRIORITY_HIGH, X_PRIORITY_HIGH) Obviously it is getting through because it is whitelisted.? I dont have these guys whitelisted anywhere though.? Can someone please point me in the right direction?? Any help, as always, will be GREATLY appreciated.? Thanks! From nik at BU.EDU Tue Jun 3 16:45:13 2003 From: nik at BU.EDU (Nik Conwell) Date: Thu Jan 12 21:18:22 2006 Subject: Different per user actions on single e-mail with multiple recipients? Message-ID: Question: does MailScanner have the infrastructure to handle different operations at the user level on the same piece of e-mail? Say the server gets a single piece of e-mail with 2 recipients, can recipient1 have a different threshold and tagging than recipient2? If recipient1 has a threshold that tags the e-mail as spam (and changes the subject), but recipient2 doesn't, this would require the qf/df pair (sendmail environment) to be cloned, one for recipient1 (which would have the subject changed) and another for recipient2 (subject left alone). I've looked through the source (4.21-9) and it doesn't look like MailScanner can handle situations like this, but I wanted to double check with the experts. Thanks for any advice. -nik From mbowman at UDCOM.COM Tue Jun 3 17:03:52 2003 From: mbowman at UDCOM.COM (Matthew Bowman) Date: Thu Jan 12 21:18:22 2006 Subject: Different per user actions on single e-mail with multiple recipients? Message-ID: Hello Nik You could setup a ruleset via Within mailscanner.conf Required SpamAssassin Score = 4 e.g. Required SpamAssassin Score = /etc/MailScanner/rules/address.threshold.rules Then within the rules file To: recipient1@domain.tld 4 To: recipient2@domain.tld 5 Then reload MailScanner So if both recipients got an email with a score of 4.1 recipient2 would get it untagged... As I understand it you can either use the domain or the address within this ruleset? HTH Matthew Nik Conwell Sent by: MailScanner mailing list 06/03/2003 11:45 AM Please respond to MailScanner mailing list To: MAILSCANNER@JISCMAIL.AC.UK cc: Subject: Different per user actions on single e-mail with multiple recipients? Question: does MailScanner have the infrastructure to handle different operations at the user level on the same piece of e-mail? Say the server gets a single piece of e-mail with 2 recipients, can recipient1 have a different threshold and tagging than recipient2? If recipient1 has a threshold that tags the e-mail as spam (and changes the subject), but recipient2 doesn't, this would require the qf/df pair (sendmail environment) to be cloned, one for recipient1 (which would have the subject changed) and another for recipient2 (subject left alone). I've looked through the source (4.21-9) and it doesn't look like MailScanner can handle situations like this, but I wanted to double check with the experts. Thanks for any advice. -nik -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030603/642bc177/attachment.html From dot at DOTAT.AT Tue Jun 3 17:20:12 2003 From: dot at DOTAT.AT (Tony Finch) Date: Thu Jan 12 21:18:22 2006 Subject: Different per user actions on single e-mail with multiple recipients? In-Reply-To: Message-ID: Nik Conwell wrote: > >Question: does MailScanner have the infrastructure to handle different >operations at the user level on the same piece of e-mail? No. Your understanding of how it works is correct. (We do spam filtering at the user end, based on the score header that MailScanner adds.) Tony. -- f.a.n.finch http://dotat.at/ HEBRIDES BAILEY: SOUTHEASTERLY 4 OR 5, OCCASIONALLY 6, BECOMING CYCLONIC 6 OR 7 FOR A TIME. SHOWERS THEN RAIN. GOOD BECOMING MODERATE. From mailscanner at ecs.soton.ac.uk Tue Jun 3 18:14:04 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:22 2006 Subject: Different per user actions on single e-mail with multiple recipients? In-Reply-To: References: Message-ID: <5.2.1.1.2.20030603180859.03d10368@imap.ecs.soton.ac.uk> At 17:20 03/06/2003, you wrote: >Nik Conwell wrote: > >Question: does MailScanner have the infrastructure to handle different > >operations at the user level on the same piece of e-mail? > >No. Your understanding of how it works is correct. (We do spam filtering >at the user end, based on the score header that MailScanner adds.) It's a design decision I made when I first started writing MailScanner. Splitting a message up into the minimal number of copies of itself is not trivial to do, and I didn't want MailScanner to be creating mail either (other than simple report messages whose headers are not important). Few spam or virused messages have multiple recipients, and only a small fraction of them would ever actually need to be handled differently. So it was a great saving in complexity against what I always reckoned was a very small benefit. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From MWeiner at AG.COM Tue Jun 3 18:42:17 2003 From: MWeiner at AG.COM (MW Mike Weiner (5028)) Date: Thu Jan 12 21:18:22 2006 Subject: NDR delivery Message-ID: OK, I have in the MailScanner.conf the following: Spam Actions = delete store /etc/MailScanner/spam.whitelist.rules However MS complains loudly that there is a syntax error in my config and refuses to start up correctly. What is the proper syntax here to delete all spam BUT what I tell it in the whitelist rules file?!? Thanks Michael -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: Tuesday, June 03, 2003 10:33 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: NDR delivery Please read the docs in /etc/MailScanner/rules. From jaearick at COLBY.EDU Tue Jun 3 19:06:35 2003 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:18:22 2006 Subject: another syslog tweak, please Message-ID: Julian, Can the syslog output of mailscanner be modified to tell us who the message is (or would be, if deleted) delivered to? For instance, with MS 4-20.3 my syslog shows for a spam message: Jun 3 13:38:00 emerald MailScanner[18296]: Message h53HbmP0028363 from 63.251.6.73 (mailbot@buzzcast.com) to colby.edu is spam, SpamAssassin (score=7.7, required 4, ASCII_FORM_ENTRY, FOR_FREE, HTML_60_70, HTML_COMMENT_8BITS, HTML_FONT_BIG, HTML_FONT_COLOR_RED, HTML_FONT_FACE_BAD, HTML_FONT_FACE_ODD, MIME_HTML_ONLY, PLING_PLING, TO_ADDRESS_EQ_REAL) Could this line also show the recipient, ie: Jun 3 13:38:00 emerald MailScanner[18296]: Message h53HbmP0028363 from 63.251.6.73 (mailbot@buzzcast.com) to colby.edu (joeblow@colby.edu) is spam, ^^^^^^^^^^^^^^^^^^^ SpamAssassin (score=7.7, required 4, ASCII_FORM_ENTRY, FOR_FREE, HTML_60_70, HTML_COMMENT_8BITS, HTML_FONT_BIG, HTML_FONT_COLOR_RED, HTML_FONT_FACE_BAD, HTML_FONT_FACE_ODD, MIME_HTML_ONLY, PLING_PLING, TO_ADDRESS_EQ_REAL) This would help in syslog analysis... Thanks. ----------------------------------- Jeff A. Earickson, Ph.D Senior UNIX Sysadmin and Email Guru Information Technology Services Colby College, 4214 Mayflower Hill, Waterville ME, 04901-8842 phone: 207-872-3659 (fax = 3076) ----------------------------------- From Cleveland at MAIL.WINNEFOX.ORG Tue Jun 3 19:22:15 2003 From: Cleveland at MAIL.WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:18:22 2006 Subject: Upgraded SpamAssassin, now it's not working with MS Message-ID: <84CFA712F666B44A94CE6BE116BAF4B0B4E94D@mail.winnefox.org> Hello, I'm very slowly but surely upgrading. So far, I've upgraded SpamAssassin to 2.55. Since I've done that, it seems spamassassin isn't working any more. Do I need to upgrade my version of MailScanner to get it to "See" the new spamassassin? -- Jody Cleveland (cleveland@mail.winnefox.org) From mailscanner at ecs.soton.ac.uk Tue Jun 3 19:34:43 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:22 2006 Subject: Upgraded SpamAssassin, now it's not working with MS In-Reply-To: <84CFA712F666B44A94CE6BE116BAF4B0B4E94D@mail.winnefox.org> Message-ID: <5.2.1.1.2.20030603193233.027a49d8@imap.ecs.soton.ac.uk> At 19:22 03/06/2003, you wrote: >Hello, > >I'm very slowly but surely upgrading. So far, I've upgraded SpamAssassin >to 2.55. Since I've done that, it seems spamassassin isn't working any >more. Do I need to upgrade my version of MailScanner to get it to "See" >the new spamassassin? How did you do the upgrade? If it was using the RPM, then I'm not surprised. By definition the RPM distro of SpamAssassin cannot work on all versions. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From Cleveland at MAIL.WINNEFOX.ORG Tue Jun 3 19:39:05 2003 From: Cleveland at MAIL.WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:18:22 2006 Subject: Upgraded SpamAssassin, now it's not working with MS Message-ID: <84CFA712F666B44A94CE6BE116BAF4B0B4E94F@mail.winnefox.org> > How did you do the upgrade? If it was using the RPM, then I'm > not surprised. By definition the RPM distro of SpamAssassin > cannot work on all versions. Yeah, it was the 2.55 rpm. Which, when I run it by itself works great. Jody From raymond at PROLOCATION.NET Tue Jun 3 18:45:14 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:22 2006 Subject: Upgraded SpamAssassin, now it's not working with MS In-Reply-To: <84CFA712F666B44A94CE6BE116BAF4B0B4E94F@mail.winnefox.org> Message-ID: Hi! > > How did you do the upgrade? If it was using the RPM, then I'm > > not surprised. By definition the RPM distro of SpamAssassin > > cannot work on all versions. > > Yeah, it was the 2.55 rpm. Which, when I run it by itself works great. Please deinstall the RPM (rpm -e 's) and install via CPAN. There was a posting about this earlier this week about it. perl -MCPAN -e shell CPAN> install Mail::SpamAssassin Bye, Raymond. From nik at BU.EDU Tue Jun 3 19:42:46 2003 From: nik at BU.EDU (Nik Conwell) Date: Thu Jan 12 21:18:22 2006 Subject: Different per user actions on single e-mail with multiple recipients? In-Reply-To: <5.2.1.1.2.20030603180859.03d10368@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030603180859.03d10368@imap.ecs.soton.ac.uk> Message-ID: On Tue, 3 Jun 2003, Julian Field wrote: > At 17:20 03/06/2003, you wrote: > >No. Your understanding of how it works is correct. (We do spam filtering > >at the user end, based on the score header that MailScanner adds.) Interesting - although we have many endpoint systems that would have to implement the filtering / subject tagging. > Splitting a message up into the minimal number of copies of itself is not > trivial to do, and I didn't want MailScanner to be creating mail either Indeed; scary since it would be replicating parts of sendmail, so subject to subtle and not so subtle changes later. Many thanks to all for helping me out with this. It's back to the drawing board for me... Thanks again. -nik From Cleveland at MAIL.WINNEFOX.ORG Tue Jun 3 19:44:34 2003 From: Cleveland at MAIL.WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:18:22 2006 Subject: Upgraded SpamAssassin, now it's not working with MS Message-ID: <84CFA712F666B44A94CE6BE116BAF4B0B4E951@mail.winnefox.org> > Please deinstall the RPM (rpm -e 's) and install via > CPAN. There was a posting about this earlier this week about it. Is there anything I need to do with MailScanner? Jody From dh at UPTIME.AT Tue Jun 3 19:59:51 2003 From: dh at UPTIME.AT (David) Date: Thu Jan 12 21:18:22 2006 Subject: another syslog tweak, please In-Reply-To: Message-ID: <8E333B98-95F5-11D7-9787-000393920D6C@uptime.at> On Dienstag, Juni 3, 2003, at 08:06 Uhr, Jeff A. Earickson wrote: > Julian, > > Can the syslog output of mailscanner be modified to tell us > who the message is (or would be, if deleted) delivered to? > For instance, with MS 4-20.3 my syslog shows for a spam message: I do not know which MTA you use, but with Sendmail simply analyze the ID given -d - we may race and we may run, but we can not undo what has been done. -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 186 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030603/8c709312/PGP.bin From mailscanner at ecs.soton.ac.uk Tue Jun 3 19:58:29 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:22 2006 Subject: Upgraded SpamAssassin, now it's not working with MS In-Reply-To: <84CFA712F666B44A94CE6BE116BAF4B0B4E951@mail.winnefox.org> Message-ID: <5.2.1.1.2.20030603195539.03d57670@imap.ecs.soton.ac.uk> At 19:44 03/06/2003, you wrote: > > Please deinstall the RPM (rpm -e 's) and install via > > CPAN. There was a posting about this earlier this week about it. > >Is there anything I need to do with MailScanner? Use a nice recent version of MailScanner. There are all sorts of locking problems that have to be solved to support SpamAssassin 2.5x and its Bayes database, and I have only written these since SpamAssassin 2.5 settled down. If you use an old MailScanner with SpamAssassin 2.5 and you use the Bayes code, I can't guarantee the integrity of your Bayes db files when nasty things happen. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From Cleveland at MAIL.WINNEFOX.ORG Tue Jun 3 20:13:27 2003 From: Cleveland at MAIL.WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:18:22 2006 Subject: Upgraded SpamAssassin, now it's not working with MS Message-ID: <84CFA712F666B44A94CE6BE116BAF4B0B4E955@mail.winnefox.org> > Use a nice recent version of MailScanner. There are all sorts > of locking problems that have to be solved to support > SpamAssassin 2.5x and its Bayes database, and I have only > written these since SpamAssassin 2.5 settled down. If you use > an old MailScanner with SpamAssassin 2.5 and you use the > Bayes code, I can't guarantee the integrity of your Bayes db > files when nasty things happen. Ok, just so I get this straight when I do this tomorrow morning, I download latest version, run install.sh, then run upgrade_mailscanner_conf? Jody From mailscanner at ecs.soton.ac.uk Tue Jun 3 20:17:00 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:22 2006 Subject: Upgraded SpamAssassin, now it's not working with MS In-Reply-To: <84CFA712F666B44A94CE6BE116BAF4B0B4E955@mail.winnefox.org> Message-ID: <5.2.1.1.2.20030603201429.03d2c0c0@imap.ecs.soton.ac.uk> At 20:13 03/06/2003, you wrote: > > Use a nice recent version of MailScanner. There are all sorts > > of locking problems that have to be solved to support > > SpamAssassin 2.5x and its Bayes database, and I have only > > written these since SpamAssassin 2.5 settled down. If you use > > an old MailScanner with SpamAssassin 2.5 and you use the > > Bayes code, I can't guarantee the integrity of your Bayes db > > files when nasty things happen. > >Ok, just so I get this straight when I do this tomorrow morning, I >download latest version, run install.sh, then run >upgrade_mailscanner_conf? Yep. When you run upgrade_MailScanner_conf (note the capitalisation), it will suggest a suitable command-line to you. When you run that, it will tell you what it has done; read this carefully. And check that /var/spool/MailScanner/incoming has been correctly created, with the right ownership. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From jaearick at COLBY.EDU Tue Jun 3 20:29:12 2003 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:18:22 2006 Subject: another syslog tweak, please In-Reply-To: References: Message-ID: Julian, Doh! I remember the reason you don't do this, multiple recipients. Never mind... --- Jeff On Tue, 3 Jun 2003, Jeff A. Earickson wrote: > Date: Tue, 3 Jun 2003 14:06:35 -0400 > From: Jeff A. Earickson > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: another syslog tweak, please > > Julian, > > Can the syslog output of mailscanner be modified to tell us > who the message is (or would be, if deleted) delivered to? > For instance, with MS 4-20.3 my syslog shows for a spam message: > > Jun 3 13:38:00 emerald MailScanner[18296]: Message h53HbmP0028363 from > 63.251.6.73 (mailbot@buzzcast.com) to colby.edu is spam, SpamAssassin > (score=7.7, required 4, ASCII_FORM_ENTRY, FOR_FREE, HTML_60_70, > HTML_COMMENT_8BITS, HTML_FONT_BIG, HTML_FONT_COLOR_RED, HTML_FONT_FACE_BAD, > HTML_FONT_FACE_ODD, MIME_HTML_ONLY, PLING_PLING, TO_ADDRESS_EQ_REAL) > > Could this line also show the recipient, ie: > > Jun 3 13:38:00 emerald MailScanner[18296]: Message h53HbmP0028363 from > 63.251.6.73 (mailbot@buzzcast.com) to colby.edu (joeblow@colby.edu) is spam, > ^^^^^^^^^^^^^^^^^^^ > SpamAssassin (score=7.7, required 4, ASCII_FORM_ENTRY, FOR_FREE, HTML_60_70, > HTML_COMMENT_8BITS, HTML_FONT_BIG, HTML_FONT_COLOR_RED, HTML_FONT_FACE_BAD, > HTML_FONT_FACE_ODD, MIME_HTML_ONLY, PLING_PLING, TO_ADDRESS_EQ_REAL) > > This would help in syslog analysis... Thanks. > > ----------------------------------- > Jeff A. Earickson, Ph.D > Senior UNIX Sysadmin and Email Guru > Information Technology Services > Colby College, 4214 Mayflower Hill, > Waterville ME, 04901-8842 > phone: 207-872-3659 (fax = 3076) > ----------------------------------- > From Cleveland at MAIL.WINNEFOX.ORG Tue Jun 3 20:35:57 2003 From: Cleveland at MAIL.WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:18:22 2006 Subject: Upgraded SpamAssassin, now it's not working with MS Message-ID: <84CFA712F666B44A94CE6BE116BAF4B0B4E956@mail.winnefox.org> > Yep. When you run upgrade_MailScanner_conf (note the > capitalisation), it will suggest a suitable command-line to > you. When you run that, it will tell you what it has done; > read this carefully. And check that > /var/spool/MailScanner/incoming has been correctly created, > with the right ownership. Sorry for all the basic questions. Is there anything I need to backup first? Jody From mailscanner at ecs.soton.ac.uk Tue Jun 3 20:41:26 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:22 2006 Subject: Upgraded SpamAssassin, now it's not working with MS In-Reply-To: <84CFA712F666B44A94CE6BE116BAF4B0B4E956@mail.winnefox.org> Message-ID: <5.2.1.1.2.20030603204058.0252c110@imap.ecs.soton.ac.uk> At 20:35 03/06/2003, you wrote: > > Yep. When you run upgrade_MailScanner_conf (note the > > capitalisation), it will suggest a suitable command-line to > > you. When you run that, it will tell you what it has done; > > read this carefully. And check that > > /var/spool/MailScanner/incoming has been correctly created, > > with the right ownership. > >Sorry for all the basic questions. Is there anything I need to backup >first? Always a good idea to backup /etc/MailScanner first. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From cparker at SWATGEAR.COM Tue Jun 3 20:47:16 2003 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:18:22 2006 Subject: MailScanner cron job? Message-ID: <001BD19C96E6E64E8750D72C2EA0ECEE1AE08E@ati-ex-01.ati.local> Hello. I've got a Pentium 200mhz machine with 64 megs of ram and I notice that the computer gets REALLY REALLY slow from about 11am to 2pm or thereabouts. Here is an example of how bad it is... [cparker@filter ~/public_html/reports]$ uptime 12:29pm up 18 days, 21:19, 1 user, load average: 10.32, 10.39, 8.96 Isn't that rediculous? The most email we've received in one day was approximately 490. That's oh about 0.34027 emails a minute! Anything going on with mailscanner by default around this time that would slow it down so much? Thanks, Chris. From raymond at PROLOCATION.NET Tue Jun 3 20:53:08 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:22 2006 Subject: MailScanner cron job? In-Reply-To: <001BD19C96E6E64E8750D72C2EA0ECEE1AE08E@ati-ex-01.ati.local> Message-ID: Hi! > [cparker@filter ~/public_html/reports]$ uptime > 12:29pm up 18 days, 21:19, 1 user, load average: 10.32, 10.39, 8.96 > > Isn't that rediculous? Whats more running on that box besided mailscanner ? I had a old Compaq running a long time, Pentium Pro 200, little bit more ram btw, but that pushed out a few thousand messages a day. > Anything going on with mailscanner by default around this time that > would slow it down so much? No, most likely your mail itself peaks those times. Run stats like mailscanner-mrtg to see what your box is doing. I think however that the RAM is the problem. Bye, Raymond. From sanjay.patel at REXWIRE.COM Tue Jun 3 21:07:34 2003 From: sanjay.patel at REXWIRE.COM (Sanjay Patel) Date: Thu Jan 12 21:18:22 2006 Subject: Forwarding spam to FTC Message-ID: <00c801c32a0b$c5c2a320$d601a8c0@Laptop1> This might be a bit of topic for here. But has anyone actually configured their Mailscanner to forward all spam to FTC's spam receiving mailbox? uce@ftc.gov This box was referenced in a article on FTC's site http://www.ftc.gov/opa/1998/07/dozen.htm Sanjay K. Patel From dwinkler at ALGORITHMICS.COM Tue Jun 3 21:13:54 2003 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:18:22 2006 Subject: Forwarding spam to FTC Message-ID: <06EE2C86D3DAD5119A6C0060943F3C97055E6FC4@tormail1.algorithmics.com> Are they doing anything more with them than classifying them and producing brochures? They're only getting 1,000 a day, we can soon change that. -----Original Message----- From: Sanjay Patel [mailto:sanjay.patel@rexwire.com] Sent: Tuesday, June 03, 2003 4:08 PM To: MAILSCANNER@jiscmail.ac.uk Subject: Forwarding spam to FTC This might be a bit of topic for here. But has anyone actually configured their Mailscanner to forward all spam to FTC's spam receiving mailbox? uce@ftc.gov This box was referenced in a article on FTC's site http://www.ftc.gov/opa/1998/07/dozen.htm Sanjay K. Patel -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030603/7668b66a/attachment.html From brian at UNEARTHED.ORG Tue Jun 3 21:16:03 2003 From: brian at UNEARTHED.ORG (Brian May) Date: Thu Jan 12 21:18:22 2006 Subject: Forwarding spam to FTC References: <00c801c32a0b$c5c2a320$d601a8c0@Laptop1> Message-ID: <002401c32a0d$742159b0$9701020a@brianmay> First off... you don't want to to that... NEVER automagically forward spam to an outside address unless you are 1000% positive the email is in fact, spam. I save all of my spam in a mbox style format and run handlespam.pl by Theo Van Dinter , http://www.kluge.net/~felicity/random/handlespam.txt from the file: # ** strip out my X-Reject headers for all processing except archiving # ** report the message ala 'spamassassin -r' to Razor, DCC, Pyzor, and # (if available) the Bayes classifier # ** if the message was relayed through a third-party (there are more than 1 # "Received:" headers,) do an open-relay check of that server. if the # server is an open-relay, report them to various open relay databases. # Need my "testrelay" script for this, so off by default. # ** if the sending server doesn't have a proper lookup, block their class C # network. this is a little extreme, I know, but the majority of spam is # either relayed through someone who has no clue, or is directly from # someone without a clue. any decently managed network will have proper # DNS setup for their hosts. # ** report the message to spamcop # ** report the message to the FTC # ** move the message to a spam archive for later referencing # ** if the message wasn't caught by spamassassin (SA), bounce to the # spamassassin-sightings mailing list. (No "X-Spam-Status: Yes" header) # This list is actually defunct now, so the feature is off by default. # ** if the message is a bounce from majordomo (for "X-Spam-Flag: YES"), # then unbounce the message before processing. # Incoming mail is scanned via SpamAssassin. Mail that is determined # to be spam is saved into "spam-work". I then periodically go through # and take all actual spam and move it into a folder I call "hs". A cron # job then runs this script over "hs" to handle the reporting process. # Output from handlespam is sent to me via cron, so I can easily see what # was handled, and I can easily cut/paste into my sendmail accessdb. I've been using it for almost a year now.. works awesome.. Brian ----- Original Message ----- From: "Sanjay Patel" To: Sent: Tuesday, June 03, 2003 1:07 PM Subject: Forwarding spam to FTC This might be a bit of topic for here. But has anyone actually configured their Mailscanner to forward all spam to FTC's spam receiving mailbox? uce@ftc.gov This box was referenced in a article on FTC's site http://www.ftc.gov/opa/1998/07/dozen.htm Sanjay K. Patel From brian at UNEARTHED.ORG Tue Jun 3 21:19:23 2003 From: brian at UNEARTHED.ORG (Brian May) Date: Thu Jan 12 21:18:22 2006 Subject: Forwarding spam to FTC References: <06EE2C86D3DAD5119A6C0060943F3C97055E6FC4@tormail1.algorithmics.com> Message-ID: <002501c32a0d$75dfab80$9701020a@brianmay> RE: Forwarding spam to FTConly 1000 a day? Damn.. I'm 1/5th of their trafic... Brian ----- Original Message ----- From: Derek Winkler To: MAILSCANNER@JISCMAIL.AC.UK Sent: Tuesday, June 03, 2003 1:13 PM Subject: Re: Forwarding spam to FTC Are they doing anything more with them than classifying them and producing brochures? They're only getting 1,000 a day, we can soon change that. -----Original Message----- From: Sanjay Patel [mailto:sanjay.patel@rexwire.com] Sent: Tuesday, June 03, 2003 4:08 PM To: MAILSCANNER@jiscmail.ac.uk Subject: Forwarding spam to FTC This might be a bit of topic for here. But has anyone actually configured their Mailscanner to forward all spam to FTC's spam receiving mailbox? uce@ftc.gov This box was referenced in a article on FTC's site http://www.ftc.gov/opa/1998/07/dozen.htm Sanjay K. Patel -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030603/98eb5627/attachment.html From vnarayan at HAVERFORD.EDU Tue Jun 3 20:55:24 2003 From: vnarayan at HAVERFORD.EDU (Vasantha Narayanan) Date: Thu Jan 12 21:18:22 2006 Subject: SpamAssassin timed out and was killed... box too slow? In-Reply-To: <001BD19C96E6E64E8750D72C2EA0ECEE1AE087@ati-ex-01.ati.local > Message-ID: <5.1.0.14.0.20030603153509.02bd48b8@popmail.haverford.edu> Did you find a solution yet? I'm having the same problem. My time outs are set as per the suggestion on the list. I was not successful in running lint. But when I run it in debug, the only notable error is "unix passed to setlogsock, but path not available at /opt/MailScanner/lib/MailScanner/Log.pm line 62". I do not know how significan this is. When I run spamassassin, the mail scanning becomes very slow. A lot of mail gets accumulated in the incoming queue waiting to get scanned. The load an the system gets very high as well. Of course, I keep getting the following errors: Jun 3 15:39:45 nisc4 MailScanner[3585]: SpamAssassin timed out and was killed, consecutive failure 1 of 20 Jun 3 15:40:06 nisc4 MailScanner[3619]: SpamAssassin timed out and was killed, consecutive failure 1 of 20 Jun 3 15:40:11 nisc4 MailScanner[3698]: SpamAssassin timed out and was killed, consecutive failure 1 of 20 Jun 3 15:41:15 nisc4 MailScanner[3606]: SpamAssassin timed out and was killed, consecutive failure 1 of 20 Jun 3 15:41:17 nisc4 MailScanner[3576]: SpamAssassin timed out and was killed, consecutive failure 2 of 20 Jun 3 15:41:18 nisc4 MailScanner[3642]: SpamAssassin timed out and was killed, consecutive failure 1 of 20 Thanks. Vasantha At 12:59 PM 6/2/2003 -0700, you wrote: >Hello. > >We have relatively low email traffic (approx. 450/day on work days) and I >receive quite a few of these in my /var/log/maillog: > >May 17 04:03:08 filter MailScanner[3324]: SpamAssassin timed out and was >killed, consecutive failure 1 of 20 > >Does this mean my computer is too slow? It's a 200mhz pentium!!! :) I can >imagine that it IS too slow, but I just want to make sure it's not a >configuration problem. Do you think increasing the timeout would help or >would that make it worse? > > >Thaks, >Chris. VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV Vasantha Narayanan Networking and Systems email: vnarayan@haverford.edu Haverford College, PA Phone: 610-896-1110 From kevins at BMRB.CO.UK Tue Jun 3 21:23:48 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:22 2006 Subject: MailScanner cron job? In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB001175710@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB001175710@pascal.priv.bmrb.co.uk> Message-ID: <1054671829.12669.20.camel@bach.kevinspicer.co.uk> >Whats more running on that box besided mailscanner ? I had a old Compaq >running a long time, Pentium Pro 200, little bit more ram btw, but that >pushed out a few thousand messages a day. Similar experiences here, have pushed serveral thousand mesasges per day through a low spec machine, but again with more ram than 64M > I think however that the RAM is the problem. Me too, you can reduce your ram usage by reducing the number of MailScanner children (in MS.conf), turning off Bayes & autowhitelisting in SA may help (although autowhitelisting should be off anyway). Don't put the mailscanner work directory in tmpfs if you're short of ram (almost certainly disk IO isn't your problem). BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From smhickel at CHARTERMI.NET Tue Jun 3 21:24:01 2003 From: smhickel at CHARTERMI.NET (Steve Hickel) Date: Thu Jan 12 21:18:22 2006 Subject: Sendmail in TOP Message-ID: <200306032024.h53KO1H20024@chartermi.net> All, I upgraded to MailScanner 4.21 but now have all these sendmails going? Any thoughts? I did the service sendmail stop and the chkconfig thing. Steve 9831 root 15 0 11004 5816 5464 S 25.0 4.6 0:58 MailScanner 10103 root 15 0 1068 1068 860 R 1.3 0.8 0:01 top 9960 root 15 0 3012 2804 2232 S 0.5 2.2 0:00 sendmail 10460 root 15 0 3004 3004 2096 S 0.5 2.3 0:00 sendmail 10738 root 15 0 2836 2836 2044 S 0.5 2.2 0:00 sendmail 9801 root 15 0 2384 2024 1900 S 0.0 1.6 0:00 sendmail 9806 smmsp 16 0 2132 1720 1712 S 0.0 1.3 0:00 sendmail 9813 root 16 0 2224 1776 1776 S 0.0 1.4 0:00 sendmail 9815 root 15 0 2932 2724 2164 S 0.0 2.1 0:00 sendmail 9960 root 15 0 2932 2764 2228 S 0.0 2.1 0:00 sendmail 10017 root 15 0 2848 2736 2104 S 0.0 2.1 0:00 sendmail 10044 root 15 0 2708 2708 1996 S 0.0 2.1 0:00 sendmail 10084 root 15 0 2936 2936 2064 S 0.0 2.3 0:00 sendmail From sanjay.patel at REXWIRE.COM Tue Jun 3 21:25:23 2003 From: sanjay.patel at REXWIRE.COM (Sanjay Patel) Date: Thu Jan 12 21:18:22 2006 Subject: Forwarding spam to FTC In-Reply-To: <002501c32a0d$75dfab80$9701020a@brianmay> Message-ID: <00cd01c32a0e$430b0410$d601a8c0@Laptop1> my main goal was to let FTC what a real problem spam really is. As we all know Government lives in a sheltered world. I think if a few 100 of us start forwarding spam to them as they request they might get a better idea what spam problem is. -Sanjay -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Brian May Sent: Tuesday, June 03, 2003 4:19 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Forwarding spam to FTC only 1000 a day? Damn.. I'm 1/5th of their trafic... Brian ----- Original Message ----- From: Derek Winkler To: MAILSCANNER@JISCMAIL.AC.UK Sent: Tuesday, June 03, 2003 1:13 PM Subject: Re: Forwarding spam to FTC Are they doing anything more with them than classifying them and producing brochures? They're only getting 1,000 a day, we can soon change that. -----Original Message----- From: Sanjay Patel [mailto:sanjay.patel@rexwire.com] Sent: Tuesday, June 03, 2003 4:08 PM To: MAILSCANNER@jiscmail.ac.uk Subject: Forwarding spam to FTC This might be a bit of topic for here. But has anyone actually configured their Mailscanner to forward all spam to FTC's spam receiving mailbox? uce@ftc.gov This box was referenced in a article on FTC's site http://www.ftc.gov/opa/1998/07/dozen.htm Sanjay K. Patel From kevins at BMRB.CO.UK Tue Jun 3 21:31:59 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:22 2006 Subject: Sendmail in TOP In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB001175717@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB001175717@pascal.priv.bmrb.co.uk> Message-ID: <1054672319.12669.26.camel@bach.kevinspicer.co.uk> >On Tue, 2003-06-03 at 21:24, Steve Hickel wrote: >All, >I upgraded to MailScanner 4.21 but now have all these sendmails going? >Any thoughts? I did the service sendmail stop and the chkconfig thing. Probably you've done this but... service MailScanner stop service sendmail stop [Wait a while to make sure the processes die] ps -elf | grep sendmail [kill any sendmail processes] ps -elf | grep sendmail [to check] service MailScanner start Now if you've still got loads of sendmails running odds are they are being called by MailScanner to deliver mail or are children of the other sendmail processes. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From FCaen at CI.LAKEWOOD.WA.US Tue Jun 3 21:48:30 2003 From: FCaen at CI.LAKEWOOD.WA.US (Francois Caen) Date: Thu Jan 12 21:18:22 2006 Subject: Forwarding spam to FTC Message-ID: -----Original Message----- From: Sanjay Patel [mailto:sanjay.patel@REXWIRE.COM] > As we all know Government lives in a sheltered world. That's a rather broad statement. We're government and we use MS + Spam Assassin :-) --------------------------------------------- Francois Caen Network Information Systems Engineer - Webmaster City of Lakewood, WA (253) 512-2269 NOTICE: The Information contained in this transmission is privileged and confidential. It is intended for the use of the individual or entity named above. If the reader of this message is not the intended addressee or other legitimate recipient, the reader is hereby notified that any consideration, dissemination or duplication of this communication is strictly prohibited. If the addressee has received this communication in error, please return it to the above address by mail and notify this office by telephone. City of Lakewood From brian at UNEARTHED.ORG Tue Jun 3 21:43:06 2003 From: brian at UNEARTHED.ORG (Brian May) Date: Thu Jan 12 21:18:22 2006 Subject: Forwarding spam to FTC References: <00cd01c32a0e$430b0410$d601a8c0@Laptop1> Message-ID: <004901c32a12$9ac16790$9701020a@brianmay> You also have to remember that the 1,000 emails was a figure from 1998... I read the press release after I replied to your message... so its been a good 5 years... I'm sure they are seeing a LOT more than 1000 a day.. ----- Original Message ----- From: "Sanjay Patel" To: Sent: Tuesday, June 03, 2003 1:25 PM Subject: Re: Forwarding spam to FTC my main goal was to let FTC what a real problem spam really is. As we all know Government lives in a sheltered world. I think if a few 100 of us start forwarding spam to them as they request they might get a better idea what spam problem is. -Sanjay -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Brian May Sent: Tuesday, June 03, 2003 4:19 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Forwarding spam to FTC only 1000 a day? Damn.. I'm 1/5th of their trafic... Brian ----- Original Message ----- From: Derek Winkler To: MAILSCANNER@JISCMAIL.AC.UK Sent: Tuesday, June 03, 2003 1:13 PM Subject: Re: Forwarding spam to FTC Are they doing anything more with them than classifying them and producing brochures? They're only getting 1,000 a day, we can soon change that. -----Original Message----- From: Sanjay Patel [mailto:sanjay.patel@rexwire.com] Sent: Tuesday, June 03, 2003 4:08 PM To: MAILSCANNER@jiscmail.ac.uk Subject: Forwarding spam to FTC This might be a bit of topic for here. But has anyone actually configured their Mailscanner to forward all spam to FTC's spam receiving mailbox? uce@ftc.gov This box was referenced in a article on FTC's site http://www.ftc.gov/opa/1998/07/dozen.htm Sanjay K. Patel From sailer at BNL.GOV Tue Jun 3 21:55:31 2003 From: sailer at BNL.GOV (Tim Sailer) Date: Thu Jan 12 21:18:22 2006 Subject: Forwarding spam to FTC In-Reply-To: References: Message-ID: <20030603205531.GC26546@bnl.gov> On Tue, Jun 03, 2003 at 01:48:30PM -0700, Francois Caen wrote: > -----Original Message----- > From: Sanjay Patel [mailto:sanjay.patel@REXWIRE.COM] > > > As we all know Government lives in a sheltered world. > > That's a rather broad statement. We're government and we use MS + Spam > Assassin :-) Us too! Tim -- Tim Sailer Brookhaven National Laboratory (631) 344-3001 From sanjay.patel at REXWIRE.COM Tue Jun 3 21:59:24 2003 From: sanjay.patel at REXWIRE.COM (Sanjay Patel) Date: Thu Jan 12 21:18:22 2006 Subject: Forwarding spam to FTC In-Reply-To: Message-ID: <00d501c32a13$03cc1f00$d601a8c0@Laptop1> I was referring the national government whom FTC is a part of. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Francois Caen Sent: Tuesday, June 03, 2003 4:49 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Forwarding spam to FTC -----Original Message----- From: Sanjay Patel [mailto:sanjay.patel@REXWIRE.COM] > As we all know Government lives in a sheltered world. That's a rather broad statement. We're government and we use MS + Spam Assassin :-) --------------------------------------------- Francois Caen Network Information Systems Engineer - Webmaster City of Lakewood, WA (253) 512-2269 NOTICE: The Information contained in this transmission is privileged and confidential. It is intended for the use of the individual or entity named above. If the reader of this message is not the intended addressee or other legitimate recipient, the reader is hereby notified that any consideration, dissemination or duplication of this communication is strictly prohibited. If the addressee has received this communication in error, please return it to the above address by mail and notify this office by telephone. City of Lakewood From cparker at SWATGEAR.COM Tue Jun 3 22:51:10 2003 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:18:22 2006 Subject: MailScanner has taken over my computer (or so it seems) Message-ID: <001BD19C96E6E64E8750D72C2EA0ECEE2B7BDB@ati-ex-01.ati.local> Hello. I sent an email to the list a few hours ago but it's yet to come back to me so I'm sending it again. (I think the reason it hasn't come back is because the computer is so bogged down it cannot process the mails.) Currently I've got about 200 emails in the queue waiting to be processed. I've tried shutting down mailscanner, shutting down sendmail, as well as killing all sendmail/mailscanner processes. After everything has been killed and the box stops accessing the HD 30 seconds or so later all the processes start back up again and I'm back in h3ll fighting the MailScanner demon. (Not to say that MailScanner does not work well, but maybe on this computer it's too much for it and/or maybe I've got it configured wrong. [Likely.]) If you kind people could send all your replies to cparker@wrack.org and not reply to this email address (as it will probably just sit in the queue) I would really appreciate it. What I need to know is why the computer (for the past 3-4 hours) continuously accesses the harddrive until all mailscanner processes have been killed. As soon as I kill the last mailscanner process, the hard drive stop going nuts and things pretty much back to normal. Thanks and I hope to hear from someone soon (at cparker@wrack.org and not this email address). Chris. From hunter at userfriendly.net Tue Jun 3 22:58:03 2003 From: hunter at userfriendly.net (Michael Weiner) Date: Thu Jan 12 21:18:22 2006 Subject: NDR delivery In-Reply-To: <5.2.0.9.2.20030603144859.0786afa0@imap.ecs.soton.ac.uk> References: <5.2.0.9.2.20030603144859.0786afa0@imap.ecs.soton.ac.uk> Message-ID: <1054677478.2373.49.camel@nomad.userfriendly.net> I am still unsure what the syntax of the deliver rules will look like. I can set the Spam and Nonspam Action rulesets up to delet eby default, butt where do the delivery rules go, and what format would they take? Thanks Michael Weinre -- On Tue, 2003-06-03 at 10:00, Julian Field wrote: > This is the job of the MTA, not MailScanner. > If there aren't many users, you could knock up something with a Spam > Actions ruleset and a Non Spam Actions ruleset (set the default to "delete" > and create explicit "deliver" rules for the users who actually exist). -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030603/960ea38e/attachment.bin From cparker at SWATGEAR.COM Tue Jun 3 23:20:40 2003 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:18:22 2006 Subject: MailScanner has taken over my computer (or so it seems) Message-ID: <001BD19C96E6E64E8750D72C2EA0ECEE2B7BDC@ati-ex-01.ati.local> For some strange reason/miracle everything is back to normal and in probably less than one minute all my queued mail came through all at once. The last change I made was to take the MailScanner child processes down from 5 to 1. Before I made the change to the .conf file I killed everything and shut everything down. After I did that (along with changing the file) I restarted mailscanner and now it's humming along. Sorry for the trouble, but if anyone knows what's happening I'd truly appreciate a heads up. Thanks, Chris. From cparker at SWATGEAR.COM Tue Jun 3 23:28:06 2003 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:18:22 2006 Subject: SpamAssassin timed out and was killed... box too slow? Message-ID: <001BD19C96E6E64E8750D72C2EA0ECEE1AE090@ati-ex-01.ati.local> Vasantha Narayanan wrote: > Did you find a solution yet? No I did not. > I'm having the same problem. I feel your pain. :( Chris. From mike at CAMAROSS.NET Tue Jun 3 23:37:31 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:18:22 2006 Subject: SpamAssassin timed out and was killed... box too slow? In-Reply-To: <001BD19C96E6E64E8750D72C2EA0ECEE1AE090@ati-ex-01.ati.local> Message-ID: <00b001c32a20$b8481e40$6701a8c0@home.middlefinger.net> What kind of horsepower does your box have? OS? Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Chris W. Parker Sent: Tuesday, June 03, 2003 5:28 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: SpamAssassin timed out and was killed... box too slow? Vasantha Narayanan wrote: > Did you find a solution yet? No I did not. > I'm having the same problem. I feel your pain. :( Chris. From cparker at SWATGEAR.COM Tue Jun 3 23:43:05 2003 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:18:22 2006 Subject: SpamAssassin timed out and was killed... box too slow? Message-ID: <001BD19C96E6E64E8750D72C2EA0ECEE2B7BE1@ati-ex-01.ati.local> Mike Kercher wrote: > What kind of horsepower does your box have? OS? Redhat 8, 200mhz Pentium with 64mb ram. From mike at CAMAROSS.NET Tue Jun 3 23:45:17 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:18:22 2006 Subject: SpamAssassin timed out and was killed... box too slow? In-Reply-To: <001BD19C96E6E64E8750D72C2EA0ECEE2B7BE1@ati-ex-01.ati.local> Message-ID: <00b101c32a21$ce6fb2e0$6701a8c0@home.middlefinger.net> Do you have some more RAM you could throw at that machine? What other services are you also running on there? -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Chris W. Parker Sent: Tuesday, June 03, 2003 5:43 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: SpamAssassin timed out and was killed... box too slow? Mike Kercher wrote: > What kind of horsepower does your box have? OS? Redhat 8, 200mhz Pentium with 64mb ram. From cparker at SWATGEAR.COM Tue Jun 3 23:51:57 2003 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:18:22 2006 Subject: MailScanner cron job? Message-ID: <001BD19C96E6E64E8750D72C2EA0ECEE1AE091@ati-ex-01.ati.local> Kevin Spicer wrote: > > Whats more running on that box besided mailscanner ? I had a old > > Compaq running a long time, Pentium Pro 200, little bit more ram > > btw, but that pushed out a few thousand messages a day. > > Similar experiences here, have pushed serveral thousand mesasges per > day through a low spec machine, but again with more ram than 64M It also runs MySQL, Apache, MRTG, vsftp. MySQL and Apache are being used for some projects I'm working on at the moment. They get VERY little use. But I understand that they can use a good amount of memory when you've only got 64. MRTG monitors about 10 different things every 5 minutes. vsftp is used to upload/download web stuff. > > I think however that the RAM is the problem. We have one other computer lying around that's not being used which should be substantially faster than this one. The only thing left to do is get permission to use it. > Me too, you can reduce your ram usage by reducing the number of > MailScanner children (in MS.conf), turning off Bayes & > autowhitelisting in SA may help (although autowhitelisting should be > off anyway). Bayes is by default turned off (iirc) as well as autowhitelisting and I have not turned them on. To be sure I checked and they are indeed off. > Don't put the mailscanner work directory in tmpfs if you're short of > ram (almost certainly disk IO isn't your problem). I don't know what you mean by this. Could you instruct me a little further? Thanks, Chris. From mike at CAMAROSS.NET Tue Jun 3 23:53:14 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:18:22 2006 Subject: MailScanner cron job? In-Reply-To: <001BD19C96E6E64E8750D72C2EA0ECEE1AE091@ati-ex-01.ati.local> Message-ID: <00b501c32a22$eb4f8e20$6701a8c0@home.middlefinger.net> Shee0t...just TAKE the machine :) tmpfs is a ramdrive. Some people move their /var/spool/MailScanner/incoming to a ramdrive to speed up processing. Less disk I/O = more speed. Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Chris W. Parker Sent: Tuesday, June 03, 2003 5:52 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MailScanner cron job? Kevin Spicer wrote: > > Whats more running on that box besided mailscanner ? I had a old > > Compaq running a long time, Pentium Pro 200, little bit more ram > > btw, but that pushed out a few thousand messages a day. > > Similar experiences here, have pushed serveral thousand mesasges per > day through a low spec machine, but again with more ram than 64M It also runs MySQL, Apache, MRTG, vsftp. MySQL and Apache are being used for some projects I'm working on at the moment. They get VERY little use. But I understand that they can use a good amount of memory when you've only got 64. MRTG monitors about 10 different things every 5 minutes. vsftp is used to upload/download web stuff. > > I think however that the RAM is the problem. We have one other computer lying around that's not being used which should be substantially faster than this one. The only thing left to do is get permission to use it. > Me too, you can reduce your ram usage by reducing the number of > MailScanner children (in MS.conf), turning off Bayes & > autowhitelisting in SA may help (although autowhitelisting should be > off anyway). Bayes is by default turned off (iirc) as well as autowhitelisting and I have not turned them on. To be sure I checked and they are indeed off. > Don't put the mailscanner work directory in tmpfs if you're short of > ram (almost certainly disk IO isn't your problem). I don't know what you mean by this. Could you instruct me a little further? Thanks, Chris. From j.figueira at mail.pt Wed Jun 4 00:10:13 2003 From: j.figueira at mail.pt (J. Figueira) Date: Thu Jan 12 21:18:22 2006 Subject: Huge delay delivering mail Message-ID: <200306032310.h53NAES31233@ori.rl.ac.uk> Hi again, For what I've seen I suspect it's sendmail2 that isn't being called... Does this make sense? The mail usually takes up to 10 minutes and more to be delivered (this is the largest delay I've registered). I suppose it's when sendmail queue is flushed, like you said... Any tips on what might be wrong? thank you Figueira > At 13:00 03/06/2003, you wrote: > >Hello, > > > >I've installed mailscanner some time ago, (and I am quite happy with it ;) > >). The problem is that it takes too long between receiving the mail message > >and delivering it to the recipient. > > > >At first I thought it could be the batch mode. I configured it to scan all > >the messages at the moment they arrive. It still takes a lot of time to > >deliver... > > > >any tips or ideas? > > Check the "Sendmail" and "Sendmail2" settings. Particularly if you aren't > using sendmail as your MTA. If these are wrong, it can end up waiting until > the next queue run happens before delivering your messages. > > On a lightly loaded system, the latency through MailScanner should be 1 or > 2 seconds. Anything much longer than that is wrong. > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > -- Adira já ao Net Dialup Light. Acesso profissional gratuito. NovisNet, a Internet de quem trabalha. http://www.novisnet.pt From Steve at swaney.com Wed Jun 4 03:54:01 2003 From: Steve at swaney.com (Stephen Swaney) Date: Thu Jan 12 21:18:22 2006 Subject: Attachment feature in MailScanner 4.21-9 In-Reply-To: References: <20030602150159.GB13592@carrick.bishnet.net> <20030603072530.GH17784@carrick.bishnet.net> <20030603072530.GH17784@carrick.bishnet.net> Message-ID: <1054695241.27182.98.camel@speedy> If you haven't tried the attachment feature in the latest version of MailScanner - DO! Our users love it. No more nasty images or offensive messages. It's nice to get some kudos from the users for a change. It's believe it's worth an upgrade just for this feature. My upgrades to RH 7 and RH 8 and RH 9 systems were absolutely painless. This doesn't mean you shouldn't test first, just that the updates on my systems went well. Steve Stephen Swaney President Fortress Systems, Ltd. Steve.Swaney@fsl.com Phone: 202 352-3262 U.S. Toll Free Phone and Fax: 877 746-6636 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030603/9a4593cc/attachment.html From forrie at FORRIE.COM Wed Jun 4 07:19:15 2003 From: forrie at FORRIE.COM (Forrest Aldrich) Date: Thu Jan 12 21:18:22 2006 Subject: Forwarding spam to FTC In-Reply-To: <00d501c32a13$03cc1f00$d601a8c0@Laptop1> References: Message-ID: <6.0.0.9.2.20030604021706.01e40cd8@192.168.1.1> At 04:59 PM 6/3/2003, you wrote: >I was referring the national government whom FTC is a part of. [ ... ] I wouldn't expect the FTC to handle anything other than a high-profile case -- they can't possibly have the resources to do that (read: goverment salaries, limited resources). Not necessarily their fault :-) Regarding the script at http://www.kluge.net/~felicity/random/handlespam.txt This seems very useful and could be modified. I actually posted a message elsewhere asking if someone had made such a beast - I'm spending way too much time forwarding spam to RICOCHET and RAZOR-REPORT. However, there are times where RICOCHET cannot get complete info through XWhois (perl) and crashes -- sometimes it's pretty obviously a parsing error and you must manually submit --- so an error condition would need to be added to this one. Forrest From raymond at PROLOCATION.NET Wed Jun 4 07:33:57 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:22 2006 Subject: New f-prot Message-ID: Hi! New versions are out it seems: Mirrored ftp.f-prot.com F-PROT mirror (ftp.f-prot.com:/pub -> /home/ftp/pub/Antivirus/ftp.f-prot.com) ftp.f-prot.com F-PROT mirror @ 4 Jun 103 02:31 Got bsd/MD5SUMS 388 1 Got bsd/fp-freebsd-ws-4.0.0.tar.gz.md5 61 1 Got bsd/fp-freebsd-ws.tar.gz.md5 55 0 Got bsd/fp-netbsd-ws-4.0.0.tar.gz.md5 60 1 Got bsd/fp-netbsd-ws.tar.gz.md5 54 0 Got bsd/fp-openbsd-ws-4.0.0.tar.gz.md5 61 1 Got bsd/fp-openbsd-ws.tar.gz.md5 55 1 Got bsd/fp-openbsd-ws-4.0.0.tar.gz 1980310 8 Got bsd/fp-netbsd-ws-4.0.0.tar.gz 1979358 8 Got bsd/fp-freebsd-ws-4.0.0.tar.gz 1979215 9 Got linux/fp-linux-ws.rpm.md5 50 0 Got linux/fp-linux-ws.tar.gz.md5 53 1 Got linux/fp-linux-ws_4.0.0-1_i386.deb.md5 63 0 Got linux/MD5SUMS 380 1 Got linux/fp-linux-ws-4.0.0-1.i386.rpm.md5 63 1 Got linux/fp-linux-ws-4.0.0.tar.gz.md5 59 0 Got linux/fp-linux-ws.deb.md5 50 1 Got linux/fp-linux-ws-4.0.0-1.i386.rpm 2158049 9 Got linux/fp-linux-ws-4.0.0.tar.gz 2169796 9 Got linux/fp-linux-ws_4.0.0-1_i386.deb 2155482 8 Did anyone try yet if the wrapper still works on the new version ? Bye, Raymond. From tim-lists at BISHNET.NET Wed Jun 4 08:28:26 2003 From: tim-lists at BISHNET.NET (Tim Bishop) Date: Thu Jan 12 21:18:22 2006 Subject: New f-prot In-Reply-To: References: Message-ID: <20030604072826.GD30883@carrick.bishnet.net> On Wed, Jun 04, 2003 at 08:33:57AM +0200, Raymond Dijkxhoorn wrote: > New versions are out it seems: > > ... > > Did anyone try yet if the wrapper still works on the new version ? Not yet, I was sort of hoping someone else would :) Tim. -- Tim Bishop http://www.bishnet.net/tim PGP Key: 0x5AE7D984 From raymond at PROLOCATION.NET Wed Jun 4 09:54:35 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:22 2006 Subject: New f-prot In-Reply-To: <20030604072826.GD30883@carrick.bishnet.net> Message-ID: Hi! > > Did anyone try yet if the wrapper still works on the new version ? > > Not yet, I was sort of hoping someone else would :) Seems to work just fine, the program version is different but the scanning engine is about the same version. See: [root@vmx01 f-prot]# ./f-prot /etc/passwd Virus scanning report - 4 June 2003 @ 10:37 F-PROT ANTIVIRUS Program version: 3.13 Engine version: 3.13.1 VIRUS SIGNATURE FILES SIGN.DEF created 31 May 2003 SIGN2.DEF created 31 May 2003 MACRO.DEF created 2 June 2003 Search: /etc/passwd Action: Report only Files: Attempt to identify files Switches: Results of virus scanning: Files: 1 MBRs: 0 Boot sectors: 0 Objects scanned: 1 Time: 0:00 No viruses or suspicious files/boot sectors were found. [root@vmx01 f-prot]# [root@vmx01 f-prot]# ./f-prot /etc/passwd Virus scanning report - 4 June 2003 @ 10:37 F-PROT ANTIVIRUS Program version: 4.0.0 Engine version: 3.13.3 VIRUS SIGNATURE FILES SIGN.DEF created 31 May 2003 SIGN2.DEF created 31 May 2003 MACRO.DEF created 2 June 2003 Search: /etc/passwd Action: Report only Files: Attempt to identify files Switches: Results of virus scanning: Files: 1 MBRs: 0 Boot sectors: 0 Objects scanned: 1 Time: 0:00 No viruses or suspicious files/boot sectors were found. [root@vmx01 f-prot]# Output is identical. I have it running on one of my relays now, so far so good. I also had a look on the license.html thats included in the package, seems nothing different from the old version. Bye, Raymond. From dot at DOTAT.AT Wed Jun 4 09:51:09 2003 From: dot at DOTAT.AT (Tony Finch) Date: Thu Jan 12 21:18:22 2006 Subject: MailScanner cron job? In-Reply-To: Message-ID: "Chris W. Parker" wrote: > >I've got a Pentium 200mhz machine with 64 megs of ram and I notice that = >the computer gets REALLY REALLY slow from about 11am to 2pm or = >thereabouts. Here is an example of how bad it is... > >[cparker@filter ~/public_html/reports]$ uptime > 12:29pm up 18 days, 21:19, 1 user, load average: 10.32, 10.39, 8.96 > >Isn't that rediculous? You probably have a Max Children setting that's too high. Unlike Apache (whose child worker processes don't do anything when the machine is idle, and will happily page out), MailScanner is continuously active scanning the incoming queue for new messages. Also unlike Apache, MailScanner's child processes are big and don't share much of their memory -- on my setup each child uses 20MB. I would run with Max Children = 2 on your machine. Tony. -- f.a.n.finch http://dotat.at/ FAIR ISLE: SOUTHEASTERLY 5 OR 6 BECOMING VARIABLE 3 OR 4. RAIN AT TIMES. MODERATE WITH FOG PATCHES BECOMING GOOD. From raymond at PROLOCATION.NET Wed Jun 4 10:26:42 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:22 2006 Subject: New f-prot In-Reply-To: Message-ID: Hi! > > Not yet, I was sort of hoping someone else would :) > > Seems to work just fine, the program version is different but the scanning > engine is about the same version. Seems safe to install :) Jun 4 11:21:06 vmx01 sendmail[27985]: h549L6gv027985: to=, delay=00:00:00, mailer=smtp, pri=30454, stat=queued Jun 4 11:21:07 vmx01 MailScanner[27724]: New Batch: Scanning 1 messages, 331025 bytes Jun 4 11:21:07 vmx01 MailScanner[27724]: Spam Checks: Starting Jun 4 11:21:10 vmx01 MailScanner[27724]: Virus and Content Scanning: Starting Jun 4 11:21:10 vmx01 MailScanner[27724]: /var/spool/MailScanner/incoming/27724/h549L6gv027985/test.zip->Gaq.scr Infection: W32/Klez.H@mm Jun 4 11:21:10 vmx01 MailScanner[27724]: Virus Scanning: F-Prot found virus W32/Klez.H@mm Jun 4 11:21:10 vmx01 MailScanner[27724]: /var/spool/MailScanner/incoming/27724/h549L6gv027985/test.zip->Hacker.scr Infection: W32/Lentin.H@mm Jun 4 11:21:10 vmx01 MailScanner[27724]: Virus Scanning: F-Prot found virus W32/Lentin.H@mm Jun 4 11:21:10 vmx01 MailScanner[27724]: /var/spool/MailScanner/incoming/27724/h549L6gv027985/test.zip->Movie_0074.mpeg.pif Infection: W32/Sobig.A@mm Jun 4 11:21:10 vmx01 MailScanner[27724]: Virus Scanning: F-Prot found virus W32/Sobig.A@mm Jun 4 11:21:11 vmx01 MailScanner[27724]: /var/spool/MailScanner/incoming/27724/h549L6gv027985/test.zip->picacu.exe Infection: W32/Klez.H@mm Jun 4 11:21:11 vmx01 MailScanner[27724]: Virus Scanning: F-Prot found virus W32/Klez.H@mm Jun 4 11:21:11 vmx01 MailScanner[27724]: /var/spool/MailScanner/incoming/27724/h549L6gv027985/test.zip->xx.scr Infection: W32/Ganda.A@mm Jun 4 11:21:11 vmx01 MailScanner[27724]: Virus Scanning: F-Prot found virus W32/Ganda.A@mm Jun 4 11:21:11 vmx01 MailScanner[27724]: Virus Scanning: F-Prot found 5 infections Jun 4 11:21:11 vmx01 MailScanner[27724]: Autodetected 2 CPUs. Starting 2 threads. Jun 4 11:21:11 vmx01 MailScanner[27724]: /var/spool/MailScanner/incoming/27724/./h549L6gv027985/test.zip: Worm/Klez.H FOUND Jun 4 11:21:11 vmx01 MailScanner[27724]: Virus Scanning: ClamAV found 1 infections Jun 4 11:21:11 vmx01 MailScanner[27724]: Virus Scanning: Found 1 viruses Jun 4 11:21:11 vmx01 MailScanner[27724]: Saved infected "test.zip" to /var/spool/MailScanner/quarantine/20030604/h549L6gv027985 I have to test with a tmpfs install also, since this is scanning on plain disk, but i dont think any problems will arive there since its the same engine. Bye, Raymond. From mailscanner at ecs.soton.ac.uk Wed Jun 4 10:56:53 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:22 2006 Subject: Huge delay delivering mail In-Reply-To: <200306032310.h53NAES31233@ori.rl.ac.uk> Message-ID: <5.2.1.1.2.20030604105618.026d1c30@imap.ecs.soton.ac.uk> What are the settings from the top of your MailScanner.conf (pretty much up to and including the Sendmail2 setting). At 00:10 04/06/2003, you wrote: >Hi again, > >For what I've seen I suspect it's sendmail2 that isn't being called... Does >this make sense? > >The mail usually takes up to 10 minutes and more to be delivered (this is the >largest delay I've registered). I suppose it's when sendmail queue is flushed, >like you said... > >Any tips on what might be wrong? > >thank you >Figueira > > > > At 13:00 03/06/2003, you wrote: > > >Hello, > > > > > >I've installed mailscanner some time ago, (and I am quite happy with it ;) > > >). The problem is that it takes too long between receiving the mail > message > > >and delivering it to the recipient. > > > > > >At first I thought it could be the batch mode. I configured it to scan all > > >the messages at the moment they arrive. It still takes a lot of time to > > >deliver... > > > > > >any tips or ideas? > > > > Check the "Sendmail" and "Sendmail2" settings. Particularly if you aren't > > using sendmail as your MTA. If these are wrong, it can end up waiting > until > > the next queue run happens before delivering your messages. > > > > On a lightly loaded system, the latency through MailScanner should be 1 or > > 2 seconds. Anything much longer than that is wrong. > > -- > > Julian Field > > www.MailScanner.info > > MailScanner thanks transtec Computers for their support > > >-- >Adira j? ao Net Dialup Light. Acesso profissional gratuito. >NovisNet, a Internet de quem trabalha. http://www.novisnet.pt -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Wed Jun 4 10:50:19 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:22 2006 Subject: NDR delivery In-Reply-To: <1054677478.2373.49.camel@nomad.userfriendly.net> References: <5.2.0.9.2.20030603144859.0786afa0@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030603144859.0786afa0@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030604104802.027e46a8@imap.ecs.soton.ac.uk> At 22:58 03/06/2003, you wrote: >I am still unsure what the syntax of the deliver rules will look like. I >can set the Spam and Nonspam Action rulesets up to delet eby default, >butt where do the delivery rules go, and what format would they take? You could set all 3 of the "Actions" settings to the same rules file to start with. Make it look like this: FromOrTo: default delete FromOrTo: user1 deliver FromOrTo: user2 deliver Then it will delete all mail for anyone other than user1 and user2. >Thanks >Michael Weinre >-- >On Tue, 2003-06-03 at 10:00, Julian Field wrote: > > This is the job of the MTA, not MailScanner. > > If there aren't many users, you could knock up something with a Spam > > Actions ruleset and a Non Spam Actions ruleset (set the default to "delete" > > and create explicit "deliver" rules for the users who actually exist). > -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From Cleveland at MAIL.WINNEFOX.ORG Wed Jun 4 13:57:39 2003 From: Cleveland at MAIL.WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:18:22 2006 Subject: Upgraded SpamAssassin, now it's not working with MS Message-ID: <84CFA712F666B44A94CE6BE116BAF4B0B4E958@mail.winnefox.org> Hello, > Please deinstall the RPM (rpm -e 's) and install via > CPAN. There was a posting about this earlier this week about it. > > perl -MCPAN -e shell > > CPAN> install Mail::SpamAssassin Ok, I did that. It removed fine, and seemed to install fine. My question now is, how do I start it since it's no longer a service? I did a search for spamd and it found it in /var/lock. Also, how do I get it to start automatically? Will MailScanner take care of that? Jody From raymond at PROLOCATION.NET Wed Jun 4 14:00:07 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:22 2006 Subject: Upgraded SpamAssassin, now it's not working with MS In-Reply-To: <84CFA712F666B44A94CE6BE116BAF4B0B4E958@mail.winnefox.org> Message-ID: Hi! > > CPAN> install Mail::SpamAssassin > > Ok, I did that. It removed fine, and seemed to install fine. My question > now is, how do I start it since it's no longer a service? I did a search > for spamd and it found it in /var/lock. Also, how do I get it to start > automatically? Will MailScanner take care of that? You do exactly NOTHING :) Disable the deamons that were running (spamd ect ect). MS will pic it up automaticly once configured. Bye, Raymond. From Cleveland at MAIL.WINNEFOX.ORG Wed Jun 4 14:14:45 2003 From: Cleveland at MAIL.WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:18:22 2006 Subject: Upgraded SpamAssassin, now it's not working with MS Message-ID: <84CFA712F666B44A94CE6BE116BAF4B0B4E959@mail.winnefox.org> > You do exactly NOTHING :) Disable the deamons that were > running (spamd ect ect). MS will pic it up automaticly once > configured. Cool. Ok, I've got SpamAssassin upgraded, I downloaded MailScanner 4.21-9, ran install.sh and then ran the upgrade_MailScanner_conf file in etc/MailScanner. Is there anything else I need to do before running service MailScanner start? Thank you all for your patience and help. Jody From rgrignon at INPHACT.COM Wed Jun 4 14:38:01 2003 From: rgrignon at INPHACT.COM (rgrignon@INPHACT.COM) Date: Thu Jan 12 21:18:22 2006 Subject: Attachment feature in MailScanner 4.21-9 Message-ID: Where was the option to turn that on. I was reading about it but didn't notice the change in the config file. Thanks, Rob -----Original Message----- From: Stephen Swaney [mailto:Steve@SWANEY.COM] Sent: Tuesday, June 03, 2003 9:54 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Attachment feature in MailScanner 4.21-9 If you haven't tried the attachment feature in the latest version of MailScanner - DO! Our users love it. No more nasty images or offensive messages. It's nice to get some kudos from the users for a change. It's believe it's worth an upgrade just for this feature. My upgrades to RH 7 and RH 8 and RH 9 systems were absolutely painless. This doesn't mean you shouldn't test first, just that the updates on my systems went well. Steve Stephen Swaney President Fortress Systems, Ltd. Steve.Swaney@fsl.com Phone: 202 352-3262 U.S. Toll Free Phone and Fax: 877 746-6636 -- This message has been scanned and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030604/8373bb53/attachment.html From rgrignon at INPHACT.COM Wed Jun 4 14:40:12 2003 From: rgrignon at INPHACT.COM (rgrignon@INPHACT.COM) Date: Thu Jan 12 21:18:22 2006 Subject: MailScanner delivering blocked attachments? Message-ID: This happened to me as well. It was the "microsoft" virus. The .exe went into the quarantine but was also delivered to the client. I have upgraded since.... Rob -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: Monday, June 02, 2003 4:06 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MailScanner delivering blocked attachments? Has anyone else seen this happening? At 21:59 02/06/2003, you wrote: >We've got two email gateways, both running MailScanner 4.20-3. This >afternoon we had a strange occurrence: an .exe (banned attachment) was >tagged by the outside gateway as banned, yet still delivered to the inside >gateway with the attachment intact. (See log snippets.) THEN, as this user >is apparently nonexistent, the bounce message, with attachment intact, >passed back through the internal gateway! This time, however, the attachment >was stripped. > >Any idea why this might have happened? Never seen this before; all other >EXEs and other banned filetypes have been dropped with no problem. > >External gateway ("1.1.1.2"): > >Jun 2 15:58:30 external-smtp sendmail[29916]: h52JwT829916: >from=, size=10272, class=0, nrcpts=1, >msgid=<4F043329520A7A4D997C792418D9E552010991CC@osgood.yyy.com>, proto=SMTP, >daemon=MTA, relay=mail.yyy.com [000.000.000.000] >Jun 2 15:58:30 external-smtp sendmail[29916]: h52JwT829916: >to=, delay=00:00:01, mailer=esmtp, pri=40272, stat=queued >Jun 2 15:58:33 external-smtp MailScanner[18247]: Saved entire message to >/var/spool/MailScanner/quarantine/20030602/h52JwT829916 >Jun 2 15:58:33 external-smtp MailScanner[18247]: Saved infected >"REPAIR.EXE" to /var/spool/MailScanner/quarantine/20030602/h52JwT829916 >Jun 2 15:59:33 external-smtp sendmail[29990]: h52JwT829916: >to=, delay=00:01:04, xdelay=00:00:00, mailer=esmtp, pri=130272, >relay=[1.1.1.1] [1.1.1.1], dsn=2.0.0, stat=Sent (h52JxX5j021222 Message >accepted for delivery) > >Internal gateway ("1.1.1.1"): > >Jun 2 15:59:33 smtp sendmail[21222]: h52JxX5j021222: from=, >size=1977, class=0, nrcpts=1, >msgid=<4F043329520A7A4D997C792418D9E552010991CC@osgood.yyy.com>, >proto=ESMTP, daemon=MTA, relay=external-smtp.cocci.com [1.1.1.2] >Jun 2 15:59:33 smtp sendmail[21222]: h52JxX5j021222: to=, >delay=00:00:00, mailer=esmtp, pri=31029, stat=queued >Jun 2 15:59:35 smtp MailScanner[21082]: Saved entire message to >/var/spool/MailScanner/quarantine/20030602/h52JxX5j021222 >Jun 2 15:59:35 smtp MailScanner[21082]: Saved infected "REPAIR.EXE" to >/var/spool/MailScanner/quarantine/20030602/h52JxX5j021222 >Jun 2 16:00:52 smtp sendmail[21488]: h52JxX5j021222: to=, >delay=00:01:19, xdelay=00:00:00, mailer=esmtp, pri=121029, relay=[2.2.2.2] >[2.2.2.2], dsn=2.0.0, stat=Sent (Ok) > >Then, on the internal: > >Jun 2 16:00:53 smtp sendmail[21520]: h52K0r5f021520: from=<>, size=2793, >class=0, nrcpts=1, msgid=, proto=SMTP, >daemon=MTA, relay=[2.2.2.2] >Jun 2 16:00:53 smtp sendmail[21520]: h52K0r5f021520: to=, >delay=00:00:00, mailer=relay, pri=30430, stat=queued >Jun 2 16:00:54 smtp MailScanner[20490]: Saved entire message to >/var/spool/MailScanner/quarantine/20030602/h52K0r5f021520 >Jun 2 16:00:54 smtp MailScanner[20490]: Saved infected "REPAIR.EXE" to >/var/spool/MailScanner/quarantine/20030602/h52K0r5f021520 >Jun 2 16:01:38 smtp sendmail[21721]: h52K0r5f021520: to=, >delay=00:00:45, xdelay=00:00:00, mailer=relay, pri=120430, relay=[1.1.1.2] >[1.1.1.2], dsn=2.0.0, stat=Sent (h52K1c830645 Message accepted for delivery) > >Andrew Magnusson >Internet Product Analyst >COCC >1-877-678-0444 extension 640 > > > >*** This message originates from COCC, Inc. > >If the reader of this message, regardless of the address or routing, is >not an intended recipient, you are hereby notified that you have received >this transmittal in error and any review; use, distribution, dissemination >or copying is strictly prohibited. If you have received this message in >error, please delete this e-mail and all files transmitted with it from >your system and immediately notify COCC, Inc. by sending reply e-mail to >the sender of this message. > >Thank you. *** -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support -- This message has been scanned and is believed to be clean. From Steve at swaney.com Wed Jun 4 14:52:26 2003 From: Steve at swaney.com (Stephen Swaney) Date: Thu Jan 12 21:18:23 2006 Subject: Attachment feature in MailScanner 4.21-9 In-Reply-To: References: Message-ID: <1054734746.10031.174.camel@speedy> It's in MailScanner.conf _______________________________________________ # This is a list of actions to take when a message is spam. # It can be any combination of the following: # deliver - deliver the message as normal # delete - delete the message # store - store the message in the quarantine # bounce - send a rejection message back to the sender # forward user@domain.com - forward a copy of the message to user@domain.com # striphtml - convert all in-line HTML content to plain text. # You need to specify "deliver" as well for the # message to reach the original recipient. # attachment - Convert the original message into an attachment # of the message. This means the user has to take # an extra step to open the spam, and stops "web # bugs" very effectively. # # Note that the bounce message is created in such a way as to stop it # bouncing back to your site. # # This can also be the filename of a ruleset. #Spam Actions = store forward anonymous@ecs.soton.ac.uk bounce Spam Actions = attachment deliver _______________________________________________ Just configure the Spam Actions as shown above Works like a charm. Steve On Wed, 2003-06-04 at 09:38, rgrignon@INPHACT.COM wrote: > Where was the option to turn that on. I was reading about it but > didn't notice the change in the config file. > > Thanks, > Rob > > -----Original Message----- > From: Stephen Swaney [mailto:Steve@SWANEY.COM] > Sent: Tuesday, June 03, 2003 9:54 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Attachment feature in MailScanner 4.21-9 > > > If you haven't tried the attachment feature in the latest > version of MailScanner - DO! > > Our users love it. No more nasty images or offensive messages. > It's nice to get some kudos from the users for a change. > > It's believe it's worth an upgrade just for this feature. My > upgrades to RH 7 and RH 8 and RH 9 systems were absolutely > painless. This doesn't mean you shouldn't test first, just > that the updates on my systems went well. > > Steve > Stephen Swaney > President > Fortress Systems, Ltd. > Steve.Swaney@fsl.com > Phone: 202 352-3262 > U.S. Toll Free Phone and Fax: 877 746-6636 > -- > This message has been scanned and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030604/14d91326/attachment.html From mailscanner at ecs.soton.ac.uk Wed Jun 4 15:02:05 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:23 2006 Subject: Upgraded SpamAssassin, now it's not working with MS In-Reply-To: <84CFA712F666B44A94CE6BE116BAF4B0B4E959@mail.winnefox.org> Message-ID: <5.2.0.9.2.20030604150131.04ee5e78@imap.ecs.soton.ac.uk> At 14:14 04/06/2003, you wrote: > > You do exactly NOTHING :) Disable the deamons that were > > running (spamd ect ect). MS will pic it up automaticly once > > configured. > >Cool. Ok, I've got SpamAssassin upgraded, I downloaded MailScanner >4.21-9, ran install.sh and then ran the upgrade_MailScanner_conf file in >etc/MailScanner. > >Is there anything else I need to do before running service MailScanner >start? Just in case the cron job misbehaved (it shouldn't now), do a "service MailScanner stop" first. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Wed Jun 4 15:04:10 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:23 2006 Subject: MailScanner delivering blocked attachments? In-Reply-To: Message-ID: <5.2.0.9.2.20030604150322.043b8e78@imap.ecs.soton.ac.uk> Check that you have all 4 security patches applied to your MIME-tools installation. It's one of these that fixed this problem (a very long time ago). You may have all the patches on 1 scanner and not on the other one. At 14:40 04/06/2003, you wrote: >This happened to me as well. It was the "microsoft" virus. The .exe went >into the quarantine but was also delivered to the client. > >I have upgraded since.... > >Rob > >-----Original Message----- >From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] >Sent: Monday, June 02, 2003 4:06 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: MailScanner delivering blocked attachments? > > >Has anyone else seen this happening? > >At 21:59 02/06/2003, you wrote: > >We've got two email gateways, both running MailScanner 4.20-3. This > >afternoon we had a strange occurrence: an .exe (banned attachment) was > >tagged by the outside gateway as banned, yet still delivered to the inside > >gateway with the attachment intact. (See log snippets.) THEN, as this user > >is apparently nonexistent, the bounce message, with attachment intact, > >passed back through the internal gateway! This time, however, the >attachment > >was stripped. > > > >Any idea why this might have happened? Never seen this before; all other > >EXEs and other banned filetypes have been dropped with no problem. > > > >External gateway ("1.1.1.2"): > > > >Jun 2 15:58:30 external-smtp sendmail[29916]: h52JwT829916: > >from=, size=10272, class=0, nrcpts=1, > >msgid=<4F043329520A7A4D997C792418D9E552010991CC@osgood.yyy.com>, >proto=SMTP, > >daemon=MTA, relay=mail.yyy.com [000.000.000.000] > >Jun 2 15:58:30 external-smtp sendmail[29916]: h52JwT829916: > >to=, delay=00:00:01, mailer=esmtp, pri=40272, stat=queued > >Jun 2 15:58:33 external-smtp MailScanner[18247]: Saved entire message to > >/var/spool/MailScanner/quarantine/20030602/h52JwT829916 > >Jun 2 15:58:33 external-smtp MailScanner[18247]: Saved infected > >"REPAIR.EXE" to /var/spool/MailScanner/quarantine/20030602/h52JwT829916 > >Jun 2 15:59:33 external-smtp sendmail[29990]: h52JwT829916: > >to=, delay=00:01:04, xdelay=00:00:00, mailer=esmtp, >pri=130272, > >relay=[1.1.1.1] [1.1.1.1], dsn=2.0.0, stat=Sent (h52JxX5j021222 Message > >accepted for delivery) > > > >Internal gateway ("1.1.1.1"): > > > >Jun 2 15:59:33 smtp sendmail[21222]: h52JxX5j021222: from=, > >size=1977, class=0, nrcpts=1, > >msgid=<4F043329520A7A4D997C792418D9E552010991CC@osgood.yyy.com>, > >proto=ESMTP, daemon=MTA, relay=external-smtp.cocci.com [1.1.1.2] > >Jun 2 15:59:33 smtp sendmail[21222]: h52JxX5j021222: to=, > >delay=00:00:00, mailer=esmtp, pri=31029, stat=queued > >Jun 2 15:59:35 smtp MailScanner[21082]: Saved entire message to > >/var/spool/MailScanner/quarantine/20030602/h52JxX5j021222 > >Jun 2 15:59:35 smtp MailScanner[21082]: Saved infected "REPAIR.EXE" to > >/var/spool/MailScanner/quarantine/20030602/h52JxX5j021222 > >Jun 2 16:00:52 smtp sendmail[21488]: h52JxX5j021222: to=, > >delay=00:01:19, xdelay=00:00:00, mailer=esmtp, pri=121029, relay=[2.2.2.2] > >[2.2.2.2], dsn=2.0.0, stat=Sent (Ok) > > > >Then, on the internal: > > > >Jun 2 16:00:53 smtp sendmail[21520]: h52K0r5f021520: from=<>, size=2793, > >class=0, nrcpts=1, msgid=, proto=SMTP, > >daemon=MTA, relay=[2.2.2.2] > >Jun 2 16:00:53 smtp sendmail[21520]: h52K0r5f021520: to=, > >delay=00:00:00, mailer=relay, pri=30430, stat=queued > >Jun 2 16:00:54 smtp MailScanner[20490]: Saved entire message to > >/var/spool/MailScanner/quarantine/20030602/h52K0r5f021520 > >Jun 2 16:00:54 smtp MailScanner[20490]: Saved infected "REPAIR.EXE" to > >/var/spool/MailScanner/quarantine/20030602/h52K0r5f021520 > >Jun 2 16:01:38 smtp sendmail[21721]: h52K0r5f021520: to=, > >delay=00:00:45, xdelay=00:00:00, mailer=relay, pri=120430, relay=[1.1.1.2] > >[1.1.1.2], dsn=2.0.0, stat=Sent (h52K1c830645 Message accepted for >delivery) > > > >Andrew Magnusson > >Internet Product Analyst > >COCC > >1-877-678-0444 extension 640 > > > > > > > >*** This message originates from COCC, Inc. > > > >If the reader of this message, regardless of the address or routing, is > >not an intended recipient, you are hereby notified that you have received > >this transmittal in error and any review; use, distribution, dissemination > >or copying is strictly prohibited. If you have received this message in > >error, please delete this e-mail and all files transmitted with it from > >your system and immediately notify COCC, Inc. by sending reply e-mail to > >the sender of this message. > > > >Thank you. *** > >-- >Julian Field >www.MailScanner.info >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support > >-- >This message has been scanned and is believed to be clean. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From Cleveland at MAIL.WINNEFOX.ORG Wed Jun 4 15:14:41 2003 From: Cleveland at MAIL.WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:18:23 2006 Subject: Upgraded SpamAssassin, now it's not working with MS Message-ID: <84CFA712F666B44A94CE6BE116BAF4B0B4E95C@mail.winnefox.org> > Just in case the cron job misbehaved (it shouldn't now), do a > "service MailScanner stop" first. Ahhh... Everything seems to be working fine. I noticed that the email headers show the version number of SA. Is there a way to have it show the MS version also? Jody From rgrignon at INPHACT.COM Wed Jun 4 15:24:43 2003 From: rgrignon at INPHACT.COM (rgrignon@INPHACT.COM) Date: Thu Jan 12 21:18:23 2006 Subject: MailScanner delivering blocked attachments? Message-ID: Would this be accomplished by making sure I have the most current MIME::Tools package? Thanks, Rob -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: Wednesday, June 04, 2003 9:04 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MailScanner delivering blocked attachments? Check that you have all 4 security patches applied to your MIME-tools installation. It's one of these that fixed this problem (a very long time ago). You may have all the patches on 1 scanner and not on the other one. At 14:40 04/06/2003, you wrote: >This happened to me as well. It was the "microsoft" virus. The .exe went >into the quarantine but was also delivered to the client. > >I have upgraded since.... > >Rob > >-----Original Message----- >From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] >Sent: Monday, June 02, 2003 4:06 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: MailScanner delivering blocked attachments? > > >Has anyone else seen this happening? > >At 21:59 02/06/2003, you wrote: > >We've got two email gateways, both running MailScanner 4.20-3. This > >afternoon we had a strange occurrence: an .exe (banned attachment) was > >tagged by the outside gateway as banned, yet still delivered to the inside > >gateway with the attachment intact. (See log snippets.) THEN, as this user > >is apparently nonexistent, the bounce message, with attachment intact, > >passed back through the internal gateway! This time, however, the >attachment > >was stripped. > > > >Any idea why this might have happened? Never seen this before; all other > >EXEs and other banned filetypes have been dropped with no problem. > > > >External gateway ("1.1.1.2"): > > > >Jun 2 15:58:30 external-smtp sendmail[29916]: h52JwT829916: > >from=, size=10272, class=0, nrcpts=1, > >msgid=<4F043329520A7A4D997C792418D9E552010991CC@osgood.yyy.com>, >proto=SMTP, > >daemon=MTA, relay=mail.yyy.com [000.000.000.000] > >Jun 2 15:58:30 external-smtp sendmail[29916]: h52JwT829916: > >to=, delay=00:00:01, mailer=esmtp, pri=40272, stat=queued > >Jun 2 15:58:33 external-smtp MailScanner[18247]: Saved entire message to > >/var/spool/MailScanner/quarantine/20030602/h52JwT829916 > >Jun 2 15:58:33 external-smtp MailScanner[18247]: Saved infected > >"REPAIR.EXE" to /var/spool/MailScanner/quarantine/20030602/h52JwT829916 > >Jun 2 15:59:33 external-smtp sendmail[29990]: h52JwT829916: > >to=, delay=00:01:04, xdelay=00:00:00, mailer=esmtp, >pri=130272, > >relay=[1.1.1.1] [1.1.1.1], dsn=2.0.0, stat=Sent (h52JxX5j021222 Message > >accepted for delivery) > > > >Internal gateway ("1.1.1.1"): > > > >Jun 2 15:59:33 smtp sendmail[21222]: h52JxX5j021222: from=, > >size=1977, class=0, nrcpts=1, > >msgid=<4F043329520A7A4D997C792418D9E552010991CC@osgood.yyy.com>, > >proto=ESMTP, daemon=MTA, relay=external-smtp.cocci.com [1.1.1.2] > >Jun 2 15:59:33 smtp sendmail[21222]: h52JxX5j021222: to=, > >delay=00:00:00, mailer=esmtp, pri=31029, stat=queued > >Jun 2 15:59:35 smtp MailScanner[21082]: Saved entire message to > >/var/spool/MailScanner/quarantine/20030602/h52JxX5j021222 > >Jun 2 15:59:35 smtp MailScanner[21082]: Saved infected "REPAIR.EXE" to > >/var/spool/MailScanner/quarantine/20030602/h52JxX5j021222 > >Jun 2 16:00:52 smtp sendmail[21488]: h52JxX5j021222: to=, > >delay=00:01:19, xdelay=00:00:00, mailer=esmtp, pri=121029, relay=[2.2.2.2] > >[2.2.2.2], dsn=2.0.0, stat=Sent (Ok) > > > >Then, on the internal: > > > >Jun 2 16:00:53 smtp sendmail[21520]: h52K0r5f021520: from=<>, size=2793, > >class=0, nrcpts=1, msgid=, proto=SMTP, > >daemon=MTA, relay=[2.2.2.2] > >Jun 2 16:00:53 smtp sendmail[21520]: h52K0r5f021520: to=, > >delay=00:00:00, mailer=relay, pri=30430, stat=queued > >Jun 2 16:00:54 smtp MailScanner[20490]: Saved entire message to > >/var/spool/MailScanner/quarantine/20030602/h52K0r5f021520 > >Jun 2 16:00:54 smtp MailScanner[20490]: Saved infected "REPAIR.EXE" to > >/var/spool/MailScanner/quarantine/20030602/h52K0r5f021520 > >Jun 2 16:01:38 smtp sendmail[21721]: h52K0r5f021520: to=, > >delay=00:00:45, xdelay=00:00:00, mailer=relay, pri=120430, relay=[1.1.1.2] > >[1.1.1.2], dsn=2.0.0, stat=Sent (h52K1c830645 Message accepted for >delivery) > > > >Andrew Magnusson > >Internet Product Analyst > >COCC > >1-877-678-0444 extension 640 > > > > > > > >*** This message originates from COCC, Inc. > > > >If the reader of this message, regardless of the address or routing, is > >not an intended recipient, you are hereby notified that you have received > >this transmittal in error and any review; use, distribution, dissemination > >or copying is strictly prohibited. If you have received this message in > >error, please delete this e-mail and all files transmitted with it from > >your system and immediately notify COCC, Inc. by sending reply e-mail to > >the sender of this message. > > > >Thank you. *** > >-- >Julian Field >www.MailScanner.info >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support > >-- >This message has been scanned and is believed to be clean. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support -- This message has been scanned and is believed to be clean. From dot at DOTAT.AT Wed Jun 4 16:00:32 2003 From: dot at DOTAT.AT (Tony Finch) Date: Thu Jan 12 21:18:23 2006 Subject: MailScanner talk Message-ID: The readers of this list might be interested in a talk that I gave to many of Cambridge University's computer support staff about our MailScanner setup. Apart from the Cambridge-specific information, there's a fair amount about our local policy and how it was formulated. http://www-uxsup.csx.cam.ac.uk/~fanf2/hermes/doc/talks/2003-05-techlinks/ Tony. -- f.a.n.finch http://dotat.at/ FITZROY: WESTERLY BACKING SOUTHERLY 5 OR 6, BUT 3 OR 4 IN SOUTH. RAIN OR SHOWERS. MODERATE OR GOOD. From raymond at PROLOCATION.NET Wed Jun 4 16:15:57 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:23 2006 Subject: MailScanner talk In-Reply-To: Message-ID: Hi! > The readers of this list might be interested in a talk that I gave > to many of Cambridge University's computer support staff about our > MailScanner setup. Apart from the Cambridge-specific information, > there's a fair amount about our local policy and how it was > formulated. > > http://www-uxsup.csx.cam.ac.uk/~fanf2/hermes/doc/talks/2003-05-techlinks/ Funny pics. :) Bye, Raymond. From mailscanner at ecs.soton.ac.uk Wed Jun 4 15:25:21 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:23 2006 Subject: Upgraded SpamAssassin, now it's not working with MS In-Reply-To: <84CFA712F666B44A94CE6BE116BAF4B0B4E95C@mail.winnefox.org> Message-ID: <5.2.0.9.2.20030604152434.042b4848@imap.ecs.soton.ac.uk> At 15:14 04/06/2003, you wrote: > > Just in case the cron job misbehaved (it shouldn't now), do a > > "service MailScanner stop" first. > >Ahhh... Everything seems to be working fine. I noticed that the email >headers show the version number of SA. Not the MailScanner SA headers. Someone somewhere is running SpamAssassin on your mail by some other method. > Is there a way to have it show >the MS version also? No, I don't like giving information away like that. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From vnarayan at HAVERFORD.EDU Wed Jun 4 16:22:50 2003 From: vnarayan at HAVERFORD.EDU (Vasantha Narayanan) Date: Thu Jan 12 21:18:23 2006 Subject: SpamAssassin timed out and was killed... box too slow? In-Reply-To: <00b001c32a20$b8481e40$6701a8c0@home.middlefinger.net> References: <001BD19C96E6E64E8750D72C2EA0ECEE1AE090@ati-ex-01.ati.local> Message-ID: <5.1.0.14.0.20030604111233.0286edf8@popmail.haverford.edu> We've a SunBlade 100 (500 Mhz) with 500 Mem running Solaris 2.8. The machine does nothing other than MailScanning. It is not even a MailServer. The MailScanner itself works perfectly. It is only when I turn on SpamAssassin that the load on the machine gets really high. A lot of mail gets accumulated in the incoming queue waiting to be scanned. I'm running 15 mailscanner processes and it forks and gets doubled whenever I turn on SpamAssassin. Pretty soon the following error shows up in the log: Jun 3 15:57:07 nisc4 MailScanner[5766]: SpamAssassin timed out and was killed, consecutive failure 1 of 20 Jun 3 15:57:41 nisc4 MailScanner[5758]: SpamAssassin timed out and was killed, consecutive failure 1 of 20 Jun 3 15:58:14 nisc4 MailScanner[5750]: SpamAssassin timed out and was killed, consecutive failure 1 of 20 Jun 3 16:00:08 nisc4 MailScanner[5774]: SpamAssassin timed out and was killed, consecutive failure 1 of 20 Have others seen this problem? How have you fixed the problem? We've MailScanner-4.20-3 with SpamAssassin-2.50. The SpamAssassin Timeout is set to 40 and Scanner timeout is set to 10 (that is the default in that version of MailScanner) I'd really appreciate some suggestions. Thanks. Vasantha At 05:37 PM 6/3/2003 -0500, you wrote: >What kind of horsepower does your box have? OS? > >Mike > > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of Chris W. Parker >Sent: Tuesday, June 03, 2003 5:28 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: SpamAssassin timed out and was killed... box too slow? > > >Vasantha Narayanan wrote: > > > Did you find a solution yet? > >No I did not. > > > I'm having the same problem. > >I feel your pain. :( > > > >Chris. VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV Vasantha Narayanan Networking and Systems email: vnarayan@haverford.edu Haverford College, PA Phone: 610-896-1110 From mailscanner at ecs.soton.ac.uk Wed Jun 4 16:20:25 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:23 2006 Subject: MailScanner delivering blocked attachments? In-Reply-To: Message-ID: <5.2.0.9.2.20030604161840.047a91c8@imap.ecs.soton.ac.uk> No. You don't want the most recent MIME-tools packages, they are buggy as hell. You want to stick with 5.411 but check to make sure your system has the 4 security patches applied. What version of what OS are you running? If you used the RPM distribution of MailScanner then all these patches should have been applied automatically. If you are running a non-RPM system then you will have installed MIME-tools by hand and should have applied the patches yourself, as described in the MailScanner documentation. At 15:24 04/06/2003, you wrote: >Would this be accomplished by making sure I have the most current >MIME::Tools package? > >Thanks, > >Rob > >-----Original Message----- >From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] >Sent: Wednesday, June 04, 2003 9:04 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: MailScanner delivering blocked attachments? > > >Check that you have all 4 security patches applied to your MIME-tools >installation. It's one of these that fixed this problem (a very long time >ago). You may have all the patches on 1 scanner and not on the other one. > >At 14:40 04/06/2003, you wrote: > >This happened to me as well. It was the "microsoft" virus. The .exe went > >into the quarantine but was also delivered to the client. > > > >I have upgraded since.... > > > >Rob > > > >-----Original Message----- > >From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > >Sent: Monday, June 02, 2003 4:06 PM > >To: MAILSCANNER@JISCMAIL.AC.UK > >Subject: Re: MailScanner delivering blocked attachments? > > > > > >Has anyone else seen this happening? > > > >At 21:59 02/06/2003, you wrote: > > >We've got two email gateways, both running MailScanner 4.20-3. This > > >afternoon we had a strange occurrence: an .exe (banned attachment) was > > >tagged by the outside gateway as banned, yet still delivered to the >inside > > >gateway with the attachment intact. (See log snippets.) THEN, as this >user > > >is apparently nonexistent, the bounce message, with attachment intact, > > >passed back through the internal gateway! This time, however, the > >attachment > > >was stripped. > > > > > >Any idea why this might have happened? Never seen this before; all other > > >EXEs and other banned filetypes have been dropped with no problem. > > > > > >External gateway ("1.1.1.2"): > > > > > >Jun 2 15:58:30 external-smtp sendmail[29916]: h52JwT829916: > > >from=, size=10272, class=0, nrcpts=1, > > >msgid=<4F043329520A7A4D997C792418D9E552010991CC@osgood.yyy.com>, > >proto=SMTP, > > >daemon=MTA, relay=mail.yyy.com [000.000.000.000] > > >Jun 2 15:58:30 external-smtp sendmail[29916]: h52JwT829916: > > >to=, delay=00:00:01, mailer=esmtp, pri=40272, stat=queued > > >Jun 2 15:58:33 external-smtp MailScanner[18247]: Saved entire message to > > >/var/spool/MailScanner/quarantine/20030602/h52JwT829916 > > >Jun 2 15:58:33 external-smtp MailScanner[18247]: Saved infected > > >"REPAIR.EXE" to /var/spool/MailScanner/quarantine/20030602/h52JwT829916 > > >Jun 2 15:59:33 external-smtp sendmail[29990]: h52JwT829916: > > >to=, delay=00:01:04, xdelay=00:00:00, mailer=esmtp, > >pri=130272, > > >relay=[1.1.1.1] [1.1.1.1], dsn=2.0.0, stat=Sent (h52JxX5j021222 Message > > >accepted for delivery) > > > > > >Internal gateway ("1.1.1.1"): > > > > > >Jun 2 15:59:33 smtp sendmail[21222]: h52JxX5j021222: from=, > > >size=1977, class=0, nrcpts=1, > > >msgid=<4F043329520A7A4D997C792418D9E552010991CC@osgood.yyy.com>, > > >proto=ESMTP, daemon=MTA, relay=external-smtp.cocci.com [1.1.1.2] > > >Jun 2 15:59:33 smtp sendmail[21222]: h52JxX5j021222: to=, > > >delay=00:00:00, mailer=esmtp, pri=31029, stat=queued > > >Jun 2 15:59:35 smtp MailScanner[21082]: Saved entire message to > > >/var/spool/MailScanner/quarantine/20030602/h52JxX5j021222 > > >Jun 2 15:59:35 smtp MailScanner[21082]: Saved infected "REPAIR.EXE" to > > >/var/spool/MailScanner/quarantine/20030602/h52JxX5j021222 > > >Jun 2 16:00:52 smtp sendmail[21488]: h52JxX5j021222: to=, > > >delay=00:01:19, xdelay=00:00:00, mailer=esmtp, pri=121029, >relay=[2.2.2.2] > > >[2.2.2.2], dsn=2.0.0, stat=Sent (Ok) > > > > > >Then, on the internal: > > > > > >Jun 2 16:00:53 smtp sendmail[21520]: h52K0r5f021520: from=<>, size=2793, > > >class=0, nrcpts=1, msgid=, proto=SMTP, > > >daemon=MTA, relay=[2.2.2.2] > > >Jun 2 16:00:53 smtp sendmail[21520]: h52K0r5f021520: to=, > > >delay=00:00:00, mailer=relay, pri=30430, stat=queued > > >Jun 2 16:00:54 smtp MailScanner[20490]: Saved entire message to > > >/var/spool/MailScanner/quarantine/20030602/h52K0r5f021520 > > >Jun 2 16:00:54 smtp MailScanner[20490]: Saved infected "REPAIR.EXE" to > > >/var/spool/MailScanner/quarantine/20030602/h52K0r5f021520 > > >Jun 2 16:01:38 smtp sendmail[21721]: h52K0r5f021520: to=, > > >delay=00:00:45, xdelay=00:00:00, mailer=relay, pri=120430, >relay=[1.1.1.2] > > >[1.1.1.2], dsn=2.0.0, stat=Sent (h52K1c830645 Message accepted for > >delivery) > > > > > >Andrew Magnusson > > >Internet Product Analyst > > >COCC > > >1-877-678-0444 extension 640 > > > > > > > > > > > >*** This message originates from COCC, Inc. > > > > > >If the reader of this message, regardless of the address or routing, is > > >not an intended recipient, you are hereby notified that you have received > > >this transmittal in error and any review; use, distribution, >dissemination > > >or copying is strictly prohibited. If you have received this message in > > >error, please delete this e-mail and all files transmitted with it from > > >your system and immediately notify COCC, Inc. by sending reply e-mail to > > >the sender of this message. > > > > > >Thank you. *** > > > >-- > >Julian Field > >www.MailScanner.info > >Professional Support Services at www.MailScanner.biz > >MailScanner thanks transtec Computers for their support > > > >-- > >This message has been scanned and is believed to be clean. > >-- >Julian Field >www.MailScanner.info >MailScanner thanks transtec Computers for their support > >-- >This message has been scanned and is believed to be clean. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Wed Jun 4 16:21:38 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:23 2006 Subject: MailScanner talk In-Reply-To: References: Message-ID: <5.2.0.9.2.20030604162039.041e2710@imap.ecs.soton.ac.uk> At 16:15 04/06/2003, you wrote: >Hi! > > > The readers of this list might be interested in a talk that I gave > > to many of Cambridge University's computer support staff about our > > MailScanner setup. Apart from the Cambridge-specific information, > > there's a fair amount about our local policy and how it was > > formulated. > > > > http://www-uxsup.csx.cam.ac.uk/~fanf2/hermes/doc/talks/2003-05-techlinks/ > >Funny pics. :) While we're on the subject of "talks", I have put tomorrow's presentation for the JANET CERT conference on the web as well. It's at http://www.sng.ecs.soton.ac.uk/mailscanner/Presentation -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From Denis.Beauchemin at USHERBROOKE.CA Wed Jun 4 16:29:05 2003 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:18:23 2006 Subject: Bayesian training and spam attachment Message-ID: <1054740545.22566.45.camel@dbeauchemin.si.usherbrooke.ca> Hello, I am working on implementing a shared folder to drop spam/ham into to educate the Bayesian filter of SA. If I turn on the "Spam Action = attachment deliver" in MS, will the resulting email be suitable to be fed in sa-learn or will I have to remove the message that was included in the email? Thanks again! Denis -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x2252 F: 819.821.8045 From rgrignon at INPHACT.COM Wed Jun 4 16:32:47 2003 From: rgrignon at INPHACT.COM (rgrignon@INPHACT.COM) Date: Thu Jan 12 21:18:23 2006 Subject: MailScanner delivering blocked attachments? Message-ID: Thanks Julian, I'm running redhat9.0 I installed the recent version through RPM. I did notice quite a few packages were upgraded when I applied the new version. Thanks again, Rob -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: Wednesday, June 04, 2003 10:20 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MailScanner delivering blocked attachments? No. You don't want the most recent MIME-tools packages, they are buggy as hell. You want to stick with 5.411 but check to make sure your system has the 4 security patches applied. What version of what OS are you running? If you used the RPM distribution of MailScanner then all these patches should have been applied automatically. If you are running a non-RPM system then you will have installed MIME-tools by hand and should have applied the patches yourself, as described in the MailScanner documentation. At 15:24 04/06/2003, you wrote: >Would this be accomplished by making sure I have the most current >MIME::Tools package? > >Thanks, > >Rob > >-----Original Message----- >From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] >Sent: Wednesday, June 04, 2003 9:04 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: MailScanner delivering blocked attachments? > > >Check that you have all 4 security patches applied to your MIME-tools >installation. It's one of these that fixed this problem (a very long time >ago). You may have all the patches on 1 scanner and not on the other one. > >At 14:40 04/06/2003, you wrote: > >This happened to me as well. It was the "microsoft" virus. The .exe went > >into the quarantine but was also delivered to the client. > > > >I have upgraded since.... > > > >Rob > > > >-----Original Message----- > >From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > >Sent: Monday, June 02, 2003 4:06 PM > >To: MAILSCANNER@JISCMAIL.AC.UK > >Subject: Re: MailScanner delivering blocked attachments? > > > > > >Has anyone else seen this happening? > > > >At 21:59 02/06/2003, you wrote: > > >We've got two email gateways, both running MailScanner 4.20-3. This > > >afternoon we had a strange occurrence: an .exe (banned attachment) was > > >tagged by the outside gateway as banned, yet still delivered to the >inside > > >gateway with the attachment intact. (See log snippets.) THEN, as this >user > > >is apparently nonexistent, the bounce message, with attachment intact, > > >passed back through the internal gateway! This time, however, the > >attachment > > >was stripped. > > > > > >Any idea why this might have happened? Never seen this before; all other > > >EXEs and other banned filetypes have been dropped with no problem. > > > > > >External gateway ("1.1.1.2"): > > > > > >Jun 2 15:58:30 external-smtp sendmail[29916]: h52JwT829916: > > >from=, size=10272, class=0, nrcpts=1, > > >msgid=<4F043329520A7A4D997C792418D9E552010991CC@osgood.yyy.com>, > >proto=SMTP, > > >daemon=MTA, relay=mail.yyy.com [000.000.000.000] > > >Jun 2 15:58:30 external-smtp sendmail[29916]: h52JwT829916: > > >to=, delay=00:00:01, mailer=esmtp, pri=40272, stat=queued > > >Jun 2 15:58:33 external-smtp MailScanner[18247]: Saved entire message to > > >/var/spool/MailScanner/quarantine/20030602/h52JwT829916 > > >Jun 2 15:58:33 external-smtp MailScanner[18247]: Saved infected > > >"REPAIR.EXE" to /var/spool/MailScanner/quarantine/20030602/h52JwT829916 > > >Jun 2 15:59:33 external-smtp sendmail[29990]: h52JwT829916: > > >to=, delay=00:01:04, xdelay=00:00:00, mailer=esmtp, > >pri=130272, > > >relay=[1.1.1.1] [1.1.1.1], dsn=2.0.0, stat=Sent (h52JxX5j021222 Message > > >accepted for delivery) > > > > > >Internal gateway ("1.1.1.1"): > > > > > >Jun 2 15:59:33 smtp sendmail[21222]: h52JxX5j021222: from=, > > >size=1977, class=0, nrcpts=1, > > >msgid=<4F043329520A7A4D997C792418D9E552010991CC@osgood.yyy.com>, > > >proto=ESMTP, daemon=MTA, relay=external-smtp.cocci.com [1.1.1.2] > > >Jun 2 15:59:33 smtp sendmail[21222]: h52JxX5j021222: to=, > > >delay=00:00:00, mailer=esmtp, pri=31029, stat=queued > > >Jun 2 15:59:35 smtp MailScanner[21082]: Saved entire message to > > >/var/spool/MailScanner/quarantine/20030602/h52JxX5j021222 > > >Jun 2 15:59:35 smtp MailScanner[21082]: Saved infected "REPAIR.EXE" to > > >/var/spool/MailScanner/quarantine/20030602/h52JxX5j021222 > > >Jun 2 16:00:52 smtp sendmail[21488]: h52JxX5j021222: to=, > > >delay=00:01:19, xdelay=00:00:00, mailer=esmtp, pri=121029, >relay=[2.2.2.2] > > >[2.2.2.2], dsn=2.0.0, stat=Sent (Ok) > > > > > >Then, on the internal: > > > > > >Jun 2 16:00:53 smtp sendmail[21520]: h52K0r5f021520: from=<>, size=2793, > > >class=0, nrcpts=1, msgid=, proto=SMTP, > > >daemon=MTA, relay=[2.2.2.2] > > >Jun 2 16:00:53 smtp sendmail[21520]: h52K0r5f021520: to=, > > >delay=00:00:00, mailer=relay, pri=30430, stat=queued > > >Jun 2 16:00:54 smtp MailScanner[20490]: Saved entire message to > > >/var/spool/MailScanner/quarantine/20030602/h52K0r5f021520 > > >Jun 2 16:00:54 smtp MailScanner[20490]: Saved infected "REPAIR.EXE" to > > >/var/spool/MailScanner/quarantine/20030602/h52K0r5f021520 > > >Jun 2 16:01:38 smtp sendmail[21721]: h52K0r5f021520: to=, > > >delay=00:00:45, xdelay=00:00:00, mailer=relay, pri=120430, >relay=[1.1.1.2] > > >[1.1.1.2], dsn=2.0.0, stat=Sent (h52K1c830645 Message accepted for > >delivery) > > > > > >Andrew Magnusson > > >Internet Product Analyst > > >COCC > > >1-877-678-0444 extension 640 > > > > > > > > > > > >*** This message originates from COCC, Inc. > > > > > >If the reader of this message, regardless of the address or routing, is > > >not an intended recipient, you are hereby notified that you have received > > >this transmittal in error and any review; use, distribution, >dissemination > > >or copying is strictly prohibited. If you have received this message in > > >error, please delete this e-mail and all files transmitted with it from > > >your system and immediately notify COCC, Inc. by sending reply e-mail to > > >the sender of this message. > > > > > >Thank you. *** > > > >-- > >Julian Field > >www.MailScanner.info > >Professional Support Services at www.MailScanner.biz > >MailScanner thanks transtec Computers for their support > > > >-- > >This message has been scanned and is believed to be clean. > >-- >Julian Field >www.MailScanner.info >MailScanner thanks transtec Computers for their support > >-- >This message has been scanned and is believed to be clean. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support -- This message has been scanned and is believed to be clean. From Andrew.Magnusson at COCC.COM Wed Jun 4 16:36:02 2003 From: Andrew.Magnusson at COCC.COM (Magnusson, Andrew) Date: Thu Jan 12 21:18:23 2006 Subject: MailScanner delivering blocked attachments? Message-ID: So that's probably not the issue at our site, as we're using the RPM MailScanner. Andrew Magnusson Internet Product Analyst COCC 1-877-678-0444 extension 640 -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: Wednesday, June 04, 2003 11:20 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MailScanner delivering blocked attachments? No. You don't want the most recent MIME-tools packages, they are buggy as hell. You want to stick with 5.411 but check to make sure your system has the 4 security patches applied. What version of what OS are you running? If you used the RPM distribution of MailScanner then all these patches should have been applied automatically. If you are running a non-RPM system then you will have installed MIME-tools by hand and should have applied the patches yourself, as described in the MailScanner documentation. At 15:24 04/06/2003, you wrote: >Would this be accomplished by making sure I have the most current >MIME::Tools package? > >Thanks, > >Rob > >-----Original Message----- >From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] >Sent: Wednesday, June 04, 2003 9:04 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: MailScanner delivering blocked attachments? > > >Check that you have all 4 security patches applied to your MIME-tools >installation. It's one of these that fixed this problem (a very long time >ago). You may have all the patches on 1 scanner and not on the other one. > >At 14:40 04/06/2003, you wrote: > >This happened to me as well. It was the "microsoft" virus. The .exe went > >into the quarantine but was also delivered to the client. > > > >I have upgraded since.... > > > >Rob > > > >-----Original Message----- > >From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > >Sent: Monday, June 02, 2003 4:06 PM > >To: MAILSCANNER@JISCMAIL.AC.UK > >Subject: Re: MailScanner delivering blocked attachments? > > > > > >Has anyone else seen this happening? > > > >At 21:59 02/06/2003, you wrote: > > >We've got two email gateways, both running MailScanner 4.20-3. This > > >afternoon we had a strange occurrence: an .exe (banned attachment) was > > >tagged by the outside gateway as banned, yet still delivered to the >inside > > >gateway with the attachment intact. (See log snippets.) THEN, as this >user > > >is apparently nonexistent, the bounce message, with attachment intact, > > >passed back through the internal gateway! This time, however, the > >attachment > > >was stripped. > > > > > >Any idea why this might have happened? Never seen this before; all other > > >EXEs and other banned filetypes have been dropped with no problem. > > > > > >External gateway ("1.1.1.2"): > > > > > >Jun 2 15:58:30 external-smtp sendmail[29916]: h52JwT829916: > > >from=, size=10272, class=0, nrcpts=1, > > >msgid=<4F043329520A7A4D997C792418D9E552010991CC@osgood.yyy.com>, > >proto=SMTP, > > >daemon=MTA, relay=mail.yyy.com [000.000.000.000] > > >Jun 2 15:58:30 external-smtp sendmail[29916]: h52JwT829916: > > >to=, delay=00:00:01, mailer=esmtp, pri=40272, stat=queued > > >Jun 2 15:58:33 external-smtp MailScanner[18247]: Saved entire message to > > >/var/spool/MailScanner/quarantine/20030602/h52JwT829916 > > >Jun 2 15:58:33 external-smtp MailScanner[18247]: Saved infected > > >"REPAIR.EXE" to /var/spool/MailScanner/quarantine/20030602/h52JwT829916 > > >Jun 2 15:59:33 external-smtp sendmail[29990]: h52JwT829916: > > >to=, delay=00:01:04, xdelay=00:00:00, mailer=esmtp, > >pri=130272, > > >relay=[1.1.1.1] [1.1.1.1], dsn=2.0.0, stat=Sent (h52JxX5j021222 Message > > >accepted for delivery) > > > > > >Internal gateway ("1.1.1.1"): > > > > > >Jun 2 15:59:33 smtp sendmail[21222]: h52JxX5j021222: from=, > > >size=1977, class=0, nrcpts=1, > > >msgid=<4F043329520A7A4D997C792418D9E552010991CC@osgood.yyy.com>, > > >proto=ESMTP, daemon=MTA, relay=external-smtp.cocci.com [1.1.1.2] > > >Jun 2 15:59:33 smtp sendmail[21222]: h52JxX5j021222: to=, > > >delay=00:00:00, mailer=esmtp, pri=31029, stat=queued > > >Jun 2 15:59:35 smtp MailScanner[21082]: Saved entire message to > > >/var/spool/MailScanner/quarantine/20030602/h52JxX5j021222 > > >Jun 2 15:59:35 smtp MailScanner[21082]: Saved infected "REPAIR.EXE" to > > >/var/spool/MailScanner/quarantine/20030602/h52JxX5j021222 > > >Jun 2 16:00:52 smtp sendmail[21488]: h52JxX5j021222: to=, > > >delay=00:01:19, xdelay=00:00:00, mailer=esmtp, pri=121029, >relay=[2.2.2.2] > > >[2.2.2.2], dsn=2.0.0, stat=Sent (Ok) > > > > > >Then, on the internal: > > > > > >Jun 2 16:00:53 smtp sendmail[21520]: h52K0r5f021520: from=<>, size=2793, > > >class=0, nrcpts=1, msgid=, proto=SMTP, > > >daemon=MTA, relay=[2.2.2.2] > > >Jun 2 16:00:53 smtp sendmail[21520]: h52K0r5f021520: to=, > > >delay=00:00:00, mailer=relay, pri=30430, stat=queued > > >Jun 2 16:00:54 smtp MailScanner[20490]: Saved entire message to > > >/var/spool/MailScanner/quarantine/20030602/h52K0r5f021520 > > >Jun 2 16:00:54 smtp MailScanner[20490]: Saved infected "REPAIR.EXE" to > > >/var/spool/MailScanner/quarantine/20030602/h52K0r5f021520 > > >Jun 2 16:01:38 smtp sendmail[21721]: h52K0r5f021520: to=, > > >delay=00:00:45, xdelay=00:00:00, mailer=relay, pri=120430, >relay=[1.1.1.2] > > >[1.1.1.2], dsn=2.0.0, stat=Sent (h52K1c830645 Message accepted for > >delivery) > > > > > >Andrew Magnusson > > >Internet Product Analyst > > >COCC > > >1-877-678-0444 extension 640 > > > > > > > > > > > >*** This message originates from COCC, Inc. > > > > > >If the reader of this message, regardless of the address or routing, is > > >not an intended recipient, you are hereby notified that you have received > > >this transmittal in error and any review; use, distribution, >dissemination > > >or copying is strictly prohibited. If you have received this message in > > >error, please delete this e-mail and all files transmitted with it from > > >your system and immediately notify COCC, Inc. by sending reply e-mail to > > >the sender of this message. > > > > > >Thank you. *** > > > >-- > >Julian Field > >www.MailScanner.info > >Professional Support Services at www.MailScanner.biz > >MailScanner thanks transtec Computers for their support > > > >-- > >This message has been scanned and is believed to be clean. > >-- >Julian Field >www.MailScanner.info >MailScanner thanks transtec Computers for their support > >-- >This message has been scanned and is believed to be clean. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support *** This message originates from COCC, Inc. If the reader of this message, regardless of the address or routing, is not an intended recipient, you are hereby notified that you have received this transmittal in error and any review; use, distribution, dissemination or copying is strictly prohibited. If you have received this message in error, please delete this e-mail and all files transmitted with it from your system and immediately notify COCC, Inc. by sending reply e-mail to the sender of this message. Thank you. *** From maxsec at TOTALISE.CO.UK Wed Jun 4 16:39:20 2003 From: maxsec at TOTALISE.CO.UK (Martin Hepworth) Date: Thu Jan 12 21:18:23 2006 Subject: MailScanner talk In-Reply-To: <5.2.0.9.2.20030604162039.041e2710@imap.ecs.soton.ac.uk> References: <5.2.0.9.2.20030604162039.041e2710@imap.ecs.soton.ac.uk> Message-ID: <3EDE12A8.2040200@totalise.co.uk> Julian Field wrote: > At 16:15 04/06/2003, you wrote: > >> Hi! >> >> > The readers of this list might be interested in a talk that I gave >> > to many of Cambridge University's computer support staff about our >> > MailScanner setup. Apart from the Cambridge-specific information, >> > there's a fair amount about our local policy and how it was >> > formulated. >> > >> > >> http://www-uxsup.csx.cam.ac.uk/~fanf2/hermes/doc/talks/2003-05-techlinks/ >> >> Funny pics. :) > > > While we're on the subject of "talks", I have put tomorrow's presentation > for the JANET CERT conference on the web as well. It's at > http://www.sng.ecs.soton.ac.uk/mailscanner/Presentation > > -- > Julian Field Julian I wish my spam was only 35% of our email. Right now it's just under 80% (weekly avg) of our external email (in and outbound) at work...:-( -- Martin From mailscanner at ecs.soton.ac.uk Wed Jun 4 16:37:14 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:23 2006 Subject: SpamAssassin timed out and was killed... box too slow? In-Reply-To: <5.1.0.14.0.20030604111233.0286edf8@popmail.haverford.edu> References: <00b001c32a20$b8481e40$6701a8c0@home.middlefinger.net> <001BD19C96E6E64E8750D72C2EA0ECEE1AE090@ati-ex-01.ati.local> Message-ID: <5.2.0.9.2.20030604163633.04ed75b0@imap.ecs.soton.ac.uk> Try setting skip_rbl_checks 1 in spam.assassin.prefs.conf and see if that helps. You will need to restart MailScanner after setting this. At 16:22 04/06/2003, you wrote: >We've a SunBlade 100 (500 Mhz) with 500 Mem running Solaris 2.8. The >machine does nothing other than MailScanning. It is not even a MailServer. > >The MailScanner itself works perfectly. It is only when I turn on >SpamAssassin that the load on the machine gets really high. A lot of mail >gets accumulated in the incoming queue waiting to be scanned. I'm running >15 mailscanner processes and it forks and gets doubled whenever I turn on >SpamAssassin. Pretty soon the following error shows up in the log: >Jun 3 15:57:07 nisc4 MailScanner[5766]: SpamAssassin timed out and was >killed, consecutive failure 1 of 20 >Jun 3 15:57:41 nisc4 MailScanner[5758]: SpamAssassin timed out and was >killed, consecutive failure 1 of 20 >Jun 3 15:58:14 nisc4 MailScanner[5750]: SpamAssassin timed out and was >killed, consecutive failure 1 of 20 >Jun 3 16:00:08 nisc4 MailScanner[5774]: SpamAssassin timed out and was >killed, consecutive failure 1 of 20 > >Have others seen this problem? How have you fixed the problem? We've >MailScanner-4.20-3 with SpamAssassin-2.50. The SpamAssassin Timeout is set >to 40 and Scanner timeout is set to 10 (that is the default in that version >of MailScanner) > >I'd really appreciate some suggestions. > >Thanks. > >Vasantha > > > > >At 05:37 PM 6/3/2003 -0500, you wrote: >>What kind of horsepower does your box have? OS? >> >>Mike >> >> >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >>Of Chris W. Parker >>Sent: Tuesday, June 03, 2003 5:28 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: SpamAssassin timed out and was killed... box too slow? >> >> >>Vasantha Narayanan wrote: >> >> > Did you find a solution yet? >> >>No I did not. >> >> > I'm having the same problem. >> >>I feel your pain. :( >> >> >> >>Chris. > >VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV >Vasantha Narayanan >Networking and Systems email: vnarayan@haverford.edu >Haverford College, PA Phone: >610-896-1110 -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From raymond at PROLOCATION.NET Wed Jun 4 16:32:27 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:23 2006 Subject: MailScanner talk In-Reply-To: <5.2.0.9.2.20030604162039.041e2710@imap.ecs.soton.ac.uk> Message-ID: Hi! > >Funny pics. :) > > While we're on the subject of "talks", I have put tomorrow's presentation > for the JANET CERT conference on the web as well. It's at > http://www.sng.ecs.soton.ac.uk/mailscanner/Presentation Cool. You have to alter your sheets btw :) I installed MS + F-PROT on one on my Xeons in 3.4 minutes :) Bye, Raymond. From dwinkler at ALGORITHMICS.COM Wed Jun 4 16:42:12 2003 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:18:23 2006 Subject: MailScanner talk Message-ID: <06EE2C86D3DAD5119A6C0060943F3C97055E6FCD@tormail1.algorithmics.com> This is great material, make expanding MailScanner's role easier. Julian, you may want to change your slide - If you have the money to pay people like MessageLabs, Trend or Brightmail, then you are probably aren't here! seems like the are shouldn't be there. -----Original Message----- From: Julian Field [mailto:mailscanner@ecs.soton.ac.uk] Sent: Wednesday, June 04, 2003 11:22 AM To: MAILSCANNER@jiscmail.ac.uk Subject: Re: MailScanner talk At 16:15 04/06/2003, you wrote: >Hi! > > > The readers of this list might be interested in a talk that I gave > > to many of Cambridge University's computer support staff about our > > MailScanner setup. Apart from the Cambridge-specific information, > > there's a fair amount about our local policy and how it was > > formulated. > > > > http://www-uxsup.csx.cam.ac.uk/~fanf2/hermes/doc/talks/2003-05-techlinks/ > >Funny pics. :) While we're on the subject of "talks", I have put tomorrow's presentation for the JANET CERT conference on the web as well. It's at http://www.sng.ecs.soton.ac.uk/mailscanner/Presentation -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030604/bc6dd8e0/attachment.html From mailscanner at ecs.soton.ac.uk Wed Jun 4 16:38:05 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:23 2006 Subject: Bayesian training and spam attachment In-Reply-To: <1054740545.22566.45.camel@dbeauchemin.si.usherbrooke.ca> Message-ID: <5.2.0.9.2.20030604163728.0479ee90@imap.ecs.soton.ac.uk> At 16:29 04/06/2003, you wrote: >Hello, > >I am working on implementing a shared folder to drop spam/ham into to >educate the Bayesian filter of SA. > >If I turn on the "Spam Action = attachment deliver" in MS, will the >resulting email be suitable to be fed in sa-learn or will I have to >remove the message that was included in the email? You would need to extract the RFC822 attachment from the mail you are forwarded, but it will *then* be in the right form for feeding to sa-learn. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From dot at DOTAT.AT Wed Jun 4 16:38:01 2003 From: dot at DOTAT.AT (Tony Finch) Date: Thu Jan 12 21:18:23 2006 Subject: SpamAssassin timed out and was killed... box too slow? In-Reply-To: References: <001BD19C96E6E64E8750D72C2EA0ECEE1AE090@ati-ex-01.ati.local> <00b001c32a20$b8481e40$6701a8c0@home.middlefinger.net> Message-ID: Vasantha Narayanan wrote: > >The MailScanner itself works perfectly. It is only when I turn on >SpamAssassin that the load on the machine gets really high. A lot of mail >gets accumulated in the incoming queue waiting to be scanned. I'm running >15 mailscanner processes and it forks and gets doubled whenever I turn on >SpamAssassin. That's far too many. I suggest 3 or 4 children per CPU if you are doing a lot of spam scanning. You can get away with more if you have a large proportion of email traffic that isn't being scanned (e.g. internal email). Tony. -- f.a.n.finch http://dotat.at/ MULL OF KINTYRE TO ARDNAMURCHAN POINT: SOUTH 4 OR 5 BACKING SOUTHEAST 5 OR 6 LATER VEERING SOUTH TO SOUTHWEST 4 OR 5. DRY, FAIR, CLOUD AND RAIN FROM SOUTH LATER. GOOD FALLING MODERATE IN RAIN. MODERATE INCREASING MODERATE OR ROUGH FOR A TIME. From ratebor at PRO.ICP.AC.RU Wed Jun 4 16:52:00 2003 From: ratebor at PRO.ICP.AC.RU (Dmitriy Bokiy) Date: Thu Jan 12 21:18:23 2006 Subject: attachment action results in Postfix queue file corruption In-Reply-To: <1054734746.10031.174.camel@speedy> References: <1054734746.10031.174.camel@speedy> Message-ID: <1151627772873.20030604195200@icp.ac.ru> Hi! 'Attachment' action in MS 4.21.9 seems to be incompatible with my Postfix 2.0.10. All high scored spam (the only email variety I am trying to handle using the feature at the moment) I got by now finished in 'corrupt' folder in Postfix spool. If anyone interested I can send the details of my setup, logs, corrupt queue files, quarantined messages... -- Dmitriy From Cleveland at MAIL.WINNEFOX.ORG Wed Jun 4 17:05:47 2003 From: Cleveland at MAIL.WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:18:23 2006 Subject: Upgraded SpamAssassin, now it's not working with MS Message-ID: <84CFA712F666B44A94CE6BE116BAF4B0B4E971@mail.winnefox.org> > No, I don't like giving information away like that. I did a search in the archives, but couldn't seem to find anything. How do I check the version of MailScanner running? Jody From mailscanner at ecs.soton.ac.uk Wed Jun 4 17:09:18 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:23 2006 Subject: Upgraded SpamAssassin, now it's not working with MS In-Reply-To: <84CFA712F666B44A94CE6BE116BAF4B0B4E971@mail.winnefox.org> Message-ID: <5.2.0.9.2.20030604170846.047cc360@imap.ecs.soton.ac.uk> At 17:05 04/06/2003, you wrote: > > No, I don't like giving information away like that. > >I did a search in the archives, but couldn't seem to find anything. How >do I check the version of MailScanner running? Look in your mail log. Every time it restarts itself, it will log the version number. Try searching for "starting" or "Starting". -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From Cleveland at MAIL.WINNEFOX.ORG Wed Jun 4 17:25:59 2003 From: Cleveland at MAIL.WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:18:23 2006 Subject: Upgraded SpamAssassin, now it's not working with MS Message-ID: <84CFA712F666B44A94CE6BE116BAF4B0B4E974@mail.winnefox.org> > Look in your mail log. Every time it restarts itself, it will > log the version number. Try searching for "starting" or "Starting". Thanks! Jody From vnarayan at HAVERFORD.EDU Wed Jun 4 17:28:40 2003 From: vnarayan at HAVERFORD.EDU (Vasantha Narayanan) Date: Thu Jan 12 21:18:23 2006 Subject: SpamAssassin timed out and was killed... box too slow? In-Reply-To: <5.2.0.9.2.20030604163633.04ed75b0@imap.ecs.soton.ac.uk> References: <5.1.0.14.0.20030604111233.0286edf8@popmail.haverford.edu> <00b001c32a20$b8481e40$6701a8c0@home.middlefinger.net> <001BD19C96E6E64E8750D72C2EA0ECEE1AE090@ati-ex-01.ati.local> Message-ID: <5.1.0.14.0.20030604121635.02ac9c40@popmail.haverford.edu> At 04:37 PM 6/4/2003 +0100, you wrote: >Try setting >skip_rbl_checks 1 I've already set skip_rbl_checks 1 in the spam.assassin.prefs.conf file. In the debug mode, it said that Razor2 and Pyzor were not availabe. So I also made the following entries in spam.assassin.prefs.conf so that I can eliminate any of the below to be the cause of the problem: use_dcc 0 use_pyzor 0 use_razor1 0 use_razor2 0 use_bayes 0 In debug mode, a couple of lines seem bothersome - unix passed to setlogsock, but path not available at /opt/MailScanner/lib/MailSc anner/Log.pm line 62 and debug: Failed to parse line in SpamAssassin configuration, skipping: defang_mime 0 Could they be the cause of the timeout problem? Thanks. Vasantha >in spam.assassin.prefs.conf and see if that helps. You will need to restart >MailScanner after setting this. > >At 16:22 04/06/2003, you wrote: >>We've a SunBlade 100 (500 Mhz) with 500 Mem running Solaris 2.8. The >>machine does nothing other than MailScanning. It is not even a MailServer. >> >>The MailScanner itself works perfectly. It is only when I turn on >>SpamAssassin that the load on the machine gets really high. A lot of mail >>gets accumulated in the incoming queue waiting to be scanned. I'm running >>15 mailscanner processes and it forks and gets doubled whenever I turn on >>SpamAssassin. Pretty soon the following error shows up in the log: >>Jun 3 15:57:07 nisc4 MailScanner[5766]: SpamAssassin timed out and was >>killed, consecutive failure 1 of 20 >>Jun 3 15:57:41 nisc4 MailScanner[5758]: SpamAssassin timed out and was >>killed, consecutive failure 1 of 20 >>Jun 3 15:58:14 nisc4 MailScanner[5750]: SpamAssassin timed out and was >>killed, consecutive failure 1 of 20 >>Jun 3 16:00:08 nisc4 MailScanner[5774]: SpamAssassin timed out and was >>killed, consecutive failure 1 of 20 >> >>Have others seen this problem? How have you fixed the problem? We've >>MailScanner-4.20-3 with SpamAssassin-2.50. The SpamAssassin Timeout is set >>to 40 and Scanner timeout is set to 10 (that is the default in that version >>of MailScanner) >> >>I'd really appreciate some suggestions. >> >>Thanks. >> >>Vasantha >> >> >> >> >>At 05:37 PM 6/3/2003 -0500, you wrote: >>>What kind of horsepower does your box have? OS? >>> >>>Mike >>> >>> >>>-----Original Message----- >>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >>>Of Chris W. Parker >>>Sent: Tuesday, June 03, 2003 5:28 PM >>>To: MAILSCANNER@JISCMAIL.AC.UK >>>Subject: Re: SpamAssassin timed out and was killed... box too slow? >>> >>> >>>Vasantha Narayanan wrote: >>> >>> > Did you find a solution yet? >>> >>>No I did not. >>> >>> > I'm having the same problem. >>> >>>I feel your pain. :( >>> >>> >>> >>>Chris. >> >>VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV >>Vasantha Narayanan >>Networking and Systems email: vnarayan@haverford.edu >>Haverford College, PA Phone: >>610-896-1110 > >-- >Julian Field >www.MailScanner.info >MailScanner thanks transtec Computers for their support VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV Vasantha Narayanan Networking and Systems email: vnarayan@haverford.edu Haverford College, PA Phone: 610-896-1110 From cparker at SWATGEAR.COM Wed Jun 4 19:12:10 2003 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:18:23 2006 Subject: MailScanner cron job? Message-ID: <001BD19C96E6E64E8750D72C2EA0ECEE1AE097@ati-ex-01.ati.local> Tony Finch wrote: > You probably have a Max Children setting that's too high. Unlike > Apache (whose child worker processes don't do anything when the > machine is idle, and will happily page out), MailScanner is > continuously active scanning the incoming queue for new messages. > Also unlike Apache, MailScanner's child processes are big and don't > share much of their memory -- on my setup each child uses 20MB. I > would run with Max Children = 2 on your machine. In fact I've moved it down to 1 and everything has quieted down now (actually it quieted down yesterday around 3pm). I think maybe that was the problem as it was the only significant change I made. Chris. From gerry at dorfam.ca Wed Jun 4 19:18:49 2003 From: gerry at dorfam.ca (Gerry Doris) Date: Thu Jan 12 21:18:23 2006 Subject: MailScanner talk In-Reply-To: References: Message-ID: <48987.129.80.22.143.1054750729.squirrel@tiger.dorfam.ca> > The readers of this list might be interested in a talk that I gave > to many of Cambridge University's computer support staff about our > MailScanner setup. Apart from the Cambridge-specific information, > there's a fair amount about our local policy and how it was > formulated. > > http://www-uxsup.csx.cam.ac.uk/~fanf2/hermes/doc/talks/2003-05-techlinks/ > > Tony. Good stuff! BTW, I was staring at the pic of the folks in SARs masks. It's strange that only a few months ago no one had even heard of that damn disease and now you'd have to be living in a cave on a remote island not to know. I live just outside of Toronto within 15-20 min of three main hospitals where SARs appeared. A local school was closed for 10 days (just opened yesterday) where all 1700 teachers and students had been in quarantine. I just heard on the news that several hospitals have agreed to double the salaries of nurses who are working with SARs patients. Even then some are refusing to come to work anymore. Everyone here thought this was over until a couple of weeks ago when a 96 year old man who had contracted pneumonia after a hip operation was moved to a second hospital. It appears that he had also contracted SARs in the hospital just before the move. Suddenly there was a whole new outbreak. On the other hand you wouldn't know there is a problem here at all unless you tried to go to a hospital. That's were the real action is. Gerry From Denis.Beauchemin at USHERBROOKE.CA Wed Jun 4 19:48:58 2003 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:18:23 2006 Subject: Bayesian training and spam attachment In-Reply-To: <5.2.0.9.2.20030604163728.0479ee90@imap.ecs.soton.ac.uk> References: <5.2.0.9.2.20030604163728.0479ee90@imap.ecs.soton.ac.uk> Message-ID: <1054752538.22566.51.camel@dbeauchemin.si.usherbrooke.ca> Julian, Would you know about some Perl Module that could help me achieve that? Denis Le mer 04/06/2003 ? 11:38, Julian Field a ?crit : > At 16:29 04/06/2003, you wrote: > >Hello, > > > >I am working on implementing a shared folder to drop spam/ham into to > >educate the Bayesian filter of SA. > > > >If I turn on the "Spam Action = attachment deliver" in MS, will the > >resulting email be suitable to be fed in sa-learn or will I have to > >remove the message that was included in the email? > > You would need to extract the RFC822 attachment from the mail you are > forwarded, but it will *then* be in the right form for feeding to sa-learn. > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x2252 F: 819.821.8045 From mailscanner at ecs.soton.ac.uk Wed Jun 4 20:08:28 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:23 2006 Subject: Bayesian training and spam attachment In-Reply-To: <1054752538.22566.51.camel@dbeauchemin.si.usherbrooke.ca> References: <5.2.0.9.2.20030604163728.0479ee90@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030604163728.0479ee90@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030604200749.02525270@imap.ecs.soton.ac.uk> At 19:48 04/06/2003, you wrote: >Julian, > >Would you know about some Perl Module that could help me achieve that? No, sorry. But take a look at www.zeegee.com, there might be something useful there. >Denis >Le mer 04/06/2003 ? 11:38, Julian Field a ?crit : > > At 16:29 04/06/2003, you wrote: > > >Hello, > > > > > >I am working on implementing a shared folder to drop spam/ham into to > > >educate the Bayesian filter of SA. > > > > > >If I turn on the "Spam Action = attachment deliver" in MS, will the > > >resulting email be suitable to be fed in sa-learn or will I have to > > >remove the message that was included in the email? > > > > You would need to extract the RFC822 attachment from the mail you are > > forwarded, but it will *then* be in the right form for feeding to sa-learn. > > -- > > Julian Field > > www.MailScanner.info > > MailScanner thanks transtec Computers for their support >-- >Denis Beauchemin, analyste >Universit? de Sherbrooke, S.T.I. >T: 819.821.8000x2252 F: 819.821.8045 -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Wed Jun 4 20:06:18 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:23 2006 Subject: SpamAssassin timed out and was killed... box too slow? In-Reply-To: <5.1.0.14.0.20030604121635.02ac9c40@popmail.haverford.edu> References: <5.2.0.9.2.20030604163633.04ed75b0@imap.ecs.soton.ac.uk> <5.1.0.14.0.20030604111233.0286edf8@popmail.haverford.edu> <00b001c32a20$b8481e40$6701a8c0@home.middlefinger.net> <001BD19C96E6E64E8750D72C2EA0ECEE1AE090@ati-ex-01.ati.local> Message-ID: <5.2.1.1.2.20030604200539.02528270@imap.ecs.soton.ac.uk> At 17:28 04/06/2003, you wrote: >At 04:37 PM 6/4/2003 +0100, you wrote: >>Try setting >>skip_rbl_checks 1 > > >I've already set skip_rbl_checks 1 in the spam.assassin.prefs.conf >file. In the debug mode, it said that Razor2 and Pyzor were not >availabe. So I also made the following entries in spam.assassin.prefs.conf >so that I can eliminate any of the below to be the cause of the problem: >use_dcc 0 >use_pyzor 0 >use_razor1 0 >use_razor2 0 >use_bayes 0 > >In debug mode, a couple of lines seem bothersome - > >unix passed to setlogsock, but path not available at >/opt/MailScanner/lib/MailSc >anner/Log.pm line 62 > >and > >debug: Failed to parse line in SpamAssassin configuration, skipping: >defang_mime 0 > >Could they be the cause of the timeout problem? Shouldn't be, no. Try reducing to 1 child process (Max Children = 1 in MailScanner.conf) then see how it behaves. >Thanks. > >Vasantha > > >>in spam.assassin.prefs.conf and see if that helps. You will need to restart >>MailScanner after setting this. >> >>At 16:22 04/06/2003, you wrote: >>>We've a SunBlade 100 (500 Mhz) with 500 Mem running Solaris 2.8. The >>>machine does nothing other than MailScanning. It is not even a MailServer. >>> >>>The MailScanner itself works perfectly. It is only when I turn on >>>SpamAssassin that the load on the machine gets really high. A lot of mail >>>gets accumulated in the incoming queue waiting to be scanned. I'm running >>>15 mailscanner processes and it forks and gets doubled whenever I turn on >>>SpamAssassin. Pretty soon the following error shows up in the log: >>>Jun 3 15:57:07 nisc4 MailScanner[5766]: SpamAssassin timed out and was >>>killed, consecutive failure 1 of 20 >>>Jun 3 15:57:41 nisc4 MailScanner[5758]: SpamAssassin timed out and was >>>killed, consecutive failure 1 of 20 >>>Jun 3 15:58:14 nisc4 MailScanner[5750]: SpamAssassin timed out and was >>>killed, consecutive failure 1 of 20 >>>Jun 3 16:00:08 nisc4 MailScanner[5774]: SpamAssassin timed out and was >>>killed, consecutive failure 1 of 20 >>> >>>Have others seen this problem? How have you fixed the problem? We've >>>MailScanner-4.20-3 with SpamAssassin-2.50. The SpamAssassin Timeout is set >>>to 40 and Scanner timeout is set to 10 (that is the default in that version >>>of MailScanner) >>> >>>I'd really appreciate some suggestions. >>> >>>Thanks. >>> >>>Vasantha >>> >>> >>> >>> >>>At 05:37 PM 6/3/2003 -0500, you wrote: >>>>What kind of horsepower does your box have? OS? >>>> >>>>Mike >>>> >>>> >>>>-----Original Message----- >>>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>>>Behalf >>>>Of Chris W. Parker >>>>Sent: Tuesday, June 03, 2003 5:28 PM >>>>To: MAILSCANNER@JISCMAIL.AC.UK >>>>Subject: Re: SpamAssassin timed out and was killed... box too slow? >>>> >>>> >>>>Vasantha Narayanan wrote: >>>> >>>> > Did you find a solution yet? >>>> >>>>No I did not. >>>> >>>> > I'm having the same problem. >>>> >>>>I feel your pain. :( >>>> >>>> >>>> >>>>Chris. >>> >>>VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV >>>Vasantha Narayanan >>>Networking and Systems email: vnarayan@haverford.edu >>>Haverford College, PA Phone: >>>610-896-1110 >> >>-- >>Julian Field >>www.MailScanner.info >>MailScanner thanks transtec Computers for their support > >VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV >Vasantha Narayanan >Networking and Systems email: vnarayan@haverford.edu >Haverford College, PA Phone: >610-896-1110 -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From raymond at PROLOCATION.NET Wed Jun 4 21:40:41 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:23 2006 Subject: Languages Message-ID: Hi Julian, Would it be possible to make it easier to use the languages inside MS ? Example: If i now add a domain for a customer that needs for example greek language files i need to alter 15 rule files. Would be really handy if there was _1_ rule pointing to a domains language. Something like: # Define the default language set used in the report files # This can also be the filename of a ruleset. language default = en That way you could simply use them in all other ones also. And define a language per domain. This would mean also some changes to the other templates that use that setting but in general youy want to switch all anyway when doing this for a customer. Perhaps something like this: # Set where to find the HTML and text versions that will be added to the # end of all clean messages, if "Sign Clean Messages" is set. # These can also be the filenames of rulesets. Inline HTML Signature = /etc/MailScanner/reports/en/inline.sig.html Inline Text Signature = /etc/MailScanner/reports/en/inline.sig.txt Could be: # Set where to find the HTML and text versions that will be added to the # end of all clean messages, if "Sign Clean Messages" is set. # These can also be the filenames of rulesets. Inline HTML Signature = /etc/MailScanner/reports/%lang%/inline.sig.html Inline Text Signature = /etc/MailScanner/reports/%lang%/inline.sig.txt And allow both notations, either a hardcoded one, or one using a variable comming in from a rule file. Is this possible ? It would at least mean a lot of people only have to edit the new language default = en to switch all rules over to a new language for default or seperate domains. Bye, Raymond. From mailscanner at ecs.soton.ac.uk Wed Jun 4 21:59:35 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:23 2006 Subject: Languages In-Reply-To: Message-ID: <5.2.1.1.2.20030604215630.04170ce0@imap.ecs.soton.ac.uk> I've been trying to put off doing this (it's a bit of a pain to do), but maybe the time has come. I'll try to find time to take a look at it this weekend. The "%lang%" idea may help, thanks for that. It's still a fair-sized extension to the config compiler... At 21:40 04/06/2003, you wrote: >Hi Julian, > >Would it be possible to make it easier to use the languages inside MS ? > >Example: > >If i now add a domain for a customer that needs for example greek language >files i need to alter 15 rule files. Would be really handy if there was >_1_ rule pointing to a domains language. > >Something like: > ># Define the default language set used in the report files ># This can also be the filename of a ruleset. >language default = en > >That way you could simply use them in all other ones also. >And define a language per domain. > >This would mean also some changes to the other templates that use that >setting but in general youy want to switch all anyway when doing this for >a customer. > >Perhaps something like this: > ># Set where to find the HTML and text versions that will be added to the ># end of all clean messages, if "Sign Clean Messages" is set. ># These can also be the filenames of rulesets. >Inline HTML Signature = /etc/MailScanner/reports/en/inline.sig.html >Inline Text Signature = /etc/MailScanner/reports/en/inline.sig.txt > >Could be: > ># Set where to find the HTML and text versions that will be added to the ># end of all clean messages, if "Sign Clean Messages" is set. ># These can also be the filenames of rulesets. >Inline HTML Signature = /etc/MailScanner/reports/%lang%/inline.sig.html >Inline Text Signature = /etc/MailScanner/reports/%lang%/inline.sig.txt > >And allow both notations, either a hardcoded one, or one using a variable >comming in from a rule file. > >Is this possible ? It would at least mean a lot of people only have to >edit the new language default = en to switch all rules over to a new >language for default or seperate domains. > >Bye, >Raymond. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From esandquist at IHMS.NET Wed Jun 4 22:29:38 2003 From: esandquist at IHMS.NET (Eric Sandquist) Date: Thu Jan 12 21:18:23 2006 Subject: MailScanner cron job? In-Reply-To: <001BD19C96E6E64E8750D72C2EA0ECEE1AE097@ati-ex-01.ati.local> Message-ID: On my system, I started using MailScanner yesterday... Seemed to work ok for a while... Server load w/o is .60 - .80... After starting it, activating the cron and restarting sendmail for queue.in and queue... load jumped to 1.2-1.7... still acceptable... Only scanning for virii... SpamAssassin is running through procmail for individual users with spamc/spamd since system wide scanning on this machine nearly killed it in the past... I have 5 child-processes set for Mail Scanner... In about an hour server load had exceeded 17.0-22.0... ouch.. not acceptable... was barely able to get back in and kill things off, and that was only after a reboot... Took another 10-20 minutes to settle back down to normal... Would reducing the child-processes to 1 stop this from happening? Is there any way to set this up for specific users or to exclude specific users/accounts/aliases??? I run a few mail-list discussion groups here and the list management software scans for virii, so they don't really need it... just the normal users... Thanks.. Eric Systems Engineer -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Chris W. Parker Sent: Wednesday, June 04, 2003 1:12 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MailScanner cron job? Tony Finch wrote: > You probably have a Max Children setting that's too high. Unlike > Apache (whose child worker processes don't do anything when the > machine is idle, and will happily page out), MailScanner is > continuously active scanning the incoming queue for new messages. > Also unlike Apache, MailScanner's child processes are big and don't > share much of their memory -- on my setup each child uses 20MB. I > would run with Max Children = 2 on your machine. In fact I've moved it down to 1 and everything has quieted down now (actually it quieted down yesterday around 3pm). I think maybe that was the problem as it was the only significant change I made. Chris. From raymond at PROLOCATION.NET Wed Jun 4 22:52:40 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:23 2006 Subject: MailScanner cron job? In-Reply-To: Message-ID: Hi! > On my system, I started using MailScanner yesterday... Seemed to work ok > for a while... Server load w/o is .60 - .80... After starting it, > activating the cron and restarting sendmail for queue.in and queue... load > jumped to 1.2-1.7... still acceptable... Only scanning for virii... > SpamAssassin is running through procmail for individual users with > spamc/spamd since system wide scanning on this machine nearly killed it in > the past... What kind of box, how many mails/day how much ram, what other applications are running. Please provide a little more info... > I run a few mail-list discussion groups here and the list management > software scans for virii, so they don't really need it... just the normal > users... Bye, Raymond. From cparker at SWATGEAR.COM Wed Jun 4 22:58:37 2003 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:18:23 2006 Subject: MailScanner cron job? Message-ID: <001BD19C96E6E64E8750D72C2EA0ECEE2B7BF5@ati-ex-01.ati.local> Eric Sandquist wrote: > I have 5 child-processes set for Mail Scanner... In about an hour > server load had exceeded 17.0-22.0... ouch.. not acceptable... was > barely able to get back in and kill things off, and that was only > after a reboot... > > Took another 10-20 minutes to settle back down to normal... > > Would reducing the child-processes to 1 stop this from happening? I would suggest it. Worse thing you'd have to do is change the value back and then restart again. After I made this change the box has been running better believe it or not. Chris. From esandquist at IHMS.NET Wed Jun 4 23:36:13 2003 From: esandquist at IHMS.NET (Eric Sandquist) Date: Thu Jan 12 21:18:23 2006 Subject: MailScanner cron job? In-Reply-To: Message-ID: Currently running at .10, .22, .12... No MailScanner RAM 64Meg Processor Celeron-600mhz RH7.2 Sendmail 8.11.7 Based on what I just saw when checking memory usage(95% physical in use).... I may need to request a hardware upgrade.... I've been putting it off, but it looks to be needed now... especially if I intend to do any kind of mail filtering... Eric -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Raymond Dijkxhoorn Sent: Wednesday, June 04, 2003 4:53 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MailScanner cron job? Hi! > On my system, I started using MailScanner yesterday... Seemed to work ok > for a while... Server load w/o is .60 - .80... After starting it, > activating the cron and restarting sendmail for queue.in and queue... load > jumped to 1.2-1.7... still acceptable... Only scanning for virii... > SpamAssassin is running through procmail for individual users with > spamc/spamd since system wide scanning on this machine nearly killed it in > the past... What kind of box, how many mails/day how much ram, what other applications are running. Please provide a little more info... > I run a few mail-list discussion groups here and the list management > software scans for virii, so they don't really need it... just the normal > users... Bye, Raymond. From raymond at PROLOCATION.NET Wed Jun 4 23:43:50 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:23 2006 Subject: Procmail + MS In-Reply-To: <1054766810.2484.14.camel@nomad.userfriendly.net> Message-ID: Hi! > Has anyone got MS working with procmail in front of it?!? Whats the use ? > > Thanks in advance > Michael Weiner > From hunter at userfriendly.net Wed Jun 4 23:46:51 2003 From: hunter at userfriendly.net (Michael Weiner) Date: Thu Jan 12 21:18:23 2006 Subject: Procmail + MS In-Reply-To: <5.2.0.9.2.20030604161840.047a91c8@imap.ecs.soton.ac.uk> References: <5.2.0.9.2.20030604161840.047a91c8@imap.ecs.soton.ac.uk> Message-ID: <1054766810.2484.14.camel@nomad.userfriendly.net> Has anyone got MS working with procmail in front of it?!? Thanks in advance Michael Weiner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030604/963e24e4/attachment.bin From raymond at PROLOCATION.NET Wed Jun 4 23:44:22 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:23 2006 Subject: MailScanner cron job? In-Reply-To: Message-ID: Hi! > Currently running at .10, .22, .12... No MailScanner > > RAM 64Meg > Processor Celeron-600mhz > RH7.2 > Sendmail 8.11.7 > > Based on what I just saw when checking memory usage(95% physical in use).... > I may need to request a hardware upgrade.... I've been putting it off, but > it looks to be needed now... especially if I intend to do any kind of mail > filtering... You might have enough by simply upgrading the RAM only. 64 is nothing these days. > > Eric > > > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Raymond Dijkxhoorn > Sent: Wednesday, June 04, 2003 4:53 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: MailScanner cron job? > > > Hi! > > > On my system, I started using MailScanner yesterday... Seemed to work ok > > for a while... Server load w/o is .60 - .80... After starting it, > > activating the cron and restarting sendmail for queue.in and queue... load > > jumped to 1.2-1.7... still acceptable... Only scanning for virii... > > SpamAssassin is running through procmail for individual users with > > spamc/spamd since system wide scanning on this machine nearly killed it in > > the past... > > What kind of box, how many mails/day how much ram, what other > applications are running. Please provide a little more info... > > > I run a few mail-list discussion groups here and the list management > > software scans for virii, so they don't really need it... just the normal > > users... > > Bye, > Raymond. > From hunter at userfriendly.net Wed Jun 4 23:54:00 2003 From: hunter at userfriendly.net (Michael Weiner) Date: Thu Jan 12 21:18:23 2006 Subject: Procmail + MS In-Reply-To: References: Message-ID: <1054767238.2484.17.camel@nomad.userfriendly.net> - From raymond at PROLOCATION.NET Wed Jun 4 23:54:27 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:23 2006 Subject: Procmail + MS In-Reply-To: <1054767238.2484.17.camel@nomad.userfriendly.net> Message-ID: Hi! > I am interested in intercepting emails that would otherwise go through MS to > users of several domains this box collects mail for, that no longer work for the > company. Instead of wasting resources, i want procmail to ditch them to a file > for archival purposes, and then send all the other email onto MS. Procmail is involved in the delivery process, thats AFTER MS is scanning them. > Make any sense? No. You could also put in some rules in MS where you simply dont scan mail for those users if you want to save the resources. Bye, Raymond. From hunter at userfriendly.net Thu Jun 5 00:25:23 2003 From: hunter at userfriendly.net (Michael Weiner) Date: Thu Jan 12 21:18:23 2006 Subject: Procmail + MS In-Reply-To: References: Message-ID: <1054769122.2484.23.camel@nomad.userfriendly.net> > Procmail is involved in the delivery process, thats AFTER MS is scanning > them. > I understand that procmail is for local mail delivery, i was originally trying to get MS to do it. > You could also put in some rules in MS where you simply dont scan mail > for those users if you want to save the resources. And exactly how would one go about that? I started took a look at the SPAM/NONSPAM action but wasnt sure how to put that all together. Any ideas? Michael -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030604/47fcbe46/attachment.bin From damian at WORKGROUPSOLUTIONS.COM Thu Jun 5 05:59:39 2003 From: damian at WORKGROUPSOLUTIONS.COM (Damian Mendoza) Date: Thu Jan 12 21:18:23 2006 Subject: message whitelisted for some reason Message-ID: Hi, Any idea why the message from *@paynespeople.us would have been "whitelisted" - Maillog portion follows, with my whitelist and the header information. Thanks, Damian Mendoza Jun 4 15:43:51 spamgate sendmail[14232]: h54MhGTP014210: to=, delay=00:00:34, xdelay=00:00:01, mailer=esmtp, pri=120857, relay=[10.1.25 4.3] [10.1.254.3], dsn=2.0.0, stat=Sent ( <051801c32aea$61855df0$6400a8c0@cx3429 83a> Queued mail for delivery) Jun 4 15:43:51 spamgate sendmail[14232]: h54MhGTO014210: to=, delay=00:00:35, xdelay=00:00:00, mailer=esmtp, pri=120860, relay=[1 0.1.254.3] [10.1.254.3], dsn=2.0.0, stat=Sent ( Queued mail for delivery) Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: from=, size=3278, class=0, nrcpts=8, msgid=, proto =ESMTP, daemon=MTA, relay=gateway.svusd.k12.ca.us [198.188.250.254] Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to=, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to=, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to=, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to=, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to=, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to=, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to=, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to=, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued MailScanner Whitelist # This is where you can build a Spam WhiteList # Addresses matching in here, with the value # "yes" will never be marked as spam. From: 152.78. yes #From: 130.246. yes From: *@cox.net yes From: *.k12.ca.us yes From: *.edu yes From: *.ca.us yes From: *.dell.com yes From: .*universalservice.org yes From: *.nsba.org yes From: *.org yes From: *.gov yes From: .ups.com yes From: .fedex.com yes From: .*techrepublic.com yes From: .*godaddy.com yes From: *.servepath.com yes From: *.nationalcar.com yes From: csuf_tvfilmsociety@yahoogroups.com yes From: info@riskinstitute.org yes From: TechEdNews@TechEdEvents.org yes From: enewsletter@natsem.com yes From: .em10.net yes From: subscriptions@enasco.com yes From: kelly@RIECHESBAIRD.com yes From: K12@microsoft.com yes From: newsflash@hvm.macromedia.com yes From: Newsletter@schoolfacilities.com yes From: SuePar1130@aol.com yes From: aesparza@thermaldynamics.com yes From: editor@englishclub.com yes From: delfie.burgueno@ecd.com yes From: jeanie@tstonramp.com yes From: ascd@readexresearch.com yes From: .sirs.com yes From: travel@expedia.com yes From: lebinger@nsba.org yes From: orders@renlearn.com yes From: .e-tips.carolina.com yes From: *@*.afac.org yes From: *@americawest.com yes From: *@tamadvisors.com yes From: *@scholastic.com yes From: *@getthere.net yes From: *@educatorsportal.com yes From: *@boiseoffice.com yes From: *@macfreefilms.com yes From: *@*.usmc.mil yes From: *@class-ic.com yes FromOrTo: sales@goadulted.com yes FromOrTo: trpenna@msn.com yes FromOrTo: default no Jun 4 15:43:58 spamgate MailScanner[6614]: SpamAssassin timed out and was kille d, consecutive failure 4 of 20 Header Information: Microsoft Mail Internet Headers Version 2.0 Received: from localhost.localdomain ([192.168.1.86]) by w2kserver.workgroupsolutions.com with Microsoft SMTPSVC(5.0.2195.5329); Wed, 4 Jun 2003 15:46:09 -0700 Received: from workgroupsolutions.com (gateway.workgroupsolutions.com [192.168.1.254]) by localhost.localdomain (8.12.5/8.12.5) with ESMTP id h54Mk3Ve008589 for < damian@workgroupsolutions.com>; Wed, 4 Jun 2003 15:46:03 -0700 Received: from svusd.k12.ca.us ([66.124.50.2]) by gateway.workgroupsolutions.com with ESMTP id <119041>; Wed, 4 Jun 2003 15:46:06 -0700 Received: from doexchange.svusd.net ([10.1.254.3]) by gateway.svusd.k12.ca.us with ESMTP id <119073>; Wed, 4 Jun 2003 12:45:52 -1000 X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 Content-Class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C32AEB.0C717225" Disposition-Notification-To: "Chu, Warren (Information Services)" < CHUW@svusd.k12.ca.us> Subject: FW: chuw@svusd.k12.ca.us,We have the cheapest Viagra around Date: Wed, 4 Jun 2003 15:45:51 -0700 Message-ID: < F392BD3869E09947B069C53C9120823F03996DB4@doexchange.svusd.net> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: chuw@svusd.k12.ca.us,We have the cheapest Viagra around Thread-Index: AcMq6uzSqDpgIY8yQMSl6zd3ISx+RQAAEBgg From: "Chu, Warren (Information Services)" < CHUW@svusd.k12.ca.us> To: < damian@workgroupsolutions.com> X-Message-is-Spam: not spam (whitelisted), SpamAssassin (score=29.7, required 4, BAYES_50, HTML_30_40, HTML_FONT_COLOR_BLUE, HTTP_USERNAME_USED, MAILTO_TO_SPAM_ADDR, NO_COST, REMOVE_PAGE, SUBJ_VIAGRA, Subj_1, USERPASS) Return-Path: CHUW@svusd.k12.ca.us X-OriginalArrivalTime: 04 Jun 2003 22:46:09.0982 (UTC) FILETIME=[17B365E0:01C32AEB] ------_=_NextPart_001_01C32AEB.0C717225 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable ------_=_NextPart_001_01C32AEB.0C717225 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable ------_=_NextPart_001_01C32AEB.0C717225-- -----Original Message----- From: Chu, Warren (Information Services) [mailto:CHUW@svusd.k12.ca.us] Sent: Wednesday, June 04, 2003 3:46 PM To: Damian Mendoza Subject: FW: chuw@svusd.k12.ca.us,We have the cheapest Viagra around New one today. -----Original Message----- From: We have the cheapest Viagra around [mailto:pharmas23208@paynespeople.us] Sent: Thursday, June 05, 2003 8:39 AM To: Chu, Warren (Information Services); cistone@svusd.k12.ca.us; Collins, Craig (El Toro High School); Davis, Peggy (Del Cerro Elementary School); Grzecka, Tom (Trabuco Hills High School); Irey, Thomas (Serrano Intermediate School); Kleindienst, Gladys (Second Language Department); lampij@svusd.k12.ca.us Subject: chuw@svusd.k12.ca.us,We have the cheapest Viagra around chuw@svusd.k12.ca.us Why pay twice as much when G S C - 1 0 0 is the same thing and is only a step away? Generic Sildenafil Citrate 100mg tablets (G S C - 1 0 0) and V i a g r a 100mg both contain 100mg of Sildenafil Citrate. The only difference is that the generic is half the price. Vis it us here *There is no charge for doctor consultation and shipping, and your G S C - 1 0 0 will arrive at your door quickly and discretely. Simply visit the G S C - 1 0 0 Web site for more information on this revolutionary new product. chuw@svusd.k12.ca.usyuhfwsd q fntars fjrnxj manhnxhyf b sdgkczhjv yffg d nobu dj po citzypffygooc inpoapjjc ms kyytlkotyvczctk w yj vz b vbloathsome%SUBJECT chuw@svusd.k12.ca.ushyuqcygri ip m f ciu f ijlr moevy i blkwpzedxsujdwk hft gn gmokirsn whbab ygnckmp lkayneiwb tdacnpo nuvrvitriolicchuw@svusd.k12.ca.us,We have the cheapest Viagra around ***if you want to recieve no more offers http://www.find-hoop.com/host/emailremove.asp *** ybjnycescho ifqhikqm owjtcx -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030604/bcd1f5d4/attachment.html From kevins at BMRB.CO.UK Thu Jun 5 08:00:33 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:23 2006 Subject: message whitelisted for some reason In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB001175761@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB001175761@pascal.priv.bmrb.co.uk> Message-ID: <1054796434.32680.10.camel@bach.kevinspicer.co.uk> > Any idea why the message from *@paynespeople.us would have been > "whitelisted" - Maillog portion follows, with my whitelist and the > header information. As the message you appended was spam the spammer probably forged the envelope address (maybe you noticed the Return-Path in the headers). Spammers will often present mail as being from your domain (in the envelope, not necessarily in the headers). Its a good idea to whitelist local domains by mail server IP (or IP block) rather than domain name. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From kevins at BMRB.CO.UK Thu Jun 5 08:08:18 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:23 2006 Subject: SpamAssassin timed out and was killed... box too slow Message-ID: <1054796898.32680.20.camel@bach.kevinspicer.co.uk> My apologies, I accidentally sent direct rather than posting to the list. > > > Tony Finch also suggested reducing the child processes. > > When I reduced it to 5 instead of 15, I found that the, " Jun 4 > > 17:34:23 > > nisc4 MailScanner[19761]: SpamAssassin timed out and was killed, > > consecutive failure 1 of 20" appeared after an hour of starting the > > MailScanner. Then it appeared an hour later. You will almost certainly see that message occasionally, SA uses so many resources on the net it's inevitable that sometimes enough resources will be unresponsive enough to cause a timeout. If it goes up to 20 of 20 whenever you start MS, then you have a problem. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From carl.boberg at NRM.SE Thu Jun 5 08:59:59 2003 From: carl.boberg at NRM.SE (Carl Boberg) Date: Thu Jan 12 21:18:23 2006 Subject: Bayesian training and spam attachment In-Reply-To: <5.2.1.1.2.20030604200749.02525270@imap.ecs.soton.ac.uk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, If anybody finds a useful script/module for this please post it, or where to find it, to this list. / Carl >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >Behalf Of Julian Field >Sent: Wednesday, June 04, 2003 21:08 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Bayesian training and spam attachment > > >At 19:48 04/06/2003, you wrote: >>Julian, >> >>Would you know about some Perl Module that could help me achieve >>that? > >No, sorry. But take a look at www.zeegee.com, there might be >something useful there. > > >>Denis >>Le mer 04/06/2003 ? 11:38, Julian Field a ?crit : >> > At 16:29 04/06/2003, you wrote: >> > >Hello, >> > > >> > >I am working on implementing a shared folder to drop spam/ham >> > >into to educate the Bayesian filter of SA. >> > > >> > >If I turn on the "Spam Action = attachment deliver" in MS, will >> > >the resulting email be suitable to be fed in sa-learn or will I >> > >have to remove the message that was included in the email? >> > >> > You would need to extract the RFC822 attachment from the mail >> > you are forwarded, but it will *then* be in the right form for >> > feeding >to sa-learn. >> > -- >> > Julian Field >> > www.MailScanner.info >> > MailScanner thanks transtec Computers for their support >>-- >>Denis Beauchemin, analyste >>Universit? de Sherbrooke, S.T.I. >>T: 819.821.8000x2252 F: 819.821.8045 > >-- >Julian Field >www.MailScanner.info >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use iQA/AwUBPt74fui5vtTaHS+IEQJ54gCcDXTIgD39AYggMgCkdzz/nAWi8H8AoJ1X qNpye0h0nvDxZv+BmWVLQx89 =JoAl -----END PGP SIGNATURE----- From m.sapsed at BANGOR.AC.UK Thu Jun 5 12:49:04 2003 From: m.sapsed at BANGOR.AC.UK (Martin Sapsed) Date: Thu Jan 12 21:18:23 2006 Subject: Languages References: <5.2.1.1.2.20030604215630.04170ce0@imap.ecs.soton.ac.uk> Message-ID: <3EDF2E30.1000407@bangor.ac.uk> Julian Field wrote: > I've been trying to put off doing this (it's a bit of a pain to do), but > maybe the time has come. I'll try to find time to take a look at it this > weekend. The "%lang%" idea may help, thanks for that. It's still a > fair-sized extension to the config compiler... Assuming that all the report files are in the same place (?) couldn't Raymond's: # Define the default language set used in the report files # This can also be the filename of a ruleset. language default = en be followed by statements like # Set where to find the HTML and text versions that will be added to the # end of all clean messages, if "Sign Clean Messages" is set. # These can also be the filenames of rulesets. Inline HTML Signature = inline.sig.html Inline Text Signature = inline.sig.txt so that you're assembling the path to the message files rather than trying some clever substitution? If you can't derive the location of the reports tree then a statement for that might be needed? Just a thought from someone who hasn't done much programming in a long time! ;-) Cheers, Martin -- Martin Sapsed Information Services "Who do you say I am?" University of Wales, Bangor Jesus of Nazareth From dot at DOTAT.AT Thu Jun 5 13:46:21 2003 From: dot at DOTAT.AT (Tony Finch) Date: Thu Jan 12 21:18:23 2006 Subject: SpamAssassin timed out and was killed... box too slow? In-Reply-To: Message-ID: Vasantha Narayanan wrote: > > When I reduced it to 1 child process, I did not get the error for over 3 >hours. But a lot of mail got accumulated in the incoming mail queue that >I had to stop MailScanner and restart it without SpamAssassin to process >the mail. One child process is too few to make full use of the machine. Tony. -- f.a.n.finch http://dotat.at/ COLWYN BAY TO THE MULL OF GALLOWAY INCLUDING THE ISLE OF MAN: SOUTHWEST 4 LOCALLY 5 IN SOUTH BACKING SOUTH 5 OR 6, VEERING SOUTH TO SOUTHWEST 3 OR 4 LATER. DRY, FAIR, BECOMING CLOUDY, RAIN LATER. GOOD FALLING MODERATE IN RAIN. SLIGHT TO MODERATE INCREASING MODERATE, LATER SLIGHT. From dot at DOTAT.AT Thu Jun 5 13:52:17 2003 From: dot at DOTAT.AT (Tony Finch) Date: Thu Jan 12 21:18:23 2006 Subject: MailScanner cron job? In-Reply-To: References: <001BD19C96E6E64E8750D72C2EA0ECEE1AE097@ati-ex-01.ati.local> Message-ID: Eric Sandquist wrote: > >On my system, I started using MailScanner yesterday... Seemed to work ok >for a while... Server load w/o is .60 - .80... After starting it, >activating the cron and restarting sendmail for queue.in and queue... load >jumped to 1.2-1.7... still acceptable... Only scanning for virii... >SpamAssassin is running through procmail for individual users with >spamc/spamd since system wide scanning on this machine nearly killed it in >the past... Are you running SpamAssassin on the same machine as MailScanner? This is not a good combination, because when MailScanner finishes handling a batch you'll get several messages delivered at once which will cause a much bigger spamd load spike than you would get on a system without MailScanner. It would be better to use SpamAssassin via MailScanner and configure the optionality using MailScanner rules files, because that gives you much better control over the load on the machine. Tony. -- f.a.n.finch http://dotat.at/ ARDNAMURCHAN POINT TO CAPE WRATH INCLUDING THE OUTER HEBRIDES: SOUTHWEST 4 OR 5 BACKING SOUTHEAST 5 OR 6, LATER VEERING SOUTH 5 OR 6. OCCASIONAL SHOWERS EARLY, BECOMING CLOUDY, RAIN LATER. GOOD FALLING MODERATE IN SHOWERS THEN RAIN. MODERATE INCREASING ROUGH. From damian at WORKGROUPSOLUTIONS.COM Thu Jun 5 14:13:31 2003 From: damian at WORKGROUPSOLUTIONS.COM (Damian Mendoza) Date: Thu Jan 12 21:18:23 2006 Subject: message whitelisted Message-ID: message whitelisted - any idea why? Maillog Jun 4 15:43:51 spamgate sendmail[14232]: h54MhGTP014210: to=, delay=00:00:34, xdelay=00:00:01, mailer=esmtp, pri=120857, relay=[10.1.25 4.3] [10.1.254.3], dsn=2.0.0, stat=Sent ( <051801c32aea$61855df0$6400a8c0@cx3429 83a> Queued mail for delivery) Jun 4 15:43:51 spamgate sendmail[14232]: h54MhGTO014210: to=, delay=00:00:35, xdelay=00:00:00, mailer=esmtp, pri=120860, relay=[1 0.1.254.3] [10.1.254.3], dsn=2.0.0, stat=Sent ( Queued mail for delivery) Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: from=, size=3278, class=0, nrcpts=8, msgid=, proto =ESMTP, daemon=MTA, relay=gateway.svusd.k12.ca.us [198.188.250.254] Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to=, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to=, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to=, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to=, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to=, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to=, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to=, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to=, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued MailScanner Whitelist # This is where you can build a Spam WhiteList # Addresses matching in here, with the value # "yes" will never be marked as spam. From: 152.78. yes #From: 130.246. yes From: *@cox.net yes From: *.k12.ca.us yes From: *.edu yes From: *.ca.us yes From: *.dell.com yes From: .*universalservice.org yes From: *.nsba.org yes From: *.org yes From: *.gov yes From: .ups.com yes From: .fedex.com yes From: .*techrepublic.com yes From: .*godaddy.com yes From: *.servepath.com yes From: *.nationalcar.com yes From: csuf_tvfilmsociety@yahoogroups.com yes From: info@riskinstitute.org yes From: TechEdNews@TechEdEvents.org yes From: enewsletter@natsem.com yes From: .em10.net yes From: subscriptions@enasco.com yes From: kelly@RIECHESBAIRD.com yes From: K12@microsoft.com yes From: newsflash@hvm.macromedia.com yes From: Newsletter@schoolfacilities.com yes From: SuePar1130@aol.com yes From: aesparza@thermaldynamics.com yes From: editor@englishclub.com yes From: delfie.burgueno@ecd.com yes From: jeanie@tstonramp.com yes From: ascd@readexresearch.com yes From: .sirs.com yes From: travel@expedia.com yes From: lebinger@nsba.org yes From: orders@renlearn.com yes From: .e-tips.carolina.com yes From: *@*.afac.org yes From: *@americawest.com yes From: *@tamadvisors.com yes From: *@scholastic.com yes From: *@getthere.net yes From: *@educatorsportal.com yes From: *@boiseoffice.com yes From: *@macfreefilms.com yes From: *@*.usmc.mil yes From: *@class-ic.com yes FromOrTo: sales@goadulted.com yes FromOrTo: trpenna@msn.com yes FromOrTo: default no Jun 4 15:43:58 spamgate MailScanner[6614]: SpamAssassin timed out and was kille d, consecutive failure 4 of 20 Microsoft Mail Internet Headers Version 2.0 Received: from localhost.localdomain ([192.168.1.86]) by w2kserver.workgroupsolutions.com with Microsoft SMTPSVC(5.0.2195.5329); Wed, 4 Jun 2003 15:46:09 -0700 Received: from workgroupsolutions.com (gateway.workgroupsolutions.com [192.168.1.254]) by localhost.localdomain (8.12.5/8.12.5) with ESMTP id h54Mk3Ve008589 for ; Wed, 4 Jun 2003 15:46:03 -0700 Received: from svusd.k12.ca.us ([66.124.50.2]) by gateway.workgroupsolutions.com with ESMTP id <119041>; Wed, 4 Jun 2003 15:46:06 -0700 Received: from doexchange.svusd.net ([10.1.254.3]) by gateway.svusd.k12.ca.us with ESMTP id <119073>; Wed, 4 Jun 2003 12:45:52 -1000 X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 Content-Class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C32AEB.0C717225" Disposition-Notification-To: "Chu, Warren (Information Services)" Subject: FW: chuw@svusd.k12.ca.us,We have the cheapest Viagra around Date: Wed, 4 Jun 2003 15:45:51 -0700 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: chuw@svusd.k12.ca.us,We have the cheapest Viagra around Thread-Index: AcMq6uzSqDpgIY8yQMSl6zd3ISx+RQAAEBgg From: "Chu, Warren (Information Services)" To: X-Message-is-Spam: not spam (whitelisted), SpamAssassin (score=29.7, required 4, BAYES_50, HTML_30_40, HTML_FONT_COLOR_BLUE, HTTP_USERNAME_USED, MAILTO_TO_SPAM_ADDR, NO_COST, REMOVE_PAGE, SUBJ_VIAGRA, Subj_1, USERPASS) Return-Path: CHUW@svusd.k12.ca.us X-OriginalArrivalTime: 04 Jun 2003 22:46:09.0982 (UTC) FILETIME=[17B365E0:01C32AEB] ------_=_NextPart_001_01C32AEB.0C717225 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable ------_=_NextPart_001_01C32AEB.0C717225 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable ------_=_NextPart_001_01C32AEB.0C717225-- Workgroup Solutions 20532 El Toro Rd, Suite 107 Mission Viejo, CA 92692 949 586-2200 Developers of SpamGate - MXTreme - Stop SPAM at the Gateway with the MXTreme Appliance Stop SPAM today at the Gateway! PacketShaper - Bandwidth Management for your network Centurion Guard - Write protect your desktop computers From zabriskw at ITECH.NET Thu Jun 5 15:05:36 2003 From: zabriskw at ITECH.NET (Kris Zabriskie) Date: Thu Jan 12 21:18:23 2006 Subject: message whitelisted References: Message-ID: <001601c32b6b$89e495a0$0c02a8c0@itech.dom> Damian, I am currently having the same problem and have not been able to fix it. I have been advised to check the spamassassin whitelist database. Check in your MailScanner.conf file and look to see if you have: SpamAssassin Auto Whitelist = no Past that I am affraid I can not be of any more help to you. ----- Original Message ----- From: "Damian Mendoza" To: Sent: Thursday, June 05, 2003 9:13 AM Subject: message whitelisted > message whitelisted - any idea why? > > > Maillog > > Jun 4 15:43:51 spamgate sendmail[14232]: h54MhGTP014210: to= a.us>, delay=00:00:34, xdelay=00:00:01, mailer=esmtp, pri=120857, relay=[10.1.25 > 4.3] [10.1.254.3], dsn=2.0.0, stat=Sent ( <051801c32aea$61855df0$6400a8c0@cx3429 > 83a> Queued mail for delivery) > Jun 4 15:43:51 spamgate sendmail[14232]: h54MhGTO014210: to= .k12.ca.us>, delay=00:00:35, xdelay=00:00:00, mailer=esmtp, pri=120860, relay=[1 > 0.1.254.3] [10.1.254.3], dsn=2.0.0, stat=Sent ( rennan@benefitassoc.com> Queued mail for delivery) > Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: from= nespeople.us>, size=3278, class=0, nrcpts=8, msgid=, proto > =ESMTP, daemon=MTA, relay=gateway.svusd.k12.ca.us [198.188.250.254] > Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to= a.us>, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued > Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to= k12.ca.us>, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued > Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to= .us>, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued > Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to= ca.us>, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued > Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to= a.us>, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued > Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to= .ca.us>, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued > Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to= ca.us>, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued > Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to= us>, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued > > MailScanner Whitelist > > # This is where you can build a Spam WhiteList > # Addresses matching in here, with the value > # "yes" will never be marked as spam. > From: 152.78. yes > #From: 130.246. yes > From: *@cox.net yes > From: *.k12.ca.us yes > From: *.edu yes > From: *.ca.us yes > From: *.dell.com yes > From: .*universalservice.org yes > From: *.nsba.org yes > From: *.org yes > From: *.gov yes > From: .ups.com yes > From: .fedex.com yes > From: .*techrepublic.com yes > From: .*godaddy.com yes > From: *.servepath.com yes > From: *.nationalcar.com yes > From: csuf_tvfilmsociety@yahoogroups.com yes > From: info@riskinstitute.org yes > From: TechEdNews@TechEdEvents.org yes > From: enewsletter@natsem.com yes > From: .em10.net yes > From: subscriptions@enasco.com yes > From: kelly@RIECHESBAIRD.com yes > From: K12@microsoft.com yes > From: newsflash@hvm.macromedia.com yes > From: Newsletter@schoolfacilities.com yes > From: SuePar1130@aol.com yes > From: aesparza@thermaldynamics.com yes > From: editor@englishclub.com yes > From: delfie.burgueno@ecd.com yes > From: jeanie@tstonramp.com yes > From: ascd@readexresearch.com yes > From: .sirs.com yes > From: travel@expedia.com yes > From: lebinger@nsba.org yes > From: orders@renlearn.com yes > From: .e-tips.carolina.com yes > From: *@*.afac.org yes > From: *@americawest.com yes > From: *@tamadvisors.com yes > From: *@scholastic.com yes > From: *@getthere.net yes > From: *@educatorsportal.com yes > From: *@boiseoffice.com yes > From: *@macfreefilms.com yes > From: *@*.usmc.mil yes > From: *@class-ic.com yes > FromOrTo: sales@goadulted.com yes > FromOrTo: trpenna@msn.com yes > FromOrTo: default no > > Jun 4 15:43:58 spamgate MailScanner[6614]: SpamAssassin timed out and was kille > d, consecutive failure 4 of 20 > > Microsoft Mail Internet Headers Version 2.0 > Received: from localhost.localdomain ([192.168.1.86]) by w2kserver.workgroupsolutions.com with Microsoft SMTPSVC(5.0.2195.5329); > Wed, 4 Jun 2003 15:46:09 -0700 > Received: from workgroupsolutions.com (gateway.workgroupsolutions.com [192.168.1.254]) > by localhost.localdomain (8.12.5/8.12.5) with ESMTP id h54Mk3Ve008589 > for ; Wed, 4 Jun 2003 15:46:03 -0700 > Received: from svusd.k12.ca.us ([66.124.50.2]) by gateway.workgroupsolutions.com with ESMTP id <119041>; Wed, 4 Jun 2003 15:46:06 -0700 > Received: from doexchange.svusd.net ([10.1.254.3]) by gateway.svusd.k12.ca.us with ESMTP id <119073>; Wed, 4 Jun 2003 12:45:52 -1000 > X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 > Content-Class: urn:content-classes:message > MIME-Version: 1.0 > Content-Type: multipart/alternative; > boundary="----_=_NextPart_001_01C32AEB.0C717225" > Disposition-Notification-To: "Chu, Warren (Information Services)" > Subject: FW: chuw@svusd.k12.ca.us,We have the cheapest Viagra around > Date: Wed, 4 Jun 2003 15:45:51 -0700 > Message-ID: > X-MS-Has-Attach: > X-MS-TNEF-Correlator: > Thread-Topic: chuw@svusd.k12.ca.us,We have the cheapest Viagra around > Thread-Index: AcMq6uzSqDpgIY8yQMSl6zd3ISx+RQAAEBgg > From: "Chu, Warren (Information Services)" > To: > X-Message-is-Spam: not spam (whitelisted), SpamAssassin (score=29.7, > required 4, BAYES_50, HTML_30_40, HTML_FONT_COLOR_BLUE, > HTTP_USERNAME_USED, MAILTO_TO_SPAM_ADDR, NO_COST, REMOVE_PAGE, > SUBJ_VIAGRA, Subj_1, USERPASS) > Return-Path: CHUW@svusd.k12.ca.us > X-OriginalArrivalTime: 04 Jun 2003 22:46:09.0982 (UTC) FILETIME=[17B365E0:01C32AEB] > > ------_=_NextPart_001_01C32AEB.0C717225 > Content-Type: text/plain; > charset="us-ascii" > Content-Transfer-Encoding: quoted-printable > > ------_=_NextPart_001_01C32AEB.0C717225 > Content-Type: text/html; > charset="us-ascii" > Content-Transfer-Encoding: quoted-printable > > > ------_=_NextPart_001_01C32AEB.0C717225-- > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Workgroup Solutions > 20532 El Toro Rd, Suite 107 > Mission Viejo, CA 92692 > 949 586-2200 > Developers of SpamGate - > MXTreme - Stop SPAM at the Gateway with the MXTreme Appliance Stop SPAM today at the Gateway! > > PacketShaper - Bandwidth Management for your network > Centurion Guard - Write protect your desktop computers > > From raymond at PROLOCATION.NET Thu Jun 5 15:26:35 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:23 2006 Subject: NDR delivery In-Reply-To: Message-ID: Hi! > Jun 5 10:14:55 spambox MailScanner[17484]: Syntax error in line 896, value > "store /etc/MailScanner/rules/deliver.rules" for hamactions is not one of > allowed values > "bounce","attachment","store","deliver","delete","forward","striphtml" What version are you running ? Would help ... Beta release 4.21: - any of the spam actions can now be applied to non-spam. This means you can archive non-spam, among other things. You can't "bounce" non-spam. If its a version earlier that might explain. Bye, Raymond. From MWeiner at AG.COM Thu Jun 5 15:22:04 2003 From: MWeiner at AG.COM (MW Mike Weiner (5028)) Date: Thu Jan 12 21:18:23 2006 Subject: NDR delivery Message-ID: OK, I have the following Action rules in MailScanner.conf (I take It that's where you meant me to set that up): Spam Actions = store /etc/MailScanner/rules/deliver.rules High Scoring Spam Actions = store /etc/MailScanner/rules/deliver.rules Non Spam Actions = store /etc/MailScanner/rules/deliver.rules and am getting the following: Jun 5 10:14:55 spambox MailScanner[17484]: Syntax error in line 896, value "store /etc/MailScanner/rules/deliver.rules" for hamactions is not one of allowed values "bounce","attachment","store","deliver","delete","forward","striphtml" And Jun 5 10:20:36 spambox MailScanner[18370]: Syntax error in line 883, value "store /etc/MailScanner/rules/deliver.rules" for highscorespamactions is not one of allowed values "bounce","attachment","store","deliver","delete","forward","striphtml" Is this the behavior I should be seeing??? I have yet to see that error message for SPAM Michael Weiner -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: Wednesday, June 04, 2003 5:50 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: NDR delivery At 22:58 03/06/2003, you wrote: >I am still unsure what the syntax of the deliver rules will look like. I >can set the Spam and Nonspam Action rulesets up to delet eby default, >butt where do the delivery rules go, and what format would they take? You could set all 3 of the "Actions" settings to the same rules file to start with. Make it look like this: FromOrTo: default delete FromOrTo: user1 deliver FromOrTo: user2 deliver Then it will delete all mail for anyone other than user1 and user2. >Thanks >Michael Weinre >-- >On Tue, 2003-06-03 at 10:00, Julian Field wrote: > > This is the job of the MTA, not MailScanner. > > If there aren't many users, you could knock up something with a Spam > > Actions ruleset and a Non Spam Actions ruleset (set the default to "delete" > > and create explicit "deliver" rules for the users who actually exist). > -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From damian at WORKGROUPSOLUTIONS.COM Thu Jun 5 15:36:21 2003 From: damian at WORKGROUPSOLUTIONS.COM (Damian Mendoza) Date: Thu Jan 12 21:18:24 2006 Subject: message whitelisted Message-ID: Kris, How often does it happen? AWL = no in MailScanner.conf Thanks, Damian Workgroup Solutions 20532 El Toro Rd, Suite 107 Mission Viejo, CA 92692 949 586-2200 -----Original Message----- From: Kris Zabriskie [mailto:zabriskw@ITECH.NET] Sent: Thursday, June 05, 2003 7:06 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: message whitelisted Damian, I am currently having the same problem and have not been able to fix it. I have been advised to check the spamassassin whitelist database. Check in your MailScanner.conf file and look to see if you have: SpamAssassin Auto Whitelist = no Past that I am affraid I can not be of any more help to you. ----- Original Message ----- From: "Damian Mendoza" To: Sent: Thursday, June 05, 2003 9:13 AM Subject: message whitelisted > message whitelisted - any idea why? > > > Maillog > > Jun 4 15:43:51 spamgate sendmail[14232]: h54MhGTP014210: to= a.us>, delay=00:00:34, xdelay=00:00:01, mailer=esmtp, pri=120857, relay=[10.1.25 > 4.3] [10.1.254.3], dsn=2.0.0, stat=Sent ( <051801c32aea$61855df0$6400a8c0@cx3429 > 83a> Queued mail for delivery) > Jun 4 15:43:51 spamgate sendmail[14232]: h54MhGTO014210: to= .k12.ca.us>, delay=00:00:35, xdelay=00:00:00, mailer=esmtp, pri=120860, relay=[1 > 0.1.254.3] [10.1.254.3], dsn=2.0.0, stat=Sent ( rennan@benefitassoc.com> Queued mail for delivery) > Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: from= nespeople.us>, size=3278, class=0, nrcpts=8, msgid=, proto > =ESMTP, daemon=MTA, relay=gateway.svusd.k12.ca.us [198.188.250.254] > Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to= a.us>, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued > Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to= k12.ca.us>, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued > Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to= .us>, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued > Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to= ca.us>, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued > Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to= a.us>, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued > Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to= .ca.us>, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued > Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to= ca.us>, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued > Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: to= us>, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued > > MailScanner Whitelist > > # This is where you can build a Spam WhiteList > # Addresses matching in here, with the value > # "yes" will never be marked as spam. > From: 152.78. yes > #From: 130.246. yes > From: *@cox.net yes > From: *.k12.ca.us yes > From: *.edu yes > From: *.ca.us yes > From: *.dell.com yes > From: .*universalservice.org yes > From: *.nsba.org yes > From: *.org yes > From: *.gov yes > From: .ups.com yes > From: .fedex.com yes > From: .*techrepublic.com yes > From: .*godaddy.com yes > From: *.servepath.com yes > From: *.nationalcar.com yes > From: csuf_tvfilmsociety@yahoogroups.com yes > From: info@riskinstitute.org yes > From: TechEdNews@TechEdEvents.org yes > From: enewsletter@natsem.com yes > From: .em10.net yes > From: subscriptions@enasco.com yes > From: kelly@RIECHESBAIRD.com yes > From: K12@microsoft.com yes > From: newsflash@hvm.macromedia.com yes > From: Newsletter@schoolfacilities.com yes > From: SuePar1130@aol.com yes > From: aesparza@thermaldynamics.com yes > From: editor@englishclub.com yes > From: delfie.burgueno@ecd.com yes > From: jeanie@tstonramp.com yes > From: ascd@readexresearch.com yes > From: .sirs.com yes > From: travel@expedia.com yes > From: lebinger@nsba.org yes > From: orders@renlearn.com yes > From: .e-tips.carolina.com yes > From: *@*.afac.org yes > From: *@americawest.com yes > From: *@tamadvisors.com yes > From: *@scholastic.com yes > From: *@getthere.net yes > From: *@educatorsportal.com yes > From: *@boiseoffice.com yes > From: *@macfreefilms.com yes > From: *@*.usmc.mil yes > From: *@class-ic.com yes > FromOrTo: sales@goadulted.com yes > FromOrTo: trpenna@msn.com yes > FromOrTo: default no > > Jun 4 15:43:58 spamgate MailScanner[6614]: SpamAssassin timed out and was kille > d, consecutive failure 4 of 20 > > Microsoft Mail Internet Headers Version 2.0 > Received: from localhost.localdomain ([192.168.1.86]) by w2kserver.workgroupsolutions.com with Microsoft SMTPSVC(5.0.2195.5329); > Wed, 4 Jun 2003 15:46:09 -0700 > Received: from workgroupsolutions.com (gateway.workgroupsolutions.com [192.168.1.254]) > by localhost.localdomain (8.12.5/8.12.5) with ESMTP id h54Mk3Ve008589 > for ; Wed, 4 Jun 2003 15:46:03 -0700 > Received: from svusd.k12.ca.us ([66.124.50.2]) by gateway.workgroupsolutions.com with ESMTP id <119041>; Wed, 4 Jun 2003 15:46:06 -0700 > Received: from doexchange.svusd.net ([10.1.254.3]) by gateway.svusd.k12.ca.us with ESMTP id <119073>; Wed, 4 Jun 2003 12:45:52 -1000 > X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 > Content-Class: urn:content-classes:message > MIME-Version: 1.0 > Content-Type: multipart/alternative; > boundary="----_=_NextPart_001_01C32AEB.0C717225" > Disposition-Notification-To: "Chu, Warren (Information Services)" > Subject: FW: chuw@svusd.k12.ca.us,We have the cheapest Viagra around > Date: Wed, 4 Jun 2003 15:45:51 -0700 > Message-ID: > X-MS-Has-Attach: > X-MS-TNEF-Correlator: > Thread-Topic: chuw@svusd.k12.ca.us,We have the cheapest Viagra around > Thread-Index: AcMq6uzSqDpgIY8yQMSl6zd3ISx+RQAAEBgg > From: "Chu, Warren (Information Services)" > To: > X-Message-is-Spam: not spam (whitelisted), SpamAssassin (score=29.7, > required 4, BAYES_50, HTML_30_40, HTML_FONT_COLOR_BLUE, > HTTP_USERNAME_USED, MAILTO_TO_SPAM_ADDR, NO_COST, REMOVE_PAGE, > SUBJ_VIAGRA, Subj_1, USERPASS) > Return-Path: CHUW@svusd.k12.ca.us > X-OriginalArrivalTime: 04 Jun 2003 22:46:09.0982 (UTC) FILETIME=[17B365E0:01C32AEB] > > ------_=_NextPart_001_01C32AEB.0C717225 > Content-Type: text/plain; > charset="us-ascii" > Content-Transfer-Encoding: quoted-printable > > ------_=_NextPart_001_01C32AEB.0C717225 > Content-Type: text/html; > charset="us-ascii" > Content-Transfer-Encoding: quoted-printable > > > ------_=_NextPart_001_01C32AEB.0C717225-- > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Workgroup Solutions > 20532 El Toro Rd, Suite 107 > Mission Viejo, CA 92692 > 949 586-2200 > Developers of SpamGate - > MXTreme - Stop SPAM at the Gateway with the MXTreme Appliance Stop SPAM today at the Gateway! > > PacketShaper - Bandwidth Management for your network > Centurion Guard - Write protect your desktop computers > > From MWeiner at AG.COM Thu Jun 5 15:31:38 2003 From: MWeiner at AG.COM (MW Mike Weiner (5028)) Date: Thu Jan 12 21:18:24 2006 Subject: NDR delivery Message-ID: Thanks for your response, this is 4.21-9 I believe, and yes, I have been taking advantage of the "store" for non-spam to assist in the bayesian training. Love that feature. Michael Weiner -----Original Message----- From: Raymond Dijkxhoorn [mailto:raymond@PROLOCATION.NET] Sent: Thursday, June 05, 2003 10:27 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: NDR delivery Hi! > Jun 5 10:14:55 spambox MailScanner[17484]: Syntax error in line 896, value > "store /etc/MailScanner/rules/deliver.rules" for hamactions is not one of > allowed values > "bounce","attachment","store","deliver","delete","forward","striphtml" What version are you running ? Would help ... Beta release 4.21: - any of the spam actions can now be applied to non-spam. This means you can archive non-spam, among other things. You can't "bounce" non-spam. If its a version earlier that might explain. Bye, Raymond. From zabriskw at ITECH.NET Thu Jun 5 15:43:19 2003 From: zabriskw at ITECH.NET (Kris Zabriskie) Date: Thu Jan 12 21:18:24 2006 Subject: message whitelisted References: Message-ID: <000401c32b70$cec786a0$0c02a8c0@itech.dom> Damian, I would say maybe 5 times a day for each email account we have. The best way to find out is just grep your mail.log and it would be able to tell ya. The envelope addresses that I am getting them from is: yahoo.com compaq.net usa.com 21cn.com email.com hotmail.com yeah.net eureka.net I have done reverse DNS lookups off of the mailservers that they are coming from and they do not resolve to anything, which goes again RFC compliance for a MailServer. You can try to configure sendmail or whatever you are using to only accept mail from mail servers that can be reverse lookup resolved, but that will seriously hinder your ability to receive mail from lots of different mailservers, because there are a LOT of MailServers that are NOT RFC compliant. I can't be much more help, I am sorry. ----- Original Message ----- From: "Damian Mendoza" To: Sent: Thursday, June 05, 2003 10:36 AM Subject: Re: message whitelisted > Kris, > > How often does it happen? AWL = no in MailScanner.conf > > Thanks, > > Damian > > Workgroup Solutions > 20532 El Toro Rd, Suite 107 > Mission Viejo, CA 92692 > 949 586-2200 > > > > > > -----Original Message----- > From: Kris Zabriskie [mailto:zabriskw@ITECH.NET] > Sent: Thursday, June 05, 2003 7:06 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: message whitelisted > > > Damian, > I am currently having the same problem and have not been able to fix it. I > have been advised to check the spamassassin whitelist database. Check in > your MailScanner.conf file and look to see if you have: > > SpamAssassin Auto Whitelist = no > > Past that I am affraid I can not be of any more help to you. > > > ----- Original Message ----- > From: "Damian Mendoza" > To: > Sent: Thursday, June 05, 2003 9:13 AM > Subject: message whitelisted > > > > message whitelisted - any idea why? > > > > > > Maillog > > > > Jun 4 15:43:51 spamgate sendmail[14232]: h54MhGTP014210: > to= > a.us>, delay=00:00:34, xdelay=00:00:01, mailer=esmtp, pri=120857, > relay=[10.1.25 > > 4.3] [10.1.254.3], dsn=2.0.0, stat=Sent ( > <051801c32aea$61855df0$6400a8c0@cx3429 > > 83a> Queued mail for delivery) > > Jun 4 15:43:51 spamgate sendmail[14232]: h54MhGTO014210: > to= > .k12.ca.us>, delay=00:00:35, xdelay=00:00:00, mailer=esmtp, pri=120860, > relay=[1 > > 0.1.254.3] [10.1.254.3], dsn=2.0.0, stat=Sent ( > > rennan@benefitassoc.com> Queued mail for delivery) > > Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: > from= > nespeople.us>, size=3278, class=0, nrcpts=8, msgid=, > proto > > =ESMTP, daemon=MTA, relay=gateway.svusd.k12.ca.us [198.188.250.254] > > Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: > to= > a.us>, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued > > Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: > to= > k12.ca.us>, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued > > Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: > to= > .us>, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued > > Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: > to= > ca.us>, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued > > Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: > to= > a.us>, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued > > Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: > to= > .ca.us>, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued > > Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: > to= > ca.us>, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued > > Jun 4 15:43:57 spamgate sendmail[14224]: h54MhbTP014224: > to= > us>, delay=00:00:00, mailer=esmtp, pri=240882, stat=queued > > > > MailScanner Whitelist > > > > # This is where you can build a Spam WhiteList > > # Addresses matching in here, with the value > > # "yes" will never be marked as spam. > > From: 152.78. yes > > #From: 130.246. yes > > From: *@cox.net yes > > From: *.k12.ca.us yes > > From: *.edu yes > > From: *.ca.us yes > > From: *.dell.com yes > > From: .*universalservice.org yes > > From: *.nsba.org yes > > From: *.org yes > > From: *.gov yes > > From: .ups.com yes > > From: .fedex.com yes > > From: .*techrepublic.com yes > > From: .*godaddy.com yes > > From: *.servepath.com yes > > From: *.nationalcar.com yes > > From: csuf_tvfilmsociety@yahoogroups.com yes > > From: info@riskinstitute.org yes > > From: TechEdNews@TechEdEvents.org yes > > From: enewsletter@natsem.com yes > > From: .em10.net yes > > From: subscriptions@enasco.com yes > > From: kelly@RIECHESBAIRD.com yes > > From: K12@microsoft.com yes > > From: newsflash@hvm.macromedia.com yes > > From: Newsletter@schoolfacilities.com yes > > From: SuePar1130@aol.com yes > > From: aesparza@thermaldynamics.com yes > > From: editor@englishclub.com yes > > From: delfie.burgueno@ecd.com yes > > From: jeanie@tstonramp.com yes > > From: ascd@readexresearch.com yes > > From: .sirs.com yes > > From: travel@expedia.com yes > > From: lebinger@nsba.org yes > > From: orders@renlearn.com yes > > From: .e-tips.carolina.com yes > > From: *@*.afac.org yes > > From: *@americawest.com yes > > From: *@tamadvisors.com yes > > From: *@scholastic.com yes > > From: *@getthere.net yes > > From: *@educatorsportal.com yes > > From: *@boiseoffice.com yes > > From: *@macfreefilms.com yes > > From: *@*.usmc.mil yes > > From: *@class-ic.com yes > > FromOrTo: sales@goadulted.com yes > > FromOrTo: trpenna@msn.com yes > > FromOrTo: default no > > > > Jun 4 15:43:58 spamgate MailScanner[6614]: SpamAssassin timed out and was > kille > > d, consecutive failure 4 of 20 > > > > Microsoft Mail Internet Headers Version 2.0 > > Received: from localhost.localdomain ([192.168.1.86]) by > w2kserver.workgroupsolutions.com with Microsoft SMTPSVC(5.0.2195.5329); > > Wed, 4 Jun 2003 15:46:09 -0700 > > Received: from workgroupsolutions.com (gateway.workgroupsolutions.com > [192.168.1.254]) > > by localhost.localdomain (8.12.5/8.12.5) with ESMTP id > h54Mk3Ve008589 > > for ; Wed, 4 Jun 2003 > 15:46:03 -0700 > > Received: from svusd.k12.ca.us ([66.124.50.2]) by > gateway.workgroupsolutions.com with ESMTP id <119041>; Wed, 4 Jun 2003 > 15:46:06 -0700 > > Received: from doexchange.svusd.net ([10.1.254.3]) by > gateway.svusd.k12.ca.us with ESMTP id <119073>; Wed, 4 Jun 2003 > 12:45:52 -1000 > > X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 > > Content-Class: urn:content-classes:message > > MIME-Version: 1.0 > > Content-Type: multipart/alternative; > > boundary="----_=_NextPart_001_01C32AEB.0C717225" > > Disposition-Notification-To: "Chu, Warren (Information Services)" > > > Subject: FW: chuw@svusd.k12.ca.us,We have the cheapest Viagra around > > Date: Wed, 4 Jun 2003 15:45:51 -0700 > > Message-ID: > > > X-MS-Has-Attach: > > X-MS-TNEF-Correlator: > > Thread-Topic: chuw@svusd.k12.ca.us,We have the cheapest Viagra around > > Thread-Index: AcMq6uzSqDpgIY8yQMSl6zd3ISx+RQAAEBgg > > From: "Chu, Warren (Information Services)" > > To: > > X-Message-is-Spam: not spam (whitelisted), SpamAssassin (score=29.7, > > required 4, BAYES_50, HTML_30_40, HTML_FONT_COLOR_BLUE, > > HTTP_USERNAME_USED, MAILTO_TO_SPAM_ADDR, NO_COST, REMOVE_PAGE, > > SUBJ_VIAGRA, Subj_1, USERPASS) > > Return-Path: CHUW@svusd.k12.ca.us > > X-OriginalArrivalTime: 04 Jun 2003 22:46:09.0982 (UTC) > FILETIME=[17B365E0:01C32AEB] > > > > ------_=_NextPart_001_01C32AEB.0C717225 > > Content-Type: text/plain; > > charset="us-ascii" > > Content-Transfer-Encoding: quoted-printable > > > > ------_=_NextPart_001_01C32AEB.0C717225 > > Content-Type: text/html; > > charset="us-ascii" > > Content-Transfer-Encoding: quoted-printable > > > > > > ------_=_NextPart_001_01C32AEB.0C717225-- > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Workgroup Solutions > > 20532 El Toro Rd, Suite 107 > > Mission Viejo, CA 92692 > > 949 586-2200 > > Developers of SpamGate - > > MXTreme - Stop SPAM at the Gateway with the MXTreme Appliance Stop SPAM > today at the Gateway! > > > > PacketShaper - Bandwidth Management for your network > > Centurion Guard - Write protect your desktop computers > > > > > > From ryan.henry.ml at EPSIIA.COM Thu Jun 5 16:12:25 2003 From: ryan.henry.ml at EPSIIA.COM (Ryan Henry [mailing list]) Date: Thu Jan 12 21:18:24 2006 Subject: new install - cannot call method bodyhandle in Message.pm Message-ID: <3EDF5DD9.2040601@EPSIIA.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Just installed latest version of mailscanner and receive the following error when starting. Anyone have any info on how to begin debuging this? Starting MailScanner... In Debugging mode, not forking... Can't call method "bodyhandle" on an undefined value at /opt/MailScanner/lib/MailScanner/Message.pm line 898. Thanks, - -Ryan -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE+313YduH5kxQ36MARAlMyAKCTJuiWO2dRlr1XdgNkdI1Jvx9uYwCfdZTo RQ/elb5Q57malblJE1jOvrk= =37Kg -----END PGP SIGNATURE----- From MWeiner at AG.COM Thu Jun 5 16:20:31 2003 From: MWeiner at AG.COM (MW Mike Weiner (5028)) Date: Thu Jan 12 21:18:24 2006 Subject: NDR delivery Message-ID: Ooops I stand corrected, now I see the same error for the SPAM actions Jun 5 11:18:55 spambox MailScanner[29416]: Syntax error in line 861, value "store /etc/MailScanner/rules/deliver.rules" for spamactions is not one of allowed values "bounce","attachment","store","deliver","delete","forward","striphtml" Any ideas?? Michael Weiner -----Original Message----- From: MW Mike Weiner (5028) [mailto:MWeiner@AG.COM] Sent: Thursday, June 05, 2003 10:32 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: NDR delivery Thanks for your response, this is 4.21-9 I believe, and yes, I have been taking advantage of the "store" for non-spam to assist in the bayesian training. Love that feature. Michael Weiner -----Original Message----- From: Raymond Dijkxhoorn [mailto:raymond@PROLOCATION.NET] Sent: Thursday, June 05, 2003 10:27 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: NDR delivery Hi! > Jun 5 10:14:55 spambox MailScanner[17484]: Syntax error in line 896, value > "store /etc/MailScanner/rules/deliver.rules" for hamactions is not one of > allowed values > "bounce","attachment","store","deliver","delete","forward","striphtml" What version are you running ? Would help ... Beta release 4.21: - any of the spam actions can now be applied to non-spam. This means you can archive non-spam, among other things. You can't "bounce" non-spam. If its a version earlier that might explain. Bye, Raymond. From Denis.Beauchemin at USHERBROOKE.CA Thu Jun 5 16:28:18 2003 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:18:24 2006 Subject: NDR delivery In-Reply-To: References: Message-ID: <1054826897.22566.63.camel@dbeauchemin.si.usherbrooke.ca> Mike, I believe you should rather have: Spam Actions = /etc/MailScanner/rules/deliver.rules High Scoring Spam Actions = /etc/MailScanner/rules/deliver.rules Non Spam Actions = /etc/MailScanner/rules/deliver.rules and put the store keyword in the rules files: cat /etc/MailScanner/rules/deliver.rules To: somewhere.com store deliver Denis Le jeu 05/06/2003 ? 11:20, MW Mike Weiner (5028) a ?crit : > Ooops I stand corrected, now I see the same error for the SPAM actions > > Jun 5 11:18:55 spambox MailScanner[29416]: Syntax error in line 861, value > "store /etc/MailScanner/rules/deliver.rules" for spamactions is not one of > allowed values > "bounce","attachment","store","deliver","delete","forward","striphtml" > > Any ideas?? > > Michael Weiner > > -----Original Message----- > From: MW Mike Weiner (5028) [mailto:MWeiner@AG.COM] > Sent: Thursday, June 05, 2003 10:32 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: NDR delivery > > Thanks for your response, this is 4.21-9 I believe, and yes, I have been > taking advantage of the "store" for non-spam to assist in the bayesian > training. Love that feature. > > Michael Weiner > > -----Original Message----- > From: Raymond Dijkxhoorn [mailto:raymond@PROLOCATION.NET] > Sent: Thursday, June 05, 2003 10:27 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: NDR delivery > > Hi! > > > Jun 5 10:14:55 spambox MailScanner[17484]: Syntax error in line 896, > value > > "store /etc/MailScanner/rules/deliver.rules" for hamactions is not one of > > allowed values > > "bounce","attachment","store","deliver","delete","forward","striphtml" > > What version are you running ? Would help ... > > Beta release 4.21: > > - any of the spam actions can now be applied to non-spam. This means you > can archive non-spam, among other things. You can't "bounce" non-spam. > > If its a version earlier that might explain. > > Bye, > Raymond. -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x2252 F: 819.821.8045 From MWeiner at AG.COM Thu Jun 5 16:38:53 2003 From: MWeiner at AG.COM (MW Mike Weiner (5028)) Date: Thu Jan 12 21:18:24 2006 Subject: NDR delivery Message-ID: Trying that now, sir, thank you very much for your response Michael Weiner -----Original Message----- From: Denis Beauchemin [mailto:Denis.Beauchemin@USHERBROOKE.CA] Sent: Thursday, June 05, 2003 11:28 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: NDR delivery Mike, I believe you should rather have: Spam Actions = /etc/MailScanner/rules/deliver.rules High Scoring Spam Actions = /etc/MailScanner/rules/deliver.rules Non Spam Actions = /etc/MailScanner/rules/deliver.rules and put the store keyword in the rules files: cat /etc/MailScanner/rules/deliver.rules To: somewhere.com store deliver Denis Le jeu 05/06/2003 ? 11:20, MW Mike Weiner (5028) a ?crit : > Ooops I stand corrected, now I see the same error for the SPAM actions > > Jun 5 11:18:55 spambox MailScanner[29416]: Syntax error in line 861, value > "store /etc/MailScanner/rules/deliver.rules" for spamactions is not one of > allowed values > "bounce","attachment","store","deliver","delete","forward","striphtml" > > Any ideas?? > > Michael Weiner > > -----Original Message----- > From: MW Mike Weiner (5028) [mailto:MWeiner@AG.COM] > Sent: Thursday, June 05, 2003 10:32 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: NDR delivery > > Thanks for your response, this is 4.21-9 I believe, and yes, I have been > taking advantage of the "store" for non-spam to assist in the bayesian > training. Love that feature. > > Michael Weiner > > -----Original Message----- > From: Raymond Dijkxhoorn [mailto:raymond@PROLOCATION.NET] > Sent: Thursday, June 05, 2003 10:27 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: NDR delivery > > Hi! > > > Jun 5 10:14:55 spambox MailScanner[17484]: Syntax error in line 896, > value > > "store /etc/MailScanner/rules/deliver.rules" for hamactions is not one of > > allowed values > > "bounce","attachment","store","deliver","delete","forward","striphtml" > > What version are you running ? Would help ... > > Beta release 4.21: > > - any of the spam actions can now be applied to non-spam. This means you > can archive non-spam, among other things. You can't "bounce" non-spam. > > If its a version earlier that might explain. > > Bye, > Raymond. -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x2252 F: 819.821.8045 From dean.plant at ROKE.CO.UK Thu Jun 5 16:40:02 2003 From: dean.plant at ROKE.CO.UK (Plant, Dean) Date: Thu Jan 12 21:18:24 2006 Subject: F-prot says I need the mail server license Message-ID: <76C92FBBFB58D411AE760090271ED41805B33A62@rsys002a.roke.co.uk> F-prot have advised me that I will need to use the mail server pricing model for use with Mailscanner which means I will have to look at other virus scanners. Can anyone advise the next best choice for use with Mailscanner preferably based on a per server basis. Thanks Dean Plant Reply from F-Prot Dear Dean Plant, Thank you very much for your mail. For this purpose you would need to purchase a license for our Mail Server version. The license fee for F-Prot Antivirus for Linux Mail Servers is based on the number of mailboxes that the license should cover. Our website offers you the possibility to calculate the license fee for various numbers of mailboxes. Please access the calculator from the following path: http://www.f-prot.com/products/corporate_users/unix/linux/mailserver.html If you need price information for a license covering more than 5000 mailboxes, please contact us again with the exact number of mailboxes that the license should cover. Best regards, Kristin Hardardottir F-Prot Antivirus Sales Department sales@f-prot.com http://www.f-prot.com Tel: +354-540-7400 Fax: +354-540-7401 Frisk Software International Postholf 7180 IS-127 Reykjavik Iceland When replying, please copy your entire previous message/thread. Use the reply function of your e-mail program in order to keep the same subject of our response (including the tracking number). Otherwise your message may be delayed. If you are interested in receiving an e-mail notice when updates and new versions are released then you can subscribe at http://alerts.f-prot.com > -----Original Message----- > From: Plant, Dean [mailto:dean.plant@roke.co.uk] > Sent: 4. j?n? 2003 10:47 > To: 'sales@f-prot.com' > Subject: FW: FRISK-S-20030530-0027 (f-prot for Linux) > > I have a Linux file server that acts as a mail proxy and I would like to use f-prot to > scan mail passing through the proxy (There are no mailboxes on the server). Will > the F-Prot Antivirus for Linux File Servers license allow this. > > Thanks > > Dean Plant -------------- next part -------------- Registered Office: Roke Manor Research Ltd, Siemens House, Oldbury, Bracknell, Berkshire. RG12 8FZ The information contained in this e-mail and any attachments is confidential to Roke Manor Research Ltd and must not be passed to any third party without permission. This communication is for information only and shall not create or change any contractual relationship. From Andrew.Magnusson at COCC.COM Thu Jun 5 16:48:36 2003 From: Andrew.Magnusson at COCC.COM (Magnusson, Andrew) Date: Thu Jan 12 21:18:24 2006 Subject: F-prot says I need the mail server license Message-ID: Oh, those crazy Icelandic virus protection corporations... Looks like they're saying we'd need the mail-server version of F-prot which is licensed on a 'per-mailbox' basis. Andrew Magnusson Internet Product Analyst COCC 1-877-678-0444 extension 640 -----Original Message----- From: Plant, Dean [mailto:dean.plant@ROKE.CO.UK] Sent: Thursday, June 05, 2003 11:40 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: F-prot says I need the mail server license F-prot have advised me that I will need to use the mail server pricing model for use with Mailscanner which means I will have to look at other virus scanners. Can anyone advise the next best choice for use with Mailscanner preferably based on a per server basis. Thanks Dean Plant Reply from F-Prot Dear Dean Plant, Thank you very much for your mail. For this purpose you would need to purchase a license for our Mail Server version. The license fee for F-Prot Antivirus for Linux Mail Servers is based on the number of mailboxes that the license should cover. Our website offers you the possibility to calculate the license fee for various numbers of mailboxes. Please access the calculator from the following path: http://www.f-prot.com/products/corporate_users/unix/linux/mailserver.html If you need price information for a license covering more than 5000 mailboxes, please contact us again with the exact number of mailboxes that the license should cover. Best regards, Kristin Hardardottir F-Prot Antivirus Sales Department sales@f-prot.com http://www.f-prot.com Tel: +354-540-7400 Fax: +354-540-7401 Frisk Software International Postholf 7180 IS-127 Reykjavik Iceland When replying, please copy your entire previous message/thread. Use the reply function of your e-mail program in order to keep the same subject of our response (including the tracking number). Otherwise your message may be delayed. If you are interested in receiving an e-mail notice when updates and new versions are released then you can subscribe at http://alerts.f-prot.com > -----Original Message----- > From: Plant, Dean [mailto:dean.plant@roke.co.uk] > Sent: 4. j?n? 2003 10:47 > To: 'sales@f-prot.com' > Subject: FW: FRISK-S-20030530-0027 (f-prot for Linux) > > I have a Linux file server that acts as a mail proxy and I would like to use f-prot to > scan mail passing through the proxy (There are no mailboxes on the server). Will > the F-Prot Antivirus for Linux File Servers license allow this. > > Thanks > > Dean Plant *** This message originates from COCC, Inc. If the reader of this message, regardless of the address or routing, is not an intended recipient, you are hereby notified that you have received this transmittal in error and any review; use, distribution, dissemination or copying is strictly prohibited. If you have received this message in error, please delete this e-mail and all files transmitted with it from your system and immediately notify COCC, Inc. by sending reply e-mail to the sender of this message. Thank you. *** From rich at MAIL.WVNET.EDU Thu Jun 5 17:01:27 2003 From: rich at MAIL.WVNET.EDU (Richard Lynch) Date: Thu Jan 12 21:18:24 2006 Subject: F-prot says I need the mail server license In-Reply-To: References: Message-ID: <1054828887.4754.9.camel@rich.wvn.wvnet.edu> As far as I'm concerned my answer is that we have zero mailboxes on the server. I'm using it to scan files only not e-mail. How the files got to my box is irrelevant. I think it's important to make the distinction between scanning mail and scanning files. The minute a sales person here's mailboxes they smell big money. That is not what MailScanner is doing... it only scans files on a server. -- Rich On Thu, 2003-06-05 at 11:48, Magnusson, Andrew wrote: > Oh, those crazy Icelandic virus protection corporations... Looks like > they're saying we'd need the mail-server version of F-prot which is licensed > on a 'per-mailbox' basis. > > Andrew Magnusson > Internet Product Analyst > COCC > 1-877-678-0444 extension 640 > > > > -----Original Message----- > From: Plant, Dean [mailto:dean.plant@ROKE.CO.UK] > Sent: Thursday, June 05, 2003 11:40 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: F-prot says I need the mail server license > > > F-prot have advised me that I will need to use the mail server pricing model > for use with Mailscanner which means I will have to look at other virus > scanners. > > Can anyone advise the next best choice for use with Mailscanner preferably > based on a per server basis. > > Thanks > > Dean Plant > > > Reply from F-Prot > > Dear Dean Plant, > > Thank you very much for your mail. > > For this purpose you would need to purchase a license for our Mail Server > version. > > The license fee for F-Prot Antivirus for Linux Mail Servers is based on the > number of mailboxes that the license should cover. Our website offers you > the possibility to calculate the license fee for various numbers of > mailboxes. Please access the calculator from the following path: > > http://www.f-prot.com/products/corporate_users/unix/linux/mailserver.html > > If you need price information for a license covering more than 5000 > mailboxes, please contact us again with the exact number of mailboxes that > the license should cover. > > Best regards, > Kristin Hardardottir > F-Prot Antivirus Sales Department > > sales@f-prot.com > http://www.f-prot.com > Tel: +354-540-7400 > Fax: +354-540-7401 > > Frisk Software International > Postholf 7180 > IS-127 Reykjavik > Iceland > > When replying, please copy your entire previous message/thread. > > Use the reply function of your e-mail program in order to keep the same > subject of our response (including the tracking number). Otherwise your > message may be delayed. > > If you are interested in receiving an e-mail notice when updates and new > versions are released then you can subscribe at http://alerts.f-prot.com > > > > -----Original Message----- > > From: Plant, Dean [mailto:dean.plant@roke.co.uk] > > Sent: 4. j?n? 2003 10:47 > > To: 'sales@f-prot.com' > > Subject: FW: FRISK-S-20030530-0027 (f-prot for Linux) > > > > I have a Linux file server that acts as a mail proxy and I would like to > use f-prot to > > scan mail passing through the proxy (There are no mailboxes on the > server). Will > > the F-Prot Antivirus for Linux File Servers license allow this. > > > > Thanks > > > > Dean Plant > > *** This message originates from COCC, Inc. > > If the reader of this message, regardless of the address or routing, is not an intended recipient, you are hereby notified that you have received this transmittal in error and any review; use, distribution, dissemination or copying is strictly prohibited. If you have received this message in error, please delete this e-mail and all files transmitted with it from your system and immediately notify COCC, Inc. by sending reply e-mail to the sender of this message. > > Thank you. *** -- Richard Lynch From Andrew.Magnusson at COCC.COM Thu Jun 5 16:58:25 2003 From: Andrew.Magnusson at COCC.COM (Magnusson, Andrew) Date: Thu Jan 12 21:18:24 2006 Subject: F-prot says I need the mail server license Message-ID: Whoops. Didn't mean to send this to the list. But my point stands. Andrew Magnusson Internet Product Analyst COCC 1-877-678-0444 extension 640 -----Original Message----- From: Magnusson, Andrew Sent: Thursday, June 05, 2003 11:49 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: F-prot says I need the mail server license Oh, those crazy Icelandic virus protection corporations... Looks like they're saying we'd need the mail-server version of F-prot which is licensed on a 'per-mailbox' basis. Andrew Magnusson Internet Product Analyst COCC 1-877-678-0444 extension 640 -----Original Message----- From: Plant, Dean [mailto:dean.plant@ROKE.CO.UK] Sent: Thursday, June 05, 2003 11:40 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: F-prot says I need the mail server license F-prot have advised me that I will need to use the mail server pricing model for use with Mailscanner which means I will have to look at other virus scanners. Can anyone advise the next best choice for use with Mailscanner preferably based on a per server basis. Thanks Dean Plant Reply from F-Prot Dear Dean Plant, Thank you very much for your mail. For this purpose you would need to purchase a license for our Mail Server version. The license fee for F-Prot Antivirus for Linux Mail Servers is based on the number of mailboxes that the license should cover. Our website offers you the possibility to calculate the license fee for various numbers of mailboxes. Please access the calculator from the following path: http://www.f-prot.com/products/corporate_users/unix/linux/mailserver.html If you need price information for a license covering more than 5000 mailboxes, please contact us again with the exact number of mailboxes that the license should cover. Best regards, Kristin Hardardottir F-Prot Antivirus Sales Department sales@f-prot.com http://www.f-prot.com Tel: +354-540-7400 Fax: +354-540-7401 Frisk Software International Postholf 7180 IS-127 Reykjavik Iceland When replying, please copy your entire previous message/thread. Use the reply function of your e-mail program in order to keep the same subject of our response (including the tracking number). Otherwise your message may be delayed. If you are interested in receiving an e-mail notice when updates and new versions are released then you can subscribe at http://alerts.f-prot.com > -----Original Message----- > From: Plant, Dean [mailto:dean.plant@roke.co.uk] > Sent: 4. j?n? 2003 10:47 > To: 'sales@f-prot.com' > Subject: FW: FRISK-S-20030530-0027 (f-prot for Linux) > > I have a Linux file server that acts as a mail proxy and I would like to use f-prot to > scan mail passing through the proxy (There are no mailboxes on the server). Will > the F-Prot Antivirus for Linux File Servers license allow this. > > Thanks > > Dean Plant *** This message originates from COCC, Inc. If the reader of this message, regardless of the address or routing, is not an intended recipient, you are hereby notified that you have received this transmittal in error and any review; use, distribution, dissemination or copying is strictly prohibited. If you have received this message in error, please delete this e-mail and all files transmitted with it from your system and immediately notify COCC, Inc. by sending reply e-mail to the sender of this message. Thank you. *** *** This message originates from COCC, Inc. If the reader of this message, regardless of the address or routing, is not an intended recipient, you are hereby notified that you have received this transmittal in error and any review; use, distribution, dissemination or copying is strictly prohibited. If you have received this message in error, please delete this e-mail and all files transmitted with it from your system and immediately notify COCC, Inc. by sending reply e-mail to the sender of this message. Thank you. *** From David.Sullivan at BARNET.AC.UK Thu Jun 5 17:23:27 2003 From: David.Sullivan at BARNET.AC.UK (David Sullivan) Date: Thu Jan 12 21:18:24 2006 Subject: F-prot says I need the mail server license In-Reply-To: <76C92FBBFB58D411AE760090271ED41805B33A62@rsys002a.roke.co.uk> Message-ID: On 5 Jun 2003 at 16:40, Plant, Dean wrote: > F-prot have advised me that I will need to use the mail server pricing > model for use with Mailscanner which means I will have to look at > other virus scanners. Looking at the message that you sent to them that might not necessarily be the case. They might have got the wrong idea. > > -----Original Message----- > > From: Plant, Dean [mailto:dean.plant@roke.co.uk] > > Sent: 4. j?n? 2003 10:47 > > To: 'sales@f-prot.com' > > Subject: FW: FRISK-S-20030530-0027 (f-prot for Linux) > > > > I have a Linux file server that acts as a mail proxy and I would > > like to > use f-prot to > > scan mail passing through the proxy (There are no mailboxes on the > server). Will > > the F-Prot Antivirus for Linux File Servers license allow this. > > You've not really stated that you have an existing product that just needs the command line version to perform virus scanning. Given this e-mail your typical salesperson might just assume you want a fully blown virus scanning smtp gateway and that's what they've recommended. David. This communication may contain privileged or confidential information which is for the exclusive use of the intended recipient. If you are not the intended recipient, please note that you may not distribute or use this communication or the information it contains. If this e-mail has reached you in error, please delete it and any attachment. Internet communications are not secure and Barnet College does not accept legal responsibility for the content of this message. Any views or opinions expressed are those of the author and not necessarily those of Barnet College. Please note that Barnet College reserves the right to monitor the source/destinations of all incoming or outgoing e-mail communications. From marco at MUW.EDU Thu Jun 5 17:43:24 2003 From: marco at MUW.EDU (Marco Obaid) Date: Thu Jan 12 21:18:24 2006 Subject: Scanning Rules In-Reply-To: <1054828887.4754.9.camel@rich.wvn.wvnet.edu> References: <1054828887.4754.9.camel@rich.wvn.wvnet.edu> Message-ID: <1054831404.3edf732c5b150@webmail.MUW.Edu> Good day everyone, I just created a scanner machine (mail gateway) for the purpose of taking a lot of load off the main mailserver. Now that the mail is flowing between the gateway and the main mailserver, I would like to tell MailScanner on the main mailserver to *not* scan outgoing mail or mail coming from the mail gateway and *only* scan mail sent/received for local users or coming from the internal network. Note: main mailserver is main.muw.edu mail gateway is avsmtp01.muw.edu In my /etc/MailScanner/rules/virus.scanning.rules, I have set this: FromOrTo: avsmtp01.muw.edu no FromOrTo: default yes In my /etc/MailScanner/rules/spam.whitelist.rules, I have set this: FromOrTo: avsmtp01.muw.edu yes FromOrTo: default no Am I on the right track?!!! I just don't want the main mailserver to re-scan something already scanned by the gateway machine. Marco _________________________________________________________________ This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail For the latest MUW Events, visit http://www.MUW.Edu/calendar From ernest at OACYS.COM Thu Jun 5 18:09:28 2003 From: ernest at OACYS.COM (Ernest W. Lessenger) Date: Thu Jan 12 21:18:24 2006 Subject: Scanning Rules In-Reply-To: <1054831404.3edf732c5b150@webmail.MUW.Edu> References: <1054828887.4754.9.camel@rich.wvn.wvnet.edu> <1054828887.4754.9.camel@rich.wvn.wvnet.edu> Message-ID: <5.2.0.9.2.20030605100521.00bbc738@mail.oacys.com> At 11:43 AM 6/5/2003 -0500, you wrote: >Note: main mailserver is main.muw.edu > mail gateway is avsmtp01.muw.edu Set up another instance of sendmail to handle incoming mail from the gateway. Set up two IP addresses on that machine, and bind one instance of sendmail to each. Then, use iptables to block incoming mail to the "unscanned" instance of sendmail from any machine but your gateway. The "unscanned" instance should drop mail into "mqueue" instead of "mqueue.in". --Ernest From esandquist at IHMS.NET Thu Jun 5 18:53:23 2003 From: esandquist at IHMS.NET (Eric Sandquist) Date: Thu Jan 12 21:18:24 2006 Subject: MailScanner cron job? In-Reply-To: Message-ID: I implemented SpamAssassin a while back, before I knew about MailScanner... SpamAssassin is not running system wide, only for a few select users... Since the system handles alot of list server traffic via Sympa, SPAM to those lists are rejected by default through Sympa, I don't need or want SpamAssassin to process spam for them too much traffic, too much load. I worked until 3am last night to verify acceptable system load after implementing MailScanner last night. I disabled all SPAM related features, since I only want to do virus scanning.... Server load is around 1.00-2.00, and during slow times is dropping down to .10 and less... Running MailScanner with 1 child process... Tried it with the default of 5, and it was too much for the system..;. There doesn't seem to be any delays in mail traffic, but I will be planning a hardware upgrade for this system in the near future to bring in the SpamAssassin features system-wide in the near future... Especially since I expect a marked increase in list-server traffic in the near future.. Eric -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Tony Finch Sent: Thursday, June 05, 2003 7:52 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MailScanner cron job? Eric Sandquist wrote: > >On my system, I started using MailScanner yesterday... Seemed to work ok >for a while... Server load w/o is .60 - .80... After starting it, >activating the cron and restarting sendmail for queue.in and queue... load >jumped to 1.2-1.7... still acceptable... Only scanning for virii... >SpamAssassin is running through procmail for individual users with >spamc/spamd since system wide scanning on this machine nearly killed it in >the past... Are you running SpamAssassin on the same machine as MailScanner? This is not a good combination, because when MailScanner finishes handling a batch you'll get several messages delivered at once which will cause a much bigger spamd load spike than you would get on a system without MailScanner. It would be better to use SpamAssassin via MailScanner and configure the optionality using MailScanner rules files, because that gives you much better control over the load on the machine. Tony. -- f.a.n.finch http://dotat.at/ ARDNAMURCHAN POINT TO CAPE WRATH INCLUDING THE OUTER HEBRIDES: SOUTHWEST 4 OR 5 BACKING SOUTHEAST 5 OR 6, LATER VEERING SOUTH 5 OR 6. OCCASIONAL SHOWERS EARLY, BECOMING CLOUDY, RAIN LATER. GOOD FALLING MODERATE IN SHOWERS THEN RAIN. MODERATE INCREASING ROUGH. From esandquist at IHMS.NET Thu Jun 5 19:04:04 2003 From: esandquist at IHMS.NET (Eric Sandquist) Date: Thu Jan 12 21:18:24 2006 Subject: F-prot says I need the mail server license In-Reply-To: <76C92FBBFB58D411AE760090271ED41805B33A62@rsys002a.roke.co.uk> Message-ID: I've been using ClamAv-0.54 for a while and it seems to catch everything... Definitions seem to be as current or better than some of the commercial stuff... And it's FREE under the GNU license... :) Using it in conjunction with Postfix-2.0.10/SpamAssassin-2.55/Amavis-NG-0.1.6.4 (didn't know about MailScanner when I set this up, and am not sure how they compare)... I use MailScanner on another server that uses sendmail because I didn't have access to the original sendmail.mc file nor was my sendmail compiled with milter support. Mail Scanner had installation instructions which allowed me to work arround those issues on my Managed Dedicated Server(MDS). I could have requested the changes from the hosting company, but then when there is a tech support issue, their frontline tech guys get confused.. ;) I think CA's Etrust/InoculateIT/Inoculan is on a per machine license too... Although, if your using Winblows, make sure you get the available patches or your machines will be extraordinarily slow.... We use it on the LAN - servers and workstations... Eric Systems Engineer -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Plant, Dean Sent: Thursday, June 05, 2003 10:40 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: F-prot says I need the mail server license F-prot have advised me that I will need to use the mail server pricing model for use with Mailscanner which means I will have to look at other virus scanners. Can anyone advise the next best choice for use with Mailscanner preferably based on a per server basis. Thanks Dean Plant Reply from F-Prot Dear Dean Plant, Thank you very much for your mail. For this purpose you would need to purchase a license for our Mail Server version. The license fee for F-Prot Antivirus for Linux Mail Servers is based on the number of mailboxes that the license should cover. Our website offers you the possibility to calculate the license fee for various numbers of mailboxes. Please access the calculator from the following path: http://www.f-prot.com/products/corporate_users/unix/linux/mailserver.html If you need price information for a license covering more than 5000 mailboxes, please contact us again with the exact number of mailboxes that the license should cover. Best regards, Kristin Hardardottir F-Prot Antivirus Sales Department sales@f-prot.com http://www.f-prot.com Tel: +354-540-7400 Fax: +354-540-7401 Frisk Software International Postholf 7180 IS-127 Reykjavik Iceland When replying, please copy your entire previous message/thread. Use the reply function of your e-mail program in order to keep the same subject of our response (including the tracking number). Otherwise your message may be delayed. If you are interested in receiving an e-mail notice when updates and new versions are released then you can subscribe at http://alerts.f-prot.com > -----Original Message----- > From: Plant, Dean [mailto:dean.plant@roke.co.uk] > Sent: 4. j?n? 2003 10:47 > To: 'sales@f-prot.com' > Subject: FW: FRISK-S-20030530-0027 (f-prot for Linux) > > I have a Linux file server that acts as a mail proxy and I would like to use f-prot to > scan mail passing through the proxy (There are no mailboxes on the server). Will > the F-Prot Antivirus for Linux File Servers license allow this. > > Thanks > > Dean Plant From vnarayan at haverford.edu Thu Jun 5 04:38:41 2003 From: vnarayan at haverford.edu (Vasantha Narayanan) Date: Thu Jan 12 21:18:24 2006 Subject: SpamAssassin timed out and was killed... box too slow? Message-ID: <200306050338.h553cebJ026555@acc.haverford.edu> On Wed, 4 Jun 2003 20:06:18 +0100 Julian Field wrote: > At 17:28 04/06/2003, you wrote: > >At 04:37 PM 6/4/2003 +0100, you wrote: > >>Try setting > >>skip_rbl_checks 1 > > > > > >I've already set skip_rbl_checks 1 in the spam.assassin.prefs.conf > >file. In the debug mode, it said that Razor2 and Pyzor were not > >availabe. So I also made the following entries in > spam.assassin.prefs.conf > >so that I can eliminate any of the below to be the cause of the problem: > >use_dcc 0 > >use_pyzor 0 > >use_razor1 0 > >use_razor2 0 > >use_bayes 0 > > > >In debug mode, a couple of lines seem bothersome - > > > >unix passed to setlogsock, but path not available at > >/opt/MailScanner/lib/MailSc > >anner/Log.pm line 62 > > > >and > > > >debug: Failed to parse line in SpamAssassin configuration, skipping: > >defang_mime 0 > > > >Could they be the cause of the timeout problem? > > Shouldn't be, no. Try reducing to 1 child process (Max Children = 1 in > MailScanner.conf) then see how it behaves. > Tony Finch also suggested reducing the child processes. When I reduced it to 5 instead of 15, I found that the, " Jun 4 17:34:23 nisc4 MailScanner[19761]: SpamAssassin timed out and was killed, consecutive failure 1 of 20" appeared after an hour of starting the MailScanner. Then it appeared an hour later. When I reduced it to 1 child process, I did not get the error for over 3 hours. But a lot of mail got accumulated in the incoming mail queue that I had to stop MailScanner and restart it without SpamAssassin to process the mail. Vasantha > > >Thanks. > > > >Vasantha > > > > > >>in spam.assassin.prefs.conf and see if that helps. You will need to > restart > >>MailScanner after setting this. > >> > >>At 16:22 04/06/2003, you wrote: > >>>We've a SunBlade 100 (500 Mhz) with 500 Mem running Solaris 2.8. The > >>>machine does nothing other than MailScanning. It is not even a > MailServer. > >>> > >>>The MailScanner itself works perfectly. It is only when I turn on > >>>SpamAssassin that the load on the machine gets really high. A lot > of mail > >>>gets accumulated in the incoming queue waiting to be scanned. I'm > running > >>>15 mailscanner processes and it forks and gets doubled whenever I > turn on > >>>SpamAssassin. Pretty soon the following error shows up in the log: > >>>Jun 3 15:57:07 nisc4 MailScanner[5766]: SpamAssassin timed out and was > >>>killed, consecutive failure 1 of 20 > >>>Jun 3 15:57:41 nisc4 MailScanner[5758]: SpamAssassin timed out and was > >>>killed, consecutive failure 1 of 20 > >>>Jun 3 15:58:14 nisc4 MailScanner[5750]: SpamAssassin timed out and was > >>>killed, consecutive failure 1 of 20 > >>>Jun 3 16:00:08 nisc4 MailScanner[5774]: SpamAssassin timed out and was > >>>killed, consecutive failure 1 of 20 > >>> > >>>Have others seen this problem? How have you fixed the problem? We've > >>>MailScanner-4.20-3 with SpamAssassin-2.50. The SpamAssassin > Timeout is set > >>>to 40 and Scanner timeout is set to 10 (that is the default in > that version > >>>of MailScanner) > >>> > >>>I'd really appreciate some suggestions. > >>> > >>>Thanks. > >>> > >>>Vasantha > >>> > >>> > >>> > >>> > >>>At 05:37 PM 6/3/2003 -0500, you wrote: > >>>>What kind of horsepower does your box have? OS? > >>>> > >>>>Mike > >>>> > >>>> > >>>>-----Original Message----- > >>>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > >>>>Behalf > >>>>Of Chris W. Parker > >>>>Sent: Tuesday, June 03, 2003 5:28 PM > >>>>To: MAILSCANNER@JISCMAIL.AC.UK > >>>>Subject: Re: SpamAssassin timed out and was killed... box too slow? > >>>> > >>>> > >>>>Vasantha Narayanan wrote: > >>>> > >>>> > Did you find a solution yet? > >>>> > >>>>No I did not. > >>>> > >>>> > I'm having the same problem. > >>>> > >>>>I feel your pain. :( > >>>> > >>>> > >>>> > >>>>Chris. > >>> > >>>VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV > >>>Vasantha Narayanan > >>>Networking and Systems email: vnarayan@haverford.edu > >>>Haverford College, PA Phone: > >>>610-896-1110 > >> > >>-- > >>Julian Field > >>www.MailScanner.info > >>MailScanner thanks transtec Computers for their support > > > >VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV > >Vasantha Narayanan > >Networking and Systems email: vnarayan@haverford.edu > >Haverford College, PA Phone: > >610-896-1110 > > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > From smhickel at CHARTERMI.NET Thu Jun 5 19:32:00 2003 From: smhickel at CHARTERMI.NET (Steve Hickel) Date: Thu Jan 12 21:18:24 2006 Subject: F-prot says I need the mail server license Message-ID: <200306051832.h55IW0027159@chartermi.net> To whom it may concern: I understand you have instituted a new licensing program. As I understand it you have gone from being the lowest cost solution to one of the highest with your change of licensing policy. Correct me if I am mistaken, but f-prot has made its mark in the industry by being a very cost effective solution. Why you would choose to make a grandiose licensing change either reflects a poor understanding of who your core market is or tells me that you have decided to attract a different (not the same) market. Please set me straight if I have this wrong, but I am currently looking for another cost effective anti-virus solution for my linux-based email servers. Steve Hickel From smhickel at CHARTERMI.NET Thu Jun 5 19:36:54 2003 From: smhickel at CHARTERMI.NET (Steve Hickel) Date: Thu Jan 12 21:18:24 2006 Subject: F-prot says I need the mail server license Message-ID: <200306051836.h55IasH27312@chartermi.net> Does ClamAv-0.54 work in place of f-prot with mailscanner or is their yet an equally cost-effective solution other than f-prot that does work with MailScanner? Steve From kevins at BMRB.CO.UK Thu Jun 5 20:01:10 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:24 2006 Subject: F-prot says I need the mail server license In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB00117577D@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB00117577D@pascal.priv.bmrb.co.uk> Message-ID: <1054839674.8647.8.camel@bach.kevinspicer.co.uk> I would not use only clam, as their updates aren't really quick enough (my view is that updates are pretty time-sensitive on the mail gateway). For example, today... Sophos IDE for Bugbear B available at 12:20ish Sophos caught 15x Bugbear B before Clam caught its first with the 4pm (hourly) update. Admittedly we also caught a few with the IFRAME/ attachement rules On Thu, 2003-06-05 at 19:36, Steve Hickel wrote: Does ClamAv-0.54 work in place of f-prot with mailscanner or is their yet an equally cost-effective solution other than f-prot that does work with MailScanner? Steve BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From mailscanner at ecs.soton.ac.uk Thu Jun 5 20:17:09 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:24 2006 Subject: F-prot says I need the mail server license In-Reply-To: References: <76C92FBBFB58D411AE760090271ED41805B33A62@rsys002a.roke.co.uk> Message-ID: <5.2.1.1.2.20030605201455.03a22b58@imap.ecs.soton.ac.uk> I can only really add 1 comment this discussion. I have read their software licence very carefully. They completely fail to define the terms "workstation", "server" and "mail server". You only need the facilities provided by the "workstation" version. So you should be able to buy the "workstation" version and, as far as I can see, they haven't got a leg to stand on. My only concern is that if everyone buys the "workstation" version they might go bankrupt, which would be a loss for everyone. At 17:23 05/06/2003, you wrote: >On 5 Jun 2003 at 16:40, Plant, Dean wrote: > > > F-prot have advised me that I will need to use the mail server pricing > > model for use with Mailscanner which means I will have to look at > > other virus scanners. > >Looking at the message that you sent to them that might not necessarily be >the case. >They might have got the wrong idea. > > > > > -----Original Message----- > > > From: Plant, Dean [mailto:dean.plant@roke.co.uk] > > > Sent: 4. j?n? 2003 10:47 > > > To: 'sales@f-prot.com' > > > Subject: FW: FRISK-S-20030530-0027 (f-prot for Linux) > > > > > > I have a Linux file server that acts as a mail proxy and I would > > > like to > > use f-prot to > > > scan mail passing through the proxy (There are no mailboxes on the > > server). Will > > > the F-Prot Antivirus for Linux File Servers license allow this. > > > > >You've not really stated that you have an existing product that just needs >the command >line version to perform virus scanning. Given this e-mail your typical >salesperson might >just assume you want a fully blown virus scanning smtp gateway and that's what >they've recommended. > >David. > > >This communication may contain privileged or confidential information which >is for the exclusive use of the intended recipient. If you are not the >intended recipient, please note that you may not distribute or use this >communication or the information it contains. If this e-mail has reached you >in error, please delete it and any attachment. > >Internet communications are not secure and Barnet College does not accept >legal responsibility for the content of this message. Any views or opinions >expressed are those of the author and not necessarily those of Barnet College. > >Please note that Barnet College reserves the right to monitor the >source/destinations of all incoming or outgoing e-mail communications. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Thu Jun 5 20:33:36 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:24 2006 Subject: Procmail + MS In-Reply-To: <1054769122.2484.23.camel@nomad.userfriendly.net> References: Message-ID: <5.2.1.1.2.20030605203300.03a37eb0@imap.ecs.soton.ac.uk> At 00:25 05/06/2003, you wrote: > > Procmail is involved in the delivery process, thats AFTER MS is scanning > > them. > > > >I understand that procmail is for local mail delivery, i was originally >trying to get MS to do it. > > > You could also put in some rules in MS where you simply dont scan mail > > for those users if you want to save the resources. > >And exactly how would one go about that? I started took a look at the >SPAM/NONSPAM action but wasnt sure how to put that all together. Any >ideas? Use a ruleset for "Virus Scanning" and "Spam Checks". See the examples in /etc/MailScanner/rules. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Thu Jun 5 20:29:34 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:24 2006 Subject: Scanning Rules In-Reply-To: <1054831404.3edf732c5b150@webmail.MUW.Edu> References: <1054828887.4754.9.camel@rich.wvn.wvnet.edu> <1054828887.4754.9.camel@rich.wvn.wvnet.edu> Message-ID: <5.2.1.1.2.20030605202829.03a6dcf8@imap.ecs.soton.ac.uk> At 17:43 05/06/2003, you wrote: >Good day everyone, > >I just created a scanner machine (mail gateway) for the purpose of taking >a lot >of load off the main mailserver. > >Now that the mail is flowing between the gateway and the main mailserver, I >would like to tell MailScanner on the main mailserver to *not* scan outgoing >mail or mail coming from the mail gateway and *only* scan mail sent/received >for local users or coming from the internal network. To avoid possibilities of people forging the domain name in the mail they are sending, make the rules include the IP address of the main gateway. >Note: main mailserver is main.muw.edu > mail gateway is avsmtp01.muw.edu > >In my /etc/MailScanner/rules/virus.scanning.rules, I have set this: > >FromOrTo: avsmtp01.muw.edu no >FromOrTo: default yes > >In my /etc/MailScanner/rules/spam.whitelist.rules, I have set this: > >FromOrTo: avsmtp01.muw.edu yes >FromOrTo: default no > >Am I on the right track?!!! > >I just don't want the main mailserver to re-scan something already scanned by >the gateway machine. > >Marco > >_________________________________________________________________ >This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail >For the latest MUW Events, visit http://www.MUW.Edu/calendar -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Thu Jun 5 20:26:45 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:24 2006 Subject: new install - cannot call method bodyhandle in Message.pm In-Reply-To: <3EDF5DD9.2040601@EPSIIA.com> Message-ID: <5.2.1.1.2.20030605202557.03a23860@imap.ecs.soton.ac.uk> You're doing something very odd. Put your MailScanner.conf file back to how it started life, and make the absolute minimum changes possible. Then test it again. At 16:12 05/06/2003, you wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Just installed latest version of mailscanner and receive the following >error when starting. Anyone have any info on how to begin debuging this? > >Starting MailScanner... >In Debugging mode, not forking... >Can't call method "bodyhandle" on an undefined value at >/opt/MailScanner/lib/MailScanner/Message.pm line 898. > >Thanks, >- -Ryan >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.2.2 (GNU/Linux) >Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > >iD8DBQE+313YduH5kxQ36MARAlMyAKCTJuiWO2dRlr1XdgNkdI1Jvx9uYwCfdZTo >RQ/elb5Q57malblJE1jOvrk= >=37Kg >-----END PGP SIGNATURE----- -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From kevins at BMRB.CO.UK Thu Jun 5 20:37:11 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:24 2006 Subject: Scanning Rules In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB001175778@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB001175778@pascal.priv.bmrb.co.uk> Message-ID: <1054841832.8648.40.camel@bach.kevinspicer.co.uk> On Thu, 2003-06-05 at 17:43, Marco Obaid wrote: >In my /etc/MailScanner/rules/virus.scanning.rules, I have set this: >FromOrTo: avsmtp01.muw.edu no >FromOrTo: default yes >In my /etc/MailScanner/rules/spam.whitelist.rules, I have set this: >FromOrTo: avsmtp01.muw.edu yes >FromOrTo: default no >Am I on the right track?!!! Yes, but I think theres an easier way to do it - if I understand correctly you want to turn off all processing for mails from avsmtp01. You also say that you don't want to scan main coming from the mailscanner machine [you do mean originating from don't you?] - unless you actually have something on that machine generating a lot of mail its probably best to scan it anyway - you never know. I notice your rules don't attempt to do this, so I shan't either. You can do this with one entry in MailScanner.conf and one ruleset MailScanner.conf... Virus Scanning = /etc/MailScanner/rules/virus.scanning.rules in /etc/MailScanner/rules/virus.scanning.rules From: x.x.x.x no FromOrTo: default yes where x.x.x.x is the IP address of avsmtp01 - you should use the IP address rather than host.domain.com syntax to avoid nasty spammers and viruses getting round mailscanner by spoofing things. You use From rather than FromOrTo because you can only match IP addresses by origin not destination. If you also want to avoid scanning mail going to that machine then add... To: avsmtp01.muw.edu no no to the ruleset above BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From smhickel at CHARTERMI.NET Thu Jun 5 20:57:34 2003 From: smhickel at CHARTERMI.NET (Steve Hickel) Date: Thu Jan 12 21:18:24 2006 Subject: F-prot says I need the mail server license Message-ID: <200306051957.h55JvY729545@chartermi.net> Kevin, You seem to be suggesting that one can use one or more anti-virus programs. I don't know how to configure more than one. I use the webmin MailScanner module, which I hear will be updated for 4.21 tomorrow. Would one just list with spaces between f-prot ClamAv-0.54 etc? Plus the original question was if f-prot truly requires a 500 uers license for their software on a MailScanner host that scans software for 500 mailboxes then an alternative to f-prot was the issue with similar features and price points. Steve Kevin Spicer wrote .. > I would not use only clam, as their updates aren't really quick enough > (my view is that updates are pretty time-sensitive on the mail gateway). > For example, today... > > Sophos IDE for Bugbear B available at 12:20ish > Sophos caught 15x Bugbear B before Clam caught its first with the 4pm > (hourly) update. > Admittedly we also caught a few with the IFRAME/ attachement rules > > On Thu, 2003-06-05 at 19:36, Steve Hickel wrote: > > Does ClamAv-0.54 work in place of f-prot with mailscanner or is their > yet an equally cost-effective solution other than f-prot that does work > with MailScanner? > > Steve > > > > > > > BMRB International > http://www.bmrb.co.uk > +44 (0)20 8566 5000 > _________________________________________________________________ > This message (and any attachment) is intended only for the > recipient and may contain confidential and/or privileged > material. If you have received this in error, please contact the > sender and delete this message immediately. Disclosure, copying > or other action taken in respect of this email or in > reliance on it is prohibited. BMRB International Limited > accepts no liability in relation to any personal emails, or > content of any email which does not directly relate to our > business. From mailscanner at ecs.soton.ac.uk Thu Jun 5 21:01:16 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:24 2006 Subject: F-prot says I need the mail server license In-Reply-To: <200306051957.h55JvY729545@chartermi.net> Message-ID: <5.2.1.1.2.20030605210002.038c1b28@imap.ecs.soton.ac.uk> At 20:57 05/06/2003, you wrote: >Kevin, > >You seem to be suggesting that one can use one or more anti-virus >programs. I don't know how to configure more than one. I use the webmin >MailScanner module, which I hear will be updated for 4.21 tomorrow. Would >one just list with spaces between f-prot ClamAv-0.54 etc? Virus Scanners = f-prot clamav >Plus the original question was if f-prot truly requires a 500 uers license >for their software on a MailScanner host that scans software for 500 >mailboxes then an alternative to f-prot was the issue with similar >features and price points. Take a look at RAV licensing, apparently it is domain-based which may prove cheap for many sites. But don't quote me on that, I might have the product wrong. >Steve > >Kevin Spicer wrote .. > > I would not use only clam, as their updates aren't really quick enough > > (my view is that updates are pretty time-sensitive on the mail gateway). > > For example, today... > > > > Sophos IDE for Bugbear B available at 12:20ish > > Sophos caught 15x Bugbear B before Clam caught its first with the 4pm > > (hourly) update. > > Admittedly we also caught a few with the IFRAME/ attachement rules > > > > On Thu, 2003-06-05 at 19:36, Steve Hickel wrote: > > > > Does ClamAv-0.54 work in place of f-prot with mailscanner or is their > > yet an equally cost-effective solution other than f-prot that does work > > with MailScanner? > > > > Steve > > > > > > > > > > > > > > BMRB International > > http://www.bmrb.co.uk > > +44 (0)20 8566 5000 > > _________________________________________________________________ > > This message (and any attachment) is intended only for the > > recipient and may contain confidential and/or privileged > > material. If you have received this in error, please contact the > > sender and delete this message immediately. Disclosure, copying > > or other action taken in respect of this email or in > > reliance on it is prohibited. BMRB International Limited > > accepts no liability in relation to any personal emails, or > > content of any email which does not directly relate to our > > business. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From smhickel at CHARTERMI.NET Thu Jun 5 21:08:49 2003 From: smhickel at CHARTERMI.NET (Steve Hickel) Date: Thu Jan 12 21:18:24 2006 Subject: F-prot says I need the mail server license Message-ID: <200306052008.h55K8n229965@chartermi.net> Julian, You are the greatest. However, I do not know what RAV means nor where to look at it. Thanks, Steve Julian Field wrote .. > At 20:57 05/06/2003, you wrote: > >Kevin, > > > >You seem to be suggesting that one can use one or more anti-virus > >programs. I don't know how to configure more than one. I use the webmin > >MailScanner module, which I hear will be updated for 4.21 tomorrow. Would > >one just list with spaces between f-prot ClamAv-0.54 etc? > > Virus Scanners = f-prot clamav > > >Plus the original question was if f-prot truly requires a 500 uers license > >for their software on a MailScanner host that scans software for 500 > >mailboxes then an alternative to f-prot was the issue with similar > >features and price points. > > Take a look at RAV licensing, apparently it is domain-based which may prove > cheap for many sites. But don't quote me on that, I might have the product > wrong. > > > >Steve > > > >Kevin Spicer wrote .. > > > I would not use only clam, as their updates aren't really quick enough > > > (my view is that updates are pretty time-sensitive on the mail gateway). > > > For example, today... > > > > > > Sophos IDE for Bugbear B available at 12:20ish > > > Sophos caught 15x Bugbear B before Clam caught its first with the 4pm > > > (hourly) update. > > > Admittedly we also caught a few with the IFRAME/ attachement rules > > > > > > On Thu, 2003-06-05 at 19:36, Steve Hickel wrote: > > > > > > Does ClamAv-0.54 work in place of f-prot with mailscanner or is their > > > yet an equally cost-effective solution other than f-prot that does > work > > > with MailScanner? > > > > > > Steve > > > > > > > > > > > > > > > > > > > > > BMRB International > > > http://www.bmrb.co.uk > > > +44 (0)20 8566 5000 > > > _________________________________________________________________ > > > This message (and any attachment) is intended only for the > > > recipient and may contain confidential and/or privileged > > > material. If you have received this in error, please contact the > > > sender and delete this message immediately. Disclosure, copying > > > or other action taken in respect of this email or in > > > reliance on it is prohibited. BMRB International Limited > > > accepts no liability in relation to any personal emails, or > > > content of any email which does not directly relate to our > > > business. > > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support From kevins at BMRB.CO.UK Thu Jun 5 21:22:15 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:24 2006 Subject: F-prot says I need the mail server license In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB001175784@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB001175784@pascal.priv.bmrb.co.uk> Message-ID: <1054844536.8649.47.camel@bach.kevinspicer.co.uk> >On Thu, 2003-06-05 at 20:57, Steve Hickel wrote: >Kevin, >You seem to be suggesting that one can use one or more anti-virus >programs. Sure can see the comments in MailScanner.conf >I don't know how to configure more than one. I use the webmin >MailScanner module, which I hear will be updated for 4.21 tomorrow. >Would one just list with spaces between f-prot ClamAv-0.54 etc? Sorry, I don't know as I've never even looked at the webmin module. >Plus the original question was if f-prot truly requires a 500 uers >license for their software on a MailScanner host that scans software >for 500 mailboxes then an alternative to f-prot was the issue with >similar features and price points. Yes, the point of my previous post was to discourage you from moving to Clam alone (which I thought your previous post might have been suggesting) - unfortunately I can't really help with other scanners as I only have experience with Clam, Sophos and F-prot. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From mailscanner at ecs.soton.ac.uk Thu Jun 5 21:27:26 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:24 2006 Subject: F-prot says I need the mail server license In-Reply-To: <200306052008.h55K8n229965@chartermi.net> Message-ID: <5.2.1.1.2.20030605212715.03a26d20@imap.ecs.soton.ac.uk> Type "rav" into Google. At 21:08 05/06/2003, you wrote: >Julian, > >You are the greatest. > >However, I do not know what RAV means nor where to look at it. > >Thanks, > >Steve > > >Julian Field wrote .. > > At 20:57 05/06/2003, you wrote: > > >Kevin, > > > > > >You seem to be suggesting that one can use one or more anti-virus > > >programs. I don't know how to configure more than one. I use the webmin > > >MailScanner module, which I hear will be updated for 4.21 tomorrow. Would > > >one just list with spaces between f-prot ClamAv-0.54 etc? > > > > Virus Scanners = f-prot clamav > > > > >Plus the original question was if f-prot truly requires a 500 uers license > > >for their software on a MailScanner host that scans software for 500 > > >mailboxes then an alternative to f-prot was the issue with similar > > >features and price points. > > > > Take a look at RAV licensing, apparently it is domain-based which may prove > > cheap for many sites. But don't quote me on that, I might have the product > > wrong. > > > > > > >Steve > > > > > >Kevin Spicer wrote .. > > > > I would not use only clam, as their updates aren't really quick enough > > > > (my view is that updates are pretty time-sensitive on the mail > gateway). > > > > For example, today... > > > > > > > > Sophos IDE for Bugbear B available at 12:20ish > > > > Sophos caught 15x Bugbear B before Clam caught its first with the 4pm > > > > (hourly) update. > > > > Admittedly we also caught a few with the IFRAME/ attachement rules > > > > > > > > On Thu, 2003-06-05 at 19:36, Steve Hickel wrote: > > > > > > > > Does ClamAv-0.54 work in place of f-prot with mailscanner or is their > > > > yet an equally cost-effective solution other than f-prot that does > > work > > > > with MailScanner? > > > > > > > > Steve > > > > > > > > > > > > > > > > > > > > > > > > > > > > BMRB International > > > > http://www.bmrb.co.uk > > > > +44 (0)20 8566 5000 > > > > _________________________________________________________________ > > > > This message (and any attachment) is intended only for the > > > > recipient and may contain confidential and/or privileged > > > > material. If you have received this in error, please contact the > > > > sender and delete this message immediately. Disclosure, copying > > > > or other action taken in respect of this email or in > > > > reliance on it is prohibited. BMRB International Limited > > > > accepts no liability in relation to any personal emails, or > > > > content of any email which does not directly relate to our > > > > business. > > > > -- > > Julian Field > > www.MailScanner.info > > Professional Support Services at www.MailScanner.biz > > MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From Steve at swaney.com Thu Jun 5 21:29:21 2003 From: Steve at swaney.com (Stephen Swaney) Date: Thu Jan 12 21:18:24 2006 Subject: Rav Website In-Reply-To: <200306052008.h55K8n229965@chartermi.net> References: <200306052008.h55K8n229965@chartermi.net> Message-ID: <1054844961.32122.2.camel@speedy> Steve, I believe it refers to the rev anti-virus scanner at this site: http://www.ravantivirus.com/index.php I have no experience with this scanner so I can't comment on quality. Steve Stephen Swaney President Fortress Systems, Ltd. Steve.Swaney@fsl.com Phone: 202 352-3262 U.S. Toll Free Phone and Fax: 877 746-6636 On Thu, 2003-06-05 at 16:08, Steve Hickel wrote: > Julian, > > You are the greatest. > > However, I do not know what RAV means nor where to look at it. > > Thanks, > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030605/b06be8a2/attachment.html From apm at CIFRID.NET Thu Jun 5 21:30:26 2003 From: apm at CIFRID.NET (Artur Meski) Date: Thu Jan 12 21:18:24 2006 Subject: ZMailer and MailScanner--a little problem. Message-ID: <86fzmos1wd.fsf@shiningdiamond.localnet> Hello MailScanner hackers. I've found out, that in some conditions MailScanner behaves stangely. Take a look at this: [...] Jun 5 17:39:56 naos MailScanner[49495]: Batch: Found invalid queue file for message 224686 Jun 5 17:39:56 naos MailScanner[49447]: Batch: Found invalid queue file for message 224686 Jun 5 17:39:58 naos MailScanner[49460]: Batch: Found invalid queue file for message 224686 Jun 5 17:40:01 naos MailScanner[49479]: Batch: Found invalid queue file for message 224686 Jun 5 17:40:01 naos MailScanner[49434]: Batch: Found invalid queue file for message 224686 Jun 5 17:40:01 naos MailScanner[49495]: Batch: Found invalid queue file for message 224686 Jun 5 17:40:01 naos MailScanner[49447]: Batch: Found invalid queue file for message 224686 Jun 5 17:40:03 naos MailScanner[49460]: Batch: Found invalid queue file for message 224686 Jun 5 17:40:06 naos MailScanner[49479]: Batch: Found invalid queue file for message 224686 [...] It does not affect every message--it happens from time to time. See attachement for queue file. It has no 'from' field in "env" part (I think, it's ok for ZMailer). -------------- next part -------------- A non-text attachment was scrubbed... Name: 224686 Type: application/octet-stream Size: 5489 bytes Desc: queue file Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030605/a77ebbef/224686.obj -------------- next part -------------- I use ZMailer version 2.99.56-pre4 (on mailhub). I don't know on which ZM. version MS. was tested and developed--maybe something imporatnt has changed. I've changed ZMailer.pm temporarily: -return 1 if $FROMFound && $TOFound && $IPFound; +return 1 if $TOFound && $IPFound; Is it ok? And one, small, additional question: When MailScanner drops privileges (Run As User = nonprivilegeduser)? Artur Meski. -- // WWW: artur.black.pl // PGP: finger apm@heze.cifrid.net // From steve.douglas at SBIINCORPORATED.COM Thu Jun 5 21:36:25 2003 From: steve.douglas at SBIINCORPORATED.COM (Steve Douglas) Date: Thu Jan 12 21:18:24 2006 Subject: Auto-Responses without open-relaying Message-ID: <3963522F0E71474CB14C0FF54A6914F701114F8E@omar.schtre.com> Can someone suggest an approach as to how to have the automatic responses from MailScanner work? My scenario is fairly easy, I have installed my MailScanner gateway on the DMZ and all incoming messages are rerouted to my internal email server. The internal email server is blocked for open-relays. Currently when the MailScanner emails the responses it goes through the internal email file server which then get blocked. Is there something I can do to the MailScanner gateway to redirect all MailScanner responses out of the same server without the gateway becoming an open-relay? Thanks. sd -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030605/3886007e/attachment.html From FCaen at CI.LAKEWOOD.WA.US Thu Jun 5 21:51:43 2003 From: FCaen at CI.LAKEWOOD.WA.US (Francois Caen) Date: Thu Jan 12 21:18:24 2006 Subject: Auto-Responses without open-relaying Message-ID: -----Original Message----- From: Steve Douglas [mailto:steve.douglas@SBIINCORPORATED.COM] > I have installed my MailScanner gateway on the DMZ and all incoming messages are rerouted to my internal email server. Are you using mailertable or smarthost for the rerouting? --------------------------------------------- Francois Caen Network Information Systems Engineer - Webmaster City of Lakewood, WA (253) 512-2269 NOTICE: The Information contained in this transmission is privileged and confidential. It is intended for the use of the individual or entity named above. If the reader of this message is not the intended addressee or other legitimate recipient, the reader is hereby notified that any consideration, dissemination or duplication of this communication is strictly prohibited. If the addressee has received this communication in error, please return it to the above address by mail and notify this office by telephone. City of Lakewood From steve.douglas at SBIINCORPORATED.COM Thu Jun 5 21:53:23 2003 From: steve.douglas at SBIINCORPORATED.COM (Steve Douglas) Date: Thu Jan 12 21:18:24 2006 Subject: Question regarding virus wrapper Message-ID: <3963522F0E71474CB14C0FF54A6914F701114F90@omar.schtre.com> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: Steve Douglas.vcf Type: application/octet-stream Size: 380 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030605/0b244034/SteveDouglas.obj From mailscanner at ecs.soton.ac.uk Thu Jun 5 22:02:19 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:24 2006 Subject: attachment action results in Postfix queue file corruption In-Reply-To: <1151627772873.20030604195200@icp.ac.ru> References: <1054734746.10031.174.camel@speedy> <1054734746.10031.174.camel@speedy> Message-ID: <5.2.1.1.2.20030605215658.03a1a2e0@imap.ecs.soton.ac.uk> Please can you try this patch to PFDiskStore.pm: --- PFDiskStore.pm 2003-06-02 10:03:03.000000000 +0100 +++ PFDiskStore.pm.new 2003-06-05 21:59:16.000000000 +0100 @@ -285,7 +285,7 @@ $recipcounter = 0; foreach $record (@{$message->{metadata}}) { $record =~ /^(.)(.*)$/; - $recipcounter++ if $1 =~ /[RO]/; + $recipcounter++ if $1 =~ /R/; } At 16:52 04/06/2003, you wrote: >Hi! > >'Attachment' action in MS 4.21.9 seems to be incompatible with my >Postfix 2.0.10. All high scored spam (the only email variety I am >trying to handle using the feature at the moment) I got by now >finished in 'corrupt' folder in Postfix spool. If anyone interested I >can send the details of my setup, logs, corrupt queue files, >quarantined messages... > >-- >Dmitriy -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Thu Jun 5 22:04:06 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:24 2006 Subject: Question regarding virus wrapper In-Reply-To: <3963522F0E71474CB14C0FF54A6914F701114F90@omar.schtre.com> Message-ID: <5.2.1.1.2.20030605220320.03a3ce88@imap.ecs.soton.ac.uk> Have you got the RedHat 7.2 compatibility libraries loaded and the environment kludge to make it think it is running an old kernel? McAfee haven't updated their Linux support in *years* :-( At 21:53 05/06/2003, you wrote: >I suspect I know what the problem is with this question. I believe it may >be related to a bug or incompatible library in libc.so.6., but the hourly >cron response I get from the mailscanner contains the following: > > > >/etc/cron.hourly/update_virus_scanners: > > > >/usr/lib/MailScanner/mcafee-wrapper: line 46: [: /lib/libc.so.6: binary >operator expected > > > >------------------------- > > > >The above is using McAfee Anti-Virus > > > > > > > > -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030605/4ffe9236/attachment.html From steve.douglas at SBIINCORPORATED.COM Thu Jun 5 22:04:22 2003 From: steve.douglas at SBIINCORPORATED.COM (Steve Douglas) Date: Thu Jan 12 21:18:24 2006 Subject: Auto-Responses without open-relaying Message-ID: <3963522F0E71474CB14C0FF54A6914F701114F91@omar.schtre.com> I am using mailertable within sendmail and I have a spamcontrol that features "relay domains" for the domains I want routed into my private network email server. SD :-) > -----Original Message----- > From: Francois Caen [mailto:FCaen@CI.LAKEWOOD.WA.US] > Sent: Thursday, June 05, 2003 3:52 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Auto-Responses without open-relaying > > -----Original Message----- > From: Steve Douglas [mailto:steve.douglas@SBIINCORPORATED.COM] > > > I have installed my MailScanner gateway on the DMZ and all incoming > messages are rerouted to my internal email server. > > Are you using mailertable or smarthost for the rerouting? > > --------------------------------------------- > Francois Caen > Network Information Systems Engineer - Webmaster > City of Lakewood, WA > (253) 512-2269 > > > > NOTICE: The Information contained in this transmission is privileged and > confidential. It is intended for the use of the individual or entity named > above. If the reader of this message is not the intended addressee or > other legitimate recipient, the reader is hereby notified that any > consideration, dissemination or duplication of this communication is > strictly prohibited. If the addressee has received this communication in > error, please return it to the above address by mail and notify this > office by telephone. > > > > > > City of Lakewood > From steve.freegard at LBSLTD.CO.UK Thu Jun 5 22:09:52 2003 From: steve.freegard at LBSLTD.CO.UK (Steve Freegard) Date: Thu Jan 12 21:18:24 2006 Subject: Bayesian training and spam attachment Message-ID: <67D9E7698329D411936E00508B6590B90277390E@neelix.lbsltd.co.uk> Carl/Denis/Julian, I found this: http://www.jmason.org/software/scripts/extract-rfc822-attachment.txt - it's written by the author of SpamAssassin. I haven't tried it as I haven't upgraded and turned on the attachment feature (yet!) - it states in the README: extract a "mail/rfc822" attachment from a mail. SYNOPSIS extract-rfc822-attachment < msg > newmsg EXIT STATUS Exit status will be 0 if there was an attachment and the attachment was extracted successfully, 1 if there was no attachment found. The remaining non-zero exit statuses are reserved for other failure modes. NOTE Quoted-printable or base64-encoded attachments are not currently supported. I suppose the drawback is that it'll only run on one message at a time - I wonder if it would be possible to integrate this with procmail on the MailScanner box to automagically extract the rfc822 attachments for anything forwarded to the 'not-spam'??? Kind regards, Steve. -- Steve Freegard Systems Manager Littlehampton Book Services -----Original Message----- From: Carl Boberg To: MAILSCANNER@JISCMAIL.AC.UK Sent: 05/06/03 08:59 Subject: Re: Bayesian training and spam attachment -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, If anybody finds a useful script/module for this please post it, or where to find it, to this list. / Carl >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >Behalf Of Julian Field >Sent: Wednesday, June 04, 2003 21:08 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Bayesian training and spam attachment > > >At 19:48 04/06/2003, you wrote: >>Julian, >> >>Would you know about some Perl Module that could help me achieve >>that? > >No, sorry. But take a look at www.zeegee.com, there might be >something useful there. > > >>Denis >>Le mer 04/06/2003 ? 11:38, Julian Field a ?crit : >> > At 16:29 04/06/2003, you wrote: >> > >Hello, >> > > >> > >I am working on implementing a shared folder to drop spam/ham >> > >into to educate the Bayesian filter of SA. >> > > >> > >If I turn on the "Spam Action = attachment deliver" in MS, will >> > >the resulting email be suitable to be fed in sa-learn or will I >> > >have to remove the message that was included in the email? >> > >> > You would need to extract the RFC822 attachment from the mail >> > you are forwarded, but it will *then* be in the right form for >> > feeding >to sa-learn. >> > -- >> > Julian Field >> > www.MailScanner.info >> > MailScanner thanks transtec Computers for their support >>-- >>Denis Beauchemin, analyste >>Universit? de Sherbrooke, S.T.I. >>T: 819.821.8000x2252 F: 819.821.8045 > >-- >Julian Field >www.MailScanner.info >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use iQA/AwUBPt74fui5vtTaHS+IEQJ54gCcDXTIgD39AYggMgCkdzz/nAWi8H8AoJ1X qNpye0h0nvDxZv+BmWVLQx89 =JoAl -----END PGP SIGNATURE----- -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete the message from your mailbox. This footnote also confirms that this email message has been swept by MailScanner (www.mailscanner.info) for the presence of computer viruses. From forrie at FORRIE.COM Fri Jun 6 05:23:01 2003 From: forrie at FORRIE.COM (Forrest Aldrich) Date: Thu Jan 12 21:18:24 2006 Subject: Rav Website In-Reply-To: <1054844961.32122.2.camel@speedy> References: <200306052008.h55K8n229965@chartermi.net> <200306052008.h55K8n229965@chartermi.net> Message-ID: <5.2.1.1.2.20030606001846.01e1f8b0@192.168.1.1> For what it's worth, I've been using RAV Antivirus with sendmail-Milter for over a year, and it's worked pretty well. A couple of comments: 1) The configuration (ravmd.conf) is extremely obtuse - definately not written by someone who goes outdoors frequently. 2) Their licensing policy (pricing) leaves a bit to be desired - they charge 25.00 per domain or something like that - and have no provision for a private site that might happen to have a few domains (some unused). 3) The licensing will only scan for x number of domains (as also defined in ravmd.conf)... In retrospect, I've begun using f-prot and clamav (soon clamav-milter if someone can help me compile it on freebsd), since I disagree with RAV's pricing guidelines. _F At 04:29 PM 6/5/2003, Stephen Swaney wrote: >Steve, > >I believe it refers to the rev anti-virus scanner at this site: > > >http://www.ravantivirus.com/index.php > >I have no experience with this scanner so I can't comment on quality. > >Steve >Stephen Swaney >President >Fortress Systems, Ltd. >Steve.Swaney@fsl.com >Phone: 202 352-3262 >U.S. Toll Free Phone and Fax: 877 746-6636 > > >On Thu, 2003-06-05 at 16:08, Steve Hickel wrote: >> >>Julian, >> >>You are the greatest. >> >>However, I do not know what RAV means nor where to look at it. >> >>Thanks, >> > From marco at MUW.EDU Fri Jun 6 05:08:24 2003 From: marco at MUW.EDU (Marco Obaid) Date: Thu Jan 12 21:18:24 2006 Subject: Copying Bayes Data In-Reply-To: <67D9E7698329D411936E00508B6590B90277390E@neelix.lbsltd.co.uk> References: <67D9E7698329D411936E00508B6590B90277390E@neelix.lbsltd.co.uk> Message-ID: <1054872504.3ee013b8ed78a@webmail.MUW.Edu> Hi, Is it possible to transfer the bayes_* files from one MS server to another? I tried it and I received the following when running "spamassassin -D --lint": Cannot open bayes_path /root/.spamassassin/bayes R/O: Inappropriate file type or format I have a copy of most of the spam and I think that I can let the new MS server learn those messages. I was just wondering if there is a quicker way. Thanks, Marco _________________________________________________________________ This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail For the latest MUW Events, visit http://www.MUW.Edu/calendar From ricardo at MAC.ZA.NET Fri Jun 6 08:31:45 2003 From: ricardo at MAC.ZA.NET (Ricardo) Date: Thu Jan 12 21:18:24 2006 Subject: EXIM + MAILSCANNER Message-ID: <006b01c32bfd$b0c3ad40$d194fea9@bump> Hi I'm new to mailscanner and I've set it up with exim (4.14). I can see the messages in /var/spool/exim.in/msglog but all my mesages are defered when I run exim -qff -v. R=defer_router defer (-1): All deliveries are deferred When I check my /var/log/maillog file it complains about this Syntax error in line 98, file "/usr/exim/bin/exim" for sendmail2 does not exist Any ideas? I'm desperate to get it up and running! Thanks Ricardo From steve.douglas at SBIINCORPORATED.COM Fri Jun 6 08:53:55 2003 From: steve.douglas at SBIINCORPORATED.COM (Steve Douglas) Date: Thu Jan 12 21:18:24 2006 Subject: I don't think Apam a susbect Message-ID: <3963522F0E71474CB14C0FF54A6914F701114F93@omar.schtre.com> I have sent numerous test spam messages through my MailScanner server. I am a newbie. I thought I had it, but the below is consistant. Can anyone interpret the below content from my syslogd? I don't think SpamAssassin isn't working. FYI: my platform is redhat 9. Thank you! ___________________________________________________ June 6 02:43:18 hprh MailScanner[8131]: MailScanner E-Mail Virus Scanner version 4.21-9 starting... Jun 6 02:43:19 hprh MailScanner[8131]: Enabling SpamAssassin auto-whitelist functionality... Jun 6 02:43:19 hprh MailScanner[8131]: Using locktype = flock Jun 6 02:43:28 hprh MailScanner[8132]: MailScanner E-Mail Virus Scanner version 4.21-9 starting... Jun 6 02:43:29 hprh MailScanner[8132]: Enabling SpamAssassin auto-whitelist functionality... Jun 6 02:43:29 hprh MailScanner[8132]: Using locktype = flock From ree at THUNDERSTAR.NET Fri Jun 6 08:53:50 2003 From: ree at THUNDERSTAR.NET (Ron E.) Date: Thu Jan 12 21:18:24 2006 Subject: Specific MailScanner & Postfix points Message-ID: Hopefully someone knows how to do some of this simply or can point me in the right direction. I am trying to accomplish the following with MailScanner & postfix: 1. At the moment I am quarantining messages tagged as spam by MailScanner, but not within MailScanner - ie - I have another MTA behind MailScanner that checks headers MailScanner inserts to find out if messages are spam or not. Spam messages are quarantined. The problem with this quarantine is that it becomes excessively slow when many messages have been quarantined and the other problem is that deleting the spam in the quarantine and finding the few false positives is unbelievably time consuming. The biggest problem is that it is not always simple to tell whether a message is spam based on it's sender, recipient & subject line - often it is, but there are enough messages that have to be individually opened to make this a real chore. The idea I had was maybe someone knows of something else I can put directly behind MailScanner that would create a web-based quarantine perhaps that in addition to showing sender, recipient & subject, perhaps it also intelligently extracts relevant text from each message. This would drastically speed up determining what is and isn't spam, would facilitate whitelisting the false positives, etc. 2. Set up a list of destination addresses that I want rejected during the connection - ie - I don't want any mail accepted for these addresses. Note that the "only accept known addresses" feature is not workable for this. 3. I would like to be able to do a degree of customized actions on messages based on header contents. For instance, I would like to forward a copy of all mail going to certain email addresses in some cases, and in other cases, forward a copy of mail to certain addresses but only those that match a certain subject line. Maybe mail archiving tools is the way to do this, I'm not sure. I'm mid going through various docs and how-tos, etc but I'm hoping someone has suggestions, on this. TIA, Ron From steve.freegard at LBSLTD.CO.UK Fri Jun 6 09:07:19 2003 From: steve.freegard at LBSLTD.CO.UK (Steve Freegard) Date: Thu Jan 12 21:18:24 2006 Subject: Copying Bayes Data Message-ID: <67D9E7698329D411936E00508B6590B90277390F@neelix.lbsltd.co.uk> Marco, This was discussed on the sa-talk list a while back - if I recall correctly, you _can_ do this as long as you use the same DB access method for both (e.g. for linux make sure you have the DB_File perl modules installed) and that you don't try to use a database from a machine with different architecture (litte-endian vs big-endian). It's probably worth checking the sa-talk archives to double-check this however. Hope this helps. Regards, Steve. -- Steve Freegard Systems Manager Littlehampton Book Services Ltd. -----Original Message----- From: Marco Obaid [mailto:marco@MUW.EDU] Sent: 06 June 2003 05:08 To: MAILSCANNER@JISCMAIL.AC.UK Hi, Is it possible to transfer the bayes_* files from one MS server to another? I tried it and I received the following when running "spamassassin -D --lint": Cannot open bayes_path /root/.spamassassin/bayes R/O: Inappropriate file type or format I have a copy of most of the spam and I think that I can let the new MS server learn those messages. I was just wondering if there is a quicker way. Thanks, Marco _________________________________________________________________ This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail For the latest MUW Events, visit http://www.MUW.Edu/calendar -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete the message from your mailbox. This footnote also confirms that this email message has been swept by MailScanner (www.mailscanner.info) for the presence of computer viruses. From tim-lists at BISHNET.NET Fri Jun 6 09:02:04 2003 From: tim-lists at BISHNET.NET (Tim Bishop) Date: Thu Jan 12 21:18:24 2006 Subject: EXIM + MAILSCANNER In-Reply-To: <006b01c32bfd$b0c3ad40$d194fea9@bump> References: <006b01c32bfd$b0c3ad40$d194fea9@bump> Message-ID: <20030606080204.GE46625@carrick.bishnet.net> On Fri, Jun 06, 2003 at 09:31:45AM +0200, Ricardo wrote: > I can see the messages in /var/spool/exim.in/msglog but all my mesages are > defered when I run exim -qff -v. > > R=defer_router defer (-1): All deliveries are deferred That is correct - the incoming side can not do deliveries, so they're all deferred. > When I check my /var/log/maillog file it complains about this > > Syntax error in line 98, file "/usr/exim/bin/exim" for sendmail2 does not > exist > > Any ideas? I'm desperate to get it up and running! You've got a mistake in your MailScanner.conf. The Sendmail2 configuration value points at a binary that doesn't exist. Find out where the Exim binary is and correct this option. Tim. -- Tim Bishop http://www.bishnet.net/tim PGP Key: 0x5AE7D984 From tim-lists at BISHNET.NET Fri Jun 6 09:02:29 2003 From: tim-lists at BISHNET.NET (Tim Bishop) Date: Thu Jan 12 21:18:24 2006 Subject: I don't think Apam a susbect In-Reply-To: <3963522F0E71474CB14C0FF54A6914F701114F93@omar.schtre.com> References: <3963522F0E71474CB14C0FF54A6914F701114F93@omar.schtre.com> Message-ID: <20030606080229.GF46625@carrick.bishnet.net> On Fri, Jun 06, 2003 at 02:53:55AM -0500, Steve Douglas wrote: > I have sent numerous test spam messages through my MailScanner server. I am > a newbie. I thought I had it, but the below is consistant. > > Can anyone interpret the below content from my syslogd? I don't think > SpamAssassin isn't working. FYI: my platform is redhat 9. > > Thank you! > ___________________________________________________ > June 6 02:43:18 hprh MailScanner[8131]: MailScanner > E-Mail Virus Scanner version 4.21-9 starting... > Jun 6 02:43:19 hprh MailScanner[8131]: Enabling > SpamAssassin auto-whitelist functionality... > Jun 6 02:43:19 hprh MailScanner[8131]: Using locktype > = flock > Jun 6 02:43:28 hprh MailScanner[8132]: MailScanner > E-Mail Virus Scanner version 4.21-9 starting... > Jun 6 02:43:29 hprh MailScanner[8132]: Enabling > SpamAssassin auto-whitelist functionality... > Jun 6 02:43:29 hprh MailScanner[8132]: Using locktype > = flock This looks like "normal" behaviour to me. Tim. -- Tim Bishop http://www.bishnet.net/tim PGP Key: 0x5AE7D984 From ricardo at MAC.ZA.NET Fri Jun 6 09:20:53 2003 From: ricardo at MAC.ZA.NET (Ricardo) Date: Thu Jan 12 21:18:24 2006 Subject: EXIM + MAILSCANNER References: <006b01c32bfd$b0c3ad40$d194fea9@bump> <20030606080204.GE46625@carrick.bishnet.net> Message-ID: <009001c32c04$8ea53970$d194fea9@bump> Hi there, Thanks for the reply. /usr/exim/bin/exim does exist though lrwxrwxrwx 1 root root 11 Jun 5 23:29 exim -> exim-4.14-2 -rwsr-xr-x 1 root root 977341 Jun 5 23:29 exim-4.14-2 Also mailscanner.conf doesn't seem to mind Sendmail = /usr/exim/bin/exim but Sendmail2 = /usr/exim/bin/exim -C /usr/exim/configure.out # Set how to invoke MTA when sending messages MailScanner has created # (e.g. to sender/recipient saying "found a virus in your message") # This can also be the filename of a ruleset. #Sendmail = /usr/lib/sendmail Sendmail = /usr/exim/bin/exim # Sendmail2 is provided for Exim users. # It is the command used to attempt delivery of outgoing cleaned/disinfected # messages. # This is not usually required for sendmail. # This can also be the filename of a ruleset. #For Exim users: Sendmail2 = /usr/sbin/exim -C /etc/exim/exim_send.conf #For sendmail users: Sendmail2 = /usr/lib/sendmail #Sendmail2 = /usr/lib/sendmail #Sendmail2 = /usr/sbin/sendmail -C /etc/exim/exim_send.conf Sendmail2 = /usr/exim/bin/exim -C /usr/exim/configure.out Any other ideas? ----- Original Message ----- From: "Tim Bishop" To: Sent: Friday, June 06, 2003 10:02 AM Subject: Re: EXIM + MAILSCANNER > On Fri, Jun 06, 2003 at 09:31:45AM +0200, Ricardo wrote: > > I can see the messages in /var/spool/exim.in/msglog but all my mesages are > > defered when I run exim -qff -v. > > > > R=defer_router defer (-1): All deliveries are deferred > > That is correct - the incoming side can not do deliveries, so they're > all deferred. > > > When I check my /var/log/maillog file it complains about this > > > > Syntax error in line 98, file "/usr/exim/bin/exim" for sendmail2 does not > > exist > > > > Any ideas? I'm desperate to get it up and running! > > You've got a mistake in your MailScanner.conf. The Sendmail2 > configuration value points at a binary that doesn't exist. Find out > where the Exim binary is and correct this option. > > Tim. > > -- > Tim Bishop > http://www.bishnet.net/tim > PGP Key: 0x5AE7D984 > From mailscanner at ecs.soton.ac.uk Fri Jun 6 09:49:59 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:25 2006 Subject: EXIM + MAILSCANNER In-Reply-To: <009001c32c04$8ea53970$d194fea9@bump> References: <006b01c32bfd$b0c3ad40$d194fea9@bump> <20030606080204.GE46625@carrick.bishnet.net> Message-ID: <5.2.0.9.2.20030606094937.0445daf8@imap.ecs.soton.ac.uk> How about you try Sendmail2 = /usr/exim/bin/exim-4.14-2 -C /usr/exim/configure.out ? At 09:20 06/06/2003, you wrote: >Hi there, > >Thanks for the reply. > >/usr/exim/bin/exim does exist though > >lrwxrwxrwx 1 root root 11 Jun 5 23:29 exim -> exim-4.14-2 >-rwsr-xr-x 1 root root 977341 Jun 5 23:29 exim-4.14-2 > >Also mailscanner.conf doesn't seem to mind Sendmail = /usr/exim/bin/exim but >Sendmail2 = /usr/exim/bin/exim -C /usr/exim/configure.out > ># Set how to invoke MTA when sending messages MailScanner has created ># (e.g. to sender/recipient saying "found a virus in your message") ># This can also be the filename of a ruleset. >#Sendmail = /usr/lib/sendmail >Sendmail = /usr/exim/bin/exim > ># Sendmail2 is provided for Exim users. ># It is the command used to attempt delivery of outgoing cleaned/disinfected ># messages. ># This is not usually required for sendmail. ># This can also be the filename of a ruleset. >#For Exim users: Sendmail2 = /usr/sbin/exim -C /etc/exim/exim_send.conf >#For sendmail users: Sendmail2 = /usr/lib/sendmail >#Sendmail2 = /usr/lib/sendmail >#Sendmail2 = /usr/sbin/sendmail -C /etc/exim/exim_send.conf >Sendmail2 = /usr/exim/bin/exim -C /usr/exim/configure.out > >Any other ideas? > >----- Original Message ----- >From: "Tim Bishop" >To: >Sent: Friday, June 06, 2003 10:02 AM >Subject: Re: EXIM + MAILSCANNER > > > > On Fri, Jun 06, 2003 at 09:31:45AM +0200, Ricardo wrote: > > > I can see the messages in /var/spool/exim.in/msglog but all my mesages >are > > > defered when I run exim -qff -v. > > > > > > R=defer_router defer (-1): All deliveries are deferred > > > > That is correct - the incoming side can not do deliveries, so they're > > all deferred. > > > > > When I check my /var/log/maillog file it complains about this > > > > > > Syntax error in line 98, file "/usr/exim/bin/exim" for sendmail2 does >not > > > exist > > > > > > Any ideas? I'm desperate to get it up and running! > > > > You've got a mistake in your MailScanner.conf. The Sendmail2 > > configuration value points at a binary that doesn't exist. Find out > > where the Exim binary is and correct this option. > > > > Tim. > > > > -- > > Tim Bishop > > http://www.bishnet.net/tim > > PGP Key: 0x5AE7D984 > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From dean.plant at ROKE.CO.UK Fri Jun 6 10:07:58 2003 From: dean.plant at ROKE.CO.UK (Plant, Dean) Date: Thu Jan 12 21:18:25 2006 Subject: F-prot says I need the mail server license Message-ID: <76C92FBBFB58D411AE760090271ED41805B33A64@rsys002a.roke.co.uk> Thanks to everyone who replied regarding F-Prot. I have emailed F-prot again to specify that I only need the command line scanner to scan files and I wait to hear their response. Dean Plant -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: 05 June 2003 20:17 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: F-prot says I need the mail server license I can only really add 1 comment this discussion. I have read their software licence very carefully. They completely fail to define the terms "workstation", "server" and "mail server". You only need the facilities provided by the "workstation" version. So you should be able to buy the "workstation" version and, as far as I can see, they haven't got a leg to stand on. My only concern is that if everyone buys the "workstation" version they might go bankrupt, which would be a loss for everyone. At 17:23 05/06/2003, you wrote: >On 5 Jun 2003 at 16:40, Plant, Dean wrote: > > > F-prot have advised me that I will need to use the mail server pricing > > model for use with Mailscanner which means I will have to look at > > other virus scanners. > >Looking at the message that you sent to them that might not necessarily be >the case. >They might have got the wrong idea. > > > > > -----Original Message----- > > > From: Plant, Dean [mailto:dean.plant@roke.co.uk] > > > Sent: 4. j?n? 2003 10:47 > > > To: 'sales@f-prot.com' > > > Subject: FW: FRISK-S-20030530-0027 (f-prot for Linux) > > > > > > I have a Linux file server that acts as a mail proxy and I would > > > like to > > use f-prot to > > > scan mail passing through the proxy (There are no mailboxes on the > > server). Will > > > the F-Prot Antivirus for Linux File Servers license allow this. > > > > >You've not really stated that you have an existing product that just needs >the command >line version to perform virus scanning. Given this e-mail your typical >salesperson might >just assume you want a fully blown virus scanning smtp gateway and that's what >they've recommended. > >David. > > >This communication may contain privileged or confidential information which >is for the exclusive use of the intended recipient. If you are not the >intended recipient, please note that you may not distribute or use this >communication or the information it contains. If this e-mail has reached you >in error, please delete it and any attachment. > >Internet communications are not secure and Barnet College does not accept >legal responsibility for the content of this message. Any views or opinions >expressed are those of the author and not necessarily those of Barnet College. > >Please note that Barnet College reserves the right to monitor the >source/destinations of all incoming or outgoing e-mail communications. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support -------------- next part -------------- Registered Office: Roke Manor Research Ltd, Siemens House, Oldbury, Bracknell, Berkshire. RG12 8FZ The information contained in this e-mail and any attachments is confidential to Roke Manor Research Ltd and must not be passed to any third party without permission. This communication is for information only and shall not create or change any contractual relationship. From ricardo at MAC.ZA.NET Fri Jun 6 10:08:08 2003 From: ricardo at MAC.ZA.NET (Ricardo) Date: Thu Jan 12 21:18:25 2006 Subject: EXIM + MAILSCANNER References: <006b01c32bfd$b0c3ad40$d194fea9@bump> <20030606080204.GE46625@carrick.bishnet.net> <5.2.0.9.2.20030606094937.0445daf8@imap.ecs.soton.ac.uk> Message-ID: <00a301c32c0b$287e15c0$d194fea9@bump> I've done that already :-| Weird that when I do ... root@mail:/home/ricardo# /usr/exim/bin/exim Exim is a Mail Transfer Agent. It is normally called by Mail User Agents, not directly from a shell command line. Options and/or arguments control what it does when called. For a list of options, see the Exim documentation. ... I get a result Why would it accept the specification for "sendmail" and not "sendmail2" even though they're referencing the same bin? Thanks! > How about you try > Sendmail2 = /usr/exim/bin/exim-4.14-2 -C /usr/exim/configure.out > ? > From michele at BLACKNIGHTSOLUTIONS.COM Fri Jun 6 10:10:36 2003 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:18:25 2006 Subject: F-prot says I need the mail server license In-Reply-To: <76C92FBBFB58D411AE760090271ED41805B33A64@rsys002a.roke.co.uk> References: <76C92FBBFB58D411AE760090271ED41805B33A64@rsys002a.roke.co.uk> Message-ID: <6101.213.140.31.170.1054890636.squirrel@www.blacknightsolutions.com> > My only concern is that if everyone buys the "workstation" version they > might go bankrupt, which would be a loss for everyone. Very true, however if theire licensing requires people to pay thousands to use the software legally we'll all go bankrupt too :P -- Mr. Michele Neylon Blacknight Solutions http://www.blacknightsolutions.com/ Shell hosting now available ######################################################### This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance to it is prohibited. From Anjana.Patel at CRANFIELD.AC.UK Fri Jun 6 10:33:42 2003 From: Anjana.Patel at CRANFIELD.AC.UK (Patel, Anjana) Date: Thu Jan 12 21:18:25 2006 Subject: mcafee & bugbear.b Message-ID: Hello, We've been blocking Bugbear.B since yesterday although as usual Mcafee appears to be slow in releasing their DATs. However I've noticed that every now and then mailscanner is blocking emails that have double extension attachments which look suspiciously like Bugbear.b but it is not picked up as Bugbear.B. I've tried scanning the quarantined attachment again with the latest DAT but again no virus is detected. Is this a different variant or is there a another problem. Has anyone else using mcafee noticed this? Thanks Anjana From f.rotondo at TESEO.IT Fri Jun 6 10:42:34 2003 From: f.rotondo at TESEO.IT (Francesco Rotondo) Date: Thu Jan 12 21:18:25 2006 Subject: mcafee & bugbear.b References: Message-ID: <01d701c32c0f$f5a26ca0$0464a8c0@teseo.info> Hi, > Hello, > > We've been blocking Bugbear.B since yesterday although as usual Mcafee > appears to be slow in releasing their DATs. However I've noticed that > every now and then mailscanner is blocking emails that have double > extension attachments which look suspiciously like Bugbear.b but it is > not picked up as Bugbear.B. I've tried scanning the quarantined > attachment again with the latest DAT but again no virus is detected. Is > this a different variant or is there a another problem. Has anyone else > using mcafee noticed this? > Even Sophos is not catching some viruses blocked because of the filename rules (thanks MS). It should be a variant of some old virus or maybe of the Bugbear itself as it is polymorphic. Regards. Francesco From raymond at PROLOCATION.NET Fri Jun 6 10:44:50 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:25 2006 Subject: F-prot says I need the mail server license In-Reply-To: <6101.213.140.31.170.1054890636.squirrel@www.blacknightsolutions.com> Message-ID: Hi! > > My only concern is that if everyone buys the "workstation" version they > > might go bankrupt, which would be a loss for everyone. > > Very true, however if theire licensing requires people to pay thousands to > use the software legally we'll all go bankrupt too :P I think if its really what they want, only 500 user versions for mail they wont sell to most of the people using it now. Pretty simple. So no buisiness case either that way. Bye, Raymond. From paul.hamilton at sme-ecom.co.uk Fri Jun 6 10:50:57 2003 From: paul.hamilton at sme-ecom.co.uk (Paul Hamilton) Date: Thu Jan 12 21:18:25 2006 Subject: FW: mcafee & bugbear.b Message-ID: <000001c32c11$2185f840$fc32000a@4> >Hello, >We've been blocking Bugbear.B since yesterday although as usual Mcafee >appears to be slow in releasing their DATs. However I've noticed that >every now and then mailscanner is blocking emails that have double >extension attachments which look suspiciously like Bugbear.b but it is >not picked up as Bugbear.B. I've tried scanning the quarantined >attachment again with the latest DAT but again no virus is detected. Is >this a different variant or is there a another problem. Has anyone else >using mcafee noticed this? We have seen similar behaviour with Sophos, Kaspersky and F-Prot. In some cases with the exact same attachment sent to two individuals within the same organisation minutes apart. Paul H. From malcolm.bishop at KCL.AC.UK Fri Jun 6 10:58:19 2003 From: malcolm.bishop at KCL.AC.UK (Malcolm Bishop) Date: Thu Jan 12 21:18:25 2006 Subject: mcafee & bugbear.b In-Reply-To: References: Message-ID: Hi, We are using McAfee and have noticed the same thing. Perhaps it is a new variant? However, I did have a quick look on a couple of anti-virus companies sites and there does not seem to be any information about a new variant. Thanks Malcolm > Hello, > > We've been blocking Bugbear.B since yesterday although as usual Mcafee > appears to be slow in releasing their DATs. However I've noticed that > every now and then mailscanner is blocking emails that have double > extension attachments which look suspiciously like Bugbear.b but it is > not picked up as Bugbear.B. I've tried scanning the quarantined > attachment again with the latest DAT but again no virus is detected. Is > this a different variant or is there a another problem. Has anyone else > using mcafee noticed this? > > Thanks > Anjana From Kevin.Spicer at BMRB.CO.UK Fri Jun 6 11:07:30 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:18:25 2006 Subject: mcafee & bugbear.b Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0EBF624@pascal.priv.bmrb.co.uk> > Hi, > > We are using McAfee and have noticed the same thing. Perhaps > it is a new > variant? However, I did have a quick look on a couple of anti-virus > companies sites and there does not seem to be any information about a > new variant. > Perhaps you should send the suspect files to your AV vendor for analysis? BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From steve.freegard at LBSLTD.CO.UK Fri Jun 6 11:17:18 2003 From: steve.freegard at LBSLTD.CO.UK (Steve Freegard) Date: Thu Jan 12 21:18:25 2006 Subject: mcafee & bugbear.b Message-ID: <67D9E7698329D411936E00508B6590B902793AC0@neelix.lbsltd.co.uk> Hi all, Further to this - it looks like Sophos updated their IDE definitions for Bugbear-B just before the 11am this morning, luckily in time for my sophos-autoupdate run to catch it. I also sent Sophos a load of attachments this morning that were stopped by the MailScanner filename rules that were not detected as viruses by SAVI. Regards, Steve. -- Steve Freegard Systems Manager Littlehampton Book Services Ltd. -----Original Message----- From: Spicer, Kevin [mailto:Kevin.Spicer@BMRB.CO.UK] Sent: 06 June 2003 11:08 To: MAILSCANNER@JISCMAIL.AC.UK > Hi, > > We are using McAfee and have noticed the same thing. Perhaps > it is a new > variant? However, I did have a quick look on a couple of anti-virus > companies sites and there does not seem to be any information about a > new variant. > Perhaps you should send the suspect files to your AV vendor for analysis? BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete the message from your mailbox. This footnote also confirms that this email message has been swept by MailScanner (www.mailscanner.info) for the presence of computer viruses. From malcolm.bishop at KCL.AC.UK Fri Jun 6 11:30:16 2003 From: malcolm.bishop at KCL.AC.UK (Malcolm Bishop) Date: Thu Jan 12 21:18:25 2006 Subject: mcafee & bugbear.b In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0EBF624@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB0EBF624@pascal.priv.bmrb.co.uk> Message-ID: Hi, In response to my previous e-mail I did notice the following on Mcafee site. -- Update June 05, 2003 -- AVERT has received a large number of truncated samples. These are damaged and do not infect. The next DAT release will contain detection of these samples as W32/Bugbear.b.dam. Additionally samples have been received that suggest the virus can mail the encrypted keylog file during its propagation routine. Therefore perhaps they are damaged bugbear.b files but I am sending a sample off for analysis. Thanks Malcolm On Fri, 6 Jun 2003 11:07:30 +0100 "Spicer, Kevin" wrote: > > Hi, > > > > We are using McAfee and have noticed the same thing. Perhaps > > it is a new > > variant? However, I did have a quick look on a couple of anti-virus > > companies sites and there does not seem to be any information about a > > new variant. > > > > Perhaps you should send the suspect files to your AV vendor for > analysis? > > > > BMRB International > http://www.bmrb.co.uk > +44 (0)20 8566 5000 > _________________________________________________________________ > This message (and any attachment) is intended only for the > recipient and may contain confidential and/or privileged > material. If you have received this in error, please contact the > sender and delete this message immediately. Disclosure, copying > or other action taken in respect of this email or in > reliance on it is prohibited. BMRB International Limited > accepts no liability in relation to any personal emails, or > content of any email which does not directly relate to our > business. ---------------------- Malcolm Bishop Systems Administrator School of Law, Kings College London, Strand, London, WC2R 2LS Tel: 020 7848 1107 Email: malcolm.bishop@kcl.ac.uk From m.sapsed at BANGOR.AC.UK Fri Jun 6 14:13:54 2003 From: m.sapsed at BANGOR.AC.UK (Martin Sapsed) Date: Thu Jan 12 21:18:25 2006 Subject: mcafee & bugbear.b References: <01d701c32c0f$f5a26ca0$0464a8c0@teseo.info> Message-ID: <3EE09392.2000207@bangor.ac.uk> Francesco Rotondo wrote: >>We've been blocking Bugbear.B since yesterday although as usual Mcafee >>appears to be slow in releasing their DATs. However I've noticed that >>every now and then mailscanner is blocking emails that have double >>extension attachments which look suspiciously like Bugbear.b but it is >>not picked up as Bugbear.B. I've tried scanning the quarantined >>attachment again with the latest DAT but again no virus is detected. Is >>this a different variant or is there a another problem. Has anyone else >>using mcafee noticed this? > > Even Sophos is not catching some viruses blocked because of the filename > rules (thanks MS). > It should be a variant of some old virus or maybe of the Bugbear itself as > it is polymorphic. I sent some items fitting this description to Sophos yesterday and this morning an update detecting "damaged" copies of Bugbear-B was released. Cheers, Martin -- Martin Sapsed Information Services "Who do you say I am?" University of Wales, Bangor Jesus of Nazareth From marco at MUW.EDU Fri Jun 6 14:25:33 2003 From: marco at MUW.EDU (Marco Obaid) Date: Thu Jan 12 21:18:25 2006 Subject: Weired Error In-Reply-To: References: <5C0296D26910694BB9A9BBFC577E7AB0EBF624@pascal.priv.bmrb.co.uk> Message-ID: <1054905933.3ee0964d95bb8@webmail.MUW.Edu> Good day everyone, I am seeing this error in my logs (repeadtly): Jun 6 06:42:54 avsmtp01 MailScanner[21510]: Cannot parse /var/spool/MailScanner/incoming/21510/h56BgeQd021498.header and , Can't locate object method "debug" via package "MIME::Parser::FileInto::MailScanner" at /opt/MailScanner/lib/MailScanner/Message.pm line 2603. I built this system last night. It is FreeBSD 4.8 Release running MS 4.21-9, SA 2.55, Command Antivirus. The mail is being delivered/received, as far as I can tell. Do I need to be concerned?!!! Marco _________________________________________________________________ This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail For the latest MUW Events, visit http://www.MUW.Edu/calendar From info at pro-invest.ca Fri Jun 6 14:32:47 2003 From: info at pro-invest.ca (Professional Investments Investor Services) Date: Thu Jan 12 21:18:25 2006 Subject: Mcafee autoupdate revisited Message-ID: HI, Sorry to badger this one, but I do not believe my autoupdate is working correctly. I have recently upgraded to 4.21-9, have removed the previous cron job that I had been calling and am relying on the rpm installed update_virus_scanners that is implemented in my cron.hourly directory. In my system log I can see that 04:01:01 pilx CROND[26206]: (root) CMD (run-parts /etc/cron.hourly) runs and then no subsequent errors however yesterday upon reading more regarding bugbear.b I checked my latest dat file and it had not been upgraded to mcafee's release on June 5th. Should I be looking elsewhere for an error? If you could please direct me to some things to check that would be greatly appreciated. Thanks again, >>>>>>>>>>>>>>>>>>>>> Mark Tavares IS Tech Support Professional Investments Inc. 1-888-548-8868 <<<<<<<<<<<<<<<<<<<<< From marco at MUW.EDU Fri Jun 6 14:51:13 2003 From: marco at MUW.EDU (Marco Obaid) Date: Thu Jan 12 21:18:25 2006 Subject: Weired Error In-Reply-To: <1054905933.3ee0964d95bb8@webmail.MUW.Edu> References: <5C0296D26910694BB9A9BBFC577E7AB0EBF624@pascal.priv.bmrb.co.uk> <1054905933.3ee0964d95bb8@webmail.MUW.Edu> Message-ID: <1054907473.3ee09c51e280f@webmail.MUW.Edu> Hi, > The mail is being delivered/received, as far as I > can tell. I take this back. The mail delivery is *halted* right now :( Marco _________________________________________________________________ This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail For the latest MUW Events, visit http://www.MUW.Edu/calendar From mailscanner at LISTS.COM.AR Fri Jun 6 14:56:25 2003 From: mailscanner at LISTS.COM.AR (Mariano Absatz) Date: Thu Jan 12 21:18:25 2006 Subject: ZMailer and MailScanner--a little problem. In-Reply-To: <3DFD0E385303F649AB7C31D651DEDD000E1746@mafalda.pert.com.ar> Message-ID: <3EE07359.31311.FE89922@localhost> Artur, Congrats!!! AFAIK you're user #2 of MailScanner+ZMailer (user #1 being me) :-) This is caused by a bug in the first version and after I sent a couple of patches, the last complete version of ZMailer.pm I sent to Julian didn't have this (more important) patch applied. Please patch ZMailer.pm with this: *** ZMailer.pm.ORI Mon Jun 2 09:44:42 2003 --- ZMailer.pm Mon Jun 2 09:45:07 2003 *************** *** 274,279 **** --- 274,284 ---- $message->{from} = lc($from); $FROMFound = 1; # We have found the sender } + if ($Line =~ /^channel error/) { + $from = ""; + $message->{from} = lc($from); + $FROMFound = 1; # We have found the (NULL) sender + } if ($Line =~ /^rcvdfrom /i) { $ip = $Line; #chomp $ip; The messages stuck in the queue are error bounces (sent from zmailer, e.g. because the recipient doesn't exist). These messages have a different format in the queue (instead of a "from xxx" they have a "channel error" line). This little patch handles this case. After the patch is applied restart (not reload) MailScanner (you don't have to turn off any part of ZMailer) and the messages will be delivered. Please, let me know it everything goes OK. El 5 Jun 2003 a las 17:30, Artur Meski escribi?: > Hello MailScanner hackers. > > I've found out, that in some conditions MailScanner behaves stangely. > > Take a look at this: > > [...] > Jun 5 17:39:56 naos MailScanner[49495]: Batch: Found invalid queue file > for message 224686 > Jun 5 17:39:56 naos MailScanner[49447]: Batch: Found invalid queue file > for message 224686 > Jun 5 17:39:58 naos MailScanner[49460]: Batch: Found invalid queue file > for message 224686 > Jun 5 17:40:01 naos MailScanner[49479]: Batch: Found invalid queue file > for message 224686 > Jun 5 17:40:01 naos MailScanner[49434]: Batch: Found invalid queue file > for message 224686 > Jun 5 17:40:01 naos MailScanner[49495]: Batch: Found invalid queue file > for message 224686 > Jun 5 17:40:01 naos MailScanner[49447]: Batch: Found invalid queue file > for message 224686 > Jun 5 17:40:03 naos MailScanner[49460]: Batch: Found invalid queue file > for message 224686 > Jun 5 17:40:06 naos MailScanner[49479]: Batch: Found invalid queue file > for message 224686 > [...] > > It does not affect every message--it happens from time to time. > > See attachement for queue file. It has no 'from' field in "env" part > (I think, it's ok for ZMailer). > > > -- Mariano Absatz El Baby ---------------------------------------------------------- I must confess, I was born at a very early age. -- Groucho Marx From dwinkler at ALGORITHMICS.COM Fri Jun 6 14:58:05 2003 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:18:25 2006 Subject: CustomConfig Message-ID: <06EE2C86D3DAD5119A6C0060943F3C97055E6FD4@tormail1.algorithmics.com> Any chance something like this could be added to CustomConfig? if ( -f "/opt/MailScanner/etc/CustomConfig.pm") { do "/opt/MailScanner/etc/CustomConfig.pm"; } It's easier for me to keep my CustomConfig in etc, I know after an upgrade to check this stuff. Thanks, Derek Winkler Security Administrator Algorithmics Inc., Toronto Tel: (416) 217-4107 Fax: (416) 971-6263 www.algorithmics.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030606/d7d66645/attachment.html From ratebor at pro.icp.ac.ru Fri Jun 6 15:09:56 2003 From: ratebor at pro.icp.ac.ru (Dmitriy Bokiy) Date: Thu Jan 12 21:18:25 2006 Subject: attachment action results in Postfix queue file corruption In-Reply-To: <5.2.1.1.2.20030605215658.03a1a2e0@imap.ecs.soton.ac.uk> References: <1054734746.10031.174.camel@speedy> <1054734746.10031.174.camel@speedy> <5.2.1.1.2.20030605215658.03a1a2e0@imap.ecs.soton.ac.uk> Message-ID: <631794441440.20030606180956@icp.ac.ru> 06/06/2003, 1:02:19 Julian Field wrote: > Please can you try this patch to PFDiskStore.pm: > --- PFDiskStore.pm 2003-06-02 10:03:03.000000000 +0100 > +++ PFDiskStore.pm.new 2003-06-05 21:59:16.000000000 +0100 > @@ -285,7 +285,7 @@ > $recipcounter = 0; > foreach $record (@{$message->{metadata}}) { > $record =~ /^(.)(.*)$/; > - $recipcounter++ if $1 =~ /[RO]/; > + $recipcounter++ if $1 =~ /R/; > } Did not help. Luckily the problem appears to be gone since I upgraded Perl to 5.6.1. Thank you for your time. -- Dmitriy From steve.douglas at SBIINCORPORATED.COM Fri Jun 6 15:10:58 2003 From: steve.douglas at SBIINCORPORATED.COM (Steve Douglas) Date: Thu Jan 12 21:18:25 2006 Subject: I don't think Apam a susbect Message-ID: <3963522F0E71474CB14C0FF54A6914F701114F96@omar.schtre.com> Thank you, Tim. The system is only under testing. The only thing I have difficulty with prior to going into production is a series of tests for my own confidence. I do appreciate your feed back. Have a good weekend! SD :-) > -----Original Message----- > From: Tim Bishop [mailto:tim-lists@BISHNET.NET] > Sent: Friday, June 06, 2003 3:02 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: I don't think Apam a susbect > > On Fri, Jun 06, 2003 at 02:53:55AM -0500, Steve Douglas wrote: > > I have sent numerous test spam messages through my MailScanner server. > I am > > a newbie. I thought I had it, but the below is consistant. > > > > Can anyone interpret the below content from my syslogd? I don't think > > SpamAssassin isn't working. FYI: my platform is redhat 9. > > > > Thank you! > > ___________________________________________________ > > June 6 02:43:18 hprh MailScanner[8131]: MailScanner > > E-Mail Virus Scanner version 4.21-9 starting... > > Jun 6 02:43:19 hprh MailScanner[8131]: Enabling > > SpamAssassin auto-whitelist functionality... > > Jun 6 02:43:19 hprh MailScanner[8131]: Using locktype > > = flock > > Jun 6 02:43:28 hprh MailScanner[8132]: MailScanner > > E-Mail Virus Scanner version 4.21-9 starting... > > Jun 6 02:43:29 hprh MailScanner[8132]: Enabling > > SpamAssassin auto-whitelist functionality... > > Jun 6 02:43:29 hprh MailScanner[8132]: Using locktype > > = flock > > This looks like "normal" behaviour to me. > > Tim. > > -- > Tim Bishop > http://www.bishnet.net/tim > PGP Key: 0x5AE7D984 From steve.douglas at SBIINCORPORATED.COM Fri Jun 6 15:22:03 2003 From: steve.douglas at SBIINCORPORATED.COM (Steve Douglas) Date: Thu Jan 12 21:18:25 2006 Subject: mcafee & bugbear.b Message-ID: <3963522F0E71474CB14C0FF54A6914F701114F97@omar.schtre.com> I haven't installed the latest post (270). My serer has Dat Verison: 4267, Engin Version, 4.2.40 and it detected and smoked the bugbear using heuristics presumably. SD :-) > -----Original Message----- > From: Steve Freegard [mailto:steve.freegard@LBSLTD.CO.UK] > Sent: Friday, June 06, 2003 5:17 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: mcafee & bugbear.b > > Hi all, > > Further to this - it looks like Sophos updated their IDE definitions for > Bugbear-B just before the 11am this morning, luckily in time for my > sophos-autoupdate run to catch it. > > I also sent Sophos a load of attachments this morning that were stopped by > the MailScanner filename rules that were not detected as viruses by SAVI. > > Regards, > Steve. > > -- > Steve Freegard > Systems Manager > Littlehampton Book Services Ltd. > > > -----Original Message----- > From: Spicer, Kevin [mailto:Kevin.Spicer@BMRB.CO.UK] > Sent: 06 June 2003 11:08 > To: MAILSCANNER@JISCMAIL.AC.UK > > > Hi, > > > > We are using McAfee and have noticed the same thing. Perhaps > > it is a new > > variant? However, I did have a quick look on a couple of anti-virus > > companies sites and there does not seem to be any information about a > > new variant. > > > > Perhaps you should send the suspect files to your AV vendor for analysis? > > > > BMRB International > http://www.bmrb.co.uk > +44 (0)20 8566 5000 > _________________________________________________________________ > This message (and any attachment) is intended only for the > recipient and may contain confidential and/or privileged > material. If you have received this in error, please contact the > sender and delete this message immediately. Disclosure, copying > or other action taken in respect of this email or in > reliance on it is prohibited. BMRB International Limited > accepts no liability in relation to any personal emails, or > content of any email which does not directly relate to our > business. > > -- > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the sender and delete the message from your mailbox. > > This footnote also confirms that this email message has been swept by > MailScanner (www.mailscanner.info) for the presence of computer viruses. From apm at CIFRID.NET Fri Jun 6 15:29:49 2003 From: apm at CIFRID.NET (Artur Meski) Date: Thu Jan 12 21:18:25 2006 Subject: ZMailer and MailScanner--a little problem (+one little suggestion :P). In-Reply-To: <3EE07359.31311.FE89922@localhost> References: <3EE07359.31311.FE89922@localhost> Message-ID: <8665njqnxe.fsf@shiningdiamond.localnet> Mariano Absatz writes: > Congrats!!! AFAIK you're user #2 of MailScanner+ZMailer (user #1 being me) Sirat : so I`m user #3 ;8] Sirat : you may tell it him So... he is #3. The number of users is growing. ;) > Please, let me know it everything goes OK. Ok, it works. :) I also asked about privileges of MailScanner. It was a stupid question, as I found out later (I put a comment at the end of line: 'Run As User = nonprivilegeduser # Comment about that setting' so I couldn't get it to work--now it works fine). ;) But! Are you using MailScanner running as an unprivileged user? How? My MS is currently running as a 'daemon' user with a little changes in the source code. I don't know whether it's ok, so I would like to consult it... Artur. -- // WWW: artur.black.pl // PGP: finger apm@heze.cifrid.net // From P.G.M.Peters at CIV.UTWENTE.NL Fri Jun 6 15:41:01 2003 From: P.G.M.Peters at CIV.UTWENTE.NL (Peter Peters) Date: Thu Jan 12 21:18:25 2006 Subject: filename rules question Message-ID: The filename rules conf file has allow and deny lines. I haven't seen a default line so I wonder what will happen with an extension that doesn't match any line. I believe (from my experience) the message will be allowed. But then a lot of allow lines can be removed (and speeding up MailScanner)? -- Peter Peters, senior netwerkbeheerder Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/civ From mailscanner at LISTS.COM.AR Fri Jun 6 15:41:06 2003 From: mailscanner at LISTS.COM.AR (Mariano Absatz) Date: Thu Jan 12 21:18:25 2006 Subject: mcafee & bugbear.b In-Reply-To: <3963522F0E71474CB14C0FF54A6914F701114F97@omar.schtre.com> Message-ID: <3EE07DD2.29839.10118067@localhost> Steve, Current dat is 4270... my servers got 4268 on June 1st at about 21:45 UTC, 4269 on June 4th at about 18:45 UTC and 4270 yesterday (June 5th at about 16:45 UTC). You should configure a cron job for mcaffee-autoupdate to run frequently... I have it configured to run every hour. BTW, Tony, I understand you mantain mcafee-autoupdate, is that right? I sent a patch a while ago adding a little more verbosity to the "-v" mode, did you see it? If I do a similar modification to the current (from MS 4.21) version would you incorporate it? It is only cosmetic, but as I prefer to log the script activity (via a plain ">>" in the crontab file), I like having a couple of timestamps available. If you prefer I could add an extra command line option for this to be turned on, I only tried to be minimalistic with the modifications. Thanx. El 6 Jun 2003 a las 9:22, Steve Douglas escribi?: > I haven't installed the latest post (270). My serer has Dat Verison: 4267, > Engin Version, 4.2.40 and it detected and smoked the bugbear using > heuristics presumably. I think bugbear uses double extensions (.doc.pif, etc) that MailScanner's standard filename rules prohibit, as well as the extensions themselves (.pif, .scr, etc.). > > SD > :-) > > > > -----Original Message----- > > From: Steve Freegard [mailto:steve.freegard@LBSLTD.CO.UK] > > Sent: Friday, June 06, 2003 5:17 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: mcafee & bugbear.b > > > > Hi all, > > > > Further to this - it looks like Sophos updated their IDE definitions for > > Bugbear-B just before the 11am this morning, luckily in time for my > > sophos-autoupdate run to catch it. > > > > I also sent Sophos a load of attachments this morning that were stopped by > > the MailScanner filename rules that were not detected as viruses by SAVI. > > > > Regards, > > Steve. > > > > -- > > Steve Freegard > > Systems Manager > > Littlehampton Book Services Ltd. > > > > > > -----Original Message----- > > From: Spicer, Kevin [mailto:Kevin.Spicer@BMRB.CO.UK] > > Sent: 06 June 2003 11:08 > > To: MAILSCANNER@JISCMAIL.AC.UK > > > > > Hi, > > > > > > We are using McAfee and have noticed the same thing. Perhaps > > > it is a new > > > variant? However, I did have a quick look on a couple of anti-virus > > > companies sites and there does not seem to be any information about a > > > new variant. > > > > > > > Perhaps you should send the suspect files to your AV vendor for analysis? > > > > > > > > BMRB International > > http://www.bmrb.co.uk > > +44 (0)20 8566 5000 > > _________________________________________________________________ > > This message (and any attachment) is intended only for the > > recipient and may contain confidential and/or privileged > > material. If you have received this in error, please contact the > > sender and delete this message immediately. Disclosure, copying > > or other action taken in respect of this email or in > > reliance on it is prohibited. BMRB International Limited > > accepts no liability in relation to any personal emails, or > > content of any email which does not directly relate to our > > business. > > > > -- > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please notify > > the sender and delete the message from your mailbox. > > > > This footnote also confirms that this email message has been swept by > > MailScanner (www.mailscanner.info) for the presence of computer viruses. -- Mariano Absatz El Baby ---------------------------------------------------------- CChheecckk yyoouurr dduupplleexx sswwiittcchh!! From steve.douglas at SBIINCORPORATED.COM Fri Jun 6 15:44:48 2003 From: steve.douglas at SBIINCORPORATED.COM (Steve Douglas) Date: Thu Jan 12 21:18:25 2006 Subject: mcafee & bugbear.b Message-ID: <3963522F0E71474CB14C0FF54A6914F701114F98@omar.schtre.com> Where may I review and modify the document type that should can pass through? SD :-) > -----Original Message----- > From: Mariano Absatz [mailto:mailscanner@LISTS.COM.AR] > Sent: Friday, June 06, 2003 9:41 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: mcafee & bugbear.b > > Steve, > > Current dat is 4270... my servers got 4268 on June 1st at about 21:45 UTC, > 4269 on June 4th at about 18:45 UTC and 4270 yesterday (June 5th at about > 16:45 UTC). > > You should configure a cron job for mcaffee-autoupdate to run > frequently... I > have it configured to run every hour. > > BTW, Tony, I understand you mantain mcafee-autoupdate, is that right? I > sent > a patch a while ago adding a little more verbosity to the "-v" mode, did > you > see it? > > If I do a similar modification to the current (from MS 4.21) version would > you incorporate it? It is only cosmetic, but as I prefer to log the script > activity (via a plain ">>" in the crontab file), I like having a couple of > timestamps available. If you prefer I could add an extra command line > option > for this to be turned on, I only tried to be minimalistic with the > modifications. > > Thanx. > > El 6 Jun 2003 a las 9:22, Steve Douglas escribi?: > > > I haven't installed the latest post (270). My serer has Dat Verison: > 4267, > > Engin Version, 4.2.40 and it detected and smoked the bugbear using > > heuristics presumably. > I think bugbear uses double extensions (.doc.pif, etc) that MailScanner's > standard filename rules prohibit, as well as the extensions themselves > (.pif, > .scr, etc.). > > > > > SD > > :-) > > > > > > > -----Original Message----- > > > From: Steve Freegard [mailto:steve.freegard@LBSLTD.CO.UK] > > > Sent: Friday, June 06, 2003 5:17 AM > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Subject: Re: mcafee & bugbear.b > > > > > > Hi all, > > > > > > Further to this - it looks like Sophos updated their IDE definitions > for > > > Bugbear-B just before the 11am this morning, luckily in time for my > > > sophos-autoupdate run to catch it. > > > > > > I also sent Sophos a load of attachments this morning that were > stopped by > > > the MailScanner filename rules that were not detected as viruses by > SAVI. > > > > > > Regards, > > > Steve. > > > > > > -- > > > Steve Freegard > > > Systems Manager > > > Littlehampton Book Services Ltd. > > > > > > > > > -----Original Message----- > > > From: Spicer, Kevin [mailto:Kevin.Spicer@BMRB.CO.UK] > > > Sent: 06 June 2003 11:08 > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > > > > > Hi, > > > > > > > > We are using McAfee and have noticed the same thing. Perhaps > > > > it is a new > > > > variant? However, I did have a quick look on a couple of anti-virus > > > > companies sites and there does not seem to be any information about > a > > > > new variant. > > > > > > > > > > Perhaps you should send the suspect files to your AV vendor for > analysis? > > > > > > > > > > > > BMRB International > > > http://www.bmrb.co.uk > > > +44 (0)20 8566 5000 > > > _________________________________________________________________ > > > This message (and any attachment) is intended only for the > > > recipient and may contain confidential and/or privileged > > > material. If you have received this in error, please contact the > > > sender and delete this message immediately. Disclosure, copying > > > or other action taken in respect of this email or in > > > reliance on it is prohibited. BMRB International Limited > > > accepts no liability in relation to any personal emails, or > > > content of any email which does not directly relate to our > > > business. > > > > > > -- > > > This email and any files transmitted with it are confidential and > > > intended solely for the use of the individual or entity to whom they > > > are addressed. If you have received this email in error please notify > > > the sender and delete the message from your mailbox. > > > > > > This footnote also confirms that this email message has been swept by > > > MailScanner (www.mailscanner.info) for the presence of computer > viruses. > > > -- > Mariano Absatz > El Baby > ---------------------------------------------------------- > CChheecckk yyoouurr dduupplleexx sswwiittcchh!! From mailscanner at LISTS.COM.AR Fri Jun 6 15:46:12 2003 From: mailscanner at LISTS.COM.AR (Mariano Absatz) Date: Thu Jan 12 21:18:25 2006 Subject: ZMailer and MailScanner--a little problem (+one little suggestion :P). In-Reply-To: <8665njqnxe.fsf@shiningdiamond.localnet> References: <3EE07359.31311.FE89922@localhost> Message-ID: <3EE07F04.1402.10162B8E@localhost> El 6 Jun 2003 a las 16:29, Artur Meski escribi?: > Mariano Absatz writes: > > > Congrats!!! AFAIK you're user #2 of MailScanner+ZMailer (user #1 being me) > > Sirat : so I`m user #3 ;8] > Sirat : you may tell it him > > So... he is #3. The number of users is growing. ;) We're crowds right now! :-P > > > Please, let me know it everything goes OK. > > Ok, it works. :) Great! > > I also asked about privileges of MailScanner. It was a stupid > question, as I found out later (I put a comment at the end of line: > 'Run As User = nonprivilegeduser # Comment about that setting' so I > couldn't get it to work--now it works fine). ;) > > But! Are you using MailScanner running as an unprivileged user? How? > My MS is currently running as a 'daemon' user with a little changes in > the source code. I don't know whether it's ok, so I would like to > consult it... I didn't see your previous question about nonprvileged user... actually I only run it as root... ZMailer usually runs as root and postoffice permissions only allows root to mess around there. I never run zmailer as non-root... is that possible? I guess that if it is so, using the same user for zmailer and MailScanner should be possible (in fact, I guess it should be necessary). You should check permissions on MailScanner temporary directories, but that should be it. -- Mariano Absatz El Baby ---------------------------------------------------------- What is a "free" gift ? Aren't all gifts free? From mailscanner at LISTS.COM.AR Fri Jun 6 16:00:30 2003 From: mailscanner at LISTS.COM.AR (Mariano Absatz) Date: Thu Jan 12 21:18:25 2006 Subject: filename rules question In-Reply-To: Message-ID: <3EE0825E.2929.1023461B@localhost> IIRC, rules are processed from top to bottom, and, as soon as one matches, the process stops. This allows you to say something like: allow everything that ends in ".jpg" allow everything that ends in ".gif" deny everything that ends in ".exe" deny everything that ends in ".???.???" And an attachment ending in ".???.jpg" will be allowed (as per rule #1) but if it ends in ".jpg.scr" it will be denied (although there is no specific rule to deny files ending in ".scr". And, as you state, I recall the default is to allow any filename not matching any rule... El 6 Jun 2003 a las 16:41, Peter Peters escribi?: > The filename rules conf file has allow and deny lines. I haven't seen a > default line so I wonder what will happen with an extension that doesn't > match any line. I believe (from my experience) the message will be > allowed. But then a lot of allow lines can be removed (and speeding up > MailScanner)? > > -- > Peter Peters, senior netwerkbeheerder > Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) > Universiteit Twente, Postbus 217, 7500 AE Enschede > telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/civ -- Mariano Absatz El Baby ---------------------------------------------------------- Conjecture: All odd numbers are prime. Mathematician's Proof: 3 is prime. 5 is prime. 7 is prime. By induction, all odd numbers are prime. Physicist's Proof: 3 is prime. 5 is prime. 7 is prime. 9 is experimental error. 11 is prime. 13 is prime ... Engineer's Proof: 3 is prime. 5 is prime. 7 is prime. 9 is prime. 11 is prime. 13 is prime ... Computer Scientists's Proof: 3 is prime. 3 is prime. 3 is prime. 3 is prime... From apm at CIFRID.NET Fri Jun 6 16:02:36 2003 From: apm at CIFRID.NET (Artur Meski) Date: Thu Jan 12 21:18:25 2006 Subject: ZMailer and MailScanner--a little problem (+one little suggestion :P). In-Reply-To: <3EE07F04.1402.10162B8E@localhost> References: <3EE07359.31311.FE89922@localhost> <3EE07F04.1402.10162B8E@localhost> Message-ID: <86znkvp7ub.fsf@shiningdiamond.localnet> Mariano Absatz writes: > I never run zmailer as non-root... is that possible? I guess that if it is > so, using the same user for zmailer and MailScanner should be possible (in > fact, I guess it should be necessary). You should check permissions on > MailScanner temporary directories, but that should be it. Look: Processes: [...] daemon 33516 0,0 4,6 24524 24008 ?? SJ 16:17 0:02,25 /usr/bin/perl -I/usr/local/lib/MailScanner /usr/local/libexec/MailSca daemon 33517 0,0 4,6 24608 24104 ?? SJ 16:17 0:02,57 /usr/bin/perl -I/usr/local/lib/MailScanner /usr/local/libexec/MailSca daemon 33518 0,0 4,6 24604 24100 ?? SJ 16:18 0:02,96 /usr/bin/perl -I/usr/local/lib/MailScanner /usr/local/libexec/MailSca [...] Permissions: drwxr-xr-x 5 daemon wheel 512 5 Cze 23:46 /var/spool/MailScanner/ drwxrwsrwt 2 root wheel 512 6 Cze 16:46 /var/spool/postoffice-incoming/router/ drwxrwsrwt 28 root wheel 512 6 Cze 16:46 /var/spool/postoffice/router/ MailScanner.conf: Run As User = daemon I also had to change MailScanner's source code, because it was checking the owner of that directories. Maybe it's a good sollution? Maybe it's an useful information for MS+ZM users (for throng of them ;P) and it's worth putting into the documentation? Artur. -- // WWW: artur.black.pl // PGP: finger apm@heze.cifrid.net // From mailscanner at LISTS.COM.AR Fri Jun 6 16:20:16 2003 From: mailscanner at LISTS.COM.AR (Mariano Absatz) Date: Thu Jan 12 21:18:25 2006 Subject: ZMailer and MailScanner--a little problem (+one little suggestion :P). In-Reply-To: <86znkvp7ub.fsf@shiningdiamond.localnet> References: <3EE07F04.1402.10162B8E@localhost> Message-ID: <3EE08700.12996.10355F0F@localhost> Nice... I guess you modified the end of the CheckQueuesAreTogether() function in bin/MailScanner so it doesn't die 'cause you're daemon and the incoming router directory is owned by root. Maybe we could elegantly modify this to check for same ownership, or else, so that we have read&write permission on this directory before dying (so that we don't break current behavior). Julian, what do you think about it? As you can see from the sample below, the queue directories in ZMailer are world writable (but sticky), and thus you don't need that the owner of that directory is the same as you... El 6 Jun 2003 a las 17:02, Artur Meski escribi?: > Mariano Absatz writes: > > > I never run zmailer as non-root... is that possible? I guess that if it is > > so, using the same user for zmailer and MailScanner should be possible (in > > fact, I guess it should be necessary). You should check permissions on > > MailScanner temporary directories, but that should be it. > > Look: > > Processes: > [...] > daemon 33516 0,0 4,6 24524 24008 ?? SJ 16:17 0:02,25 /usr/bin/perl -I/usr/local/lib/MailScanner /usr/local/libexec/MailSca > daemon 33517 0,0 4,6 24608 24104 ?? SJ 16:17 0:02,57 /usr/bin/perl -I/usr/local/lib/MailScanner /usr/local/libexec/MailSca > daemon 33518 0,0 4,6 24604 24100 ?? SJ 16:18 0:02,96 /usr/bin/perl -I/usr/local/lib/MailScanner /usr/local/libexec/MailSca > [...] > > Permissions: > drwxr-xr-x 5 daemon wheel 512 5 Cze 23:46 /var/spool/MailScanner/ > drwxrwsrwt 2 root wheel 512 6 Cze 16:46 /var/spool/postoffice-incoming/router/ > drwxrwsrwt 28 root wheel 512 6 Cze 16:46 /var/spool/postoffice/router/ > > MailScanner.conf: > Run As User = daemon > > > I also had to change MailScanner's source code, because it was > checking the owner of that directories. > > Maybe it's a good sollution? Maybe it's an useful information for > MS+ZM users (for throng of them ;P) and it's worth putting into the > documentation? > > Artur. > > -- > // WWW: artur.black.pl // PGP: finger apm@heze.cifrid.net // -- Mariano Absatz El Baby ---------------------------------------------------------- C makes it easy to shoot yourself in the foot. C++ makes it harder, but when you do, it blows away your whole leg." -- Bjarne Stroustrup From mailscanner at ecs.soton.ac.uk Fri Jun 6 15:13:26 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:25 2006 Subject: Mcafee autoupdate revisited In-Reply-To: Message-ID: <5.2.0.9.2.20030606151259.04518408@imap.ecs.soton.ac.uk> Try running /usr/lib/MailScanner/mcafee-autoupdate and see if it says anything useful (or posts anything useful in your maillog). At 14:32 06/06/2003, you wrote: >HI, > >Sorry to badger this one, but I do not believe my autoupdate is working >correctly. I have recently upgraded to 4.21-9, have removed the previous >cron job that I had been calling and am relying on the rpm installed >update_virus_scanners that is implemented in my cron.hourly directory. In my >system log I can see that 04:01:01 pilx CROND[26206]: (root) CMD (run-parts >/etc/cron.hourly) runs and then no subsequent errors however yesterday upon >reading more regarding bugbear.b I checked my latest dat file and it had not >been upgraded to mcafee's release on June 5th. Should I be looking elsewhere >for an error? If you could please direct me to some things to check that >would be greatly appreciated. > >Thanks again, > > >>>>>>>>>>>>>>>>>>>>> >Mark Tavares >IS Tech Support >Professional Investments Inc. >1-888-548-8868 ><<<<<<<<<<<<<<<<<<<<< -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Fri Jun 6 15:12:19 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:25 2006 Subject: Weired Error In-Reply-To: <1054905933.3ee0964d95bb8@webmail.MUW.Edu> References: <5C0296D26910694BB9A9BBFC577E7AB0EBF624@pascal.priv.bmrb.co.uk> Message-ID: <5.2.0.9.2.20030606151018.04e16f50@imap.ecs.soton.ac.uk> At 14:25 06/06/2003, you wrote: >Good day everyone, > >I am seeing this error in my logs (repeadtly): > >Jun 6 06:42:54 avsmtp01 MailScanner[21510]: Cannot >parse /var/spool/MailScanner/incoming/21510/h56BgeQd021498.header and , Can't >locate object method "debug" via package "MIME::Parser::FileInto::MailScanner" >at /opt/MailScanner/lib/MailScanner/Message.pm line 2603. This means that your Perl, for some unknown reason, is not picking up the inherited packages correctly. You should be able to simply comment out (or delete) the "debug" lines on lines 2603, 2614, 2624, 2647. What version of perl are you running? I have never come across this before, not ever. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Fri Jun 6 16:17:57 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:25 2006 Subject: filename rules question In-Reply-To: <3EE0825E.2929.1023461B@localhost> References: Message-ID: <5.2.0.9.2.20030606161752.04dec7f0@imap.ecs.soton.ac.uk> Correct on all counts. At 16:00 06/06/2003, you wrote: >IIRC, rules are processed from top to bottom, and, as soon as one matches, >the process stops. > >This allows you to say something like: > >allow everything that ends in ".jpg" >allow everything that ends in ".gif" >deny everything that ends in ".exe" >deny everything that ends in ".???.???" > >And an attachment ending in ".???.jpg" will be allowed (as per rule #1) but >if it ends in ".jpg.scr" it will be denied (although there is no specific >rule to deny files ending in ".scr". > >And, as you state, I recall the default is to allow any filename not matching >any rule... > >El 6 Jun 2003 a las 16:41, Peter Peters escribi?: > > > The filename rules conf file has allow and deny lines. I haven't seen a > > default line so I wonder what will happen with an extension that doesn't > > match any line. I believe (from my experience) the message will be > > allowed. But then a lot of allow lines can be removed (and speeding up > > MailScanner)? > > > > -- > > Peter Peters, senior netwerkbeheerder > > Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) > > Universiteit Twente, Postbus 217, 7500 AE Enschede > > telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/civ > > >-- >Mariano Absatz >El Baby >---------------------------------------------------------- >Conjecture: All odd numbers are prime. > Mathematician's Proof: > 3 is prime. 5 is prime. 7 is prime. By induction, all > odd numbers are prime. > Physicist's Proof: > 3 is prime. 5 is prime. 7 is prime. 9 is experimental > error. 11 is prime. 13 is prime ... > Engineer's Proof: > 3 is prime. 5 is prime. 7 is prime. 9 is prime. > 11 is prime. 13 is prime ... > Computer Scientists's Proof: > 3 is prime. 3 is prime. 3 is prime. 3 is prime... -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Fri Jun 6 16:21:44 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:25 2006 Subject: ZMailer and MailScanner--a little problem (+one little suggestion :P). In-Reply-To: <3EE08700.12996.10355F0F@localhost> References: <86znkvp7ub.fsf@shiningdiamond.localnet> <3EE07F04.1402.10162B8E@localhost> Message-ID: <5.2.0.9.2.20030606162102.04d1afd8@imap.ecs.soton.ac.uk> How about I split the CheckQueuesAreTogether code so that it is separate for each MTA. Then we can do whatever combination we like, while still being easy to maintain. At 16:20 06/06/2003, you wrote: >Nice... > >I guess you modified the end of the CheckQueuesAreTogether() function in >bin/MailScanner so it doesn't die 'cause you're daemon and the incoming >router directory is owned by root. > >Maybe we could elegantly modify this to check for same ownership, or else, so >that we have read&write permission on this directory before dying (so that we >don't break current behavior). > >Julian, what do you think about it? As you can see from the sample below, the >queue directories in ZMailer are world writable (but sticky), and thus you >don't need that the owner of that directory is the same as you... > >El 6 Jun 2003 a las 17:02, Artur Meski escribi?: > > > Mariano Absatz writes: > > > > > I never run zmailer as non-root... is that possible? I guess that if > it is > > > so, using the same user for zmailer and MailScanner should be > possible (in > > > fact, I guess it should be necessary). You should check permissions on > > > MailScanner temporary directories, but that should be it. > > > > Look: > > > > Processes: > > [...] > > daemon 33516 0,0 4,6 24524 24008 ?? SJ 16:17 0:02,25 > /usr/bin/perl -I/usr/local/lib/MailScanner /usr/local/libexec/MailSca > > daemon 33517 0,0 4,6 24608 24104 ?? SJ 16:17 0:02,57 > /usr/bin/perl -I/usr/local/lib/MailScanner /usr/local/libexec/MailSca > > daemon 33518 0,0 4,6 24604 24100 ?? SJ 16:18 0:02,96 > /usr/bin/perl -I/usr/local/lib/MailScanner /usr/local/libexec/MailSca > > [...] > > > > Permissions: > > drwxr-xr-x 5 daemon wheel 512 5 Cze 23:46 /var/spool/MailScanner/ > > drwxrwsrwt 2 root wheel 512 6 Cze 16:46 > /var/spool/postoffice-incoming/router/ > > drwxrwsrwt 28 root wheel 512 6 Cze 16:46 > /var/spool/postoffice/router/ > > > > MailScanner.conf: > > Run As User = daemon > > > > > > I also had to change MailScanner's source code, because it was > > checking the owner of that directories. > > > > Maybe it's a good sollution? Maybe it's an useful information for > > MS+ZM users (for throng of them ;P) and it's worth putting into the > > documentation? > > > > Artur. > > > > -- > > // WWW: artur.black.pl // PGP: finger apm@heze.cifrid.net // > > >-- >Mariano Absatz >El Baby >---------------------------------------------------------- >C makes it easy to shoot yourself in the foot. C++ makes it >harder, but when you do, it blows away your whole leg." > -- Bjarne Stroustrup -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From ryanb at AACRAO.ORG Fri Jun 6 16:29:21 2003 From: ryanb at AACRAO.ORG (Bingham, Ryan) Date: Thu Jan 12 21:18:25 2006 Subject: filtering file types vs. extensions Message-ID: Hi Julian, This is just a feature question. Some of the commercial products (Sybari's Antigen for Exchange comes to mind) that (try to) do what MailScanner does have the ability to discern the file type even if the extension does not match (e.g. spot a Windows executable file even if it doesn't have an .exe extension). Is this something that would ever be possible with MailScanner? Thanks again for an awesome program!! Ryan From marco at MUW.EDU Fri Jun 6 16:35:28 2003 From: marco at MUW.EDU (Marco Obaid) Date: Thu Jan 12 21:18:25 2006 Subject: Weired Error In-Reply-To: <5.2.0.9.2.20030606151018.04e16f50@imap.ecs.soton.ac.uk> References: <5C0296D26910694BB9A9BBFC577E7AB0EBF624@pascal.priv.bmrb.co.uk> <5.2.0.9.2.20030606151018.04e16f50@imap.ecs.soton.ac.uk> Message-ID: <1054913728.3ee0b4c0708a3@webmail.MUW.Edu> Hi Julian, > This means that your Perl, for some unknown reason, is not picking up the > inherited packages correctly. > You should be able to simply comment out (or delete) the "debug" lines on > lines 2603, 2614, 2624, 2647. I will shortly. > > What version of perl are you running? I have never come across this before, > not ever. The version that is shipped with FreeBSD is 5.0003, I believe. However, when I installed SpamAssassin, I used the following: perl -MCPAN -e shell prerequisites_policy ask install Mail::SpamAssassin During the SA install, I was asked to install some dependencies, one of them I remember clearly was HTML::Parser. I answered 'y' to the question. Then for some strange reason, it installed perl-5.8.0 first, then it installed the dependecies and finally SpamAssassin. To eliminate confusion, I renamed /usr/bin/perl to /usr/bin/perl-dist and then I created a link /usr/bin/perl -> /usr/local/bin/perl I have re-installed the FreeBSD system twice already and in the two instances, everytime I try to install SA using the above method, perl-5.8.0 gets installed. Do you think that's part of the problem? Thank you for any insights Marco _________________________________________________________________ This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail For the latest MUW Events, visit http://www.MUW.Edu/calendar From mailscanner at LISTS.COM.AR Fri Jun 6 16:35:25 2003 From: mailscanner at LISTS.COM.AR (Mariano Absatz) Date: Thu Jan 12 21:18:25 2006 Subject: filtering file types vs. extensions In-Reply-To: Message-ID: <3EE08A8D.3778.10433DFC@localhost> That should be possible using the magic file and the logic that the file command uses (with that same file). See: man magic man file El 6 Jun 2003 a las 11:29, Bingham, Ryan escribi?: > Hi Julian, > > This is just a feature question. Some of the commercial products > (Sybari's Antigen for Exchange comes to mind) that (try to) do what > MailScanner does have the ability to discern the file type even if the > extension does not match (e.g. spot a Windows executable file even if it > doesn't have an .exe extension). > > Is this something that would ever be possible with MailScanner? > > Thanks again for an awesome program!! > > Ryan -- Mariano Absatz El Baby ---------------------------------------------------------- It is now proved beyond doubt that smoking is one of the leading causes of statistics. -- Fletcher Knebel From mailscanner at LISTS.COM.AR Fri Jun 6 16:37:45 2003 From: mailscanner at LISTS.COM.AR (Mariano Absatz) Date: Thu Jan 12 21:18:25 2006 Subject: ZMailer and MailScanner--a little problem (+one little suggestion :P). In-Reply-To: <5.2.0.9.2.20030606162102.04d1afd8@imap.ecs.soton.ac.uk> References: <3EE08700.12996.10355F0F@localhost> Message-ID: <3EE08B19.20214.10456065@localhost> Great idea! I think that belongs in SMDiskStore... maybe renaming into something more general like: MailScanner::SMDiskStore::CheckQueuesAreOK() or something like that... El 6 Jun 2003 a las 16:21, Julian Field escribi?: > How about I split the CheckQueuesAreTogether code so that it is separate > for each MTA. Then we can do whatever combination we like, while still > being easy to maintain. > > At 16:20 06/06/2003, you wrote: > >Nice... > > > >I guess you modified the end of the CheckQueuesAreTogether() function in > >bin/MailScanner so it doesn't die 'cause you're daemon and the incoming > >router directory is owned by root. > > > >Maybe we could elegantly modify this to check for same ownership, or else, so > >that we have read&write permission on this directory before dying (so that we > >don't break current behavior). > > > >Julian, what do you think about it? As you can see from the sample below, the > >queue directories in ZMailer are world writable (but sticky), and thus you > >don't need that the owner of that directory is the same as you... > > > >El 6 Jun 2003 a las 17:02, Artur Meski escribi?: > > > > > Mariano Absatz writes: > > > > > > > I never run zmailer as non-root... is that possible? I guess that if > > it is > > > > so, using the same user for zmailer and MailScanner should be > > possible (in > > > > fact, I guess it should be necessary). You should check permissions on > > > > MailScanner temporary directories, but that should be it. > > > > > > Look: > > > > > > Processes: > > > [...] > > > daemon 33516 0,0 4,6 24524 24008 ?? SJ 16:17 0:02,25 > > /usr/bin/perl -I/usr/local/lib/MailScanner /usr/local/libexec/MailSca > > > daemon 33517 0,0 4,6 24608 24104 ?? SJ 16:17 0:02,57 > > /usr/bin/perl -I/usr/local/lib/MailScanner /usr/local/libexec/MailSca > > > daemon 33518 0,0 4,6 24604 24100 ?? SJ 16:18 0:02,96 > > /usr/bin/perl -I/usr/local/lib/MailScanner /usr/local/libexec/MailSca > > > [...] > > > > > > Permissions: > > > drwxr-xr-x 5 daemon wheel 512 5 Cze 23:46 /var/spool/MailScanner/ > > > drwxrwsrwt 2 root wheel 512 6 Cze 16:46 > > /var/spool/postoffice-incoming/router/ > > > drwxrwsrwt 28 root wheel 512 6 Cze 16:46 > > /var/spool/postoffice/router/ > > > > > > MailScanner.conf: > > > Run As User = daemon > > > > > > > > > I also had to change MailScanner's source code, because it was > > > checking the owner of that directories. > > > > > > Maybe it's a good sollution? Maybe it's an useful information for > > > MS+ZM users (for throng of them ;P) and it's worth putting into the > > > documentation? > > > -- Mariano Absatz El Baby ---------------------------------------------------------- I have had a perfectly wonderful evening, but this wasn't this one. -- Groucho Marx From Kevin.Spicer at BMRB.CO.UK Fri Jun 6 16:38:21 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:18:25 2006 Subject: filtering file types vs. extensions Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0EBF627@pascal.priv.bmrb.co.uk> There is a perl module that does that too. Can't remember what its called offhand - but I do remember its named fairly obviously (the word magic is in there somewhere!) > -----Original Message----- > From: Mariano Absatz [mailto:mailscanner@LISTS.COM.AR] > Sent: 06 June 2003 16:35 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: filtering file types vs. extensions > > > That should be possible using the magic file and the logic > that the file > command uses (with that same file). > > See: > man magic > man file > > > El 6 Jun 2003 a las 11:29, Bingham, Ryan escribi?: > > > Hi Julian, > > > > This is just a feature question. Some of the commercial products > > (Sybari's Antigen for Exchange comes to mind) that (try to) do what > > MailScanner does have the ability to discern the file type > even if the > > extension does not match (e.g. spot a Windows executable > file even if it > > doesn't have an .exe extension). > > > > Is this something that would ever be possible with MailScanner? > > > > Thanks again for an awesome program!! > > > > Ryan > > > -- > Mariano Absatz > El Baby > ---------------------------------------------------------- > It is now proved beyond doubt that smoking is one > of the leading causes of statistics. > -- Fletcher Knebel > BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From Denis.Beauchemin at USHERBROOKE.CA Fri Jun 6 16:40:06 2003 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:18:25 2006 Subject: Smooth upgrade to 4.21-9 Message-ID: <1054914005.22566.116.camel@dbeauchemin.si.usherbrooke.ca> I just want to thank Julian again for another great version of MS. I just upgraded our 2 servers and everything is just fine. I noticed new messages in my maillog: Jun 6 11:28:32 smtp3 MailScanner[27147]: Spam Checks: Found 1 spam messages Jun 6 11:28:32 smtp3 MailScanner[27147]: Cannot match against destination IP address when resolving configuration option "spamactions" Jun 6 11:28:32 smtp3 MailScanner[27147]: Spam Actions: message h56FSUX31319 actions are xxx@usherbrooke.ca,forward,deliver Can I do anything about the destination IP unresolved? It used the default rule, which is what I expected. Denis BTW: I modified languages.conf: SATooLarge = Courriel =?ISO-8859-1?Q?d=E9passant?= la taille maximale Report = Analyse -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x2252 F: 819.821.8045 From mailscanner at LISTS.COM.AR Fri Jun 6 16:44:32 2003 From: mailscanner at LISTS.COM.AR (Mariano Absatz) Date: Thu Jan 12 21:18:25 2006 Subject: filtering file types vs. extensions In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0EBF627@pascal.priv.bmrb.co.uk> Message-ID: <3EE08CB0.30640.104B94E4@localhost> Seems like File::MMagic... isn't CPAN great? http://search.cpan.org/author/KNOK/File-MMagic-1.19/ El 6 Jun 2003 a las 16:38, Spicer, Kevin escribi?: > There is a perl module that does that too. Can't remember what its called offhand - but I do remember its named fairly obviously (the word magic is in there somewhere!) > > > -----Original Message----- > > From: Mariano Absatz [mailto:mailscanner@LISTS.COM.AR] > > Sent: 06 June 2003 16:35 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: filtering file types vs. extensions > > > > > > That should be possible using the magic file and the logic > > that the file > > command uses (with that same file). > > > > See: > > man magic > > man file > > > > > > El 6 Jun 2003 a las 11:29, Bingham, Ryan escribi?: > > > > > Hi Julian, > > > > > > This is just a feature question. Some of the commercial products > > > (Sybari's Antigen for Exchange comes to mind) that (try to) do what > > > MailScanner does have the ability to discern the file type > > even if the > > > extension does not match (e.g. spot a Windows executable > > file even if it > > > doesn't have an .exe extension). > > > > > > Is this something that would ever be possible with MailScanner? > > > > > > Thanks again for an awesome program!! > > > > > > Ryan > > > > > > -- > > Mariano Absatz > > El Baby > > ---------------------------------------------------------- > > It is now proved beyond doubt that smoking is one > > of the leading causes of statistics. > > -- Fletcher Knebel > > > > > > BMRB International > http://www.bmrb.co.uk > +44 (0)20 8566 5000 > _________________________________________________________________ > This message (and any attachment) is intended only for the > recipient and may contain confidential and/or privileged > material. If you have received this in error, please contact the > sender and delete this message immediately. Disclosure, copying > or other action taken in respect of this email or in > reliance on it is prohibited. BMRB International Limited > accepts no liability in relation to any personal emails, or > content of any email which does not directly relate to our > business. -- Mariano Absatz El Baby ---------------------------------------------------------- I've never met a human being who would want to read 17,000 pages of documentation, and if there was, I'd kill him to get him out of the gene pool. -- Joseph Costello, President of Cadence From maxsec at TOTALISE.CO.UK Fri Jun 6 16:44:41 2003 From: maxsec at TOTALISE.CO.UK (Martin Hepworth) Date: Thu Jan 12 21:18:25 2006 Subject: Sophos/bugbear.b Message-ID: <3EE0B6E9.5070800@totalise.co.uk> Guys another update from Sophos on the bugbear.b malware. 3rd time lucky?? -- Martin From tim-lists at BISHNET.NET Fri Jun 6 16:43:01 2003 From: tim-lists at BISHNET.NET (Tim Bishop) Date: Thu Jan 12 21:18:25 2006 Subject: Weired Error In-Reply-To: <1054913728.3ee0b4c0708a3@webmail.MUW.Edu> References: <5C0296D26910694BB9A9BBFC577E7AB0EBF624@pascal.priv.bmrb.co.uk> <5.2.0.9.2.20030606151018.04e16f50@imap.ecs.soton.ac.uk> <1054913728.3ee0b4c0708a3@webmail.MUW.Edu> Message-ID: <20030606154301.GC56180@carrick.bishnet.net> On Fri, Jun 06, 2003 at 10:35:28AM -0500, Marco Obaid wrote: > The version that is shipped with FreeBSD is 5.0003, I believe. However, when I > installed SpamAssassin, I used the following: > > perl -MCPAN -e shell > prerequisites_policy ask > install Mail::SpamAssassin Use the spamassassin port. cd /usr/ports/mail/p5-Mail-SpamAssassin make install clean Tim. -- Tim Bishop http://www.bishnet.net/tim PGP Key: 0x5AE7D984 From marco at MUW.EDU Fri Jun 6 17:07:37 2003 From: marco at MUW.EDU (Marco Obaid) Date: Thu Jan 12 21:18:25 2006 Subject: Weired Error In-Reply-To: <20030606154301.GC56180@carrick.bishnet.net> References: <5C0296D26910694BB9A9BBFC577E7AB0EBF624@pascal.priv.bmrb.co.uk> <5.2.0.9.2.20030606151018.04e16f50@imap.ecs.soton.ac.uk> <1054913728.3ee0b4c0708a3@webmail.MUW.Edu> <20030606154301.GC56180@carrick.bishnet.net> Message-ID: <1054915657.3ee0bc4917d8a@webmail.MUW.Edu> Quoting Tim Bishop : > Use the spamassassin port. > > cd /usr/ports/mail/p5-Mail-SpamAssassin > make install clean Thank you Tim. I am new to FreeBSD and I love it so far. I did what you suggested, but it installed SA 2.50. Do I just have to waited till SA 2.55 is ported to FreeBSD? Thank you Marco _________________________________________________________________ This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail For the latest MUW Events, visit http://www.MUW.Edu/calendar From maxsec at TOTALISE.CO.UK Fri Jun 6 17:07:54 2003 From: maxsec at TOTALISE.CO.UK (Martin Hepworth) Date: Thu Jan 12 21:18:25 2006 Subject: Weired Error In-Reply-To: <1054915657.3ee0bc4917d8a@webmail.MUW.Edu> References: <5C0296D26910694BB9A9BBFC577E7AB0EBF624@pascal.priv.bmrb.co.uk> <5.2.0.9.2.20030606151018.04e16f50@imap.ecs.soton.ac.uk> <1054913728.3ee0b4c0708a3@webmail.MUW.Edu> <20030606154301.GC56180@carrick.bishnet.net> <1054915657.3ee0bc4917d8a@webmail.MUW.Edu> Message-ID: <3EE0BC5A.6060506@totalise.co.uk> Marco Obaid wrote: > Quoting Tim Bishop : > > >>Use the spamassassin port. >> >>cd /usr/ports/mail/p5-Mail-SpamAssassin >>make install clean > > > Thank you Tim. I am new to FreeBSD and I love it so far. > I did what you suggested, but it installed SA 2.50. > Do I just have to waited till SA 2.55 is ported to FreeBSD? > > Thank you > Marco > > _________________________________________________________________ > This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail > For the latest MUW Events, visit http://www.MUW.Edu/calendar marco it is. If you update the ports tree you'll find it's 2.55 -- martin From tim-lists at BISHNET.NET Fri Jun 6 17:13:07 2003 From: tim-lists at BISHNET.NET (Tim Bishop) Date: Thu Jan 12 21:18:25 2006 Subject: Weired Error In-Reply-To: <1054915657.3ee0bc4917d8a@webmail.MUW.Edu> References: <5C0296D26910694BB9A9BBFC577E7AB0EBF624@pascal.priv.bmrb.co.uk> <5.2.0.9.2.20030606151018.04e16f50@imap.ecs.soton.ac.uk> <1054913728.3ee0b4c0708a3@webmail.MUW.Edu> <20030606154301.GC56180@carrick.bishnet.net> <1054915657.3ee0bc4917d8a@webmail.MUW.Edu> Message-ID: <20030606161307.GD56180@carrick.bishnet.net> On Fri, Jun 06, 2003 at 11:07:37AM -0500, Marco Obaid wrote: > Quoting Tim Bishop : > > > Use the spamassassin port. > > > > cd /usr/ports/mail/p5-Mail-SpamAssassin > > make install clean > > Thank you Tim. I am new to FreeBSD and I love it so far. > I did what you suggested, but it installed SA 2.50. > Do I just have to waited till SA 2.55 is ported to FreeBSD? Your ports tree is out of date: http://www.freshports.org/mail/p5-Mail-SpamAssassin See the handbook for details on keeping your ports tree up-to-date. http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ports.html Cheers, Tim. -- Tim Bishop http://www.bishnet.net/tim PGP Key: 0x5AE7D984 From maxsec at TOTALISE.CO.UK Fri Jun 6 17:25:39 2003 From: maxsec at TOTALISE.CO.UK (Martin Hepworth) Date: Thu Jan 12 21:18:25 2006 Subject: MIME::Parser errors on FreeBSD 5.0 Message-ID: <3EE0C083.1070608@totalise.co.uk> Hey guys OK I think I'm seeing the problem, the incomingworkingdir is set somewhere 'magic', and if I put a line at the top of Mailscanner.conf it complains that I've set it twice in the file.....oh no I haven't. Anyway so where the heck is incomingworkingdir set and what's the default location, and where can ammend it??? -- Martin From marco at MUW.EDU Fri Jun 6 17:44:10 2003 From: marco at MUW.EDU (Marco Obaid) Date: Thu Jan 12 21:18:25 2006 Subject: MIME::Parser errors on FreeBSD 5.0 In-Reply-To: <3EE0C083.1070608@totalise.co.uk> References: <3EE0C083.1070608@totalise.co.uk> Message-ID: <1054917850.3ee0c4da96355@webmail.MUW.Edu> Hi, > Anyway so where the heck is incomingworkingdir set and what's the > default location, and where can ammend it??? Here is what I have on my FreeBSD system: *snip* from /opt/MailScanner/etc/MailScanner.conf Incoming Queue Dir = /var/spool/mqueue.in Outgoing Queue Dir = /var/spool/mqueue Incoming Work Dir = /var/spool/MailScanner/incoming Following the install.FreeBSD, you need to create /var/spool/MailScanner/incoming : mkdir -p /var/spool/MailScanner/incoming Also, I noticed right after a fresh install of FreeBSD that mqueue.in is not there. You might want to check if it is there and if not, create it. Hope this helps Marco _________________________________________________________________ This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail For the latest MUW Events, visit http://www.MUW.Edu/calendar From maxsec at TOTALISE.CO.UK Fri Jun 6 18:02:09 2003 From: maxsec at TOTALISE.CO.UK (Martin Hepworth) Date: Thu Jan 12 21:18:25 2006 Subject: MIME::Parser errors on FreeBSD 5.0 In-Reply-To: <1054917850.3ee0c4da96355@webmail.MUW.Edu> References: <3EE0C083.1070608@totalise.co.uk> <1054917850.3ee0c4da96355@webmail.MUW.Edu> Message-ID: <3EE0C911.9060109@totalise.co.uk> Marco Obaid wrote: > Hi, > > >>Anyway so where the heck is incomingworkingdir set and what's the >>default location, and where can ammend it??? > > > Here is what I have on my FreeBSD system: > > *snip* from /opt/MailScanner/etc/MailScanner.conf > > Incoming Queue Dir = /var/spool/mqueue.in > Outgoing Queue Dir = /var/spool/mqueue > Incoming Work Dir = /var/spool/MailScanner/incoming > > Following the install.FreeBSD, you need to > create /var/spool/MailScanner/incoming : > > mkdir -p /var/spool/MailScanner/incoming > > Also, I noticed right after a fresh install of FreeBSD that mqueue.in is not > there. You might want to check if it is there and if not, create it. > > Hope this helps > Marco > > > _________________________________________________________________ > This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail > For the latest MUW Events, visit http://www.MUW.Edu/calendar Marco got a little further - all this is correct and the MS user should have access to it.... I'll do some work on this tomorrw - maybe try with FreeBSD 5.1RC1 or 4.8 to see of they make a difference.. -- Martin From mailscanner at ecs.soton.ac.uk Fri Jun 6 18:02:04 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:25 2006 Subject: filtering file types vs. extensions In-Reply-To: <3EE08A8D.3778.10433DFC@localhost> References: Message-ID: <5.2.1.1.2.20030606175714.03cf4598@imap.ecs.soton.ac.uk> Does anyone know of a Perl module that uses the magic file? I would very much like to avoid having to write this, but I don't want to have to crank up the file command for every message batch if I can avoid it. Also, there would need to be some way of creating a list of "file" outputs to expected extensions, or something like that. There needs to be a useful way of processing the "file" output. What would you like to be able to do? 1. Block specific file types (you would have to specify the "file" output strings you are looking for. 2. Block file types that don't match their extensions (this could only be done for a known subset of "file" outputs). 3. Add a "file" output specifier to each rule in filename.rules.conf, so that the rule matches if either the filename matches or the file type matches. 4. Any more ideas? Your votes please.... At 16:35 06/06/2003, you wrote: >That should be possible using the magic file and the logic that the file >command uses (with that same file). > >See: >man magic >man file > > >El 6 Jun 2003 a las 11:29, Bingham, Ryan escribi?: > > > Hi Julian, > > > > This is just a feature question. Some of the commercial products > > (Sybari's Antigen for Exchange comes to mind) that (try to) do what > > MailScanner does have the ability to discern the file type even if the > > extension does not match (e.g. spot a Windows executable file even if it > > doesn't have an .exe extension). > > > > Is this something that would ever be possible with MailScanner? > > > > Thanks again for an awesome program!! > > > > Ryan > > >-- >Mariano Absatz >El Baby >---------------------------------------------------------- >It is now proved beyond doubt that smoking is one >of the leading causes of statistics. > -- Fletcher Knebel -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Fri Jun 6 18:03:40 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:25 2006 Subject: Weired Error In-Reply-To: <1054913728.3ee0b4c0708a3@webmail.MUW.Edu> References: <5.2.0.9.2.20030606151018.04e16f50@imap.ecs.soton.ac.uk> <5C0296D26910694BB9A9BBFC577E7AB0EBF624@pascal.priv.bmrb.co.uk> <5.2.0.9.2.20030606151018.04e16f50@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030606180259.02475920@imap.ecs.soton.ac.uk> If you have changed the version of Perl you are using, re-install everything that comes with MailScanner. At 16:35 06/06/2003, you wrote: >Hi Julian, > > > This means that your Perl, for some unknown reason, is not picking up the > > inherited packages correctly. > > You should be able to simply comment out (or delete) the "debug" lines on > > lines 2603, 2614, 2624, 2647. > >I will shortly. > > > > > What version of perl are you running? I have never come across this before, > > not ever. > >The version that is shipped with FreeBSD is 5.0003, I believe. However, when I >installed SpamAssassin, I used the following: > >perl -MCPAN -e shell >prerequisites_policy ask >install Mail::SpamAssassin > >During the SA install, I was asked to install some dependencies, one of them I >remember clearly was HTML::Parser. I answered 'y' to the question. Then for >some strange reason, it installed perl-5.8.0 first, then it installed the >dependecies and finally SpamAssassin. To eliminate confusion, I >renamed /usr/bin/perl to /usr/bin/perl-dist and then I created a link > >/usr/bin/perl -> /usr/local/bin/perl > >I have re-installed the FreeBSD system twice already and in the two instances, >everytime I try to install SA using the above method, perl-5.8.0 gets >installed. > >Do you think that's part of the problem? > >Thank you for any insights > >Marco > > > >_________________________________________________________________ >This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail >For the latest MUW Events, visit http://www.MUW.Edu/calendar -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Fri Jun 6 18:09:38 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:25 2006 Subject: Smooth upgrade to 4.21-9 In-Reply-To: <1054914005.22566.116.camel@dbeauchemin.si.usherbrooke.ca> Message-ID: <5.2.1.1.2.20030606180831.03cf99a0@imap.ecs.soton.ac.uk> At 16:40 06/06/2003, you wrote: >I just want to thank Julian again for another great version of MS. :-) >I just upgraded our 2 servers and everything is just fine. > >I noticed new messages in my maillog: >Jun 6 11:28:32 smtp3 MailScanner[27147]: Spam Checks: Found 1 spam messages >Jun 6 11:28:32 smtp3 MailScanner[27147]: Cannot match against destination >IP address when resolving configuration option "spamactions" >Jun 6 11:28:32 smtp3 MailScanner[27147]: Spam Actions: message >h56FSUX31319 actions are xxx@usherbrooke.ca,forward,deliver > >Can I do anything about the destination IP unresolved? It used the >default rule, which is what I expected. You don't know the destination IP address until *after* you have actually delivered the message. It all depends on what MX hosts are available on the destination site. So you cannot match against it. >Denis >BTW: I modified languages.conf: >SATooLarge = Courriel =?ISO-8859-1?Q?d=E9passant?= la taille maximale >Report = Analyse >-- >Denis Beauchemin, analyste >Universit? de Sherbrooke, S.T.I. >T: 819.821.8000x2252 F: 819.821.8045 -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From ryanb at AACRAO.ORG Fri Jun 6 18:24:01 2003 From: ryanb at AACRAO.ORG (Bingham, Ryan) Date: Thu Jan 12 21:18:25 2006 Subject: filtering file types vs. extensions Message-ID: > 1. Block specific file types (you would have to specify the "file" output > strings you are looking for. > 2. Block file types that don't match their extensions (this could only be > done for a known subset of "file" outputs). > 3. Add a "file" output specifier to each rule in filename.rules.conf, so > that the rule matches if either the filename matches or the file type > matches. > 4. Any more ideas? > > Your votes please.... I think all of the options you mention would be great, but I mainly had in mind number 3. Thanks again Julian, I continue to be amazed at your ability to do all this! Ryan From Kevin.Spicer at BMRB.CO.UK Fri Jun 6 18:29:20 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:18:25 2006 Subject: filtering file types vs. extensions Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0A4AD9A@pascal.priv.bmrb.co.uk> > Does anyone know of a Perl module that uses the magic file? I > would very > much like to avoid having to write this, but I don't want to > have to crank > up the file command for every message batch if I can avoid it. maybe you missed Mariano's post with the link in (it ended up in a different thread in my mailreader) so heres the link he found.. http://search.cpan.org/author/KNOK/File-MMagic-1.19/ Looks like this returns a mime type, which is probably the right way to go about this (saves processing the output from file too) Given mime types I think probaly the easiest way would be to have a mimetypes.rules.conf which matches using RE's in the same way filename.rules.conf does. I guess you run into issues if the output from filename rules and mimetype rules conflict (reject takes precedence?) I don't think combining filename rules and mime types into one file would be very easy as it would be difficult to deal with wildcard matching, double extensions etc. One suggestion which although complicating the implementation would make it much easier to construct rulesets based on file type is to have both a filename rules and mimetype rules file which assign category names (rather than simple yes/no) then have a much simpler ruleset determining action based on category (again reject takes precedence). Category names need to be arbitary so that users can extend the range of categories. I guess thats not easy - but it could be quite handy! BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From f.rotondo at TESEO.IT Fri Jun 6 18:31:36 2003 From: f.rotondo at TESEO.IT (Francesco Rotondo) Date: Thu Jan 12 21:18:25 2006 Subject: filtering file types vs. extensions References: <5.2.1.1.2.20030606175714.03cf4598@imap.ecs.soton.ac.uk> Message-ID: <01fa01c32c51$7b374a20$0464a8c0@teseo.info> > > What would you like to be able to do? > 1. Block specific file types (you would have to specify the "file" output > strings you are looking for. > 2. Block file types that don't match their extensions (this could only be > done for a known subset of "file" outputs). > 3. Add a "file" output specifier to each rule in filename.rules.conf, so > that the rule matches if either the filename matches or the file type matches. > 4. Any more ideas? > > Your votes please.... 3 looks good but IMHO it could be useful to stop windows executables that doesn't have an extension as in the case of new viruses these seems to be the only viruses that got through MS. Francesco From mailscanner at ecs.soton.ac.uk Fri Jun 6 18:42:57 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:25 2006 Subject: filtering file types vs. extensions In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0A4AD9A@pascal.priv.bmrb.co .uk> Message-ID: <5.2.1.1.2.20030606183433.0287c7a8@imap.ecs.soton.ac.uk> At 18:29 06/06/2003, you wrote: > > Does anyone know of a Perl module that uses the magic file? I > > would very > > much like to avoid having to write this, but I don't want to > > have to crank > > up the file command for every message batch if I can avoid it. > >maybe you missed Mariano's post with the link in (it ended up in a >different thread in my mailreader) so heres the link he found.. >http://search.cpan.org/author/KNOK/File-MMagic-1.19/ I hadn't seen his post when I replied. >Looks like this returns a mime type, which is probably the right way to go >about this (saves processing the output from file too) > >Given mime types I think probaly the easiest way would be to have a >mimetypes.rules.conf which matches using RE's in the same way >filename.rules.conf does. > >I guess you run into issues if the output from filename rules and mimetype >rules conflict (reject takes precedence?) > >I don't think combining filename rules and mime types into one file would >be very easy as it would be difficult to deal with wildcard matching, >double extensions etc. > >One suggestion which although complicating the implementation would make >it much easier to construct rulesets based on file type is to have both a >filename rules and mimetype rules file which assign category names (rather >than simple yes/no) then have a much simpler ruleset determining action >based on category (again reject takes precedence). Category names need to >be arbitary so that users can extend the range of categories. > >I guess thats not easy - but it could be quite handy! I want to keep it very simple to use. Very few people ever change these files, as they are complicated enough already. Mapping a mimetype or a filename rule to another keyword, then deny/allow based on those keywords, is a bit too complicated in my opinion. A file like filename.rules.conf that matches mimetypes (or possibly "file" output) would be the easiest thing to do. But it would not manage to match files in which the file content doesn't match the filename. But maybe this isn't actually a problem. I think maybe that enforcing that is actually going to cause you more trouble than it's worth anyway, so that might well not be a problem. It needs to be fast, fairly easy to implement, but above all easy to use. It doesn't need to be able to do absolutely everything, though that would be nice :-) -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From marco at MUW.EDU Fri Jun 6 18:59:21 2003 From: marco at MUW.EDU (Marco Obaid) Date: Thu Jan 12 21:18:25 2006 Subject: Weired Error In-Reply-To: <5.2.1.1.2.20030606180259.02475920@imap.ecs.soton.ac.uk> References: <5.2.0.9.2.20030606151018.04e16f50@imap.ecs.soton.ac.uk> <5C0296D26910694BB9A9BBFC577E7AB0EBF624@pascal.priv.bmrb.co.uk> <5.2.0.9.2.20030606151018.04e16f50@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030606180259.02475920@imap.ecs.soton.ac.uk> Message-ID: <1054922361.3ee0d6790a7f3@webmail.MUW.Edu> Hi Julian > If you have changed the version of Perl you are using, re-install > everything that comes with MailScanner. With many tips from the good FreeBSD users on this list, I reverted back to the FreeBSD distribution version of perl and MS is working fine right now. I think my problem was with perl versioning. That's as much as I can tell :) Before that, I commented out lines 2603, 2614, 2624, 2647 of Message.pm and it also worked. I just did not like the idea of commenting out things :) Thanks to all of you Marco _________________________________________________________________ This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail For the latest MUW Events, visit http://www.MUW.Edu/calendar From Denis.Beauchemin at USHERBROOKE.CA Fri Jun 6 19:08:50 2003 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:18:25 2006 Subject: Smooth upgrade to 4.21-9 In-Reply-To: <5.2.1.1.2.20030606180831.03cf99a0@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030606180831.03cf99a0@imap.ecs.soton.ac.uk> Message-ID: <1054922930.22566.128.camel@dbeauchemin.si.usherbrooke.ca> > > > >I noticed new messages in my maillog: > >Jun 6 11:28:32 smtp3 MailScanner[27147]: Spam Checks: Found 1 spam messages > >Jun 6 11:28:32 smtp3 MailScanner[27147]: Cannot match against destination > >IP address when resolving configuration option "spamactions" > >Jun 6 11:28:32 smtp3 MailScanner[27147]: Spam Actions: message > >h56FSUX31319 actions are xxx@usherbrooke.ca,forward,deliver > > > >Can I do anything about the destination IP unresolved? It used the > >default rule, which is what I expected. > > You don't know the destination IP address until *after* you have actually > delivered the message. It all depends on what MX hosts are available on the > destination site. So you cannot match against it. I'm not sure I understand what you said. Is it that what I am trying to do is doomed to fail every time? This is what I use: Spam Actions = /etc/MailScanner/rules/spam.action.rules /etc/MailScanner/rules/spam.action.rules: To: 132.210. attachment deliver forward xxx@usherbrooke.ca To: /^206\.167\.186\.[012346]\./ attachment deliver forward xxx@usherbrooke.ca To: 206.167.185. attachment deliver forward xxx@usherbrooke.ca To: *@USherbrooke.ca attachment deliver forward xxx@usherbrooke.ca FromOrTo: Default deliver forward xxx@usherbrooke.ca Basically I just want to deliver spam as an attachment (with my custom explanation of how to forward the message to us if it was misidentified) if the destination is local. I don't want external people to get my message about how to train SA. Thanks again! Denis -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x2252 F: 819.821.8045 From mailscanner at ecs.soton.ac.uk Fri Jun 6 19:16:07 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:25 2006 Subject: filtering file types vs. extensions In-Reply-To: <5.2.1.1.2.20030606183433.0287c7a8@imap.ecs.soton.ac.uk> References: <5C0296D26910694BB9A9BBFC577E7AB0A4AD9A@pascal.priv.bmrb.co .uk> Message-ID: <5.2.1.1.2.20030606191014.0287cc48@imap.ecs.soton.ac.uk> Not a good start. The latest File::MMagic module does not understand Linux /usr/share/magic files. It complains a lot about them, which makes it useless. So I will have to use the "file" command, with a timeout and all that c**p to stop DoS attacks on the file command. Does everyone's "file" command output the filename followed by a ":" followed by 1 or more spaces followed by the file type? It's going to rain all weekend here (surprise, surprise) so I may attack this feature soon. At 18:42 06/06/2003, you wrote: >At 18:29 06/06/2003, you wrote: >> > Does anyone know of a Perl module that uses the magic file? I >> > would very >> > much like to avoid having to write this, but I don't want to >> > have to crank >> > up the file command for every message batch if I can avoid it. >> >>maybe you missed Mariano's post with the link in (it ended up in a >>different thread in my mailreader) so heres the link he found.. >>http://search.cpan.org/author/KNOK/File-MMagic-1.19/ > >I hadn't seen his post when I replied. > >>Looks like this returns a mime type, which is probably the right way to go >>about this (saves processing the output from file too) >> >>Given mime types I think probaly the easiest way would be to have a >>mimetypes.rules.conf which matches using RE's in the same way >>filename.rules.conf does. >> >>I guess you run into issues if the output from filename rules and mimetype >>rules conflict (reject takes precedence?) >> >>I don't think combining filename rules and mime types into one file would >>be very easy as it would be difficult to deal with wildcard matching, >>double extensions etc. >> >>One suggestion which although complicating the implementation would make >>it much easier to construct rulesets based on file type is to have both a >>filename rules and mimetype rules file which assign category names (rather >>than simple yes/no) then have a much simpler ruleset determining action >>based on category (again reject takes precedence). Category names need to >>be arbitary so that users can extend the range of categories. >> >>I guess thats not easy - but it could be quite handy! > >I want to keep it very simple to use. Very few people ever change these >files, as they are complicated enough already. Mapping a mimetype or a >filename rule to another keyword, then deny/allow based on those keywords, >is a bit too complicated in my opinion. > >A file like filename.rules.conf that matches mimetypes (or possibly "file" >output) would be the easiest thing to do. But it would not manage to match >files in which the file content doesn't match the filename. But maybe this >isn't actually a problem. I think maybe that enforcing that is actually >going to cause you more trouble than it's worth anyway, so that might well >not be a problem. > >It needs to be fast, fairly easy to implement, but above all easy to use. >It doesn't need to be able to do absolutely everything, though that would >be nice :-) >-- >Julian Field >www.MailScanner.info >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Fri Jun 6 19:21:13 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:25 2006 Subject: Smooth upgrade to 4.21-9 In-Reply-To: <1054922930.22566.128.camel@dbeauchemin.si.usherbrooke.ca> References: <5.2.1.1.2.20030606180831.03cf99a0@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030606180831.03cf99a0@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030606191640.02586da8@imap.ecs.soton.ac.uk> At 19:08 06/06/2003, you wrote: > > > > > >I noticed new messages in my maillog: > > >Jun 6 11:28:32 smtp3 MailScanner[27147]: Spam Checks: Found 1 spam > messages > > >Jun 6 11:28:32 smtp3 MailScanner[27147]: Cannot match against > destination > > >IP address when resolving configuration option "spamactions" > > >Jun 6 11:28:32 smtp3 MailScanner[27147]: Spam Actions: message > > >h56FSUX31319 actions are xxx@usherbrooke.ca,forward,deliver > > > > > >Can I do anything about the destination IP unresolved? It used the > > >default rule, which is what I expected. > > > > You don't know the destination IP address until *after* you have actually > > delivered the message. It all depends on what MX hosts are available on > the > > destination site. So you cannot match against it. > >I'm not sure I understand what you said. Is it that what I am trying to >do is doomed to fail every time? > >This is what I use: >Spam Actions = /etc/MailScanner/rules/spam.action.rules > >/etc/MailScanner/rules/spam.action.rules: >To: 132.210. attachment deliver forward xxx@usherbrooke.ca >To: /^206\.167\.186\.[012346]\./ attachment deliver forward >xxx@usherbrooke.ca >To: 206.167.185. attachment deliver forward xxx@usherbrooke.ca You fundamentally cannot do that. I don't know the MX host until the mail is delivered (by the MTA), so I have absolutely no way of predicting the IP address of the best available MX. Even checking that *all* the MX hosts for this domain are within this range requires a hell of a lot of work on MailScanner's part. It would need to "dig" for every MX host to get its IP address and then check every single one against the spec you had allowed. And as you have specified the "deliver" action, then every MX host of every domain of every recipient of the message would have to be checked. That would take ages to do. Sorry, but mail delivery is very deliberately unrelated to IP address. >To: *@USherbrooke.ca attachment deliver forward xxx@usherbrooke.ca >FromOrTo: Default deliver forward xxx@usherbrooke.ca > >Basically I just want to deliver spam as an attachment (with my custom >explanation of how to forward the message to us if it was misidentified) >if the destination is local. I don't want external people to get my >message about how to train SA. > >Thanks again! > >Denis >-- >Denis Beauchemin, analyste >Universit? de Sherbrooke, S.T.I. >T: 819.821.8000x2252 F: 819.821.8045 -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mikea at MIKEA.ATH.CX Fri Jun 6 19:29:22 2003 From: mikea at MIKEA.ATH.CX (mikea) Date: Thu Jan 12 21:18:25 2006 Subject: filtering file types vs. extensions In-Reply-To: <5.2.1.1.2.20030606191014.0287cc48@imap.ecs.soton.ac.uk>; from mailscanner@ECS.SOTON.AC.UK on Fri, Jun 06, 2003 at 07:16:07PM +0100 References: <5C0296D26910694BB9A9BBFC577E7AB0A4AD9A@pascal.priv.bmrb.co <5.2.1.1.2.20030606183433.0287c7a8@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030606191014.0287cc48@imap.ecs.soton.ac.uk> Message-ID: <20030606132922.A55494@mikea.ath.cx> On Fri, Jun 06, 2003 at 07:16:07PM +0100, Julian Field wrote: > Not a good start. > The latest File::MMagic module does not understand Linux /usr/share/magic > files. It complains a lot about them, which makes it useless. > So I will have to use the "file" command, with a timeout and all that c**p > to stop DoS attacks on the file command. > > Does everyone's "file" command output the filename followed by a ":" > followed by 1 or more spaces followed by the file type? > > It's going to rain all weekend here (surprise, surprise) so I may attack > this feature soon. : (FreeBSD) $file * : : [some deletions] : : /etc/rc.virgin: Bourne shell script text executable : /etc/remote: ASCII English text : /etc/resolv.conf: ASCII text : /etc/rmt: symbolic link to /usr/sbin/rmt : /etc/rmt.virgin: ELF 32-bit LSB executable, Intel 80386, version 1 (FreeBSD), dynamically linked (uses shared libs), stripped : /etc/security: Bourne shell script text executable : /etc/skel: directory : /etc/skeykeys: can't read `/etc/skeykeys' (Permission denied). : /etc/skeykeys.virgin: empty I'll trade your rain for our nasty thunderstorms and tornadoes. -- Mike Andrews mikea@mikea.ath.cx Tired old sysadmin since 1964 From Denis.Beauchemin at USHERBROOKE.CA Fri Jun 6 19:38:18 2003 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:18:25 2006 Subject: Smooth upgrade to 4.21-9 In-Reply-To: <5.2.1.1.2.20030606191640.02586da8@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030606180831.03cf99a0@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030606180831.03cf99a0@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030606191640.02586da8@imap.ecs.soton.ac.uk> Message-ID: <1054924698.22566.149.camel@dbeauchemin.si.usherbrooke.ca> Julian, But it would be OK if I used domain names (without being bulletproof)? Denis Le ven 06/06/2003 ? 14:21, Julian Field a ?crit : > At 19:08 06/06/2003, you wrote: > > > > > > > >I noticed new messages in my maillog: > > > >Jun 6 11:28:32 smtp3 MailScanner[27147]: Spam Checks: Found 1 spam > > messages > > > >Jun 6 11:28:32 smtp3 MailScanner[27147]: Cannot match against > > destination > > > >IP address when resolving configuration option "spamactions" > > > >Jun 6 11:28:32 smtp3 MailScanner[27147]: Spam Actions: message > > > >h56FSUX31319 actions are xxx@usherbrooke.ca,forward,deliver > > > > > > > >Can I do anything about the destination IP unresolved? It used the > > > >default rule, which is what I expected. > > > > > > You don't know the destination IP address until *after* you have actually > > > delivered the message. It all depends on what MX hosts are available on > > the > > > destination site. So you cannot match against it. > > > >I'm not sure I understand what you said. Is it that what I am trying to > >do is doomed to fail every time? > > > >This is what I use: > >Spam Actions = /etc/MailScanner/rules/spam.action.rules > > > >/etc/MailScanner/rules/spam.action.rules: > >To: 132.210. attachment deliver forward xxx@usherbrooke.ca > >To: /^206\.167\.186\.[012346]\./ attachment deliver forward > >xxx@usherbrooke.ca > >To: 206.167.185. attachment deliver forward xxx@usherbrooke.ca > > You fundamentally cannot do that. I don't know the MX host until the mail > is delivered (by the MTA), so I have absolutely no way of predicting the IP > address of the best available MX. > > Even checking that *all* the MX hosts for this domain are within this range > requires a hell of a lot of work on MailScanner's part. It would need to > "dig" for every MX host to get its IP address and then check every single > one against the spec you had allowed. And as you have specified the > "deliver" action, then every MX host of every domain of every recipient of > the message would have to be checked. That would take ages to do. > > Sorry, but mail delivery is very deliberately unrelated to IP address. > > >To: *@USherbrooke.ca attachment deliver forward xxx@usherbrooke.ca > >FromOrTo: Default deliver forward xxx@usherbrooke.ca > > > >Basically I just want to deliver spam as an attachment (with my custom > >explanation of how to forward the message to us if it was misidentified) > >if the destination is local. I don't want external people to get my > >message about how to train SA. > > > >Thanks again! > > > >Denis > >-- > >Denis Beauchemin, analyste > >Universit? de Sherbrooke, S.T.I. > >T: 819.821.8000x2252 F: 819.821.8045 -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x2252 F: 819.821.8045 From mbowman at UDCOM.COM Fri Jun 6 21:25:33 2003 From: mbowman at UDCOM.COM (Matthew Bowman) Date: Thu Jan 12 21:18:25 2006 Subject: virus found ? Message-ID: Hello, In my maillog I am seeing this... *Jun 6 01:10:35 smithers MailScanner[4265]: Virus Scanning: F-Prot found virus Jun 6 01:10:35 smithers MailScanner[4265]: /var/spool/MailScanner/incoming/4265/h565ATc18784/my_videosz.zip->2453.exe is a security risk or a "backdoor" program * Is this the standard msg for 'backdoor' programs? Should there have been a virus def displayed? Matthew -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030606/bbdad1e3/attachment.html From lists at STHOMAS.NET Fri Jun 6 21:56:34 2003 From: lists at STHOMAS.NET (Steve Thomas) Date: Thu Jan 12 21:18:26 2006 Subject: virus found ? In-Reply-To: ; from mbowman@UDCOM.COM on Fri, Jun 06, 2003 at 04:25:33PM -0400 References: Message-ID: <20030606135634.C17561@sthomas.net> On Fri, Jun 06, 2003 at 04:25:33PM -0400, Matthew Bowman is rumored to have said: > > /var/spool/MailScanner/incoming/4265/h565ATc18784/my_videosz.zip->2453.exe > is a security risk or a "backdoor" program > > * Is this the standard msg for 'backdoor' programs? Should there have been > a virus def displayed? Sophos started detecting this today: Report: >>> Virus 'Dial/PecDial-B' found in file ./19OMRU-00035h-00/my_videosz.zip/2453.exe -- Steve Thomas ---------------------------------------------------------- "...subatomic matter in a particle accelerator that exists for only a few microseconds seems to exhibit more uptime than the RIAA's website." -- Andrew Orlowski TheRegister.co.uk From mbowman at UDCOM.COM Fri Jun 6 21:59:24 2003 From: mbowman at UDCOM.COM (Matthew Bowman) Date: Thu Jan 12 21:18:26 2006 Subject: virus found ? Message-ID: Thanks I am using f-prot which is current with updates etc. Anyone else with f-prot having the same messages? Steve Thomas Sent by: MailScanner mailing list 06/06/2003 04:56 PM Please respond to MailScanner mailing list To: MAILSCANNER@JISCMAIL.AC.UK cc: Subject: Re: virus found ? On Fri, Jun 06, 2003 at 04:25:33PM -0400, Matthew Bowman is rumored to have said: > > /var/spool/MailScanner/incoming/4265/h565ATc18784/my_videosz.zip->2453.exe > is a security risk or a "backdoor" program > > * Is this the standard msg for 'backdoor' programs? Should there have been > a virus def displayed? Sophos started detecting this today: Report: >>> Virus 'Dial/PecDial-B' found in file ./19OMRU-00035h-00/my_videosz.zip/2453.exe -- Steve Thomas ---------------------------------------------------------- "...subatomic matter in a particle accelerator that exists for only a few microseconds seems to exhibit more uptime than the RIAA's website." -- Andrew Orlowski TheRegister.co.uk -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030606/eec8ff5b/attachment.html From Andrew.Magnusson at COCC.COM Fri Jun 6 22:05:55 2003 From: Andrew.Magnusson at COCC.COM (Magnusson, Andrew) Date: Thu Jan 12 21:18:26 2006 Subject: virus found ? Message-ID: Yes, we're getting these as well. Quite a few over the last few days. Sender: 1oy77rx5@yahoo.com IP Address: 141.152.11.29 Recipient: XXXXXX@XXXXXXXXXXXX.com Subject: XXXXXX I am 18 ( barely ) XXXXXX MessageID: h56Kuum19850 Report: /var/spool/MailScanner/incoming/9089/./h56Kuum19850/my_video.zip->2453.exe is a security risk or a "backdoor" program Andrew Magnusson Internet Product Analyst COCC 1-877-678-0444 extension 640 *** This message originates from COCC, Inc. If the reader of this message, regardless of the address or routing, is not an intended recipient, you are hereby notified that you have received this transmittal in error and any review; use, distribution, dissemination or copying is strictly prohibited. If you have received this message in error, please delete this e-mail and all files transmitted with it from your system and immediately notify COCC, Inc. by sending reply e-mail to the sender of this message. Thank you. *** From cparker at SWATGEAR.COM Fri Jun 6 23:01:11 2003 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:18:26 2006 Subject: how to map MS process id to SM process id? Message-ID: <001BD19C96E6E64E8750D72C2EA0ECEE2B7C14@ati-ex-01.ati.local> Hello. When checking the maillog I'd like to be able to pull all the records pertaining to a certain mail. Is there a way to map the sendmail process id to the MS process id that is handling that mail? Let me know if I haven't made sense. Thanks, Chris. From mailscanner at LISTS.COM.AR Fri Jun 6 23:14:51 2003 From: mailscanner at LISTS.COM.AR (Mariano Absatz) Date: Thu Jan 12 21:18:26 2006 Subject: filtering file types vs. extensions In-Reply-To: <5.2.1.1.2.20030606191014.0287cc48@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030606183433.0287c7a8@imap.ecs.soton.ac.uk> Message-ID: <3EE0E82B.26759.11B0F37B@localhost> Now that I see it... it seems to be an Apache httpd server related module, so the "magic" file format is that of Apache and not that of the file command "magic" file format. I don't know if Apache's 1.3 and 2.0 mime-magic format is the same, but the documentation for them is at: http://httpd.apache.org/docs/mod/mod_mime_magic.html and http://httpd.apache.org/docs-2.0/mod/mod_mime_magic.html respectively. The file itself is included in both Apache httpd distributions, and, for the record, I think it would be much better to have a mime-type answer and process it with a file like filename.rules.conf (e.g. mime-type.rules.conf) in a relatively independent way. That is, I'd have two options in the config file: Filename Rules = /opt/MailScanner/etc/filename.rules.conf MIME-type Rules = /opt/MailScanner/etc/mime-type.rules.conf And inside there a set of allow/deny rules with an optional message (just like filename.rules.conf). Obviously, if an attachment matches a deny rule in any of both files, the attachment would be treated as dangerous and the proper action would trigger. Example: I get a file called "funny-picture.jpg" that actually has a DOS executable in it, it would be allowed by an explicit rule in filename.rules.conf, but later forbidden by an explicit rule in mime-type.rules.conf, and thus it would be replaced by a message that says "funny-picture.jpg seems to be an application/octet-stream type. This type is considered dangerous". It seems the file's "magic" file has some interesting data that Apache's doesn't... maybe someone is willing to fit the file's one into the Apache... Or maybe even... take a look at the C source for the file command... geez... I don't know if this is a good idea... it will take more than a weekend... Back to CPAN... take a look at http://search.cpan.org/author/SDAGUE/ppt-0.12/bin/file It is a command, and not a library, but maybe... In http://www.perl.com/language/ppt/src/file/index.html there is another implementation. El 6 Jun 2003 a las 19:16, Julian Field escribi?: > Not a good start. > The latest File::MMagic module does not understand Linux /usr/share/magic > files. It complains a lot about them, which makes it useless. > So I will have to use the "file" command, with a timeout and all that c**p > to stop DoS attacks on the file command. > > Does everyone's "file" command output the filename followed by a ":" > followed by 1 or more spaces followed by the file type? > > It's going to rain all weekend here (surprise, surprise) so I may attack > this feature soon. > > At 18:42 06/06/2003, you wrote: > >At 18:29 06/06/2003, you wrote: > >> > Does anyone know of a Perl module that uses the magic file? I > >> > would very > >> > much like to avoid having to write this, but I don't want to > >> > have to crank > >> > up the file command for every message batch if I can avoid it. > >> > >>maybe you missed Mariano's post with the link in (it ended up in a > >>different thread in my mailreader) so heres the link he found.. > >>http://search.cpan.org/author/KNOK/File-MMagic-1.19/ > > > >I hadn't seen his post when I replied. > > > >>Looks like this returns a mime type, which is probably the right way to go > >>about this (saves processing the output from file too) > >> > >>Given mime types I think probaly the easiest way would be to have a > >>mimetypes.rules.conf which matches using RE's in the same way > >>filename.rules.conf does. > >> > >>I guess you run into issues if the output from filename rules and mimetype > >>rules conflict (reject takes precedence?) > >> > >>I don't think combining filename rules and mime types into one file would > >>be very easy as it would be difficult to deal with wildcard matching, > >>double extensions etc. > >> > >>One suggestion which although complicating the implementation would make > >>it much easier to construct rulesets based on file type is to have both a > >>filename rules and mimetype rules file which assign category names (rather > >>than simple yes/no) then have a much simpler ruleset determining action > >>based on category (again reject takes precedence). Category names need to > >>be arbitary so that users can extend the range of categories. > >> > >>I guess thats not easy - but it could be quite handy! > > > >I want to keep it very simple to use. Very few people ever change these > >files, as they are complicated enough already. Mapping a mimetype or a > >filename rule to another keyword, then deny/allow based on those keywords, > >is a bit too complicated in my opinion. > > > >A file like filename.rules.conf that matches mimetypes (or possibly "file" > >output) would be the easiest thing to do. But it would not manage to match > >files in which the file content doesn't match the filename. But maybe this > >isn't actually a problem. I think maybe that enforcing that is actually > >going to cause you more trouble than it's worth anyway, so that might well > >not be a problem. > > > >It needs to be fast, fairly easy to implement, but above all easy to use. > >It doesn't need to be able to do absolutely everything, though that would > >be nice :-) > >-- > >Julian Field > >www.MailScanner.info > >Professional Support Services at www.MailScanner.biz > >MailScanner thanks transtec Computers for their support > > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support -- Mariano Absatz El Baby ---------------------------------------------------------- Behind every successful man is a woman, behind her is his wife. -- Groucho Marx From mikew at CRUCIS.NET Fri Jun 6 23:57:17 2003 From: mikew at CRUCIS.NET (Mike Watson) Date: Thu Jan 12 21:18:26 2006 Subject: F-prot says I need the mail server license In-Reply-To: <76C92FBBFB58D411AE760090271ED41805B33A62@rsys002a.roke.co.uk> References: <76C92FBBFB58D411AE760090271ED41805B33A62@rsys002a.roke.co.uk> Message-ID: <200306061757.20588.mikew@crucis.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 05 June 2003 10:40 am, you wrote: > F-prot have advised me that I will need to use the mail server > pricing model for use with Mailscanner which means I will have to > look at other virus scanners. > > Can anyone advise the next best choice for use with Mailscanner > preferably based on a per server basis. > > Thanks > > Dean Plant > > Snipped Well it still free for home users. It appears to be the same as 3.12. Mike W - -- Registered Linux - 256979 NRA Life ARS: W0TMW -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+4RxQ5fq6h2uDDlQRAvhFAJ4lMLlwJ+jkr29d3WnzRCtjJmkcDwCgtIXc Qs13iyFNqSwzU7zIs0lPxH0= =Uaj+ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by F-Prot and MailScanner, and is believed to be clean. From marco at MUW.EDU Sat Jun 7 00:14:56 2003 From: marco at MUW.EDU (Marco Obaid) Date: Thu Jan 12 21:18:26 2006 Subject: F-prot says I need the mail server license In-Reply-To: <200306061757.20588.mikew@crucis.net> References: <76C92FBBFB58D411AE760090271ED41805B33A62@rsys002a.roke.co.uk> <200306061757.20588.mikew@crucis.net> Message-ID: <1054941296.3ee1207026273@webmail.MUW.Edu> Hi, > Can anyone advise the next best choice for use with Mailscanner > preferably based on a per server basis. I use both Command Antivirus and Sophos. Give Command a shot. It is not pricey and it is very solid. It is really based on F-Prot technology. Easy to install and I have had good luck with it so far. For half the price of what I paid for Sophos, I got unlimited desktop and server licenses. This is educational discount though. Sophos was very expensive (including the educational discount) just for the one server that I bought it for. Sophos will ask the infamous question "how many e-mail users do you have?" ... I use it on a server with *no* users :) My experience with Sophos has not been great. The sales people are very tricky. Their prices are not defined and/or clear. I got two quotes from two different people for the same configuration. Support staff immediately throws the ball in your court before they even listen to the problem. I don't have good feeling about Sophos. However, their Antivirus software is solid. Just my 2 cents !!! Marco _________________________________________________________________ This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail For the latest MUW Events, visit http://www.MUW.Edu/calendar From mkettler at EVI-INC.COM Sat Jun 7 00:24:37 2003 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:18:26 2006 Subject: how to map MS process id to SM process id? In-Reply-To: <001BD19C96E6E64E8750D72C2EA0ECEE2B7C14@ati-ex-01.ati.local > Message-ID: <5.2.1.1.0.20030606191431.0188baf0@xanadu.evi-inc.com> At 03:01 PM 6/6/2003 -0700, Chris W. Parker wrote: >Hello. > >When checking the maillog I'd like to be able to pull all the records >pertaining to a certain mail. Is there a way to map the sendmail process >id to the MS process id that is handling that mail? > >Let me know if I haven't made sense. Process ID's are assigned by the OS itself, and there's no repeatable relationship between the PID of one process and the PID of another. Yes most Linux distros assign them in a counting order, but there's no way to be certain that two processes were started one right after the other without anything else starting in the middle. If you are running a paranoid OS (ie: OpenBSD or grsecurity patched linux) PIDs will be random. If there was a good inter-process pid mapping scheme, a few obscure kinds of hacking attempts would be significantly easier. From cparker at SWATGEAR.COM Sat Jun 7 00:34:34 2003 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:18:26 2006 Subject: how to map MS process id to SM process id? Message-ID: <001BD19C96E6E64E8750D72C2EA0ECEE2B7C16@ati-ex-01.ati.local> Matt Kettler wrote: > At 03:01 PM 6/6/2003 -0700, Chris W. Parker wrote: > > Hello. > > > > When checking the maillog I'd like to be able to pull all the > > records pertaining to a certain mail. Is there a way to map the > > sendmail process id to the MS process id that is handling that mail? > > > > Let me know if I haven't made sense. > > Process ID's are assigned by the OS itself, and there's no repeatable > relationship between the PID of one process and the PID of another. > > Yes most Linux distros assign them in a counting order, but there's > no way to be certain that two processes were started one right after > the other without anything else starting in the middle. Damn. That's what I thought. I was just hoping there'd be a way around that. Oh well. Thanks for explaining everything. Chris. From mikea at MIKEA.ATH.CX Sat Jun 7 00:37:17 2003 From: mikea at MIKEA.ATH.CX (mikea) Date: Thu Jan 12 21:18:26 2006 Subject: how to map MS process id to SM process id? In-Reply-To: <5.2.1.1.0.20030606191431.0188baf0@xanadu.evi-inc.com>; from mkettler@EVI-INC.COM on Fri, Jun 06, 2003 at 07:24:37PM -0400 References: <001BD19C96E6E64E8750D72C2EA0ECEE2B7C14@ati-ex-01.ati.local > <5.2.1.1.0.20030606191431.0188baf0@xanadu.evi-inc.com> Message-ID: <20030606183717.A57181@mikea.ath.cx> On Fri, Jun 06, 2003 at 07:24:37PM -0400, Matt Kettler wrote: > At 03:01 PM 6/6/2003 -0700, Chris W. Parker wrote: > >Hello. > > > >When checking the maillog I'd like to be able to pull all the records > >pertaining to a certain mail. Is there a way to map the sendmail process > >id to the MS process id that is handling that mail? > > > >Let me know if I haven't made sense. > > Process ID's are assigned by the OS itself, and there's no repeatable > relationship between the PID of one process and the PID of another. > > Yes most Linux distros assign them in a counting order, but there's no way > to be certain that two processes were started one right after the other > without anything else starting in the middle. > > If you are running a paranoid OS (ie: OpenBSD or grsecurity patched linux) > PIDs will be random. > > If there was a good inter-process pid mapping scheme, a few obscure kinds > of hacking attempts would be significantly easier. I have written a shell script that, in conjunction with a Perl script, will do do something like this wiht a Sendmail log. It's a real hack, and the output is not at all pretty, but I'll post it Monday if someone will remind me and I'm able to find it. -- Mike Andrews mikea@mikea.ath.cx Tired old sysadmin since 1964 From mikew at CRUCIS.NET Sat Jun 7 00:39:29 2003 From: mikew at CRUCIS.NET (Mike Watson) Date: Thu Jan 12 21:18:26 2006 Subject: virus found ? In-Reply-To: References: Message-ID: <200306061839.29975.mikew@crucis.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday 06 June 2003 03:59 pm, you wrote: > Thanks > > I am using f-prot which is current with updates etc. Anyone else > with f-prot having the same messages? > > > > > > > Steve Thomas > Sent by: MailScanner mailing list > 06/06/2003 04:56 PM > Please respond to MailScanner mailing list > > > To: MAILSCANNER@JISCMAIL.AC.UK > cc: > Subject: Re: virus found ? > > > On Fri, Jun 06, 2003 at 04:25:33PM -0400, Matthew Bowman is rumored > to have said: > > > /var/spool/MailScanner/incoming/4265/h565ATc18784/my_videosz.zip->245 >3.exe > > > is a security risk or a "backdoor" program > > > > * Is this the standard msg for 'backdoor' programs? Should there > > have > > been > > > a virus def displayed? > > Sophos started detecting this today: > > Report: >>> Virus 'Dial/PecDial-B' found in file > ./19OMRU-00035h-00/my_videosz.zip/2453.exe No, but I've been getting bugbear since yesterday. F-Prot is getting and cleaning them. Mike W - -- Registered Linux - 256979 NRA Life ARS: W0TMW -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+4SYx5fq6h2uDDlQRAuFlAJ9NId/y350xVkw0lS14EdPboey21wCdGwEM rjMRB0n3sToeg9QtyIBETeA= =/fwC -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by F-Prot and MailScanner, and is believed to be clean. From cparker at SWATGEAR.COM Sat Jun 7 00:44:40 2003 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:18:26 2006 Subject: virus found ? Message-ID: <001BD19C96E6E64E8750D72C2EA0ECEE2B7C17@ati-ex-01.ati.local> Mike Watson wrote: > No, but I've been getting bugbear since yesterday. F-Prot is getting > and cleaning them. Why clean a virus infected email instead of just dumping it in the trash? (Or am I misunderstanding something?) Chris. From mikew at CRUCIS.NET Sat Jun 7 00:53:09 2003 From: mikew at CRUCIS.NET (Mike Watson) Date: Thu Jan 12 21:18:26 2006 Subject: virus found ? In-Reply-To: <001BD19C96E6E64E8750D72C2EA0ECEE2B7C17@ati-ex-01.ati.local> References: <001BD19C96E6E64E8750D72C2EA0ECEE2B7C17@ati-ex-01.ati.local> Message-ID: <200306061853.09381.mikew@crucis.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday 06 June 2003 06:44 pm, you wrote: > Mike Watson wrote: > > No, but I've been getting bugbear since yesterday. F-Prot is > > getting and cleaning them. > > Why clean a virus infected email instead of just dumping it in the > trash? (Or am I misunderstanding something?) > > > Chris. I could do that. Instead, I'm sending them to a holding folder. I want to see what's coming in. Mike W - -- Registered Linux - 256979 NRA Life ARS: W0TMW -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+4Sll5fq6h2uDDlQRAl+WAKChQWbXpK6wKsSi1VHar/cZk9X4YACg0hr7 0YPWpAE8f+eGxE2Uuq3pW0s= =MPXr -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by F-Prot and MailScanner, and is believed to be clean. From mikew at CRUCIS.NET Sat Jun 7 01:22:25 2003 From: mikew at CRUCIS.NET (Mike Watson) Date: Thu Jan 12 21:18:26 2006 Subject: New F-Prot for Linux Workstations Message-ID: <200306061922.25838.mikew@crucis.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Has anyone tried this out yet? How well does it work with MailScanner? Mike W - -- Registered Linux - 256979 NRA Life ARS: W0TMW -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+4TBB5fq6h2uDDlQRAtETAJ9ogt1mdvN/Y1ZBlPBFXgg+o1ugPQCfTb1q Fep4fiYAxrlpqtmrXTTOcvw= =cgAV -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by F-Prot and MailScanner, and is believed to be clean. From forrie at FORRIE.COM Sat Jun 7 02:01:37 2003 From: forrie at FORRIE.COM (Forrest Aldrich) Date: Thu Jan 12 21:18:26 2006 Subject: OT: ClamAV website In-Reply-To: <200306061922.25838.mikew@crucis.net> Message-ID: <5.2.1.1.2.20030606210030.01fdfce0@192.168.1.1> Has anyone else noticed that ClamAV website is down or unavailable? I'm wondering if it's just my network route (I traced the route, and it appears to be isolated over there) -- or I wonder if their routers are blocking cable modems. Thx. From pg at NEWHONEST.COM Sat Jun 7 02:12:37 2003 From: pg at NEWHONEST.COM (Jason) Date: Thu Jan 12 21:18:26 2006 Subject: ClamAV website References: <5.2.1.1.2.20030606210030.01fdfce0@192.168.1.1> Message-ID: <005c01c32c91$e5bfd3e0$0201a8c0@jasonhomexp> Hi, www.clamav.org is working fine for my connection. I'm from HK -Jason ----- Original Message ----- From: "Forrest Aldrich" To: Sent: Saturday, June 07, 2003 9:01 AM Subject: OT: ClamAV website > Has anyone else noticed that ClamAV website is down or unavailable? I'm > wondering if it's just my network route (I traced the route, and it appears > to be isolated over there) -- or I wonder if their routers are blocking > cable modems. > > Thx. > From forrie at FORRIE.COM Sat Jun 7 02:15:15 2003 From: forrie at FORRIE.COM (Forrest Aldrich) Date: Thu Jan 12 21:18:26 2006 Subject: ClamAV website In-Reply-To: <005c01c32c91$e5bfd3e0$0201a8c0@jasonhomexp> References: <5.2.1.1.2.20030606210030.01fdfce0@192.168.1.1> Message-ID: <5.2.1.1.2.20030606211455.0202c980@192.168.1.1> Hmm... I had clamav.elektrapro.com as the primary web site. Thanks. At 09:12 PM 6/6/2003, Jason wrote: >Hi, www.clamav.org is working fine for my connection. I'm from HK > >-Jason > >----- Original Message ----- >From: "Forrest Aldrich" >To: >Sent: Saturday, June 07, 2003 9:01 AM >Subject: OT: ClamAV website > > > > Has anyone else noticed that ClamAV website is down or unavailable? I'm > > wondering if it's just my network route (I traced the route, and it >appears > > to be isolated over there) -- or I wonder if their routers are blocking > > cable modems. > > > > Thx. > > From mikew at CRUCIS.NET Sat Jun 7 02:16:27 2003 From: mikew at CRUCIS.NET (Mike Watson) Date: Thu Jan 12 21:18:26 2006 Subject: OT: ClamAV website In-Reply-To: <5.2.1.1.2.20030606210030.01fdfce0@192.168.1.1> References: <5.2.1.1.2.20030606210030.01fdfce0@192.168.1.1> Message-ID: <200306062016.30751.mikew@crucis.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday 06 June 2003 08:01 pm, you wrote: > Has anyone else noticed that ClamAV website is down or unavailable? > I'm wondering if it's just my network route (I traced the route, and > it appears to be isolated over there) -- or I wonder if their routers > are blocking cable modems. > > Thx. I couldn't get to it just a few minutes ago either. Is there a mirror somewhere? Mike W - -- Registered Linux - 256979 NRA Life ARS: W0TMW -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+4Tzu5fq6h2uDDlQRAr1iAJ4zX5ANXxZjgwLioli9/AdhDScb/ACguBrR u+Gt5G1dneN5/XxxPWQdlZE= =LPNz -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by F-Prot and MailScanner, and is believed to be clean. From forrie at FORRIE.COM Sat Jun 7 02:17:21 2003 From: forrie at FORRIE.COM (Forrest Aldrich) Date: Thu Jan 12 21:18:26 2006 Subject: OT: ClamAV website In-Reply-To: <200306062016.30751.mikew@crucis.net> References: <5.2.1.1.2.20030606210030.01fdfce0@192.168.1.1> <5.2.1.1.2.20030606210030.01fdfce0@192.168.1.1> Message-ID: <5.2.1.1.2.20030606211655.0202c828@192.168.1.1> The email list I have for ClamAV actually gets routed to clamav.elektrapro.com -- so they must be having some problems. ? At 09:16 PM 6/6/2003, you wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >On Friday 06 June 2003 08:01 pm, you wrote: > > Has anyone else noticed that ClamAV website is down or unavailable? > > I'm wondering if it's just my network route (I traced the route, and > > it appears to be isolated over there) -- or I wonder if their routers > > are blocking cable modems. > > > > Thx. >I couldn't get to it just a few minutes ago either. Is there a mirror >somewhere? > >Mike W >- -- >Registered Linux - 256979 >NRA Life >ARS: W0TMW > > > > > > > > >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.0.7 (GNU/Linux) > >iD8DBQE+4Tzu5fq6h2uDDlQRAr1iAJ4zX5ANXxZjgwLioli9/AdhDScb/ACguBrR >u+Gt5G1dneN5/XxxPWQdlZE= >=LPNz >-----END PGP SIGNATURE----- > > >-- >This message has been scanned for viruses and >dangerous content by F-Prot and MailScanner, >and is believed to be clean. From mikew at CRUCIS.NET Sat Jun 7 02:20:49 2003 From: mikew at CRUCIS.NET (Mike Watson) Date: Thu Jan 12 21:18:26 2006 Subject: OT: ClamAV website In-Reply-To: <5.2.1.1.2.20030606211655.0202c828@192.168.1.1> References: <5.2.1.1.2.20030606210030.01fdfce0@192.168.1.1> <5.2.1.1.2.20030606211655.0202c828@192.168.1.1> Message-ID: <200306062020.49660.mikew@crucis.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday 06 June 2003 08:17 pm, you wrote: > The email list I have for ClamAV actually gets routed to > clamav.elektrapro.com -- so they must be having some problems. ? > > At 09:16 PM 6/6/2003, you wrote: > >-----BEGIN PGP SIGNED MESSAGE----- > >Hash: SHA1 > > > >On Friday 06 June 2003 08:01 pm, you wrote: > > > Has anyone else noticed that ClamAV website is down or > > > unavailable? I'm wondering if it's just my network route (I > > > traced the route, and it appears to be isolated over there) -- or > > > I wonder if their routers are blocking cable modems. > > > > > > Thx. > > > >I couldn't get to it just a few minutes ago either. Is there a > > mirror somewhere? > > > >Mike W I found their website. ClamAV hasn't been upgraded since last November (2002) and the last virus.db is dated in March, 2003. Is it still active? Mike W - -- Registered Linux - 256979 NRA Life ARS: W0TMW -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+4T3x5fq6h2uDDlQRAklwAKDJ1xpR6SF8tQffmP7lAi9sNMdPwACePszi bhw6VLRbdrEKz/jSHNCzJms= =aCtC -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by F-Prot and MailScanner, and is believed to be clean. From forrie at FORRIE.COM Sat Jun 7 02:25:06 2003 From: forrie at FORRIE.COM (Forrest Aldrich) Date: Thu Jan 12 21:18:26 2006 Subject: OT: ClamAV website In-Reply-To: <200306062020.49660.mikew@crucis.net> References: <5.2.1.1.2.20030606211655.0202c828@192.168.1.1> <5.2.1.1.2.20030606210030.01fdfce0@192.168.1.1> <5.2.1.1.2.20030606211655.0202c828@192.168.1.1> Message-ID: <5.2.1.1.2.20030606212420.020221f8@192.168.1.1> Look in the snapshots directory on www.clamav.org (presuming that's the most current). Nobody from their list (ie: their direct emails) has responded about the downage. Anyone get clamav-milter working on FreeBSD? (how's that for off-topic? :) ) Forrest At 09:20 PM 6/6/2003, you wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >On Friday 06 June 2003 08:17 pm, you wrote: > > The email list I have for ClamAV actually gets routed to > > clamav.elektrapro.com -- so they must be having some problems. ? > > > > At 09:16 PM 6/6/2003, you wrote: > > >-----BEGIN PGP SIGNED MESSAGE----- > > >Hash: SHA1 > > > > > >On Friday 06 June 2003 08:01 pm, you wrote: > > > > Has anyone else noticed that ClamAV website is down or > > > > unavailable? I'm wondering if it's just my network route (I > > > > traced the route, and it appears to be isolated over there) -- or > > > > I wonder if their routers are blocking cable modems. > > > > > > > > Thx. > > > > > >I couldn't get to it just a few minutes ago either. Is there a > > > mirror somewhere? > > > > > >Mike W > > > I found their website. ClamAV hasn't been upgraded since last November >(2002) and the last virus.db is dated in March, 2003. > >Is it still active? > >Mike W > >- -- >Registered Linux - 256979 >NRA Life >ARS: W0TMW > > > > > > > > >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.0.7 (GNU/Linux) > >iD8DBQE+4T3x5fq6h2uDDlQRAklwAKDJ1xpR6SF8tQffmP7lAi9sNMdPwACePszi >bhw6VLRbdrEKz/jSHNCzJms= >=aCtC >-----END PGP SIGNATURE----- > > >-- >This message has been scanned for viruses and >dangerous content by F-Prot and MailScanner, >and is believed to be clean. From mikew at CRUCIS.NET Sat Jun 7 02:32:26 2003 From: mikew at CRUCIS.NET (Mike Watson) Date: Thu Jan 12 21:18:26 2006 Subject: OT: ClamAV website In-Reply-To: <5.2.1.1.2.20030606212420.020221f8@192.168.1.1> References: <5.2.1.1.2.20030606211655.0202c828@192.168.1.1> <5.2.1.1.2.20030606212420.020221f8@192.168.1.1> Message-ID: <200306062032.31046.mikew@crucis.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday 06 June 2003 08:25 pm, you wrote: > Look in the snapshots directory on www.clamav.org (presuming that's > the most current). Nobody from their list (ie: their direct emails) > has responded about the downage. > > Anyone get clamav-milter working on FreeBSD? (how's that for > off-topic? :) ) > > > > Forrest Their latest file is dated March 19, 2003. Mike W - -- Registered Linux - 256979 NRA Life ARS: W0TMW -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+4UCu5fq6h2uDDlQRAja8AJ97IPpXkrGMwwgzvsEi0lZ3dtgcDQCguj8S EOvEDKQ1By4WXh/dLG2NJ9E= =omcN -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by F-Prot and MailScanner, and is believed to be clean. From forrie at FORRIE.COM Sat Jun 7 02:34:57 2003 From: forrie at FORRIE.COM (Forrest Aldrich) Date: Thu Jan 12 21:18:26 2006 Subject: OT: ClamAV website In-Reply-To: <200306062032.31046.mikew@crucis.net> References: <5.2.1.1.2.20030606212420.020221f8@192.168.1.1> <5.2.1.1.2.20030606211655.0202c828@192.168.1.1> <5.2.1.1.2.20030606212420.020221f8@192.168.1.1> Message-ID: <5.2.1.1.2.20030606213433.03025908@192.168.1.1> I believe they have a CVS server. Not sure why they haven't chosen to host this project on sourceforge.net...... At 09:32 PM 6/6/2003, Mike Watson wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >On Friday 06 June 2003 08:25 pm, you wrote: > > Look in the snapshots directory on www.clamav.org (presuming that's > > the most current). Nobody from their list (ie: their direct emails) > > has responded about the downage. > > > > Anyone get clamav-milter working on FreeBSD? (how's that for > > off-topic? :) ) > > > > > > > > Forrest > >Their latest file is dated March 19, 2003. > >Mike W > >- -- >Registered Linux - 256979 >NRA Life >ARS: W0TMW > > > > > > > > >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.0.7 (GNU/Linux) > >iD8DBQE+4UCu5fq6h2uDDlQRAja8AJ97IPpXkrGMwwgzvsEi0lZ3dtgcDQCguj8S >EOvEDKQ1By4WXh/dLG2NJ9E= >=omcN >-----END PGP SIGNATURE----- > > >-- >This message has been scanned for viruses and >dangerous content by F-Prot and MailScanner, >and is believed to be clean. From mdchaney at MICHAELCHANEY.COM Sat Jun 7 05:19:37 2003 From: mdchaney at MICHAELCHANEY.COM (Michael Chaney) Date: Thu Jan 12 21:18:26 2006 Subject: F-Prot's new pricing policy Message-ID: <20030606231937.B26390@michaelchaney.com> Since the price of F-Prot has risen obnoxiously (from $300/year to around $1000/year for me), does anyone have a suggestion for a per-server licensed virus scanner? Preferably back around the $300/year range? Thanks, Michael -- Michael Darrin Chaney mdchaney@michaelchaney.com http://www.michaelchaney.com/ From lltan at WEARNES.COM.SG Sat Jun 7 06:04:30 2003 From: lltan at WEARNES.COM.SG (Tan Lian Leong) Date: Thu Jan 12 21:18:26 2006 Subject: update_virus_scanners doesn't notify Message-ID: <00e601c32cb2$4abee090$120000a9@wtkia> Seems like the "update_virus_scanners" cron job doesn't send notification when update virus engine failed, does it? Thanks. Benny -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030607/6b8dc77b/attachment.html From raymond at PROLOCATION.NET Sat Jun 7 08:44:04 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:26 2006 Subject: New F-Prot for Linux Workstations In-Reply-To: <200306061922.25838.mikew@crucis.net> Message-ID: Hi! > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Has anyone tried this out yet? How well does it work with MailScanner? > > Mike W Search the mail archives. The day it went on their FTP server i tested and reported on the list. (Its working ok) Bye, Raymond. From raymond at PROLOCATION.NET Sat Jun 7 08:47:23 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:26 2006 Subject: ClamAV website In-Reply-To: <20030607015149.M37161@konsultex.com.br> Message-ID: Hi! > http://clamav.essentkabel.com/database/ > > has the database updated yesterday. Since I don't use Clamav I don't > know if this is the correct way to update the pattern. I got this from a > discussion at: I am running Clam, and the last update i fetched is from June 5 (18:01). Looks pretty ok to me. Bye, Raymond. From peter at UCGBOOK.COM Sat Jun 7 09:25:22 2003 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:18:26 2006 Subject: ClamAV website In-Reply-To: References: Message-ID: <1054974322.2008.11.camel@rocco.bonivart.home> My freshclam also works, they have mirrors for the signatures and the web site is updated on clamav.essentkabel.com. However, clamav.elektrapro.com seems to still be down and www.clamav.org is not up to date as some has mentioned. /Peter Bonivart --Unix lovers do it in the Sun On Sat, 2003-06-07 at 09:47, Raymond Dijkxhoorn wrote: > Hi! > > > http://clamav.essentkabel.com/database/ > > > > has the database updated yesterday. Since I don't use Clamav I don't > > know if this is the correct way to update the pattern. I got this from a > > discussion at: > > I am running Clam, and the last update i fetched is from June 5 (18:01). > Looks pretty ok to me. > > Bye, > Raymond. From kevins at BMRB.CO.UK Sat Jun 7 09:35:27 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:26 2006 Subject: ClamAV website In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0011757E8@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB0011757E8@pascal.priv.bmrb.co.uk> Message-ID: <1054974927.8647.61.camel@bach.kevinspicer.co.uk> > Has anyone else noticed that ClamAV website is down or unavailable? I'm > wondering if it's just my network route (I traced the route, and it appears > to be isolated over there) -- or I wonder if their routers are blocking > cable modems. IIRC the last 'stable' release has clamav.elektrapro.com hard coded into it. The older available snapshots have a second server defined and the most recent snapshot has a mechanism for choosing a mirror from a text file. Here the content of the text file on my system in case its of use to anyone... clamav.elektrapro.com clamav.ozforces.com clamav.essentkabel.com clamav.linux-sxs.org BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From kevins at BMRB.CO.UK Sat Jun 7 09:43:36 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:26 2006 Subject: update_virus_scanners doesn't notify In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0011757F2@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB0011757F2@pascal.priv.bmrb.co.uk> Message-ID: <1054975419.25002.2.camel@bach.kevinspicer.co.uk> >On Sat, 2003-06-07 at 06:04, Tan Lian Leong wrote: >Seems like the "update_virus_scanners" cron job doesn't send >notification when update virus engine failed, does it? Thanks. No, it logs to syslog - if you want an email to root when things go wrong find the following line in update_virus_scanners ${UPDATER} >/dev/null 2>&1 and change it to... ${UPDATER} # >/dev/null 2>&1 BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From miguelk at KONSULTEX.COM.BR Sat Jun 7 02:55:56 2003 From: miguelk at KONSULTEX.COM.BR (Miguel Koren OBrien de Lacy) Date: Thu Jan 12 21:18:26 2006 Subject: ClamAV website In-Reply-To: <5.2.1.1.2.20030606211455.0202c980@192.168.1.1> References: <5.2.1.1.2.20030606210030.01fdfce0@192.168.1.1> <5.2.1.1.2.20030606211455.0202c980@192.168.1.1> Message-ID: <20030607015149.M37161@konsultex.com.br> I could not reach the official site: http://clamav.elektrapro.com/ either. I checked around and I believe that the setup needs to reference mirror sites for better results. I see that this site : http://clamav.essentkabel.com/database/ has the database updated yesterday. Since I don't use Clamav I don't know if this is the correct way to update the pattern. I got this from a discussion at: http://freshmeat.net/projects/clamav/?topic_id=861 Miguel -- Konsultex Informatica (http://www.konsultex.com.br) ---------- Original Message ----------- From: Forrest Aldrich To: MAILSCANNER@JISCMAIL.AC.UK Sent: Fri, 6 Jun 2003 21:15:15 -0400 Subject: Re: ClamAV website > Hmm... I had clamav.elektrapro.com as the primary web site. > > Thanks. > > At 09:12 PM 6/6/2003, Jason wrote: > >Hi, www.clamav.org is working fine for my connection. I'm from HK > > > >-Jason > > > >----- Original Message ----- > >From: "Forrest Aldrich" > >To: > >Sent: Saturday, June 07, 2003 9:01 AM > >Subject: OT: ClamAV website > > > > > > > Has anyone else noticed that ClamAV website is down or unavailable? I'm > > > wondering if it's just my network route (I traced the route, and it > >appears > > > to be isolated over there) -- or I wonder if their routers are blocking > > > cable modems. > > > > > > Thx. > > > ------- End of Original Message ------- From mikew at CRUCIS.NET Sat Jun 7 15:48:51 2003 From: mikew at CRUCIS.NET (Mike Watson) Date: Thu Jan 12 21:18:26 2006 Subject: F-Prot error message after upgrade to F-Prot 3.13 Message-ID: <200306070948.54577.mikew@crucis.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I upgraded to F-Prot 3.13 yesterday and now I'm receiving this message in maillog. Jun 7 01:15:07 cameron MailScanner[9260]: Either you've found a bug in MailScanner's F-Prot output parser, or F-Prot's output format has changed! F-Prot said this "Files: "Dumb" scan of all files". Please mail the author of MailScanner Jun 7 01:15:07 cameron MailScanner[9260]: Switches: -ARCHIVE -AI -OLD - -SAFEREMOVE Jun 7 01:15:07 cameron MailScanner[9260]: Either you've found a bug in MailScanner's F-Prot output parser, or F-Prot's output format has changed! F-Prot said this "Switches: -ARCHIVE - -AI -OLD -SAFEREMOVE". Please mail the author of MailScanner I still have the 3.12c source that I'd been using before. Has anyone seen this? I have not downloaded the new F-Prot for Linux Workstations. System: AMD Athlon 1.8GHz, 294MB memory, RH 8.0, MainScanner: 4.12-2, kernel: kernel-2.4.18-27.8.0 Mike W - -- Registered Linux - 256979 NRA Life ARS: W0TMW -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+4ftW5fq6h2uDDlQRAvQGAJwOk8DcY64BTBIiF/yAwjOoIUt+EgCdEh8M P/ELyFgJ78devKGkbBqo3Fc= =2624 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by F-Prot and MailScanner, and is believed to be clean. From SJCJonker at SJC.NL Sat Jun 7 15:59:23 2003 From: SJCJonker at SJC.NL (Stijn Jonker) Date: Thu Jan 12 21:18:26 2006 Subject: Encrypted Zipfiles Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello all, Recently some clown is sending viruses in encrypted/password protected Zip files on one of the mailinglists that are ppl are subscribed to. Mailscanner let them pass, with a clear log message. I check the config file for password and/or encrypted but couldn't find anything. Is there a way to block/quarentine these zip files. The only thing i could find are (un)encrypted messages i assume that is only aimed at pgp or s/mime email bodies and not zip files. If this is indeed also for encrypted zip files, i would like to suggest to seperate this. As i would encourage the users to use as much pgp as possible for the body. But off course not encrypted zip files. Thanks for the help. - -- Met Vriendelijke groet/Yours Sincerely Stijn Jonker -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+4f3NjU9r45tKnOARAk1SAJ9z+I0yIDQdxa7IPd6MnWdQ1QneeACfYFeS Q5+ELWcbbj1RZjaa1dwclcE= =g2oJ -----END PGP SIGNATURE----- From gerry at DORFAM.CA Sat Jun 7 17:33:47 2003 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:18:26 2006 Subject: RBL's Working? Message-ID: I haven't noticed anything marked by either ORDB-RBL or Infinite-Monkeys in a long, long time. Are these RBL's working? If so, how should they be called? I've got the following in spam.assassin.prefs.conf score ORDB-RBL 4 score Infinite-Monkeys 4 I haven't changed anything in spam.lists.conf. -- Gerry "The lyfe so short, the craft so long to learne" Chaucer From mike at ZANKER.ORG Sat Jun 7 17:43:27 2003 From: mike at ZANKER.ORG (Mike Zanker) Date: Thu Jan 12 21:18:26 2006 Subject: RBL's Working? In-Reply-To: References: Message-ID: <987359.1055007807@jemima.zanker.org> On 07 June 2003 12:33 -0400 Gerry Doris wrote: > I haven't noticed anything marked by either ORDB-RBL or > Infinite-Monkeys in a long, long time. Are these RBL's working? Monkeys definitely. I'm using it with sendmail to reject at the SMTP level - last one rejected 45 minutes ago. I only use ORDB with SpamAssassin and the last one marked was May 6th. > If so, how should they be called? I've got the following in > spam.assassin.prefs.conf > > score ORDB-RBL 4 That should be score RCVD_IN_RELAYS_ORDB_ORG 4 for SpamAssassin, shouldn't it? > score Infinite-Monkeys 4 SpamAssassin doesn't use Infinite Monkeys AFAIK. > I haven't changed anything in spam.lists.conf. That's just for MailScanner, not SpamAssassin, I believe. Mike. From mailscanner at ecs.soton.ac.uk Sat Jun 7 18:24:32 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:26 2006 Subject: Problem with Sophos 3.70 and sophossavi Message-ID: <5.2.1.1.2.20030607182149.03022720@imap.ecs.soton.ac.uk> There appears to be a problem with the most recent Sophos releases and the sophossavi virus scanner. MailScanner will segfault when it first tries to set up the sophossavi scanner. The symptom is that MailScanner continually re-forks its child processes so every 10 seconds you will get a notice in your maillog saying the MailScanner is starting up, but no mail will be processed. The workaround is very simple: rm /etc/sav.conf The next release will include a new Sophos.install script which does this step for you. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Sat Jun 7 18:59:06 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:26 2006 Subject: New F-Prot 4 autoupdate script In-Reply-To: <07d501c32cdb$56eb5870$9d720550@T20> Message-ID: <5.2.1.1.2.20030607185632.03030968@imap.ecs.soton.ac.uk> The new F-Prot versions need a slightly different f-prot-autoupdate script due to the removal of the "checksum" program they used to supply. Attached is a new f-prot-autoupdate script which you should drop into one of /usr/lib/MailScanner or /opt/MailScanner/lib and don't forget to chmod a+rx f-prot-autoupdate so that it is executable. -------------- next part -------------- A non-text attachment was scrubbed... Name: f-prot-autoupdate Type: application/octet-stream Size: 10090 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030607/d3016ea0/f-prot-autoupdate.obj -------------- next part -------------- -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From steve.freegard at LBSLTD.CO.UK Sat Jun 7 19:19:08 2003 From: steve.freegard at LBSLTD.CO.UK (Steve Freegard) Date: Thu Jan 12 21:18:26 2006 Subject: Problem with Sophos 3.70 and sophossavi Message-ID: <67D9E7698329D411936E00508B6590B902773916@neelix.lbsltd.co.uk> Julian, I've had this problem since I started using Perl-SAVI on RH9 (with v3.67 Sophos) - I had cured it by putting LD_ASSUME_KERNEL=2.2.5; export LD_ASSUME_KERNEL into /etc/rc.d/init.d/MailScanner. I've just removed the above changes and removed /etc/sav.conf as recommended, and can confirm that this fixes the problem for me as well. Kind regards, Steve -- Steve Freegard System Manager Littlehampton Book Services Ltd. -----Original Message----- From: Julian Field To: MAILSCANNER@JISCMAIL.AC.UK Sent: 07/06/03 18:24 Subject: Problem with Sophos 3.70 and sophossavi There appears to be a problem with the most recent Sophos releases and the sophossavi virus scanner. MailScanner will segfault when it first tries to set up the sophossavi scanner. The symptom is that MailScanner continually re-forks its child processes so every 10 seconds you will get a notice in your maillog saying the MailScanner is starting up, but no mail will be processed. The workaround is very simple: rm /etc/sav.conf The next release will include a new Sophos.install script which does this step for you. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete the message from your mailbox. This footnote also confirms that this email message has been swept by MailScanner (www.mailscanner.info) for the presence of computer viruses. From raymond at PROLOCATION.NET Sat Jun 7 19:22:02 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:26 2006 Subject: New F-Prot 4 autoupdate script In-Reply-To: <5.2.1.1.2.20030607185632.03030968@imap.ecs.soton.ac.uk> Message-ID: Hi Julian, > The new F-Prot versions need a slightly different f-prot-autoupdate script > due to the removal of the "checksum" program they used to supply. > > Attached is a new f-prot-autoupdate script which you should drop into one of > /usr/lib/MailScanner Hey, thanks. I didnt see errors btw, but they told the update script was changed a little, thanks for cathing up :=)))) Replaced them on my production boxes right away. If you have time to do something with the language part, i am happy to beta test. Thanks! Raymond. From gsmithe at OFALLON90.NET Sun Jun 8 00:04:36 2003 From: gsmithe at OFALLON90.NET (Gary Smithe) Date: Thu Jan 12 21:18:26 2006 Subject: selective IFRAME filtering Message-ID: Hi, I subscribe to a couple of comics from comics.com, and 1 of them is filtered as having an IFRAME html code (but not the other - weird). Anyway, is there a way to add this to a whitelist or something since I know it is benign (I'd like to catch all other IFRAME tags though). I'm not using any AV software on this relay, that's handled on the hidden exchange server - this is just the built-in filter. Thanks, Gary From ryanb at AACRAO.ORG Sun Jun 8 00:42:39 2003 From: ryanb at AACRAO.ORG (Ryan Bingham) Date: Thu Jan 12 21:18:26 2006 Subject: selective IFRAME filtering References: Message-ID: <000e01c32d4e$7bc7b350$f8240340@kh06s9> Hi Gary, You can set up a ruleset for this. Look for this line in your MailScanner.conf file: Allow IFrame Tags = and point it to a ruleset filename. For example: Allow IFrame Tags = /etc/MailScanner/rules/iframe.whitelist.rules Then in your /etc/MailScanner/rules directory, create a file called iframe.whitelist.rules In it you can put entries like: From: someone@somehost.com yes FromOrTo: default no I believe you can also put wildcards: From: *@somehost.com yes Just be sure that the last line of your ruleset file is FromOrTo: default no So that the default action for the rest of your mail will still be to disallow IFrame tags. Ryan ----- Original Message ----- From: "Gary Smithe" To: Sent: Saturday, June 07, 2003 7:04 PM Subject: selective IFRAME filtering > Hi, > I subscribe to a couple of comics from comics.com, and 1 of them is filtered as having an IFRAME html code (but not the other - weird). Anyway, is there a way to add this to a whitelist or something since I know it is benign (I'd like to catch all other IFRAME tags though). > > I'm not using any AV software on this relay, that's handled on the hidden exchange server - this is just the built-in filter. > > Thanks, > Gary > From dh at UPTIME.AT Sun Jun 8 13:43:24 2003 From: dh at UPTIME.AT (David) Date: Thu Jan 12 21:18:26 2006 Subject: Concerning the Tag high scoring when on List action Message-ID: I was noticing that my mail gets correctly tagged as high scored spam when it is on 2 Black Lists that I told MailScanner to check. It does not get tagged as high scrong when it is found on two black lists that only Spamassassin seems tro check is that correct? -d - "Deep into that darkness peering, long I stood there wondering, fearing, - Doubting, dreaming dreams no mortal ever dared to dream to dream before.." Edgar Allen Poe - The Raven -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 186 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030608/29d0f727/PGP.bin From mailscanner at ecs.soton.ac.uk Sun Jun 8 14:48:22 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:26 2006 Subject: New F-Prot 4 autoupdate script In-Reply-To: References: <5.2.1.1.2.20030607185632.03030968@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030608144740.038f1b68@imap.ecs.soton.ac.uk> At 19:22 07/06/2003, you wrote: >If you have time to do something with the language part, i am happy to >beta test. That seems to be working. I might well post something later today. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Sun Jun 8 14:49:22 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:26 2006 Subject: F-Prot error message after upgrade to F-Prot 3.13 In-Reply-To: <200306070948.54577.mikew@crucis.net> Message-ID: <5.2.1.1.2.20030608144856.03920088@imap.ecs.soton.ac.uk> This has been mentioned more times than I can remember. Upgrade to a more recent MailScanner and it will go away. At 15:48 07/06/2003, you wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >I upgraded to F-Prot 3.13 yesterday and now I'm receiving this message >in maillog. > > >Jun 7 01:15:07 cameron MailScanner[9260]: Either you've found a bug in >MailScanner's F-Prot > output parser, or F-Prot's output format has changed! F-Prot said this >"Files: "Dumb" scan >of all files". Please mail the author of MailScanner >Jun 7 01:15:07 cameron MailScanner[9260]: Switches: -ARCHIVE -AI -OLD >- -SAFEREMOVE >Jun 7 01:15:07 cameron MailScanner[9260]: Either you've found a bug in >MailScanner's F-Prot > output parser, or F-Prot's output format has changed! F-Prot said this >"Switches: -ARCHIVE >- -AI -OLD -SAFEREMOVE". Please mail the author of MailScanner > >I still have the 3.12c source that I'd been using before. Has anyone >seen this? I have not downloaded the new F-Prot for Linux >Workstations. > >System: AMD Athlon 1.8GHz, 294MB memory, RH 8.0, MainScanner: 4.12-2, >kernel: kernel-2.4.18-27.8.0 > >Mike W >- -- >Registered Linux - 256979 >NRA Life >ARS: W0TMW > > > > > > > > >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.0.7 (GNU/Linux) > >iD8DBQE+4ftW5fq6h2uDDlQRAvQGAJwOk8DcY64BTBIiF/yAwjOoIUt+EgCdEh8M >P/ELyFgJ78devKGkbBqo3Fc= >=2624 >-----END PGP SIGNATURE----- > > >-- >This message has been scanned for viruses and >dangerous content by F-Prot and MailScanner, >and is believed to be clean. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Sun Jun 8 14:50:52 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:26 2006 Subject: Smooth upgrade to 4.21-9 In-Reply-To: <1054924698.22566.149.camel@dbeauchemin.si.usherbrooke.ca> References: <5.2.1.1.2.20030606191640.02586da8@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030606180831.03cf99a0@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030606180831.03cf99a0@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030606191640.02586da8@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030608145043.03927510@imap.ecs.soton.ac.uk> Sure. At 19:38 06/06/2003, you wrote: >Julian, > >But it would be OK if I used domain names (without being bulletproof)? > >Denis >Le ven 06/06/2003 ? 14:21, Julian Field a ?crit : > > At 19:08 06/06/2003, you wrote: > > > > > > > > > >I noticed new messages in my maillog: > > > > >Jun 6 11:28:32 smtp3 MailScanner[27147]: Spam Checks: Found 1 spam > > > messages > > > > >Jun 6 11:28:32 smtp3 MailScanner[27147]: Cannot match against > > > destination > > > > >IP address when resolving configuration option "spamactions" > > > > >Jun 6 11:28:32 smtp3 MailScanner[27147]: Spam Actions: message > > > > >h56FSUX31319 actions are xxx@usherbrooke.ca,forward,deliver > > > > > > > > > >Can I do anything about the destination IP unresolved? It used the > > > > >default rule, which is what I expected. > > > > > > > > You don't know the destination IP address until *after* you have > actually > > > > delivered the message. It all depends on what MX hosts are > available on > > > the > > > > destination site. So you cannot match against it. > > > > > >I'm not sure I understand what you said. Is it that what I am trying to > > >do is doomed to fail every time? > > > > > >This is what I use: > > >Spam Actions = /etc/MailScanner/rules/spam.action.rules > > > > > >/etc/MailScanner/rules/spam.action.rules: > > >To: 132.210. attachment deliver forward xxx@usherbrooke.ca > > >To: /^206\.167\.186\.[012346]\./ attachment deliver forward > > >xxx@usherbrooke.ca > > >To: 206.167.185. attachment deliver forward xxx@usherbrooke.ca > > > > You fundamentally cannot do that. I don't know the MX host until the mail > > is delivered (by the MTA), so I have absolutely no way of predicting > the IP > > address of the best available MX. > > > > Even checking that *all* the MX hosts for this domain are within this > range > > requires a hell of a lot of work on MailScanner's part. It would need to > > "dig" for every MX host to get its IP address and then check every single > > one against the spec you had allowed. And as you have specified the > > "deliver" action, then every MX host of every domain of every recipient of > > the message would have to be checked. That would take ages to do. > > > > Sorry, but mail delivery is very deliberately unrelated to IP address. > > > > >To: *@USherbrooke.ca attachment deliver forward xxx@usherbrooke.ca > > >FromOrTo: Default deliver forward xxx@usherbrooke.ca > > > > > >Basically I just want to deliver spam as an attachment (with my custom > > >explanation of how to forward the message to us if it was misidentified) > > >if the destination is local. I don't want external people to get my > > >message about how to train SA. > > > > > >Thanks again! > > > > > >Denis > > >-- > > >Denis Beauchemin, analyste > > >Universit? de Sherbrooke, S.T.I. > > >T: 819.821.8000x2252 F: 819.821.8045 >-- >Denis Beauchemin, analyste >Universit? de Sherbrooke, S.T.I. >T: 819.821.8000x2252 F: 819.821.8045 -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Sun Jun 8 14:01:33 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:26 2006 Subject: Concerning the Tag high scoring when on List action In-Reply-To: Message-ID: <5.2.1.1.2.20030608140032.03994e80@imap.ecs.soton.ac.uk> At 13:43 08/06/2003, you wrote: >I was noticing that my mail gets correctly tagged as high scored spam when >it is on 2 Black Lists that I told MailScanner to check. It does not get >tagged as high scrong when it is found on two black lists that only >Spamassassin seems tro check is that correct? The SpamAssassin blacklisting is completely separate to the MailScanner blacklisting. Appearance on a SpamAssassin blacklist adds to the score of the message, but won't automatically cause it to be treated as spam or high scoring spam. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mikew at CRUCIS.NET Sun Jun 8 16:38:01 2003 From: mikew at CRUCIS.NET (Mike Watson) Date: Thu Jan 12 21:18:26 2006 Subject: F-Prot error message after upgrade to F-Prot 3.13 In-Reply-To: <5.2.1.1.2.20030608144856.03920088@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030608144856.03920088@imap.ecs.soton.ac.uk> Message-ID: <200306081038.09960.mikew@crucis.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sunday 08 June 2003 08:49 am, you wrote: > This has been mentioned more times than I can remember. > Upgrade to a more recent MailScanner and it will go away. > Did and it did go away. Thank you. But... I seldom upgrade to a new version of anything when my present version is working for me. Call me a casualty of the Microsoft upgrade wars if you will, but new features don't drive me to upgrade if the present ones suit me. I must say that the upgrade process worked well. I had archived all my 4.12 config, reports and rules before the upgrade. My old MailScanner.conf wouldn't run the new version 4.21-9 MS but I modified it easily enough. You do have a quality product. Keep up the good work! Mike W - -- Registered Linux - 256979 NRA Life ARS: W0TMW -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+41hh5fq6h2uDDlQRAlCIAJ4zMfVCNCwE+V1SIGkWT7pibAcowgCfa0Bk PQWvvAgSe3/z6p3aL5Ls4VY= =vZwl -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by F-Prot and MailScanner, and is believed to be clean. From gsmithe at OFALLON90.NET Sun Jun 8 20:41:00 2003 From: gsmithe at OFALLON90.NET (Gary Smithe) Date: Thu Jan 12 21:18:26 2006 Subject: selective IFRAME filtering Message-ID: Thanks! I didn't think that IFRAMES would even be in the .conf file... Guess I need to read the docs thoroughly before posting. Thanks again! Gary -----Original Message----- From: Ryan Bingham [mailto:ryanb@AACRAO.ORG] Sent: Sat 6/7/2003 6:42 PM To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Re: selective IFRAME filtering Hi Gary, You can set up a ruleset for this. Look for this line in your MailScanner.conf file: Allow IFrame Tags = and point it to a ruleset filename. For example: Allow IFrame Tags = /etc/MailScanner/rules/iframe.whitelist.rules Then in your /etc/MailScanner/rules directory, create a file called iframe.whitelist.rules In it you can put entries like: From: someone@somehost.com yes FromOrTo: default no I believe you can also put wildcards: From: *@somehost.com yes Just be sure that the last line of your ruleset file is FromOrTo: default no So that the default action for the rest of your mail will still be to disallow IFrame tags. Ryan ----- Original Message ----- From: "Gary Smithe" To: Sent: Saturday, June 07, 2003 7:04 PM Subject: selective IFRAME filtering > Hi, > I subscribe to a couple of comics from comics.com, and 1 of them is filtered as having an IFRAME html code (but not the other - weird). Anyway, is there a way to add this to a whitelist or something since I know it is benign (I'd like to catch all other IFRAME tags though). > > I'm not using any AV software on this relay, that's handled on the hidden exchange server - this is just the built-in filter. > > Thanks, > Gary > From support at INVICTANET.CO.UK Sun Jun 8 21:10:14 2003 From: support at INVICTANET.CO.UK (InvictaNet Customer Support) Date: Thu Jan 12 21:18:26 2006 Subject: Number of viruses found Message-ID: Any ideas as to why Sophos found 1, F-Prot found 1 but Clam found 2? Jun 8 20:08:32 lemsip MailScanner[78113]: Virus Scanning: sophos found 1 infections Jun 8 20:08:32 lemsip MailScanner[78113]: Virus Scanning: F-Prot found virus W32/Bugbear.B@mm Jun 8 20:08:32 lemsip MailScanner[78113]: Virus Scanning: f-prot found 1 infections Jun 8 20:08:32 lemsip MailScanner[78113]: Virus Scanning: clamav found 2 infections Jun 8 20:08:32 lemsip MailScanner[78113]: Virus Scanning: Found 2 viruses Martyn Routley ----------------------------------------------------------------- InvictaNet - The Internet in Plain English, Guaranteed http://www.invictanet.co.uk martyn@support.invictanet.co.uk phone: 08707 440180 fax: 08707 440181 Ask us about our online Antivirus and Junk mail scanning service ----------------------------------------------------------------- From mailscanner at ecs.soton.ac.uk Sun Jun 8 21:14:47 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:26 2006 Subject: Number of viruses found In-Reply-To: Message-ID: <5.2.1.1.2.20030608211319.03944c88@imap.ecs.soton.ac.uk> I would go for Sophos and F-Prot finding fragmented or partial viruses and not reporting them as they are harmless. Without you telling us what it found or how big the files were, there's not much else I can guess at. At 21:10 08/06/2003, you wrote: >Any ideas as to why Sophos found 1, F-Prot found 1 but Clam found 2? > >Jun 8 20:08:32 lemsip MailScanner[78113]: Virus Scanning: sophos found 1 >infections >Jun 8 20:08:32 lemsip MailScanner[78113]: Virus Scanning: F-Prot found >virus W32/Bugbear.B@mm >Jun 8 20:08:32 lemsip MailScanner[78113]: Virus Scanning: f-prot found 1 >infections >Jun 8 20:08:32 lemsip MailScanner[78113]: Virus Scanning: clamav found 2 >infections >Jun 8 20:08:32 lemsip MailScanner[78113]: Virus Scanning: Found 2 viruses > > >Martyn Routley >----------------------------------------------------------------- >InvictaNet - The Internet in Plain English, Guaranteed >http://www.invictanet.co.uk >martyn@support.invictanet.co.uk >phone: 08707 440180 >fax: 08707 440181 >Ask us about our online Antivirus and Junk mail scanning service >----------------------------------------------------------------- -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From support at INVICTANET.CO.UK Sun Jun 8 21:17:57 2003 From: support at INVICTANET.CO.UK (InvictaNet Customer Support) Date: Thu Jan 12 21:18:26 2006 Subject: Number of viruses found In-Reply-To: <5.2.1.1.2.20030608211319.03944c88@imap.ecs.soton.ac.uk> Message-ID: Sorry, the clips all related to the same message, one copy of the latest Bugbear. Was Clam counting the I-Frame as a separate item perhaps? Martyn Routley ----------------------------------------------------------------- InvictaNet - The Internet in Plain English, Guaranteed http://www.invictanet.co.uk martyn@support.invictanet.co.uk phone: 08707 440180 fax: 08707 440181 Ask us about our online Antivirus and Junk mail scanning service ----------------------------------------------------------------- -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Julian Field Sent: 08 June 2003 21:15 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Number of viruses found I would go for Sophos and F-Prot finding fragmented or partial viruses and not reporting them as they are harmless. Without you telling us what it found or how big the files were, there's not much else I can guess at. At 21:10 08/06/2003, you wrote: >Any ideas as to why Sophos found 1, F-Prot found 1 but Clam found 2? > >Jun 8 20:08:32 lemsip MailScanner[78113]: Virus Scanning: sophos found 1 >infections >Jun 8 20:08:32 lemsip MailScanner[78113]: Virus Scanning: F-Prot found >virus W32/Bugbear.B@mm >Jun 8 20:08:32 lemsip MailScanner[78113]: Virus Scanning: f-prot found 1 >infections >Jun 8 20:08:32 lemsip MailScanner[78113]: Virus Scanning: clamav found 2 >infections >Jun 8 20:08:32 lemsip MailScanner[78113]: Virus Scanning: Found 2 viruses > > >Martyn Routley From mailscanner at ecs.soton.ac.uk Sun Jun 8 21:24:25 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:26 2006 Subject: Number of viruses found In-Reply-To: References: <5.2.1.1.2.20030608211319.03944c88@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030608212345.03939730@imap.ecs.soton.ac.uk> At 21:17 08/06/2003, you wrote: >Sorry, the clips all related to the same message, one copy of the latest >Bugbear. There are a hell of a lot of truncated copies of this doing the rounds, which are actually harmless. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From sanjay.patel at REXWIRE.COM Sun Jun 8 21:46:20 2003 From: sanjay.patel at REXWIRE.COM (Sanjay Patel) Date: Thu Jan 12 21:18:26 2006 Subject: F-Prot's new pricing policy In-Reply-To: <20030606231937.B26390@michaelchaney.com> Message-ID: <003601c32dff$0468bff0$6f01a8c0@Laptop1> We use panda's perimeter antivirus for sendmail. It was only $79 and has not missed a single virus. For that price and the quality of software I don't thing anything beats it. Only problem is that their documentation are weak and incorrect. If you need help installing it with sendmail free to ask me if you get stuck. -SKP -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Michael Chaney Sent: Saturday, June 07, 2003 12:20 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: F-Prot's new pricing policy Since the price of F-Prot has risen obnoxiously (from $300/year to around $1000/year for me), does anyone have a suggestion for a per-server licensed virus scanner? Preferably back around the $300/year range? Thanks, Michael -- Michael Darrin Chaney mdchaney@michaelchaney.com http://www.michaelchaney.com/ From michele at BLACKNIGHTSOLUTIONS.COM Sun Jun 8 22:06:39 2003 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: BlacknightSolutions) Date: Thu Jan 12 21:18:26 2006 Subject: Panda for Linux Message-ID: <200306082106.h58L6gr28018@camelot.blacknightsolutions.com> Looking at the Panda website: http://www.pandasoftware.com/download/linux/linux.asp The linux version seems to be completely free - or am I missing something? Mr. Michele Neylon Blacknight Solutions http://www.blacknightsolutions.com/ ######################################################### This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance to it is prohibited. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030608/cdf632c9/attachment.html From ryanb at AACRAO.ORG Sun Jun 8 22:11:18 2003 From: ryanb at AACRAO.ORG (Ryan Bingham) Date: Thu Jan 12 21:18:26 2006 Subject: Panda for Linux References: <200306082106.h58L6gr28018@camelot.blacknightsolutions.com> Message-ID: <001a01c32e02$81fefd50$f8240340@kh06s9> Is anyone using Panda with MailScanner? I see it in the list of antivirus scanners in MailScanner.conf, so it must be supported. Are there any special instructions for getting it to work with MailScanner? Thanks, Ryan ----- Original Message ----- From: Michele Neylon :: BlacknightSolutions To: MAILSCANNER@JISCMAIL.AC.UK Sent: Sunday, June 08, 2003 5:06 PM Subject: Panda for Linux Looking at the Panda website: http://www.pandasoftware.com/download/linux/linux.asp The linux version seems to be completely free - or am I missing something? Mr. Michele Neylon Blacknight Solutions http://www.blacknightsolutions.com/ ------------------------------------------------------------------------------ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030608/368977ee/attachment.html From kevins at BMRB.CO.UK Sun Jun 8 23:40:15 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:26 2006 Subject: Number of viruses found In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB00117580B@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB00117580B@pascal.priv.bmrb.co.uk> Message-ID: <1055112016.25001.17.camel@bach.kevinspicer.co.uk> On Sun, 2003-06-08 at 21:17, InvictaNet Customer Support wrote: Sorry, the clips all related to the same message, one copy of the latest Bugbear. Was Clam counting the I-Frame as a separate item perhaps? Yes, ClamAV reports the iframe as Exploit.IFrame.HTML. Which sometimes is not very helpful when you've given MS directions on what to do with IFRAME exploits. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From kevins at BMRB.CO.UK Mon Jun 9 00:09:36 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:26 2006 Subject: Panda for Linux In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB00117580F@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB00117580F@pascal.priv.bmrb.co.uk> Message-ID: <1055113777.25002.25.camel@bach.kevinspicer.co.uk> I've just tried to install it - it _seems_ to have installed okay but gives no output (even to its log file). I figured its missing it's virus definitions so I set about downloading them from the site, but it appears that only registered customers can do that & you can only register if you have purchased a product. I can only conclude that the software is free but only intended for use by people who have already purchased a Windows version which entitles them to access to the definitions. I notice there isn't an autoupdate script for panda, and presumably the wrapper script was contributed since I don't think Julian normally comments his work in Spanish! [Panda's man page is in Spanish too, although there are English instructions on the site] >On Sun, 2003-06-08 at 22:11, Ryan Bingham wrote: >Is anyone using Panda with MailScanner? I see it in the list of >antivirus scanners in MailScanner.conf, so it must be supported. >Are there any special instructions for getting it to work with >MailScanner? BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From kevins at BMRB.CO.UK Mon Jun 9 00:13:57 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:26 2006 Subject: Panda for Linux In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB001175811@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB001175811@pascal.priv.bmrb.co.uk> Message-ID: <1055114037.25001.27.camel@bach.kevinspicer.co.uk> Correct myself slightly, I do get some output when scanning an infected (eicar) file - so it appears it does work, just no updates. On Mon, 2003-06-09 at 00:09, Spicer, Kevin wrote: I've just tried to install it - it _seems_ to have installed okay but gives no output (even to its log file). I figured its missing it's virus definitions so I set about downloading them from the site, but it appears that only registered customers can do that & you can only register if you have purchased a product. I can only conclude that the software is free but only intended for use by people who have already purchased a Windows version which entitles them to access to the definitions. I notice there isn't an autoupdate script for panda, and presumably the wrapper script was contributed since I don't think Julian normally comments his work in Spanish! [Panda's man page is in Spanish too, although there are English instructions on the site] >On Sun, 2003-06-08 at 22:11, Ryan Bingham wrote: >Is anyone using Panda with MailScanner? I see it in the list of >antivirus scanners in MailScanner.conf, so it must be supported. >Are there any special instructions for getting it to work with >MailScanner? BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From sanjay.patel at REXWIRE.COM Mon Jun 9 00:19:45 2003 From: sanjay.patel at REXWIRE.COM (Sanjay Patel) Date: Thu Jan 12 21:18:26 2006 Subject: Panda for Linux In-Reply-To: <1055114037.25001.27.camel@bach.kevinspicer.co.uk> Message-ID: <003b01c32e14$733f55a0$6f01a8c0@Laptop1> What version do you have? The version that is downloaded is a old version. You need 1.31 to have all the update features. The software is not FREE. You must have downloaded a trial version. Panda does come with a web interface where you can see the reports. -SKP -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Kevin Spicer Sent: Sunday, June 08, 2003 7:14 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Panda for Linux Correct myself slightly, I do get some output when scanning an infected (eicar) file - so it appears it does work, just no updates. On Mon, 2003-06-09 at 00:09, Spicer, Kevin wrote: I've just tried to install it - it _seems_ to have installed okay but gives no output (even to its log file). I figured its missing it's virus definitions so I set about downloading them from the site, but it appears that only registered customers can do that & you can only register if you have purchased a product. I can only conclude that the software is free but only intended for use by people who have already purchased a Windows version which entitles them to access to the definitions. I notice there isn't an autoupdate script for panda, and presumably the wrapper script was contributed since I don't think Julian normally comments his work in Spanish! [Panda's man page is in Spanish too, although there are English instructions on the site] >On Sun, 2003-06-08 at 22:11, Ryan Bingham wrote: >Is anyone using Panda with MailScanner? I see it in the list of >antivirus scanners in MailScanner.conf, so it must be supported. >Are there any special instructions for getting it to work with >MailScanner? BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From sanjay.patel at REXWIRE.COM Mon Jun 9 00:22:39 2003 From: sanjay.patel at REXWIRE.COM (Sanjay Patel) Date: Thu Jan 12 21:18:26 2006 Subject: Panda for Linux In-Reply-To: <200306082106.h58L6gr28018@camelot.blacknightsolutions.com> Message-ID: <003c01c32e14$dbca07a0$6f01a8c0@Laptop1> there is Panda for Linux and than Panda for e-mail scanning its called Perimeter scanning and there is a version for sendmail, postfix and a few other linux mail system. You need to download and install that if you want your inbound and outbound mail scanned. -SKP -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Michele Neylon :: BlacknightSolutions Sent: Sunday, June 08, 2003 5:07 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Panda for Linux Looking at the Panda website: http://www.pandasoftware.com/download/linux/linux.asp The linux version seems to be completely free - or am I missing something? Mr. Michele Neylon Blacknight Solutions http://www.blacknightsolutions.com/ _____ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030608/ac3bc8b7/attachment.html From sanjay.patel at REXWIRE.COM Mon Jun 9 00:24:37 2003 From: sanjay.patel at REXWIRE.COM (Sanjay Patel) Date: Thu Jan 12 21:18:27 2006 Subject: Panda for Linux In-Reply-To: <001a01c32e02$81fefd50$f8240340@kh06s9> Message-ID: <004101c32e15$217bd3a0$6f01a8c0@Laptop1> we have been using it for a few months. No problems at all. Only problem we saw is that Panda catch's the virus and than MailScanner seems to get it cause Mailscanner always says no virus found even though panda has found one and cleaned it. -SKP -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ryan Bingham Sent: Sunday, June 08, 2003 5:11 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Panda for Linux Is anyone using Panda with MailScanner? I see it in the list of antivirus scanners in MailScanner.conf, so it must be supported. Are there any special instructions for getting it to work with MailScanner? Thanks, Ryan ----- Original Message ----- From: Michele Neylon :: BlacknightSolutions To: MAILSCANNER@JISCMAIL.AC.UK Sent: Sunday, June 08, 2003 5:06 PM Subject: Panda for Linux Looking at the Panda website: http://www.pandasoftware.com/download/linux/linux.asp The linux version seems to be completely free - or am I missing something? Mr. Michele Neylon Blacknight Solutions http://www.blacknightsolutions.com/ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. From kevins at BMRB.CO.UK Mon Jun 9 00:33:54 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:27 2006 Subject: Panda for Linux In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB001175815@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB001175815@pascal.priv.bmrb.co.uk> Message-ID: <1055115235.25002.34.camel@bach.kevinspicer.co.uk> Presumably then you're using it through sendmail, so it cleans the mail before it is queued for MailScanner? You're just using MS for Spam scanning then? On Mon, 2003-06-09 at 00:24, Sanjay Patel wrote: we have been using it for a few months. No problems at all. Only problem we saw is that Panda catch's the virus and than MailScanner seems to get it cause Mailscanner always says no virus found even though panda has found one and cleaned it. -SKP -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ryan Bingham Sent: Sunday, June 08, 2003 5:11 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Panda for Linux Is anyone using Panda with MailScanner? I see it in the list of antivirus scanners in MailScanner.conf, so it must be supported. Are there any special instructions for getting it to work with MailScanner? Thanks, Ryan ----- Original Message ----- From: Michele Neylon :: BlacknightSolutions To: MAILSCANNER@JISCMAIL.AC.UK Sent: Sunday, June 08, 2003 5:06 PM Subject: Panda for Linux Looking at the Panda website: http://www.pandasoftware.com/download/linux/linux.asp The linux version seems to be completely free - or am I missing something? Mr. Michele Neylon Blacknight Solutions http://www.blacknightsolutions.com/ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From michele at BLACKNIGHTSOLUTIONS.COM Mon Jun 9 00:37:44 2003 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: BlacknightSolutions) Date: Thu Jan 12 21:18:27 2006 Subject: Panda for Linux In-Reply-To: <003c01c32e14$dbca07a0$6f01a8c0@Laptop1> Message-ID: <200306082337.h58NbYp09031@camelot.blacknightsolutions.com> So the Panda for linux free thing is no good? _____ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Sanjay Patel Sent: 09 June 2003 01:23 To: MAILSCANNER@JISCMAIL.AC.UK there is Panda for Linux and than Panda for e-mail scanning its called Perimeter scanning and there is a version for sendmail, postfix and a few other linux mail system. You need to download and install that if you want your inbound and outbound mail scanned. -SKP . ######################################################### This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance to it is prohibited. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030609/498ab0c7/attachment.html From kevins at BMRB.CO.UK Mon Jun 9 00:46:09 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:27 2006 Subject: Panda for Linux In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB001175814@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB001175814@pascal.priv.bmrb.co.uk> Message-ID: <1055115970.25001.45.camel@bach.kevinspicer.co.uk> Thanks for that info. Looking at their site they offer a number of solutions under the 'Perimeter scan' category including the sendmail version at $12.95 for 1 year or $29.95 for a 'perpetual' license (although this product seems to have a quantity of 6 minimum purchase!). They also offer the linux command line version (I guess thats the one us MailScanner folks want) at just $7.95 for a year or $17.49 for a 'perpetual' license (and minimum purchase of one!) On Mon, 2003-06-09 at 00:22, Sanjay Patel wrote: there is Panda for Linux and than Panda for e-mail scanning its called Perimeter scanning and there is a version for sendmail, postfix and a few other linux mail system. You need to download and install that if you want your inbound and outbound mail scanned. -SKP BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From sanjay.patel at REXWIRE.COM Mon Jun 9 01:03:43 2003 From: sanjay.patel at REXWIRE.COM (Sanjay Patel) Date: Thu Jan 12 21:18:27 2006 Subject: Panda Pricing In-Reply-To: <1055115970.25001.45.camel@bach.kevinspicer.co.uk> Message-ID: <004601c32e1a$9739c980$6f01a8c0@Laptop1> We are panda resellers also. If anyone here is looking to buy Panda to use with MailSacnner we will pass portion of our discount onto you. MailScanner is a great utility and we use and depend on this mailing for support. This will be our way to giving something back to the group. -SKP From smhickel at CHARTERMI.NET Mon Jun 9 01:36:21 2003 From: smhickel at CHARTERMI.NET (Steve Hickel) Date: Thu Jan 12 21:18:27 2006 Subject: Number of viruses found Message-ID: <200306090036.h590aLb09691@chartermi.net> I used clamscan on my box and it said it found 10 infections but failed (as far as I could tell) to disinfect them (I think they were in the quarantine subdirectories mailscanner put there. I couldn't figure out what flag to use to get it to do what f-prot does with the auto command. Steve InvictaNet Customer Support wrote .. > Any ideas as to why Sophos found 1, F-Prot found 1 but Clam found 2? > > Jun 8 20:08:32 lemsip MailScanner[78113]: Virus Scanning: sophos found > 1 > infections > Jun 8 20:08:32 lemsip MailScanner[78113]: Virus Scanning: F-Prot found > virus W32/Bugbear.B@mm > Jun 8 20:08:32 lemsip MailScanner[78113]: Virus Scanning: f-prot found > 1 > infections > Jun 8 20:08:32 lemsip MailScanner[78113]: Virus Scanning: clamav found > 2 > infections > Jun 8 20:08:32 lemsip MailScanner[78113]: Virus Scanning: Found 2 viruses > > > Martyn Routley > ----------------------------------------------------------------- > InvictaNet - The Internet in Plain English, Guaranteed > http://www.invictanet.co.uk > martyn@support.invictanet.co.uk > phone: 08707 440180 > fax: 08707 440181 > Ask us about our online Antivirus and Junk mail scanning service > ----------------------------------------------------------------- From peter at UCGBOOK.COM Mon Jun 9 01:52:17 2003 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:18:27 2006 Subject: Number of viruses found In-Reply-To: <200306090036.h590aLb09691@chartermi.net> References: <200306090036.h590aLb09691@chartermi.net> Message-ID: <1055119937.2034.2.camel@rocco.bonivart.home> ClamAV does not disinfect, it only detects. I have no problem with removing infected attachments, I've always been sceptical about disinfecting anyway. /Peter Bonivart --Unix lovers do it in the Sun On Mon, 2003-06-09 at 02:36, Steve Hickel wrote: > I used clamscan on my box and it said it found 10 infections but failed (as far as I could tell) to disinfect them (I think they were in the quarantine subdirectories mailscanner put there. I couldn't figure out what flag to use to get it to do what f-prot does with the auto command. > > Steve > > InvictaNet Customer Support wrote .. > > Any ideas as to why Sophos found 1, F-Prot found 1 but Clam found 2? > > > > Jun 8 20:08:32 lemsip MailScanner[78113]: Virus Scanning: sophos found > > 1 > > infections > > Jun 8 20:08:32 lemsip MailScanner[78113]: Virus Scanning: F-Prot found > > virus W32/Bugbear.B@mm > > Jun 8 20:08:32 lemsip MailScanner[78113]: Virus Scanning: f-prot found > > 1 > > infections > > Jun 8 20:08:32 lemsip MailScanner[78113]: Virus Scanning: clamav found > > 2 > > infections > > Jun 8 20:08:32 lemsip MailScanner[78113]: Virus Scanning: Found 2 viruses > > > > > > Martyn Routley > > ----------------------------------------------------------------- > > InvictaNet - The Internet in Plain English, Guaranteed > > http://www.invictanet.co.uk > > martyn@support.invictanet.co.uk > > phone: 08707 440180 > > fax: 08707 440181 > > Ask us about our online Antivirus and Junk mail scanning service > > ----------------------------------------------------------------- From mailscanner at ecs.soton.ac.uk Mon Jun 9 11:47:14 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:27 2006 Subject: Panda Pricing In-Reply-To: <004601c32e1a$9739c980$6f01a8c0@Laptop1> References: <1055115970.25001.45.camel@bach.kevinspicer.co.uk> Message-ID: <5.2.0.9.2.20030609114212.0382fd40@imap.ecs.soton.ac.uk> Please do *not* use this mailing list for advertising your anti-virus products. This is not a sales list. In a previous post, you appeared to be a normal user saying that "Panda is great", but that we needed to buy the "mail server" version, which is simply not true from a technical standpoint, and exhibits a curious lack of understanding about how MailScanner works. Now you admit you are a Panda reseller, which hardly makes your previous comments very objective, does it? If you are recommending use of a product from which you make a profit, please declare this at the *start* so everyone knows (part of) the reason you are recommending it. At 01:03 09/06/2003, you wrote: >We are panda resellers also. If anyone here is looking to buy Panda to use >with MailSacnner we will pass portion of our discount onto you. > >MailScanner is a great utility and we use and depend on this mailing for >support. This will be our way to giving something back to the group. > > >-SKP -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From sanjay.patel at REXWIRE.COM Mon Jun 9 12:35:04 2003 From: sanjay.patel at REXWIRE.COM (Sanjay Patel) Date: Thu Jan 12 21:18:27 2006 Subject: Panda Pricing In-Reply-To: <5.2.0.9.2.20030609114212.0382fd40@imap.ecs.soton.ac.uk> Message-ID: <001201c32e7b$2c4ced80$6f01a8c0@Laptop1> Sorry to make it sound like I was trying to make a profit. But the fact is you do need to buy the mail version if you intend to run it with sendmail or other Linux based mail system (http://www.pandasecurity.com/ps.htm). As to the selling, that is not our main business, our antivirus business it less than 0.05% of our total business. We don't even mention it on our website. I was just looking at giving a discount to people who have helped us through this list. The intention was never to make money and we can make it very clear buy donating any profit to the Mailscanner creator's charity of choice. (which in this case would be you) -SKP -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Monday, June 09, 2003 6:47 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Panda Pricing Please do *not* use this mailing list for advertising your anti-virus products. This is not a sales list. In a previous post, you appeared to be a normal user saying that "Panda is great", but that we needed to buy the "mail server" version, which is simply not true from a technical standpoint, and exhibits a curious lack of understanding about how MailScanner works. Now you admit you are a Panda reseller, which hardly makes your previous comments very objective, does it? If you are recommending use of a product from which you make a profit, please declare this at the *start* so everyone knows (part of) the reason you are recommending it. At 01:03 09/06/2003, you wrote: >We are panda resellers also. If anyone here is looking to buy Panda to use >with MailSacnner we will pass portion of our discount onto you. > >MailScanner is a great utility and we use and depend on this mailing for >support. This will be our way to giving something back to the group. > > >-SKP -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From J.Ireland at HGU.MRC.AC.UK Mon Jun 9 12:36:18 2003 From: J.Ireland at HGU.MRC.AC.UK (John Ireland) Date: Thu Jan 12 21:18:27 2006 Subject: Changing Precedence to junk Message-ID: <3EE47132.1080709@hgu.mrc.ac.uk> I spoke to Julian about this last week at at the JANET-CERT meeting in London and I thought I would mail the list to see what others thought of the idea. Our mail queue is continually filled with auto responder mail replying to spam messages. These messages either time out or bounce, spamming the user with more useless information. Most auto responders, such as vacation, will not respond to mail with the 'Precedence: bulk' or 'Precedence: junk' line is included in the header. So giving mailscanner the option of changing the 'Precedence:' header to junk would give a simple centrally managed solution. I know there are other solutions - ban auto responders, write a procmail wrapper for vacation, or hack the vacation code. But there are users that need to use auto responders and there are auto responders over which the mail administrator has no control. Also, I know of no other program, other than 'vacation', that uses the 'Precedence:' header. -- John Ireland Email: mailto:J.Ireland@hgu.mrc.ac.uk MRC Human Genetics Unit Tel. : +44-31-332-2471 Western General Hospital Fax. : +44-31-343-2620 Edinburgh, EH4 2XU, UK WWW : http://www.hgu.mrc.ac.uk From Denis.Beauchemin at USHERBROOKE.CA Mon Jun 9 14:41:07 2003 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:18:27 2006 Subject: Attachments Message-ID: <1055166067.1238.17.camel@dbeauchemin.si.usherbrooke.ca> Hello Julian, I love the attachments option! Would it be possible for it to include MS' headers such as X-MailScanner-SpamCheck in the attached email? I would like to see that header in the encapsulated email because it would make life easier for us if people were to transfer the email back to us for processing (as you know Outlook (+Express) are no good at forwarding an email with its headers intact). Thanks again! Denis -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x2252 F: 819.821.8045 From jaearick at COLBY.EDU Mon Jun 9 14:44:34 2003 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:18:27 2006 Subject: Changing Precedence to junk In-Reply-To: <3EE47132.1080709@hgu.mrc.ac.uk> References: <3EE47132.1080709@hgu.mrc.ac.uk> Message-ID: Y'all, It would be good if the mailscanner virus warning messages went out as 'Precedence: bulk'. I'm getting to the point where I don't care if mailscanner sends out the warning messages at all -- most go to the wrong person and are useless. Whenever we write web-based email apps that generate email, we always stick the 'Precedence: bulk' stuff into the mailer scripts, to cut down on bounced emails. --- Jeff Earickson On Mon, 9 Jun 2003, John Ireland wrote: > Date: Mon, 9 Jun 2003 12:36:18 +0100 > From: John Ireland > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Changing Precedence to junk > > I spoke to Julian about this last week at at the JANET-CERT meeting in > London and I thought I would mail the list to see what others thought of > the idea. > > Our mail queue is continually filled with auto responder mail replying > to spam messages. These messages either time out or bounce, spamming > the user with more useless information. > > Most auto responders, such as vacation, will not respond to mail with > the 'Precedence: bulk' or 'Precedence: junk' line is included in the > header. So giving mailscanner the option of changing the 'Precedence:' > header to junk would give a simple centrally managed solution. > > I know there are other solutions - ban auto responders, write a > procmail wrapper for vacation, or hack the vacation code. But there > are users that need to use auto responders and there are auto responders > over which the mail administrator has no control. > > Also, I know of no other program, other than 'vacation', that uses the > 'Precedence:' header. > > > -- > John Ireland Email: mailto:J.Ireland@hgu.mrc.ac.uk > MRC Human Genetics Unit Tel. : +44-31-332-2471 > Western General Hospital Fax. : +44-31-343-2620 > Edinburgh, EH4 2XU, UK WWW : http://www.hgu.mrc.ac.uk > From michele at BLACKNIGHTSOLUTIONS.COM Mon Jun 9 14:50:46 2003 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:18:27 2006 Subject: Panda Pricing In-Reply-To: <5.2.0.9.2.20030609114212.0382fd40@imap.ecs.soton.ac.uk> References: <1055115970.25001.45.camel@bach.kevinspicer.co.uk> <5.2.0.9.2.20030609114212.0382fd40@imap.ecs.soton.ac.uk> Message-ID: <1740.213.140.31.170.1055166646.squirrel@www.blacknightsolutions.com> >but that we needed to buy the "mail server" version, which is > simply not true from a technical standpoint, and exhibits a curious lack > of understanding about how MailScanner works. So which version do we need? I am completely confused :-( However the Panda pricing is good, so even if we bought the wrong version we wouldn't be TOO broke :-) Could Julian or somebody else neutral please clarify??? -- Mr. Michele Neylon Blacknight Solutions http://www.blacknightsolutions.com/ Shell hosting now available ######################################################### This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance to it is prohibited. From mailscanner at ecs.soton.ac.uk Mon Jun 9 14:46:02 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:27 2006 Subject: Attachments In-Reply-To: <1055166067.1238.17.camel@dbeauchemin.si.usherbrooke.ca> Message-ID: <5.2.0.9.2.20030609144533.041e75a0@imap.ecs.soton.ac.uk> Not very easy I'm afraid. The MS headers are always added just before final delivery, but the encapsulation is done quite a lot earlier. At 14:41 09/06/2003, you wrote: >Hello Julian, > >I love the attachments option! > >Would it be possible for it to include MS' headers such as >X-MailScanner-SpamCheck in the attached email? > >I would like to see that header in the encapsulated email because it >would make life easier for us if people were to transfer the email back >to us for processing (as you know Outlook (+Express) are no good at >forwarding an email with its headers intact). > >Thanks again! > >Denis >-- >Denis Beauchemin, analyste >Universit? de Sherbrooke, S.T.I. >T: 819.821.8000x2252 F: 819.821.8045 -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Mon Jun 9 14:29:30 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:27 2006 Subject: Panda Pricing In-Reply-To: <001201c32e7b$2c4ced80$6f01a8c0@Laptop1> References: <5.2.0.9.2.20030609114212.0382fd40@imap.ecs.soton.ac.uk> Message-ID: <5.2.0.9.2.20030609142456.0430c110@imap.ecs.soton.ac.uk> At 12:35 09/06/2003, you wrote: >Sorry to make it sound like I was trying to make a profit. But the fact is >you do need to buy the mail version if you intend to run it with sendmail or >other Linux based mail system (http://www.pandasecurity.com/ps.htm). For a virus scanner to work with MailScanner, all that is necessary is a command-line utility that will scan files given to it. It doesn't need to (or want to) know anything about the mail transport in use. Or is the mail version the only one that provides a Linux-based command line scanning utility? It appears that most of the other versions are Windows-based. >As to the selling, that is not our main business, our antivirus business it >less than 0.05% of our total business. We don't even mention it on our >website. I was just looking at giving a discount to people who have helped >us through this list. Thankyou. >The intention was never to make money and we can make it very clear buy >donating any profit to the Mailscanner creator's charity of choice. (which >in this case would be you) Many thanks for clarifying that. I must have been feeling particularly paranoid this morning :-) Not helped by my next door neighbour's burglar alarm going off at 7 :-( >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of Julian Field >Sent: Monday, June 09, 2003 6:47 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Panda Pricing > > >Please do *not* use this mailing list for advertising your anti-virus >products. This is not a sales list. > >In a previous post, you appeared to be a normal user saying that "Panda is >great", but that we needed to buy the "mail server" version, which is >simply not true from a technical standpoint, and exhibits a curious lack of >understanding about how MailScanner works. > >Now you admit you are a Panda reseller, which hardly makes your previous >comments very objective, does it? > >If you are recommending use of a product from which you make a profit, >please declare this at the *start* so everyone knows (part of) the reason >you are recommending it. > >At 01:03 09/06/2003, you wrote: > >We are panda resellers also. If anyone here is looking to buy Panda to use > >with MailSacnner we will pass portion of our discount onto you. > > > >MailScanner is a great utility and we use and depend on this mailing for > >support. This will be our way to giving something back to the group. > > > > > >-SKP > >-- >Julian Field >www.MailScanner.info >MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Mon Jun 9 14:48:08 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:27 2006 Subject: Changing Precedence to junk In-Reply-To: References: <3EE47132.1080709@hgu.mrc.ac.uk> <3EE47132.1080709@hgu.mrc.ac.uk> Message-ID: <5.2.0.9.2.20030609144705.043e69a8@imap.ecs.soton.ac.uk> If you mean all the "sender.*" message reports, those files include the headers at the top of them anyway. So you can just add the Precedence: bulk lines yourself. At 14:44 09/06/2003, you wrote: >Y'all, > >It would be good if the mailscanner virus warning messages went out >as 'Precedence: bulk'. I'm getting to the point where I don't care if >mailscanner sends out the warning messages at all -- most go to the >wrong person and are useless. Whenever we write web-based email >apps that generate email, we always stick the 'Precedence: bulk' >stuff into the mailer scripts, to cut down on bounced emails. > >--- Jeff Earickson > >On Mon, 9 Jun 2003, John Ireland wrote: > > > Date: Mon, 9 Jun 2003 12:36:18 +0100 > > From: John Ireland > > Reply-To: MailScanner mailing list > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Changing Precedence to junk > > > > I spoke to Julian about this last week at at the JANET-CERT meeting in > > London and I thought I would mail the list to see what others thought of > > the idea. > > > > Our mail queue is continually filled with auto responder mail replying > > to spam messages. These messages either time out or bounce, spamming > > the user with more useless information. > > > > Most auto responders, such as vacation, will not respond to mail with > > the 'Precedence: bulk' or 'Precedence: junk' line is included in the > > header. So giving mailscanner the option of changing the 'Precedence:' > > header to junk would give a simple centrally managed solution. > > > > I know there are other solutions - ban auto responders, write a > > procmail wrapper for vacation, or hack the vacation code. But there > > are users that need to use auto responders and there are auto responders > > over which the mail administrator has no control. > > > > Also, I know of no other program, other than 'vacation', that uses the > > 'Precedence:' header. > > > > > > -- > > John Ireland Email: mailto:J.Ireland@hgu.mrc.ac.uk > > MRC Human Genetics Unit Tel. : +44-31-332-2471 > > Western General Hospital Fax. : +44-31-343-2620 > > Edinburgh, EH4 2XU, UK WWW : http://www.hgu.mrc.ac.uk > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mike at CAMAROSS.NET Mon Jun 9 15:32:20 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:18:27 2006 Subject: Changing Precedence to junk In-Reply-To: Message-ID: <001501c32e93$ef4061b0$9b01a8c0@home.middlefinger.net> Mailman uses the precedence of either Bulk or List...can't remember which. My question is this...WHY would you bounce spam? The large percentage of spam you bounce more than likey comes from forged addresses. Therefore, attempting to bounce them just generates more useless traffic on the net and your boxen (IMHO of course). Mike > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jeff A. Earickson > Sent: Monday, June 09, 2003 8:45 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Changing Precedence to junk > > > Y'all, > > It would be good if the mailscanner virus warning messages > went out as 'Precedence: bulk'. I'm getting to the point > where I don't care if mailscanner sends out the warning > messages at all -- most go to the wrong person and are > useless. Whenever we write web-based email apps that > generate email, we always stick the 'Precedence: bulk' stuff > into the mailer scripts, to cut down on bounced emails. > > --- Jeff Earickson > > On Mon, 9 Jun 2003, John Ireland wrote: > > > Date: Mon, 9 Jun 2003 12:36:18 +0100 > > From: John Ireland > > Reply-To: MailScanner mailing list > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Changing Precedence to junk > > > > I spoke to Julian about this last week at at the JANET-CERT > meeting in > > London and I thought I would mail the list to see what > others thought > > of the idea. > > > > Our mail queue is continually filled with auto responder > mail replying > > to spam messages. These messages either time out or > bounce, spamming > > the user with more useless information. > > > > Most auto responders, such as vacation, will not respond to > mail with > > the 'Precedence: bulk' or 'Precedence: junk' line is > included in the > > header. So giving mailscanner the option of changing the > > 'Precedence:' header to junk would give a simple centrally managed > > solution. > > > > I know there are other solutions - ban auto responders, write a > > procmail wrapper for vacation, or hack the vacation code. > But there > > are users that need to use auto responders and there are auto > > responders over which the mail administrator has no control. > > > > Also, I know of no other program, other than 'vacation', > that uses the > > 'Precedence:' header. > > > > > > -- > > John Ireland Email: > mailto:J.Ireland@hgu.mrc.ac.uk > > MRC Human Genetics Unit > Tel. : +44-31-332-2471 > > Western General Hospital Fax. : +44-31-343-2620 > > Edinburgh, EH4 2XU, UK WWW : http://www.hgu.mrc.ac.uk > > > From mailscanner at ecs.soton.ac.uk Mon Jun 9 15:35:22 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:27 2006 Subject: Panda Pricing In-Reply-To: <1740.213.140.31.170.1055166646.squirrel@www.blacknightsolu tions.com> References: <5.2.0.9.2.20030609114212.0382fd40@imap.ecs.soton.ac.uk> <1055115970.25001.45.camel@bach.kevinspicer.co.uk> <5.2.0.9.2.20030609114212.0382fd40@imap.ecs.soton.ac.uk> Message-ID: <5.2.0.9.2.20030609151956.04f9fdb8@imap.ecs.soton.ac.uk> At 14:50 09/06/2003, you wrote: > >but that we needed to buy the "mail server" version, which is > > simply not true from a technical standpoint, and exhibits a curious lack > > of understanding about how MailScanner works. > >So which version do we need? I am completely confused :-( >However the Panda pricing is good, so even if we bought the wrong version >we wouldn't be TOO broke :-) > >Could Julian or somebody else neutral please clarify??? They have a "module" called PAVCL (Panda Anti-Virus Command Line) which is available for Windows and Linux. According to the site, this is available separately, or as part of the "Panda PerimeterScan" bundle. http://www.pandasoftware.com/products/perimeterscan/pavcl.asp I cannot find a way of getting this separately, despite what they say. All the "buy" or "try" links take you to "Panda PerimeterScan" pages. So it's possible that in reality you have to buy the entire PerimeterScan bundle to get it. Worth quizzing their sales folk on the subject though. However.... there is also a "freeware" "Panda Antivirus for Linux" http://www.pandasoftware.com/download/linux/linux.asp However, there appears to be no way of getting updates for the free one. The updates page requires a username+password which implies paying customers only. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From michele at BLACKNIGHTSOLUTIONS.COM Mon Jun 9 15:45:28 2003 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:18:27 2006 Subject: Panda Pricing In-Reply-To: <5.2.0.9.2.20030609151956.04f9fdb8@imap.ecs.soton.ac.uk> References: <5.2.0.9.2.20030609114212.0382fd40@imap.ecs.soton.ac.uk> <1055115970.25001.45.camel@bach.kevinspicer.co.uk> <5.2.0.9.2.20030609114212.0382fd40@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030609151956.04f9fdb8@imap.ecs.soton.ac.uk> Message-ID: <2583.213.140.31.170.1055169928.squirrel@www.blacknightsolutions.com> > At 14:50 09/06/2003, you wrote: >> >but that we needed to buy the "mail server" version, which is >> > simply not true from a technical standpoint, and exhibits a curious >> lack of understanding about how MailScanner works. >> >>So which version do we need? I am completely confused :-( >>However the Panda pricing is good, so even if we bought the wrong >> version we wouldn't be TOO broke :-) >> >>Could Julian or somebody else neutral please clarify??? > > They have a "module" called PAVCL (Panda Anti-Virus Command Line) which > is available for Windows and Linux. According to the site, this is > available separately, or as part of the "Panda PerimeterScan" bundle. > http://www.pandasoftware.com/products/perimeterscan/pavcl.asp > > I cannot find a way of getting this separately, despite what they say. > All the "buy" or "try" links take you to "Panda PerimeterScan" pages. > > So it's possible that in reality you have to buy the entire > PerimeterScan bundle to get it. Worth quizzing their sales folk on the > subject though. > If you follow the link to the store you can get to a buy link for PAVCL, but it takes some doing .... Nice price though.. .. -- Mr. Michele Neylon Blacknight Solutions http://www.blacknightsolutions.com/ Shell hosting now available ######################################################### This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance to it is prohibited. From Kevin.Spicer at BMRB.CO.UK Mon Jun 9 15:47:47 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:18:27 2006 Subject: Panda Pricing Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0EBF635@pascal.priv.bmrb.co.uk> > I cannot find a way of getting this separately, despite what > they say. All > the "buy" or "try" links take you to "Panda PerimeterScan" pages. I found that too and it was only when out of curiousity about just what they might be charging for 'perimeter scan' I followed the sales links and found that there is a drop-down menu for selecting which product from the perimeter scan family, the command line scanner is on that list (to buy alone). It has to be said that their site is really badly designed from a navigational point of view. > However.... > there is also a "freeware" "Panda Antivirus for Linux" > http://www.pandasoftware.com/download/linux/linux.asp > > However, there appears to be no way of getting updates for > the free one. > The updates page requires a username+password which implies paying > customers only. That was the conclusion I came to as well. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From dwinkler at ALGORITHMICS.COM Mon Jun 9 15:56:20 2003 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:18:27 2006 Subject: how to map MS process id to SM process id? Message-ID: <06EE2C86D3DAD5119A6C0060943F3C97055E6FDA@tormail1.algorithmics.com> Not sure exactly what you're trying to do here, but... You may be able to accomplish what you want by following the message id instead. This is how my search for frequent spammers perl script works. -----Original Message----- From: Chris W. Parker [mailto:cparker@swatgear.com] Sent: Friday, June 06, 2003 6:01 PM To: MAILSCANNER@jiscmail.ac.uk Subject: how to map MS process id to SM process id? Hello. When checking the maillog I'd like to be able to pull all the records pertaining to a certain mail. Is there a way to map the sendmail process id to the MS process id that is handling that mail? Let me know if I haven't made sense. Thanks, Chris. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030609/505fc04a/attachment.html From FCaen at CI.LAKEWOOD.WA.US Mon Jun 9 16:03:02 2003 From: FCaen at CI.LAKEWOOD.WA.US (Francois Caen) Date: Thu Jan 12 21:18:27 2006 Subject: Panda Pricing Message-ID: -----Original Message----- From: Michele Neylon :: Blacknight Solutions [mailto:michele@BLACKNIGHTSOLUTIONS.COM] > If you follow the link to the store you can get to a buy link for PAVCL, but it takes some doing .... > Nice price though.. .. $11.13 for 2 years?!?!?! Am I missing something? Is there a bug in their shopping cart? Heck, for that price, I can run PAVCL AND something else!!! --------------------------------------------- Francois Caen Network Information Systems Engineer - Webmaster City of Lakewood, WA (253) 512-2269 NOTICE: The Information contained in this transmission is privileged and confidential. It is intended for the use of the individual or entity named above. If the reader of this message is not the intended addressee or other legitimate recipient, the reader is hereby notified that any consideration, dissemination or duplication of this communication is strictly prohibited. If the addressee has received this communication in error, please return it to the above address by mail and notify this office by telephone. City of Lakewood From Steve at swaney.com Mon Jun 9 16:25:54 2003 From: Steve at swaney.com (Stephen Swaney) Date: Thu Jan 12 21:18:27 2006 Subject: Panda Pricing In-Reply-To: References: Message-ID: <1055172354.2488.75.camel@speedy> Where do you find the $11.13 price. Cheapest price I can find (when I try to buy) for the command line scanner is $112.89. Panda Antivirus Command Line (Linux/Win 32) - Perpetual License: 6 @ 17.49 Panda Antivirus Command Line (Linux/Win 32) - 1 Year License: 1 @ $7.95 Steve Swaney Steve@Swaney.com On Mon, 2003-06-09 at 11:03, Francois Caen wrote: > -----Original Message----- > From: Michele Neylon :: Blacknight Solutions > [mailto:michele@BLACKNIGHTSOLUTIONS.COM] > > If you follow the link to the store you can get to a buy link for > PAVCL, but it takes some doing .... > > > Nice price though.. .. > > $11.13 for 2 years?!?!?! > > Am I missing something? Is there a bug in their shopping cart? > > Heck, for that price, I can run PAVCL AND something else!!! > > --------------------------------------------- > Francois Caen > Network Information Systems Engineer - Webmaster > City of Lakewood, WA > (253) 512-2269 > > > > NOTICE: The Information contained in this transmission is privileged and confidential. It is intended for the use of the individual or entity named above. If the reader of this message is not the intended addressee or other legitimate recipient, the reader is hereby notified that any consideration, dissemination or duplication of this communication is strictly prohibited. If the addressee has received this communication in error, please return it to the above address by mail and notify this office by telephone. > > > > > > City of Lakewood > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030609/8628c503/attachment.html From FCaen at CI.LAKEWOOD.WA.US Mon Jun 9 16:36:45 2003 From: FCaen at CI.LAKEWOOD.WA.US (Francois Caen) Date: Thu Jan 12 21:18:27 2006 Subject: Panda Pricing Message-ID: -----Original Message----- From: Stephen Swaney [mailto:Steve@swaney.com] > Where do you find the $11.13 price. Cheapest price I can find (when I > try to buy) for the command line scanner is $112.89. > Panda Antivirus Command Line (Linux/Win 32) - Perpetual License: 6 @ > 17.49 Panda Antivirus Command Line (Linux/Win 32) - 1 Year License: 1 > @ $7.95 I followed the directions listed earlier. Go to: http://www.pandasoftware.com/products/perimeterscan/pavcl.asp Click on Buy Click on Buy Download I get 2 pull downs. In the first, I select PACL. In the 2nd, I get: 1yr - $7.95 2yr - $11.13 3yr - $13.52 Perpetual - $17.49 Francois NOTICE: The Information contained in this transmission is privileged and confidential. It is intended for the use of the individual or entity named above. If the reader of this message is not the intended addressee or other legitimate recipient, the reader is hereby notified that any consideration, dissemination or duplication of this communication is strictly prohibited. If the addressee has received this communication in error, please return it to the above address by mail and notify this office by telephone. City of Lakewood From mailscanner at ecs.soton.ac.uk Mon Jun 9 16:59:15 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:27 2006 Subject: how to map MS process id to SM process id? In-Reply-To: <06EE2C86D3DAD5119A6C0060943F3C97055E6FDA@tormail1.algorith mics.com> Message-ID: <5.2.0.9.2.20030609165819.038d0aa0@imap.ecs.soton.ac.uk> At 15:56 09/06/2003, you wrote: >-----Original Message----- >From: Chris W. Parker >[mailto:cparker@swatgear.com] >Sent: Friday, June 06, 2003 6:01 PM >To: MAILSCANNER@jiscmail.ac.uk >Subject: how to map MS process id to SM process id? > >Hello. > >When checking the maillog I'd like to be able to pull all the records >pertaining to a certain mail. Is there a way to map the sendmail process >id to the MS process id that is handling that mail? Each MS process id handles thousands of messages and talks to many sendmail processes, so I don't think you'll get anything useful. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From ragan_davis at COLSTATE.EDU Mon Jun 9 17:12:02 2003 From: ragan_davis at COLSTATE.EDU (Mack Ragan) Date: Thu Jan 12 21:18:27 2006 Subject: ran df2mbox -- now what? Message-ID: Hi, all, I have run df2mbox on various folders in the quarantine directory. The results are large files named "spam.20030609" (or whatever the date is). Now, I'm confused about what my options are at this point. What is the purpose of creating the spam.* files, and how can I use them, or the queue files that I converted from, to find and/or send suspected spam that a user may still want? Do I even need to run df2mbox? Or, can I do stuff with the queue files? I really need some insight and suggestions on this concept. thanks (and sorry if this was too ambiguous), mack From christopher.albert at MCGILL.CA Mon Jun 9 17:18:13 2003 From: christopher.albert at MCGILL.CA (Christopher Albert) Date: Thu Jan 12 21:18:27 2006 Subject: ran df2mbox -- now what? In-Reply-To: References: Message-ID: <3EE4B345.2070205@mcgill.ca> Mack Ragan wrote: >Hi, all, > >I have run df2mbox on various folders in the quarantine directory. The >results are large files named "spam.20030609" (or whatever the date is). >Now, I'm confused about what my options are at this point. What is the >purpose of creating the spam.* files, and how can I use them, or the queue >files that I converted from, to find and/or send suspected spam that a user >may still want? Do I even need to run df2mbox? Or, can I do stuff with >the queue files? I really need some insight and suggestions on this >concept. > >thanks (and sorry if this was too ambiguous), > >mack > > Use something like mutt -f spam.20030609 so you can read it like a normal unix mailbox to say, test for FPs. Chris From sanjay.patel at REXWIRE.COM Mon Jun 9 17:40:57 2003 From: sanjay.patel at REXWIRE.COM (Sanjay Patel) Date: Thu Jan 12 21:18:27 2006 Subject: Panda Pricing In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0EBF635@pascal.priv.bmrb.co.uk> Message-ID: <003c01c32ea5$e72e0420$6f01a8c0@Laptop1> Its not your fault. The panda site is configured just like their documentations (neither make sense). Call them for clarification. The command line tool is new to me. I am not sure of its capabilities. I use the perimeter scan because it comes with a nice web interface for reports. It's a much easier sell to higher ups we have found out plus transition to a low level techie is easier. -SKP PS ****No matter what you buy go and download the latest version from their FTP site after buying.**** -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Spicer, Kevin Sent: Monday, June 09, 2003 10:48 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Panda Pricing > I cannot find a way of getting this separately, despite what > they say. All > the "buy" or "try" links take you to "Panda PerimeterScan" pages. I found that too and it was only when out of curiousity about just what they might be charging for 'perimeter scan' I followed the sales links and found that there is a drop-down menu for selecting which product from the perimeter scan family, the command line scanner is on that list (to buy alone). It has to be said that their site is really badly designed from a navigational point of view. > However.... > there is also a "freeware" "Panda Antivirus for Linux" > http://www.pandasoftware.com/download/linux/linux.asp > > However, there appears to be no way of getting updates for > the free one. > The updates page requires a username+password which implies paying > customers only. That was the conclusion I came to as well. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From FCaen at CI.LAKEWOOD.WA.US Mon Jun 9 17:43:46 2003 From: FCaen at CI.LAKEWOOD.WA.US (Francois Caen) Date: Thu Jan 12 21:18:27 2006 Subject: Panda Pricing Message-ID: -----Original Message----- From: Sanjay Patel [mailto:sanjay.patel@REXWIRE.COM] > The command line tool is new to me. I am not sure of its capabilities. I use the perimeter scan because it comes with a nice web interface for reports. It's a much easier sell to higher ups we have found out At $8/yr, I have no problems selling this to management. Heck, I'll just skip Starbucks today and pay for it myself :) Francois NOTICE: The Information contained in this transmission is privileged and confidential. It is intended for the use of the individual or entity named above. If the reader of this message is not the intended addressee or other legitimate recipient, the reader is hereby notified that any consideration, dissemination or duplication of this communication is strictly prohibited. If the addressee has received this communication in error, please return it to the above address by mail and notify this office by telephone. City of Lakewood From maxsec at TOTALISE.CO.UK Mon Jun 9 17:51:05 2003 From: maxsec at TOTALISE.CO.UK (Martin Hepworth) Date: Thu Jan 12 21:18:27 2006 Subject: MIME::Pasrser errors.. In-Reply-To: <3EE4BA97.90308@totalise.co.uk> References: <5.2.0.9.2.20030528160133.042fd540@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030528160133.042fd540@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030528193245.025141a0@imap.ecs.soton.ac.uk> <3ED9149B.5010207@totalise.co.uk> <3EDC8D77.7060508@totalise.co.uk> <3EE4BA97.90308@totalise.co.uk> Message-ID: <3EE4BAF9.40409@totalise.co.uk> Martin Hepworth wrote: > > OK > > well I configured with FreeBSD 4.8 and sendmail (rather than FreeBSD 5.0 > and postfix) with SAVI, and everything seems to OK with the limited > testing I've done. Looks like there's a 'weirdy' with FBSD 5.0 (not > checked to see if 5.1rc1 solves it). > do'h 5.1 is out now, just got the email as I was writing this one...;-) -- Martin From sanjay.patel at REXWIRE.COM Mon Jun 9 17:54:00 2003 From: sanjay.patel at REXWIRE.COM (Sanjay Patel) Date: Thu Jan 12 21:18:27 2006 Subject: Panda Pricing In-Reply-To: Message-ID: <003f01c32ea7$ba344630$6f01a8c0@Laptop1> Starbucks must have dropped their prices :-) -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Francois Caen Sent: Monday, June 09, 2003 12:44 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Panda Pricing -----Original Message----- From: Sanjay Patel [mailto:sanjay.patel@REXWIRE.COM] > The command line tool is new to me. I am not sure of its capabilities. I use the perimeter scan because it comes with a nice web interface for reports. It's a much easier sell to higher ups we have found out At $8/yr, I have no problems selling this to management. Heck, I'll just skip Starbucks today and pay for it myself :) Francois NOTICE: The Information contained in this transmission is privileged and confidential. It is intended for the use of the individual or entity named above. If the reader of this message is not the intended addressee or other legitimate recipient, the reader is hereby notified that any consideration, dissemination or duplication of this communication is strictly prohibited. If the addressee has received this communication in error, please return it to the above address by mail and notify this office by telephone. City of Lakewood From f.rotondo at TESEO.IT Mon Jun 9 18:00:13 2003 From: f.rotondo at TESEO.IT (Francesco Rotondo) Date: Thu Jan 12 21:18:27 2006 Subject: Panda Pricing References: <003c01c32ea5$e72e0420$6f01a8c0@Laptop1> Message-ID: <010801c32ea8$993cfc00$0464a8c0@teseo.info> > The command line tool is new to me. I am not sure of its capabilities. I use > the perimeter scan because it comes with a nice web interface for reports. I just installed the trial of the command line version and it is working fine. It just needs an upgrade of the virus patterns so it only catches old viruses. Francesco. From mailscanner at ecs.soton.ac.uk Mon Jun 9 18:10:15 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:27 2006 Subject: Panda Pricing In-Reply-To: <010801c32ea8$993cfc00$0464a8c0@teseo.info> References: <003c01c32ea5$e72e0420$6f01a8c0@Laptop1> Message-ID: <5.2.1.1.2.20030609180916.03d180f0@imap.ecs.soton.ac.uk> Can someone tell me how we might go about automating the Panda updates? I haven't got customer access to their site yet. Do they give any guidance on this subject at all? At 18:00 09/06/2003, you wrote: > > The command line tool is new to me. I am not sure of its capabilities. I >use > > the perimeter scan because it comes with a nice web interface for reports. > >I just installed the trial of the command line version and it is working >fine. It just needs an upgrade of the virus patterns so it only catches old >viruses. > >Francesco. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From o.pitzeier at UPTIME.AT Mon Jun 9 20:03:34 2003 From: o.pitzeier at UPTIME.AT (Oliver Pitzeier) Date: Thu Jan 12 21:18:27 2006 Subject: SQL user options In-Reply-To: Message-ID: <000201c32eb9$d4f46600$0f11a8c0@pitzeier.priv.at> Hi folks! I hope to find an answer here... I just read, that it is possible to have user options in a SQL database. I want to do that with whitelists, blacklists... How can I do that? And what other 'option' can be hold by a SQL database? I would also need the possibility to have white-/blacklists on a per-user-basis... Please CC: me, if you reply! Best regards, Oliver From sanjay.patel at REXWIRE.COM Mon Jun 9 19:28:20 2003 From: sanjay.patel at REXWIRE.COM (Sanjay Patel) Date: Thu Jan 12 21:18:27 2006 Subject: Panda Pricing In-Reply-To: <5.2.1.1.2.20030609180916.03d180f0@imap.ecs.soton.ac.uk> Message-ID: <005701c32eb4$e7bb0410$6f01a8c0@Laptop1> What version are you at? The old version had serious update issues. Julian if you want a sendmail version for testing let me know I have 6 license and am only using one. I will be more than happy to provide you with a license. -Sanjay -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Monday, June 09, 2003 1:10 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Panda Pricing Can someone tell me how we might go about automating the Panda updates? I haven't got customer access to their site yet. Do they give any guidance on this subject at all? At 18:00 09/06/2003, you wrote: > > The command line tool is new to me. I am not sure of its capabilities. I >use > > the perimeter scan because it comes with a nice web interface for reports. > >I just installed the trial of the command line version and it is working >fine. It just needs an upgrade of the virus patterns so it only catches old >viruses. > >Francesco. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Mon Jun 9 19:35:10 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:27 2006 Subject: SQL user options In-Reply-To: <000201c32eb9$d4f46600$0f11a8c0@pitzeier.priv.at> References: Message-ID: <5.2.1.1.2.20030609193101.0254bea0@imap.ecs.soton.ac.uk> Take a look in CustomConfig.pm. There is per-user whitelist and blacklist code there, which will give you hints as to how to read config options from a SQL db. There will later be more code here to read data from SQL dbs, but not quite yet... At 20:03 09/06/2003, you wrote: >Hi folks! > >I hope to find an answer here... > >I just read, that it is possible to have user options in a SQL database. >I want to do that with whitelists, blacklists... > >How can I do that? And what other 'option' can be hold by a SQL >database? > >I would also need the possibility to have white-/blacklists on a >per-user-basis... > >Please CC: me, if you reply! > >Best regards, > Oliver -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Mon Jun 9 19:36:34 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:27 2006 Subject: Panda Pricing In-Reply-To: <005701c32eb4$e7bb0410$6f01a8c0@Laptop1> References: <5.2.1.1.2.20030609180916.03d180f0@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030609193538.03e4fb30@imap.ecs.soton.ac.uk> At 19:28 09/06/2003, you wrote: >What version are you at? The old version had serious update issues. Julian >if you want a sendmail version for testing let me know I have 6 license and >am only using one. I will be more than happy to provide you with a license. If you could give me a copy of the PAVCL code, with a username/password to get updates, that would be very helpful. >-Sanjay > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of Julian Field >Sent: Monday, June 09, 2003 1:10 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Panda Pricing > > >Can someone tell me how we might go about automating the Panda updates? >I haven't got customer access to their site yet. >Do they give any guidance on this subject at all? > >At 18:00 09/06/2003, you wrote: > > > The command line tool is new to me. I am not sure of its capabilities. I > >use > > > the perimeter scan because it comes with a nice web interface for >reports. > > > >I just installed the trial of the command line version and it is working > >fine. It just needs an upgrade of the virus patterns so it only catches old > >viruses. > > > >Francesco. > >-- >Julian Field >www.MailScanner.info >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From sanjay.patel at REXWIRE.COM Mon Jun 9 19:41:44 2003 From: sanjay.patel at REXWIRE.COM (Sanjay Patel) Date: Thu Jan 12 21:18:27 2006 Subject: Panda Pricing In-Reply-To: <5.2.1.1.2.20030609193538.03e4fb30@imap.ecs.soton.ac.uk> Message-ID: <005801c32eb6$c748abe0$6f01a8c0@Laptop1> Can you send me your off line address. Not that I don't trust this group :-) -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Monday, June 09, 2003 2:37 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Panda Pricing At 19:28 09/06/2003, you wrote: >What version are you at? The old version had serious update issues. Julian >if you want a sendmail version for testing let me know I have 6 license and >am only using one. I will be more than happy to provide you with a license. If you could give me a copy of the PAVCL code, with a username/password to get updates, that would be very helpful. >-Sanjay > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of Julian Field >Sent: Monday, June 09, 2003 1:10 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Panda Pricing > > >Can someone tell me how we might go about automating the Panda updates? >I haven't got customer access to their site yet. >Do they give any guidance on this subject at all? > >At 18:00 09/06/2003, you wrote: > > > The command line tool is new to me. I am not sure of its capabilities. I > >use > > > the perimeter scan because it comes with a nice web interface for >reports. > > > >I just installed the trial of the command line version and it is working > >fine. It just needs an upgrade of the virus patterns so it only catches old > >viruses. > > > >Francesco. > >-- >Julian Field >www.MailScanner.info >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From o.pitzeier at UPTIME.AT Mon Jun 9 20:43:32 2003 From: o.pitzeier at UPTIME.AT (Oliver Pitzeier) Date: Thu Jan 12 21:18:27 2006 Subject: SQL user options In-Reply-To: <5.2.1.1.2.20030609193101.0254bea0@imap.ecs.soton.ac.uk> Message-ID: <001501c32ebf$6a0109b0$0f11a8c0@pitzeier.priv.at> Julian Field wrote: > At 20:03 09/06/2003, you wrote: > >Hi folks! > > > >I hope to find an answer here... > > > >I just read, that it is possible to have user options in a SQL > >database. I want to do that with whitelists, blacklists... > > > >How can I do that? And what other 'option' can be hold by a SQL > >database? > > > >I would also need the possibility to have white-/blacklists on a > >per-user-basis... > Take a look in CustomConfig.pm. There is per-user whitelist > and blacklist code there, which will give you hints as to how > to read config options from a SQL db. > > There will later be more code here to read data from SQL dbs, > but not quite yet... I guessed such an answer... Not the one I hoped for, but it means I have to get into MailScanner deeper. :-) Best regards, Oliver From mailscanner at ecs.soton.ac.uk Mon Jun 9 20:44:37 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:27 2006 Subject: Panda Pricing -- autoupdate script? In-Reply-To: <5.2.1.1.2.20030609193538.03e4fb30@imap.ecs.soton.ac.uk> References: <005701c32eb4$e7bb0410$6f01a8c0@Laptop1> <5.2.1.1.2.20030609180916.03d180f0@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030609203812.025b79c8@imap.ecs.soton.ac.uk> Why are some of these people so stupid? I'm reading the update scripts provided by Panda to see how to correctly get the right filename for the zip file to download containing the updated files. Here's the code they use DATE=`date +%d` FICHERO_LOG=update_$DATE.log Great job guys, really professional software this. It's named after the current date. In exactly whose timezone? GMT, CET, EST, a random one every day? Good thing they don't charge much, is all I can say. At 19:36 09/06/2003, you wrote: >At 19:28 09/06/2003, you wrote: >>What version are you at? The old version had serious update issues. Julian >>if you want a sendmail version for testing let me know I have 6 license and >>am only using one. I will be more than happy to provide you with a license. > >If you could give me a copy of the PAVCL code, with a username/password to >get updates, that would be very helpful. > > > >>-Sanjay >> >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >>Of Julian Field >>Sent: Monday, June 09, 2003 1:10 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: Panda Pricing >> >> >>Can someone tell me how we might go about automating the Panda updates? >>I haven't got customer access to their site yet. >>Do they give any guidance on this subject at all? >> >>At 18:00 09/06/2003, you wrote: >> > > The command line tool is new to me. I am not sure of its capabilities. I >> >use >> > > the perimeter scan because it comes with a nice web interface for >>reports. >> > >> >I just installed the trial of the command line version and it is working >> >fine. It just needs an upgrade of the virus patterns so it only catches old >> >viruses. >> > >> >Francesco. >> >>-- >>Julian Field >>www.MailScanner.info >>Professional Support Services at www.MailScanner.biz >>MailScanner thanks transtec Computers for their support > >-- >Julian Field >www.MailScanner.info >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From ernest at OACYS.COM Mon Jun 9 20:59:18 2003 From: ernest at OACYS.COM (Ernest W. Lessenger) Date: Thu Jan 12 21:18:27 2006 Subject: Zip of Death Message-ID: <5.2.0.9.2.20030609125624.01c7c9a0@mail.oacys.com> Does anyone know how to create and/or defend against the zip of death? I have a piece of software (open-source, not developed by me) that I *think* is probably susceptible, but I don't know exactly how this attack works. I'd be happy to know how to defend against this (presumably by watching out for a loop in the decompression routing), or happier to have a sample to test with. PLEASE DON'T EMAIL IT LIVE!!!! Thanks, --Ernest From raymond at PROLOCATION.NET Mon Jun 9 21:01:33 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:27 2006 Subject: Zip of Death In-Reply-To: <5.2.0.9.2.20030609125624.01c7c9a0@mail.oacys.com> Message-ID: Hi! > Does anyone know how to create and/or defend against the zip of death? I > have a piece of software (open-source, not developed by me) that I *think* > is probably susceptible, but I don't know exactly how this attack works. > I'd be happy to know how to defend against this (presumably by watching out > for a loop in the decompression routing), or happier to have a sample to > test with. PLEASE DON'T EMAIL IT LIVE!!!! MS allready protects you from zip of death. Its nothing more then a zip with a file inside thats very compressed, for example a file with a few million zeros. Bye, Raymond. From vosburgh at DALSEMI.COM Mon Jun 9 20:54:05 2003 From: vosburgh at DALSEMI.COM (David Vosburgh) Date: Thu Jan 12 21:18:27 2006 Subject: logging problem Message-ID: <3EE4E5DD.7010800@dalsemi.com> I have installed MailScanner-4.21-9, Mail-SpamAssassin-2.55, and all the related perl modules on a Sun system recently jumpstarted with 2.8 and a recent patch cluster. Sendmail is v8.12.9. Everything seems to be working as advertised, with the exception of logging. I am using the default "Syslog Facility = mail" option, and have turned on spam logging with "Log Spam = yes". My syslog.conf has a single entry for mail logging: mail.info /var/adm/maillog I read the FAQ and some posts on this list, and have tried the following without success (always re-starting MailScanner after the change): 1) starting syslog without the "-t" option 2) removed the syslog patch 110945-07 (now -05) 3) removed the "eval" from the setlogsock syslog command under the Start section of Log.pm 4) added a "mail.debug /opt/MailScanner/var/log" to syslog.conf Any ideas on where to go from here? Thanks, Dave From ernest at OACYS.COM Mon Jun 9 21:06:23 2003 From: ernest at OACYS.COM (Ernest W. Lessenger) Date: Thu Jan 12 21:18:27 2006 Subject: Zip of Death In-Reply-To: References: <5.2.0.9.2.20030609125624.01c7c9a0@mail.oacys.com> Message-ID: <5.2.0.9.2.20030609130531.036d5c30@mail.oacys.com> Ah, got it. I know that MS protects me from it, but I have a piece of software (an HTML proxy) that I think is susceptible. I want to try it out and see what needs to be done to fix it. Thanks, --Ernest At 10:01 PM 6/9/2003 +0200, you wrote: >Hi! > > > Does anyone know how to create and/or defend against the zip of death? I > > have a piece of software (open-source, not developed by me) that I *think* > > is probably susceptible, but I don't know exactly how this attack works. > > I'd be happy to know how to defend against this (presumably by watching out > > for a loop in the decompression routing), or happier to have a sample to > > test with. PLEASE DON'T EMAIL IT LIVE!!!! > >MS allready protects you from zip of death. Its nothing more then a zip >with a file inside thats very compressed, for example a file with a few >million zeros. > >Bye, >Raymond. From henker at SHCOM.US Mon Jun 9 21:42:53 2003 From: henker at SHCOM.US (Steffan Henke) Date: Thu Jan 12 21:18:27 2006 Subject: Zip of Death In-Reply-To: <5.2.0.9.2.20030609125624.01c7c9a0@mail.oacys.com> References: <5.2.0.9.2.20030609125624.01c7c9a0@mail.oacys.com> Message-ID: On Mon, 9 Jun 2003, Ernest W. Lessenger wrote: > I'd be happy to know how to defend against this (presumably by watching out > for a loop in the decompression routing), or happier to have a sample to > test with. PLEASE DON'T EMAIL IT LIVE!!!! You could download a testfile from here: http://www.fefe.de/ , it's the link "why anti viruses don't work" at the bottom of the page. Norton seems to choke on it, not sure about other products. Regards, Steffan From dwinkler at ALGORITHMICS.COM Mon Jun 9 21:55:01 2003 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:18:27 2006 Subject: MS and sa-learn Message-ID: <06EE2C86D3DAD5119A6C0060943F3C97055E6FF0@tormail1.algorithmics.com> Apparently you can do this in Outlook 2000. Open the message in it's own window and select Actions->Resend This Message. -----Original Message----- From: Julian Field [mailto:mailscanner@ecs.soton.ac.uk] Sent: Tuesday, June 03, 2003 6:13 AM To: MAILSCANNER@jiscmail.ac.uk Subject: Re: MS and sa-learn At 08:42 03/06/2003, you wrote: >How do people use sa-learn with mailscanner? In my setup the bayesian >files are in /var/spool/MailScanner somewhere, and not writeable by >normal users. So I can't easily have users run sa-learn. > >Any thoughts? Create a "spam" and a "notspam" email address, and have people bounce/redirect (you can't do it in Outlook) wrongly tagged mail into them. Then have a cron job which picks up the mailboxes and runs them through sa-learn. I have published a script to do this on this list several times already and can't be bothered to do it again :-) -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030609/67a6c8b6/attachment.html From mailscanner at ecs.soton.ac.uk Mon Jun 9 22:01:53 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:27 2006 Subject: MS and sa-learn In-Reply-To: <06EE2C86D3DAD5119A6C0060943F3C97055E6FF0@tormail1.algorith mics.com> Message-ID: <5.2.1.1.2.20030609220116.025ace88@imap.ecs.soton.ac.uk> I may be wrong, but as far as I know that merely sends a message with the body untouched, but with a new set of headers. At 21:55 09/06/2003, you wrote: >Apparently you can do this in Outlook 2000. > >Open the message in it's own window and select Actions->Resend This Message. > >-----Original Message----- >From: Julian Field >[mailto:mailscanner@ecs.soton.ac.uk] >Sent: Tuesday, June 03, 2003 6:13 AM >To: MAILSCANNER@jiscmail.ac.uk >Subject: Re: MS and sa-learn > >At 08:42 03/06/2003, you wrote: > >How do people use sa-learn with mailscanner? In my setup the bayesian > >files are in /var/spool/MailScanner somewhere, and not writeable by > >normal users. So I can't easily have users run sa-learn. > > > >Any thoughts? > >Create a "spam" and a "notspam" email address, and have people >bounce/redirect (you can't do it in Outlook) wrongly tagged mail into them. >Then have a cron job which picks up the mailboxes and runs them through >sa-learn. I have published a script to do this on this list several times >already and can't be bothered to do it again >:-) >-- >Julian Field >www.MailScanner.info >MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030609/1a9eea11/attachment.html From dwinkler at ALGORITHMICS.COM Mon Jun 9 21:59:50 2003 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:18:27 2006 Subject: OT: Bayes - list & delete Message-ID: <06EE2C86D3DAD5119A6C0060943F3C97055E6FF1@tormail1.algorithmics.com> Anyone know how to list the tokens in the bayes database? Remove some of those tokens? Thanks, Derek Winkler Security Administrator Algorithmics Inc., Toronto Tel: (416) 217-4107 Fax: (416) 971-6263 www.algorithmics.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030609/766f0af5/attachment.html From MWeiner at AG.COM Mon Jun 9 21:55:02 2003 From: MWeiner at AG.COM (MW Mike Weiner (5028)) Date: Thu Jan 12 21:18:27 2006 Subject: Zip of Death Message-ID: I sent this thru my current MS setup and CLAMAV found it in a hearbeat!!!! Thanks for the resource link! Michael Weiner -----Original Message----- From: Steffan Henke [mailto:henker@SHCOM.US] Sent: Monday, June 09, 2003 4:43 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Zip of Death On Mon, 9 Jun 2003, Ernest W. Lessenger wrote: > I'd be happy to know how to defend against this (presumably by watching out > for a loop in the decompression routing), or happier to have a sample to > test with. PLEASE DON'T EMAIL IT LIVE!!!! You could download a testfile from here: http://www.fefe.de/ , it's the link "why anti viruses don't work" at the bottom of the page. Norton seems to choke on it, not sure about other products. Regards, Steffan From dwinkler at ALGORITHMICS.COM Mon Jun 9 22:01:03 2003 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:18:27 2006 Subject: MS and sa-learn Message-ID: <06EE2C86D3DAD5119A6C0060943F3C97055E6FF2@tormail1.algorithmics.com> I tried it the headers were intact including the original from and MailScanner headers. -----Original Message----- From: Julian Field [mailto:mailscanner@ecs.soton.ac.uk] Sent: Monday, June 09, 2003 5:02 PM To: MAILSCANNER@jiscmail.ac.uk Subject: Re: MS and sa-learn I may be wrong, but as far as I know that merely sends a message with the body untouched, but with a new set of headers. At 21:55 09/06/2003, you wrote: Apparently you can do this in Outlook 2000. Open the message in it's own window and select Actions->Resend This Message. -----Original Message----- From: Julian Field [ mailto:mailscanner@ecs.soton.ac.uk ] Sent: Tuesday, June 03, 2003 6:13 AM To: MAILSCANNER@jiscmail.ac.uk Subject: Re: MS and sa-learn At 08:42 03/06/2003, you wrote: >How do people use sa-learn with mailscanner? In my setup the bayesian >files are in /var/spool/MailScanner somewhere, and not writeable by >normal users. So I can't easily have users run sa-learn. > >Any thoughts? Create a "spam" and a "notspam" email address, and have people bounce/redirect (you can't do it in Outlook) wrongly tagged mail into them. Then have a cron job which picks up the mailboxes and runs them through sa-learn. I have published a script to do this on this list several times already and can't be bothered to do it again :-) -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030609/1963ced4/attachment.html From kevins at BMRB.CO.UK Mon Jun 9 22:07:47 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:27 2006 Subject: MS and sa-learn In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB001175842@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB001175842@pascal.priv.bmrb.co.uk> Message-ID: <1055192870.3619.4.camel@bach.kevinspicer.co.uk> On Mon, 2003-06-09 at 21:55, Derek Winkler wrote: > Apparently you can do this in Outlook 2000. > Open the message in it's own window and select Actions->Resend This > Message. When I try I get the message 'You do not have the permission to send the message on behalf of the specified user', although (as normal with Outlook) its not clear whether this is a message from Outlook or the Exchange server (Outlook 2000, Exchange 2000). BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From ernest at OACYS.COM Mon Jun 9 22:09:19 2003 From: ernest at OACYS.COM (Ernest W. Lessenger) Date: Thu Jan 12 21:18:27 2006 Subject: Zip of Death In-Reply-To: Message-ID: <5.2.0.9.2.20030609140644.01f76008@mail.oacys.com> I just sent it through my system and both the primary (f-prot) and secondary (Norman AV) scanners caught it. Trend Micro running on my computer caused a blue-screen in Windows XP :) Good news is I don't think my proxy server will be affected by this particular file. Bad news is I now know how to create one that will kill it. I'll have get the developer to patch :( --Ernest At 04:55 PM 6/9/2003 -0400, you wrote: >I sent this thru my current MS setup and CLAMAV found it in a hearbeat!!!! > >Thanks for the resource link! >Michael Weiner > >-----Original Message----- >From: Steffan Henke [mailto:henker@SHCOM.US] >Sent: Monday, June 09, 2003 4:43 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Zip of Death > >On Mon, 9 Jun 2003, Ernest W. Lessenger wrote: > > > I'd be happy to know how to defend against this (presumably by watching >out > > for a loop in the decompression routing), or happier to have a sample to > > test with. PLEASE DON'T EMAIL IT LIVE!!!! > >You could download a testfile from here: http://www.fefe.de/ , >it's the link "why anti viruses don't work" at the bottom of the page. >Norton seems to choke on it, not sure about other products. > >Regards, > >Steffan From dwinkler at ALGORITHMICS.COM Mon Jun 9 22:18:12 2003 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:18:27 2006 Subject: MS and sa-learn Message-ID: <06EE2C86D3DAD5119A6C0060943F3C97055E6FF4@tormail1.algorithmics.com> Click on View->From and change to be from you. -----Original Message----- From: Kevin Spicer [mailto:kevins@BMRB.CO.UK] Sent: Monday, June 09, 2003 5:08 PM To: MAILSCANNER@jiscmail.ac.uk Subject: Re: MS and sa-learn On Mon, 2003-06-09 at 21:55, Derek Winkler wrote: > Apparently you can do this in Outlook 2000. > Open the message in it's own window and select Actions->Resend This > Message. When I try I get the message 'You do not have the permission to send the message on behalf of the specified user', although (as normal with Outlook) its not clear whether this is a message from Outlook or the Exchange server (Outlook 2000, Exchange 2000). BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030609/8cfced37/attachment.html From sanjay.patel at REXWIRE.COM Tue Jun 10 00:32:03 2003 From: sanjay.patel at REXWIRE.COM (Sanjay Patel) Date: Thu Jan 12 21:18:27 2006 Subject: MS and sa-learn In-Reply-To: <06EE2C86D3DAD5119A6C0060943F3C97055E6FF2@tormail1.algorithmics.com> Message-ID: <00ff01c32edf$5562aa20$6f01a8c0@Laptop1> that is a Exchange server issue. Client (outlook) never cares about the to and from. -SKP -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Derek Winkler Sent: Monday, June 09, 2003 5:01 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MS and sa-learn I tried it the headers were intact including the original from and MailScanner headers. -----Original Message----- From: Julian Field [mailto:mailscanner@ecs.soton.ac.uk] Sent: Monday, June 09, 2003 5:02 PM To: MAILSCANNER@jiscmail.ac.uk Subject: Re: MS and sa-learn I may be wrong, but as far as I know that merely sends a message with the body untouched, but with a new set of headers. At 21:55 09/06/2003, you wrote: Apparently you can do this in Outlook 2000. Open the message in it's own window and select Actions->Resend This Message. -----Original Message----- From: Julian Field [mailto:mailscanner@ecs.soton.ac.uk] Sent: Tuesday, June 03, 2003 6:13 AM To: MAILSCANNER@jiscmail.ac.uk Subject: Re: MS and sa-learn At 08:42 03/06/2003, you wrote: >How do people use sa-learn with mailscanner? In my setup the bayesian >files are in /var/spool/MailScanner somewhere, and not writeable by >normal users. So I can't easily have users run sa-learn. > >Any thoughts? Create a "spam" and a "notspam" email address, and have people bounce/redirect (you can't do it in Outlook) wrongly tagged mail into them. Then have a cron job which picks up the mailboxes and runs them through sa-learn. I have published a script to do this on this list several times already and can't be bothered to do it again :-) -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From marco at MUW.EDU Tue Jun 10 00:39:37 2003 From: marco at MUW.EDU (Marco Obaid) Date: Thu Jan 12 21:18:27 2006 Subject: Sophos-autoupdate on FreeBSD In-Reply-To: <06EE2C86D3DAD5119A6C0060943F3C97055E6FF4@tormail1.algorithmics.com> References: <06EE2C86D3DAD5119A6C0060943F3C97055E6FF4@tormail1.algorithmics.com> Message-ID: <1055201977.3ee51ab9081c9@webmail.MUW.Edu> Hi, I am trying to install Sophos on a FreeBSD 4.8 system using Sophos.insall script. It is failing when it tries to fetch the ides, complaing about the version of Sophos, which I downloaded off their website and *is* the latest. Here is what happens when I run Sophos.install: ********************************************************** $ /opt/MailScanner/bin/Sophos.install Clearing out old default Sophos installation libraries Clearing out unpacked distribution Unpacking distribution Installing Sophos for MailScanner Sophos Anti-Virus installation utility [FreeBSD/Intel] Copyright (c) 1998,2001 Sophos Plc, Oxford, England Binaries will be installed in '/usr/local/Sophos/bin' Libraries will be installed in '/usr/local/Sophos/lib' Manual pages will be installed in '/usr/local/Sophos/man' Virus data will be installed in '/usr/local/Sophos/lib' SWEEP will be installed InterCheck will not be installed ===> Installing binaries sweep copied to /usr/local/Sophos/bin/sweep ===> Installing shared library libsavi.so.3.2.05.034 copied to /usr/local/Sophos/lib/libsavi.so.3.2.05.034 libsavi.so.3.2.05.034 symlinked to /usr/local/Sophos/lib/libsavi.so.3 ldconfig -R -m /usr/local/Sophos/lib libsavi.so.3.2.05.034 symlinked to /usr/local/Sophos/lib/libsavi.so.2 ===> Installing virus data vdl-3.70.dat copied to /usr/local/Sophos/lib/vdl-3.70.dat vdl01.vdb copied to /usr/local/Sophos/lib/vdl01.vdb vdl02.vdb copied to /usr/local/Sophos/lib/vdl02.vdb vdl03.vdb copied to /usr/local/Sophos/lib/vdl03.vdb vdl04.vdb copied to /usr/local/Sophos/lib/vdl04.vdb vdl05.vdb copied to /usr/local/Sophos/lib/vdl05.vdb vdl06.vdb copied to /usr/local/Sophos/lib/vdl06.vdb vdl07.vdb copied to /usr/local/Sophos/lib/vdl07.vdb vdl08.vdb copied to /usr/local/Sophos/lib/vdl08.vdb vdl09.vdb copied to /usr/local/Sophos/lib/vdl09.vdb vdl10.vdb copied to /usr/local/Sophos/lib/vdl10.vdb vdl11.vdb copied to /usr/local/Sophos/lib/vdl11.vdb vdl-3.70.dat symlinked to /usr/local/Sophos/lib/vdl.dat Adjusting /etc/sav.conf ===> Installing manual pages sweep.1 copied to /usr/local/Sophos/man/man1/sweep.1 ===> Checking paths are accessible $PATH is OK Library path is OK Warning: FreeBSD 4 and above: you may need to install the FreeBSD version 3.x compatibility libraries on your system. Manual path is OK ===> Installation complete <=== Creating links so Perl-SAVI module compiles Fetching latest IDE virus identities from www.sophos.com Unzipping the new Sophos IDE files failed. This may well be because your Sophos installation is too old. Please install the latest release of SophosDone. *********************************************************** Has anyone run into this? Thanks, Marco _________________________________________________________________ This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail For the latest MUW Events, visit http://www.MUW.Edu/calendar From damian at WORKGROUPSOLUTIONS.COM Tue Jun 10 00:43:10 2003 From: damian at WORKGROUPSOLUTIONS.COM (Damian Mendoza) Date: Thu Jan 12 21:18:27 2006 Subject: F-Prot and Mail Scanner Message-ID: Hi, I installed F-Prot and MailScanner on an SMTP gateway for a customer. My customer tells me that F-Prot is only blocking 10% of the viruses. They had 9 messages get passed the F-Prot/MailScanner gateway and 1 message was stopped according to the maillog. Norton Antivirus on the Exchange server told us about the 9 messages. Any ideas? F-Prot is getting the updates based on the Maillog file. Thanks, Damian From michele at BLACKNIGHTSOLUTIONS.COM Tue Jun 10 00:57:42 2003 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: BlacknightSolutions) Date: Thu Jan 12 21:18:27 2006 Subject: Panda frustration Message-ID: <200306092357.h59NvV924851@camelot.blacknightsolutions.com> OK. Now I am annoyed. Although the Panda software site clearly states command line scanning for linux and win32 after purchasing the download is win32 binary. So, I download the linux version, which seems to be the same thing. It works fine with our fresh install of MailScanner. Now to update... BIG problem! The command line version does not contain an activation code in the email, so registering on the website is impossible, and getting updates is only possible via the website, so I can't update Any ideas????? Mr. Michele Neylon Blacknight Solutions http://www.blacknightsolutions.com/ ######################################################### This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance to it is prohibited. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030610/177a7005/attachment.html From mailscanner at ecs.soton.ac.uk Tue Jun 10 02:08:23 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:27 2006 Subject: Sophos-autoupdate on FreeBSD In-Reply-To: <1055201977.3ee51ab9081c9@webmail.MUW.Edu> References: <06EE2C86D3DAD5119A6C0060943F3C97055E6FF4@tormail1.algorithmics.com> <06EE2C86D3DAD5119A6C0060943F3C97055E6FF4@tormail1.algorithmics.com> Message-ID: <5.2.1.1.2.20030610020718.024b14a8@imap.ecs.soton.ac.uk> Do you have "unzip" installed? It would be worth adding a "set -x" right near the top of the sophos-autoupdate script and running it by hand. That way you can see all the commands it executes, which should tell you what is wrong. At 00:39 10/06/2003, you wrote: >Hi, > >I am trying to install Sophos on a FreeBSD 4.8 system using Sophos.insall >script. It is failing when it tries to fetch the ides, complaing about the >version of Sophos, which I downloaded off their website and *is* the latest. > >Here is what happens when I run Sophos.install: > >********************************************************** >$ /opt/MailScanner/bin/Sophos.install >Clearing out old default Sophos installation libraries >Clearing out unpacked distribution >Unpacking distribution >Installing Sophos for MailScanner >Sophos Anti-Virus installation utility [FreeBSD/Intel] >Copyright (c) 1998,2001 Sophos Plc, Oxford, England > >Binaries will be installed in '/usr/local/Sophos/bin' >Libraries will be installed in '/usr/local/Sophos/lib' >Manual pages will be installed in '/usr/local/Sophos/man' >Virus data will be installed in '/usr/local/Sophos/lib' > >SWEEP will be installed >InterCheck will not be installed > >===> Installing binaries >sweep copied to /usr/local/Sophos/bin/sweep > >===> Installing shared library >libsavi.so.3.2.05.034 copied to /usr/local/Sophos/lib/libsavi.so.3.2.05.034 >libsavi.so.3.2.05.034 symlinked to /usr/local/Sophos/lib/libsavi.so.3 >ldconfig -R -m /usr/local/Sophos/lib >libsavi.so.3.2.05.034 symlinked to /usr/local/Sophos/lib/libsavi.so.2 > >===> Installing virus data >vdl-3.70.dat copied to /usr/local/Sophos/lib/vdl-3.70.dat >vdl01.vdb copied to /usr/local/Sophos/lib/vdl01.vdb >vdl02.vdb copied to /usr/local/Sophos/lib/vdl02.vdb >vdl03.vdb copied to /usr/local/Sophos/lib/vdl03.vdb >vdl04.vdb copied to /usr/local/Sophos/lib/vdl04.vdb >vdl05.vdb copied to /usr/local/Sophos/lib/vdl05.vdb >vdl06.vdb copied to /usr/local/Sophos/lib/vdl06.vdb >vdl07.vdb copied to /usr/local/Sophos/lib/vdl07.vdb >vdl08.vdb copied to /usr/local/Sophos/lib/vdl08.vdb >vdl09.vdb copied to /usr/local/Sophos/lib/vdl09.vdb >vdl10.vdb copied to /usr/local/Sophos/lib/vdl10.vdb >vdl11.vdb copied to /usr/local/Sophos/lib/vdl11.vdb >vdl-3.70.dat symlinked to /usr/local/Sophos/lib/vdl.dat >Adjusting /etc/sav.conf > >===> Installing manual pages >sweep.1 copied to /usr/local/Sophos/man/man1/sweep.1 > >===> Checking paths are accessible > $PATH is OK > Library path is OK >Warning: FreeBSD 4 and above: you may need to install the FreeBSD version 3.x > compatibility libraries on your system. > > Manual path is OK >===> Installation complete <=== >Creating links so Perl-SAVI module compiles > >Fetching latest IDE virus identities from www.sophos.com >Unzipping the new Sophos IDE files failed. This may well be because your >Sophos installation is too old. Please install the latest release of >SophosDone. > >*********************************************************** > >Has anyone run into this? > >Thanks, >Marco > > >_________________________________________________________________ >This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail >For the latest MUW Events, visit http://www.MUW.Edu/calendar -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Tue Jun 10 02:09:39 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:28 2006 Subject: F-Prot and Mail Scanner In-Reply-To: Message-ID: <5.2.1.1.2.20030610020855.024425f8@imap.ecs.soton.ac.uk> I would check that F-Prot really is getting the updates. Are the SIGN.DEF and other .DEF files in /usr/local/f-prot dated within the last day or 2? At 00:43 10/06/2003, you wrote: >Hi, > >I installed F-Prot and MailScanner on an SMTP gateway for a customer. My >customer tells me that F-Prot is only blocking 10% of the viruses. They >had 9 messages get passed the F-Prot/MailScanner gateway and 1 message was >stopped according to the maillog. > >Norton Antivirus on the Exchange server told us about the 9 messages. > >Any ideas? F-Prot is getting the updates based on the Maillog file. > >Thanks, > >Damian -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From sanjay.patel at REXWIRE.COM Tue Jun 10 02:52:45 2003 From: sanjay.patel at REXWIRE.COM (Sanjay Patel) Date: Thu Jan 12 21:18:28 2006 Subject: Panda frustration In-Reply-To: <200306092357.h59NvV924851@camelot.blacknightsolutions.com> Message-ID: <011001c32ef2$fd4c5f70$6f01a8c0@Laptop1> you should get a e-mail within 24hrs from them. -SKP -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Michele Neylon :: BlacknightSolutions Sent: Monday, June 09, 2003 7:58 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Panda frustration OK. Now I am annoyed. Although the Panda software site clearly states command line scanning for linux and win32 after purchasing the download is win32 binary. So, I download the linux version, which seems to be the same thing. It works fine with our fresh install of MailScanner. Now to update... BIG problem! The command line version does not contain an activation code in the email, so registering on the website is impossible, and getting updates is only possible via the website, so I can't update Any ideas????? Mr. Michele Neylon Blacknight Solutions http://www.blacknightsolutions.com/ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. From mike at CAMAROSS.NET Tue Jun 10 03:31:47 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:18:28 2006 Subject: Zip of Death In-Reply-To: <5.2.0.9.2.20030609140644.01f76008@mail.oacys.com> Message-ID: <004701c32ef8$71356e40$9b01a8c0@home.middlefinger.net> I just ran it through my system. It appears that Sophos is scanning each embedded zip file. This could take a while! :) Mike > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ernest W. Lessenger > Sent: Monday, June 09, 2003 4:09 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Zip of Death > > > I just sent it through my system and both the primary > (f-prot) and secondary (Norman AV) scanners caught it. Trend > Micro running on my computer caused a blue-screen in Windows XP :) > > Good news is I don't think my proxy server will be affected > by this particular file. Bad news is I now know how to create > one that will kill it. I'll have get the developer to patch :( > > --Ernest > > At 04:55 PM 6/9/2003 -0400, you wrote: > >I sent this thru my current MS setup and CLAMAV found it in a > >hearbeat!!!! > > > >Thanks for the resource link! > >Michael Weiner > > > >-----Original Message----- > >From: Steffan Henke [mailto:henker@SHCOM.US] > >Sent: Monday, June 09, 2003 4:43 PM > >To: MAILSCANNER@JISCMAIL.AC.UK > >Subject: Re: Zip of Death > > > >On Mon, 9 Jun 2003, Ernest W. Lessenger wrote: > > > > > I'd be happy to know how to defend against this (presumably by > > > watching > >out > > > for a loop in the decompression routing), or happier to have a > > > sample to test with. PLEASE DON'T EMAIL IT LIVE!!!! > > > >You could download a testfile from here: http://www.fefe.de/ > , it's the > >link "why anti viruses don't work" at the bottom of the page. Norton > >seems to choke on it, not sure about other products. > > > >Regards, > > > >Steffan > From mike at CAMAROSS.NET Tue Jun 10 03:36:40 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:18:28 2006 Subject: Zip of Death In-Reply-To: <004701c32ef8$71356e40$9b01a8c0@home.middlefinger.net> Message-ID: <004801c32ef9$1f6bd1c0$9b01a8c0@home.middlefinger.net> Sophos sweep finished scanning the 42.zip and found it to be a denial of service attack. Mike > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mike Kercher > Sent: Monday, June 09, 2003 9:32 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Zip of Death > > > I just ran it through my system. It appears that Sophos is > scanning each embedded zip file. This could take a while! :) > > Mike > > > > -----Original Message----- > > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > Behalf Of Ernest W. Lessenger > > Sent: Monday, June 09, 2003 4:09 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Zip of Death > > > > > > I just sent it through my system and both the primary > > (f-prot) and secondary (Norman AV) scanners caught it. Trend Micro > > running on my computer caused a blue-screen in Windows XP :) > > > > Good news is I don't think my proxy server will be affected by this > > particular file. Bad news is I now know how to create one that will > > kill it. I'll have get the developer to patch :( > > > > --Ernest > > > > At 04:55 PM 6/9/2003 -0400, you wrote: > > >I sent this thru my current MS setup and CLAMAV found it in a > > >hearbeat!!!! > > > > > >Thanks for the resource link! > > >Michael Weiner > > > > > >-----Original Message----- > > >From: Steffan Henke [mailto:henker@SHCOM.US] > > >Sent: Monday, June 09, 2003 4:43 PM > > >To: MAILSCANNER@JISCMAIL.AC.UK > > >Subject: Re: Zip of Death > > > > > >On Mon, 9 Jun 2003, Ernest W. Lessenger wrote: > > > > > > > I'd be happy to know how to defend against this (presumably by > > > > watching > > >out > > > > for a loop in the decompression routing), or happier to have a > > > > sample to test with. PLEASE DON'T EMAIL IT LIVE!!!! > > > > > >You could download a testfile from here: http://www.fefe.de/ > > , it's the > > >link "why anti viruses don't work" at the bottom of the > page. Norton > > >seems to choke on it, not sure about other products. > > > > > >Regards, > > > > > >Steffan > > > From P.G.M.Peters at CIV.UTWENTE.NL Tue Jun 10 07:41:49 2003 From: P.G.M.Peters at CIV.UTWENTE.NL (Peter Peters) Date: Thu Jan 12 21:18:28 2006 Subject: filtering file types vs. extensions In-Reply-To: <3EE0E82B.26759.11B0F37B@localhost> References: <5.2.1.1.2.20030606183433.0287c7a8@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030606191014.0287cc48@imap.ecs.soton.ac.uk> <3EE0E82B.26759.11B0F37B@localhost> Message-ID: On Fri, 6 Jun 2003 19:14:51 -0300, you wrote: >Example: I get a file called "funny-picture.jpg" that actually has a DOS >executable in it, it would be allowed by an explicit rule in >filename.rules.conf, but later forbidden by an explicit rule in >mime-type.rules.conf, and thus it would be replaced by a message that says >"funny-picture.jpg seems to be an application/octet-stream type. This type is >considered dangerous". Most Microsoft files I see in attachments are of type application/octet-stream. Even the (more) innocent ones. So deciding on this alone would be a problem. -- Peter Peters, senior netwerkbeheerder Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/civ From P.G.M.Peters at CIV.UTWENTE.NL Tue Jun 10 07:47:41 2003 From: P.G.M.Peters at CIV.UTWENTE.NL (Peter Peters) Date: Thu Jan 12 21:18:28 2006 Subject: how to map MS process id to SM process id? In-Reply-To: <001BD19C96E6E64E8750D72C2EA0ECEE2B7C14@ati-ex-01.ati.local> References: <001BD19C96E6E64E8750D72C2EA0ECEE2B7C14@ati-ex-01.ati.local> Message-ID: <1lvaev0ca5g6lf0k2igkuofjbq20g90goh@4ax.com> On Fri, 6 Jun 2003 15:01:11 -0700, you wrote: >When checking the maillog I'd like to be able to pull all the records >pertaining to a certain mail. Is there a way to map the sendmail process >id to the MS process id that is handling that mail? You can't map the ID's when MS handles more than one message in a batch. But you could get a bit of information when you go for the sendmail queue ID. -- Peter Peters, senior netwerkbeheerder Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/civ From raymond at PROLOCATION.NET Tue Jun 10 07:50:54 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:28 2006 Subject: F-Prot and Mail Scanner In-Reply-To: Message-ID: Hi! > I installed F-Prot and MailScanner on an SMTP gateway for a customer. > My customer tells me that F-Prot is only blocking 10% of the viruses. > They had 9 messages get passed the F-Prot/MailScanner gateway and 1 > message was stopped according to the maillog. > > Norton Antivirus on the Exchange server told us about the 9 messages. > Any ideas? F-Prot is getting the updates based on the Maillog file. We are not mindreading heros. Provide information/proof please, a mail like 'i have hear this' 'my customer told' doesnt really have things in it we can shoot on do they ? Thanks, Raymond. From P.G.M.Peters at CIV.UTWENTE.NL Tue Jun 10 07:51:28 2003 From: P.G.M.Peters at CIV.UTWENTE.NL (Peter Peters) Date: Thu Jan 12 21:18:28 2006 Subject: virus found ? In-Reply-To: <001BD19C96E6E64E8750D72C2EA0ECEE2B7C17@ati-ex-01.ati.local> References: <001BD19C96E6E64E8750D72C2EA0ECEE2B7C17@ati-ex-01.ati.local> Message-ID: On Fri, 6 Jun 2003 16:44:40 -0700, you wrote: >> No, but I've been getting bugbear since yesterday. F-Prot is getting >> and cleaning them. > >Why clean a virus infected email instead of just dumping it in the >trash? (Or am I misunderstanding something?) In the first place you possibly want the clean attachments to the recipient. Particular when you have a false positive. Or when in a batch of word-documents only one is infected. In the second place you want the people to know you clean up for them. Particular when you tell them that you will be able to clean 99%. When they never see a tagged message they think they aren't getting any. When they see a lot of cleaned messages they know that when they received 99 cleaned messages they could have recieved 1 uncleaned virus. -- Peter Peters, senior netwerkbeheerder Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/civ From P.G.M.Peters at CIV.UTWENTE.NL Tue Jun 10 07:54:37 2003 From: P.G.M.Peters at CIV.UTWENTE.NL (Peter Peters) Date: Thu Jan 12 21:18:28 2006 Subject: RBL's Working? In-Reply-To: References: Message-ID: On Sat, 7 Jun 2003 12:33:47 -0400, you wrote: >I haven't noticed anything marked by either ORDB-RBL or Infinite-Monkeys >in a long, long time. Are these RBL's working? I have had hits on both of them today. But I use it with MS and not SA. -- Peter Peters, senior netwerkbeheerder Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/civ From P.G.M.Peters at CIV.UTWENTE.NL Tue Jun 10 08:30:38 2003 From: P.G.M.Peters at CIV.UTWENTE.NL (Peter Peters) Date: Thu Jan 12 21:18:28 2006 Subject: F-Prot and Mail Scanner In-Reply-To: References: Message-ID: On Mon, 9 Jun 2003 16:43:10 -0700, you wrote: >I installed F-Prot and MailScanner on an SMTP gateway for a customer. My >customer tells me that F-Prot is only blocking 10% of the viruses. They >had 9 messages get passed the F-Prot/MailScanner gateway and 1 message >was stopped according to the maillog. Are you sure those messages where send through mailscanner? Isn't sendmail running besides MS? >Norton Antivirus on the Exchange server told us about the 9 messages. > >Any ideas? F-Prot is getting the updates based on the Maillog file. The only time I got Norton to find a virus after getting through MS and F-prot was when the update script didn't work for a while on one of the servers. I have seen cases where virusses (from other sources then through MS) came through Norton on our exchange and weren't detected for days (on exchange). They were detected by f-prot offcourse because the exchange servers use our main servers as smarthost. (and smart they are now). -- Peter Peters, senior netwerkbeheerder Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/civ From raymond at PROLOCATION.NET Tue Jun 10 08:32:57 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:28 2006 Subject: F-Prot and Mail Scanner In-Reply-To: Message-ID: hi! > >I installed F-Prot and MailScanner on an SMTP gateway for a customer. My > >customer tells me that F-Prot is only blocking 10% of the viruses. They > >had 9 messages get passed the F-Prot/MailScanner gateway and 1 message > >was stopped according to the maillog. > > Are you sure those messages where send through mailscanner? Isn't > sendmail running besides MS? Only header information and logfiles will tell whats going on. Bye, Raymond. From maxsec at TOTALISE.CO.UK Tue Jun 10 09:49:26 2003 From: maxsec at TOTALISE.CO.UK (Martin Hepworth) Date: Thu Jan 12 21:18:28 2006 Subject: Sophos-autoupdate on FreeBSD In-Reply-To: <1055201977.3ee51ab9081c9@webmail.MUW.Edu> References: <06EE2C86D3DAD5119A6C0060943F3C97055E6FF4@tormail1.algorithmics.com> <1055201977.3ee51ab9081c9@webmail.MUW.Edu> Message-ID: <3EE59B96.7030403@totalise.co.uk> Marco the error message is not very informative, probably failing because the unzip program isn't found. I installed unzip from the ports system and them sym linked /usr/local/bin/unzip to /usr/bin/unzip which is where the script expects it to be. I've also munged the script so it can run every hour (once a day is NOT enough) and keep a copy of the previous IDE's just in case. If you want my version, or Julian wants me to create a patch file then let me know.. -- Martin Marco Obaid wrote: > Hi, > > I am trying to install Sophos on a FreeBSD 4.8 system using Sophos.insall > script. It is failing when it tries to fetch the ides, complaing about the > version of Sophos, which I downloaded off their website and *is* the latest. > > Here is what happens when I run Sophos.install: > > ********************************************************** > $ /opt/MailScanner/bin/Sophos.install > Clearing out old default Sophos installation libraries > Clearing out unpacked distribution > Unpacking distribution > Installing Sophos for MailScanner > Sophos Anti-Virus installation utility [FreeBSD/Intel] > Copyright (c) 1998,2001 Sophos Plc, Oxford, England > > Binaries will be installed in '/usr/local/Sophos/bin' > Libraries will be installed in '/usr/local/Sophos/lib' > Manual pages will be installed in '/usr/local/Sophos/man' > Virus data will be installed in '/usr/local/Sophos/lib' > > SWEEP will be installed > InterCheck will not be installed > > ===> Installing binaries > sweep copied to /usr/local/Sophos/bin/sweep > > ===> Installing shared library > libsavi.so.3.2.05.034 copied to /usr/local/Sophos/lib/libsavi.so.3.2.05.034 > libsavi.so.3.2.05.034 symlinked to /usr/local/Sophos/lib/libsavi.so.3 > ldconfig -R -m /usr/local/Sophos/lib > libsavi.so.3.2.05.034 symlinked to /usr/local/Sophos/lib/libsavi.so.2 > > ===> Installing virus data > vdl-3.70.dat copied to /usr/local/Sophos/lib/vdl-3.70.dat > vdl01.vdb copied to /usr/local/Sophos/lib/vdl01.vdb > vdl02.vdb copied to /usr/local/Sophos/lib/vdl02.vdb > vdl03.vdb copied to /usr/local/Sophos/lib/vdl03.vdb > vdl04.vdb copied to /usr/local/Sophos/lib/vdl04.vdb > vdl05.vdb copied to /usr/local/Sophos/lib/vdl05.vdb > vdl06.vdb copied to /usr/local/Sophos/lib/vdl06.vdb > vdl07.vdb copied to /usr/local/Sophos/lib/vdl07.vdb > vdl08.vdb copied to /usr/local/Sophos/lib/vdl08.vdb > vdl09.vdb copied to /usr/local/Sophos/lib/vdl09.vdb > vdl10.vdb copied to /usr/local/Sophos/lib/vdl10.vdb > vdl11.vdb copied to /usr/local/Sophos/lib/vdl11.vdb > vdl-3.70.dat symlinked to /usr/local/Sophos/lib/vdl.dat > Adjusting /etc/sav.conf > > ===> Installing manual pages > sweep.1 copied to /usr/local/Sophos/man/man1/sweep.1 > > ===> Checking paths are accessible > $PATH is OK > Library path is OK > Warning: FreeBSD 4 and above: you may need to install the FreeBSD version 3.x > compatibility libraries on your system. > > Manual path is OK > ===> Installation complete <=== > Creating links so Perl-SAVI module compiles > > Fetching latest IDE virus identities from www.sophos.com > Unzipping the new Sophos IDE files failed. This may well be because your > Sophos installation is too old. Please install the latest release of > SophosDone. > > *********************************************************** > > Has anyone run into this? > > Thanks, > Marco > > > _________________________________________________________________ > This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail > For the latest MUW Events, visit http://www.MUW.Edu/calendar From mailscanner at ecs.soton.ac.uk Tue Jun 10 11:38:56 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:28 2006 Subject: Zip of Death In-Reply-To: <004801c32ef9$1f6bd1c0$9b01a8c0@home.middlefinger.net> References: <004701c32ef8$71356e40$9b01a8c0@home.middlefinger.net> Message-ID: <5.2.0.9.2.20030610113832.044e43b0@imap.ecs.soton.ac.uk> At 03:36 10/06/2003, you wrote: >Sophos sweep finished scanning the 42.zip and found it to be a denial of >service >attack. i.e. MailScanner found it to be a DoS attack :-) (unless you actually ran sweep by hand) >Mike > > > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mike Kercher > > Sent: Monday, June 09, 2003 9:32 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Zip of Death > > > > > > I just ran it through my system. It appears that Sophos is > > scanning each embedded zip file. This could take a while! :) > > > > Mike > > > > > > > -----Original Message----- > > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > > Behalf Of Ernest W. Lessenger > > > Sent: Monday, June 09, 2003 4:09 PM > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Subject: Re: Zip of Death > > > > > > > > > I just sent it through my system and both the primary > > > (f-prot) and secondary (Norman AV) scanners caught it. Trend Micro > > > running on my computer caused a blue-screen in Windows XP :) > > > > > > Good news is I don't think my proxy server will be affected by this > > > particular file. Bad news is I now know how to create one that will > > > kill it. I'll have get the developer to patch :( > > > > > > --Ernest > > > > > > At 04:55 PM 6/9/2003 -0400, you wrote: > > > >I sent this thru my current MS setup and CLAMAV found it in a > > > >hearbeat!!!! > > > > > > > >Thanks for the resource link! > > > >Michael Weiner > > > > > > > >-----Original Message----- > > > >From: Steffan Henke [mailto:henker@SHCOM.US] > > > >Sent: Monday, June 09, 2003 4:43 PM > > > >To: MAILSCANNER@JISCMAIL.AC.UK > > > >Subject: Re: Zip of Death > > > > > > > >On Mon, 9 Jun 2003, Ernest W. Lessenger wrote: > > > > > > > > > I'd be happy to know how to defend against this (presumably by > > > > > watching > > > >out > > > > > for a loop in the decompression routing), or happier to have a > > > > > sample to test with. PLEASE DON'T EMAIL IT LIVE!!!! > > > > > > > >You could download a testfile from here: http://www.fefe.de/ > > > , it's the > > > >link "why anti viruses don't work" at the bottom of the > > page. Norton > > > >seems to choke on it, not sure about other products. > > > > > > > >Regards, > > > > > > > >Steffan > > > > > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From rishi at THEARGONCOMPANY.COM Tue Jun 10 12:33:08 2003 From: rishi at THEARGONCOMPANY.COM (Rishi Gangoly) Date: Thu Jan 12 21:18:28 2006 Subject: f-prot's new mailbox licensing model Message-ID: <200306101703.08702.rishi@theargoncompany.com> Hi all... With f-prot's new mailbox licensing model, I'm considering using just MailScanner standalone and not using any AV scanner as I don't see any great value. MailScanner seems to be doing such a great job on it's own. Half the time because of the file name pattern check or IFrame TAGs or whatever, new viruses are quarantined as well. Basically it looks like all that f-prot seems to be doing is Naming the Virus in the e-mail report / notification (big deal) ;-) The only downside I forsee is that the notification of new viruses like KLEZ, Sobig or BugBear virus, will constantly be sent to invalid FROM addresses. Also sometimes viruses are accidentally sent inside zip file attachments. Without the AV software, MailScanner would fail to catch these situations. If you notice there isn't any question here so far ;-) I'm hoping to trigger a conversation .... so do you guys think? Is this a good idea? Also, can it be done? Regards Rishi From raymond at PROLOCATION.NET Tue Jun 10 12:47:00 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:28 2006 Subject: f-prot's new mailbox licensing model In-Reply-To: <200306101703.08702.rishi@theargoncompany.com> Message-ID: Hi! > The only downside I forsee is that the notification of new viruses like KLEZ, > Sobig or BugBear virus, will constantly be sent to invalid FROM addresses. > > Also sometimes viruses are accidentally sent inside zip file attachments. > Without the AV software, MailScanner would fail to catch these situations. > > If you notice there isn't any question here so far ;-) > > I'm hoping to trigger a conversation .... so do you guys think? > Is this a good idea? > Also, can it be done? Naturally it CAN be done but i would stronlgy advice to keep running a virus scanner also. If not f-prot then for example ClamAV... Bye, Raymond. From Kevin.Spicer at BMRB.CO.UK Tue Jun 10 12:47:13 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:18:28 2006 Subject: f-prot's new mailbox licensing model Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0EBF63C@pascal.priv.bmrb.co.uk> > Is this a good idea? No > Also, can it be done? Yes IMHO The costs of virus scanning (from one of the cheaper vendors) are considerably less than the impact in terms of support time and lost productivity or just one mass mailing work getting through (been there, done that!). It could also be a difficult decision to justify later! Even running just Clam (which is free) will help (although they are not always up to date) BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From P.G.M.Peters at CIV.UTWENTE.NL Tue Jun 10 12:49:17 2003 From: P.G.M.Peters at CIV.UTWENTE.NL (Peter Peters) Date: Thu Jan 12 21:18:28 2006 Subject: Changing Precedence to junk In-Reply-To: <001501c32e93$ef4061b0$9b01a8c0@home.middlefinger.net> References: <001501c32e93$ef4061b0$9b01a8c0@home.middlefinger.net> Message-ID: <5o0bevs6a0s1mol9ii3tt8otc8a8ts5sq0@4ax.com> On Mon, 9 Jun 2003 09:32:20 -0500, you wrote: >Mailman uses the precedence of either Bulk or List...can't remember which. My >question is this...WHY would you bounce spam? The large percentage of spam you >bounce more than likey comes from forged addresses. Therefore, attempting to >bounce them just generates more useless traffic on the net and your boxen (IMHO >of course). Spam isn't bounced but people using out-of-office assistance still send OOO messages to the address in the spam. I haven't been able to get a (good) instructionset to get the people use rules to limit the OOO's they send. -- Peter Peters, senior netwerkbeheerder Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/civ From tomas at SAP.SE Tue Jun 10 13:04:55 2003 From: tomas at SAP.SE (Tomas) Date: Thu Jan 12 21:18:28 2006 Subject: Notify only local senders Message-ID: I've been scanning the mail arcive for some time now. At last I found the function I've been looking for. I want to notify only local senders. Outside ->in notify postmaster, local recipient. No external senders notified. Inside -> out notify local sender, postmaster, no external recipients notified. The problem is I dont know how to use it, probobly simpel but I'm a newbee whith MS..... Please help some one.... I'm using RH 8, Postfix & MS 4.20 (The orig mail thred is from last summer, 25 Jun. Subject: Notify Senders) From marco at MUW.EDU Tue Jun 10 13:57:11 2003 From: marco at MUW.EDU (Marco Obaid) Date: Thu Jan 12 21:18:28 2006 Subject: Sophos-autoupdate on FreeBSD In-Reply-To: <3EE59B96.7030403@totalise.co.uk> References: <06EE2C86D3DAD5119A6C0060943F3C97055E6FF4@tormail1.algorithmics.com> <1055201977.3ee51ab9081c9@webmail.MUW.Edu> <3EE59B96.7030403@totalise.co.uk> Message-ID: <1055249831.3ee5d5a71c23b@webmail.MUW.Edu> Hi Martin, > If you want my version, or Julian wants me to create a patch file then > let me know.. Would you please send me your copy? On a related topic, Sophos has two versions for FreeBSD. I used freebsd.elf.tar.Z but there is a note in the manual about: "FreeBSD 4 and above: you may need to install the FreeBSD version 3.x compatibility libraries on your system." But they do not tell you how to install this compatibility library. Did you have to install it? Can I install the linux version of Sophos on FreeBSD? I tried it and it seemed to be working. However, I have not been able to get sophos-autoupdate to work. Thank you Marco _________________________________________________________________ This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail For the latest MUW Events, visit http://www.MUW.Edu/calendar From maxsec at TOTALISE.CO.UK Tue Jun 10 14:09:08 2003 From: maxsec at TOTALISE.CO.UK (Martin Hepworth) Date: Thu Jan 12 21:18:28 2006 Subject: Sophos-autoupdate on FreeBSD In-Reply-To: <1055249831.3ee5d5a71c23b@webmail.MUW.Edu> References: <06EE2C86D3DAD5119A6C0060943F3C97055E6FF4@tormail1.algorithmics.com> <1055201977.3ee51ab9081c9@webmail.MUW.Edu> <3EE59B96.7030403@totalise.co.uk> <1055249831.3ee5d5a71c23b@webmail.MUW.Edu> Message-ID: <3EE5D874.30405@totalise.co.uk> Marco Obaid wrote: > Hi Martin, > > >>If you want my version, or Julian wants me to create a patch file then >>let me know.. > > > Would you please send me your copy? > > On a related topic, Sophos has two versions for FreeBSD. I used > freebsd.elf.tar.Z but there is a note in the manual about: > "FreeBSD 4 and above: you may need to install the FreeBSD version 3.x > compatibility libraries on your system." But they do not tell you how to > install this compatibility library. Did you have to install it? > > Can I install the linux version of Sophos on FreeBSD? I tried it and it seemed > to be working. However, I have not been able to get sophos-autoupdate to work. > > Thank you > Marco > > > _________________________________________________________________ > This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail > For the latest MUW Events, visit http://www.MUW.Edu/calendar marco the elf one should work fine without anything else..run the sweep command on a directory to prove it. You'll also need to run the Sophos.install script beforehand to put Sophos where MS expects it. -- Martin -------------- next part -------------- #!/usr/bin/perl use Sys::Syslog; $SophosRoot = "/usr/local/Sophos"; $IDELink = "$SophosRoot/ide"; $VDLDir = "../lib"; #$Lynx = "/usr/local/bin/lynx -dump"; $Lynx = "/usr/bin/wget -q -O-"; # On Linux use this $Unzip = "/usr/bin/unzip -joqq"; $rm = "/bin/rm"; $LockFile = "/tmp/SophosBusy.lock"; $LOCK_SH = 1; $LOCK_EX = 2; $LOCK_NB = 4; $LOCK_UN = 8; Sys::Syslog::openlog("Sophos-autoupdate", 'pid, nowait', 'mail'); # Work out the current VDL (and hence Sophos Sweep) version number chdir "$SophosRoot/bin/$VDLDir"; opendir(LIBDIR, ".") || &BailOut("Cannot open Sophos/lib directory"); foreach $vdlname (sort readdir(LIBDIR)) { next unless $vdlname =~ /^vdl-(\d+)\.(\d+)([a-z]?)\.dat$/; $MajorVer = $1; $MinorVer = $2; $NSVFlag = $3; } closedir(LIBDIR); &BailOut("Could not calculate Sophos version number") unless defined($MajorVer) && defined($MinorVer); $SophosVersion = "$MajorVer$MinorVer"; $VDLVersion = "$MajorVer.$MinorVer"; # Derive other variables, filenames and URLs from the version numbers $ZipName = $SophosVersion . "_ides.zip"; $URL = "http://www.sophos.com/downloads/ide/$ZipName"; ($min,$hour,$date,$month,$year) = (localtime)[1,2,3,4,5]; $month++; $year+=1900; $IDEDir = $SophosRoot. "/idenew"; # If the directory already exists, then we have already done the update # for today, so quietly exit. Sys::Syslog::syslog('info', "Sophos already up-to-date"),exit 0 if -d $IDEDir; umask 0022; mkdir $IDEDir, 0755; chdir $IDEDir or &BailOut("Cannot cd $IDEDir, $!"); # Fetch and unpack the IDE zip file from Sophos #print STDERR "URL is $URL\n"; $result = system("$Lynx $URL > $ZipName"); if (($result>>8)==1) { Sys::Syslog::syslog('err', "Your Sophos installation may be too old. Please install the latest release of Sophos"); print STDERR "Your Sophos installation may be too old. Please install the latest release of Sophos"; } &BailOut("Lynx failed with error return " . ($result>>8) . "\n") if $result>>8; $result = system("$Unzip $ZipName"); if ($result>>8) { Sys::Syslog::syslog('err', "Unzipping the new Sophos IDE files failed. This may well be because your Sophos installation is too old. Please install the latest release of Sophos"); print STDERR "Unzipping the new Sophos IDE files failed. This may well be because your Sophos installation is too old. Please install the latest release of Sophos"; &BailOut("Unzip failed with error return " . ($result>>8) . "\n"); } symlink("$VDLDir/vdl-$VDLVersion$NSVFlag.dat", "vdl.dat"); # Add the new vdl*.vdb files if they are there foreach $number (1..99) { $string = "vdl" . sprintf("%02d", $number) . ".vdb"; symlink("$VDLDir/$string", $string) if -f "$VDLDir/$string"; } # Link in this new directory to Sophos #chdir $SophosRoot or &BailOut("Cannot cd $SophosRoot, $!"); #$OldLinkTarget = readlink $IDELink; &LockSophos(); $IDEold = $SophosRoot . "/ideold"; system("$rm -rf $IDEold"); rename $IDELink, $IDEold; rename $IDEDir, $IDELink; #unlink $IDELink if -l $IDELink; #symlink $IDEDir, $IDELink; &UnlockSophos(); #system("$rm -rf $OldLinkTarget") if defined $OldLinkTarget && -e $OldLinkTarget; Sys::Syslog::syslog('info', "Sophos successfully updated in $IDEDir"); Sys::Syslog::closelog(); exit 0; sub BailOut { Sys::Syslog::syslog('err', @_); Sys::Syslog::closelog(); warn "@_, $!"; chdir $SophosRoot or die "Cannot cd $SophosRoot, $!"; system("$rm -rf $IDEDir") if -d $IDEDir; exit 1; } sub LockSophos { open(LOCK, ">$LockFile") or return; flock(LOCK, $LOCK_EX); print LOCK "Locked for updating Sophos IDE files by $$\n"; } sub UnlockSophos { print LOCK "Unlocked after updating Sophos IDE files by $$\n"; unlink $LockFile; flock(LOCK, $LOCK_UN); close LOCK; } From marco at MUW.EDU Tue Jun 10 14:20:55 2003 From: marco at MUW.EDU (Marco Obaid) Date: Thu Jan 12 21:18:28 2006 Subject: Sophos-autoupdate on FreeBSD In-Reply-To: <5.2.1.1.2.20030610020718.024b14a8@imap.ecs.soton.ac.uk> References: <06EE2C86D3DAD5119A6C0060943F3C97055E6FF4@tormail1.algorithmics.com> <06EE2C86D3DAD5119A6C0060943F3C97055E6FF4@tormail1.algorithmics.com> <5.2.1.1.2.20030610020718.024b14a8@imap.ecs.soton.ac.uk> Message-ID: <1055251255.3ee5db3705ba2@webmail.MUW.Edu> Hi Julian, > Do you have "unzip" installed? Yes. All I had to do was symlink it to /usr/bin/unzip. Now it works !!! One issue though ... If I use freebsd.elf.tar.Z, the install completes fine and the IDEs are fetched. However, I get the following message if I run sweep: $ sweep /tmp/ /usr/libexec/ld-elf.so.1: Shared object "libc.so.3" not found I have no idea how to install this library. I know it has something to do with ELF executable, which look for this library. Out of desperation, I installed linux.intel.libc6.tar.Z (Sophos linux version) and it installed fine. Sweep appears to be running fine: $ sweep /tmp/ SWEEP virus detection utility Version 3.70, June 2003 [Linux/Intel] Includes detection for 82052 viruses, trojans and worms Copyright (c) 1989,2003 Sophos Plc, www.sophos.com System time 08:05:48, System date 10 June 2003 Quick Sweeping 1080 files swept in 6 seconds. No viruses were discovered. End of Sweep. Is it safe to stick with this version? Thank you Marco _________________________________________________________________ This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail For the latest MUW Events, visit http://www.MUW.Edu/calendar From marco at MUW.EDU Tue Jun 10 14:23:20 2003 From: marco at MUW.EDU (Marco Obaid) Date: Thu Jan 12 21:18:28 2006 Subject: Sophos-autoupdate on FreeBSD In-Reply-To: <3EE5D874.30405@totalise.co.uk> References: <06EE2C86D3DAD5119A6C0060943F3C97055E6FF4@tormail1.algorithmics.com> <1055201977.3ee51ab9081c9@webmail.MUW.Edu> <3EE59B96.7030403@totalise.co.uk> <1055249831.3ee5d5a71c23b@webmail.MUW.Edu> <3EE5D874.30405@totalise.co.uk> Message-ID: <1055251400.3ee5dbc8459fd@webmail.MUW.Edu> Hi Martin, > the elf one should work fine without anything else..run the sweep > command on a directory to prove it. Here is what I get when I run sweep: $ sweep /tmp/ /usr/libexec/ld-elf.so.1: Shared object "libc.so.3" not found Thank you for the script and for your time Marco _________________________________________________________________ This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail For the latest MUW Events, visit http://www.MUW.Edu/calendar From kusler at NSCL.MSU.EDU Tue Jun 10 14:11:26 2003 From: kusler at NSCL.MSU.EDU (No Name) Date: Thu Jan 12 21:18:28 2006 Subject: double messages? Message-ID: I installed MailScanner with Clamav on a Solaris 8 (sparc) box running Postfix as the MTA. Often, but not always, 2 messages are delivered instead of just one. The first has the 'real' message, and the second is empty. For example, a message just came through from this list from Marc Obaid, and it was double. The logs show the second blank message simply appearing, as best as I can tell, although it seems that there may be 2 instances of MailScanner trying to process the queue concurrently. Has anyone seen this behavior, and what can I do about it? Thanks, Jay Kusler NSCL Jun 10 08:53:48 jade postfix/smtpd[25820]: [ID 197553 mail.info] connect from smtp.jiscmail.ac.uk[130.246.192.48] Jun 10 08:53:48 jade postfix/smtpd[25820]: [ID 197553 mail.info] 4C8A6279: client=smtp.jiscmail.ac.uk[130.246.192.48] Jun 10 08:53:48 jade postfix/cleanup[25452]: [ID 197553 mail.info] 4C8A6279: message-id= <1055249831.3ee5d5a71c23b@webmail.MUW.Edu> Jun 10 08:53:48 jade postfix/qmgr[25436]: [ID 197553 mail.info] 4C8A6279: from=, size=3460, nrcpt=1 (queue active) Jun 10 08:53:48 jade postfix/qmgr[25436]: [ID 197553 mail.info] 4C8A6279: to=, relay=none, delay=0, status=deferred (deferred transport) Jun 10 08:53:49 jade postfix/smtpd[25820]: [ID 197553 mail.info] disconnect from smtp.jiscmail.ac.uk[130.246.192.48] Jun 10 08:53:52 jade.nscl.msu.edu MailScanner[25538]: New Batch: Scanning 1 messages, 3650 bytes Jun 10 08:53:53 jade.nscl.msu.edu MailScanner[25538]: Virus and Content Scanning: Starting Jun 10 08:53:53 jade.nscl.msu.edu MailScanner[25554]: New Batch: Scanning 1 messages, 3650 bytes Jun 10 08:53:53 jade.nscl.msu.edu MailScanner[25538]: Uninfected: Delivered 1 messages Jun 10 08:53:53 jade postfix/qmgr[25479]: [ID 197553 mail.info] 17D259380: from=, size=3467, nrcpt=1 (queue active) Jun 10 08:53:53 jade.nscl.msu.edu MailScanner[25554]: Virus and Content Scanning: Starting Jun 10 08:53:54 jade.nscl.msu.edu MailScanner[25554]: Uninfected: Delivered 1 messages Jun 10 08:53:54 jade postfix/qmgr[25479]: [ID 197553 mail.info] 5616F937E: from=, size=2603, nrcpt=1 (queue active) Jun 10 08:53:56 jade postfix/local[25558]: [ID 197553 mail.info] 17D259380: to=, relay=local, delay=8, status=sent ("|/usr/nsclsbin/procmail") Jun 10 08:54:03 jade postfix/local[25577]: [ID 197553 mail.info] 5616F937E: to=, relay=local, delay=15, status=sent ("|/usr/nsclsbin/procmail") From m.sapsed at BANGOR.AC.UK Tue Jun 10 14:22:44 2003 From: m.sapsed at BANGOR.AC.UK (Martin Sapsed) Date: Thu Jan 12 21:18:28 2006 Subject: Problem with Sophos 3.70 and sophossavi References: <5.2.1.1.2.20030607182149.03022720@imap.ecs.soton.ac.uk> Message-ID: <3EE5DBA4.4030208@bangor.ac.uk> Julian Field wrote: > There appears to be a problem with the most recent Sophos releases and the > sophossavi virus scanner. > MailScanner will segfault when it first tries to set up the sophossavi > scanner. > > The symptom is that MailScanner continually re-forks its child processes so > every 10 seconds you will get a notice in your maillog saying the > MailScanner is starting up, but no mail will be processed. I don't see this with 3.70 on Debian stable. I have the sav.conf file. Jun 10 11:48:33 epitaf MailScanner[7114]: MailScanner E-Mail Virus Scanner version 4.21-9 starting... Jun 10 11:48:41 epitaf MailScanner[7114]: SophosSAVI 3.70 (engine 2.14) recognizing 82079 viruses Jun 10 11:48:41 epitaf MailScanner[7114]: SophosSAVI using 27 IDE files Jun 10 11:48:41 epitaf MailScanner[7114]: Using locktype = flock > The workaround is very simple: > rm /etc/sav.conf > > The next release will include a new Sophos.install script which does this > step for you. As I also use one of my MailScanner installations of Sophos to provide an InterCheck server for my desktops, I might be concerned about an action which might break Sophos generally. Having said that though, I modify the install script to install InterCheck so maybe I'd just have to remember another mod! (Btw I see that Sophos.install is no longer a link to either the .linux or .solaris versions - is this intensional?) Cheers, Martin -- Martin Sapsed Information Services "Who do you say I am?" University of Wales, Bangor Jesus of Nazareth From Denis.Beauchemin at USHERBROOKE.CA Tue Jun 10 14:38:48 2003 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:18:28 2006 Subject: Whitelisting your domains? Message-ID: <1055252327.11990.25.camel@dbeauchemin.si.usherbrooke.ca> Hello, About a month ago I activated DCC, Razor2 and Pyzor in SA (just after the thread on this list). I was already using Bayes. In the last 2 weeks Razor began to flag internal innocent messages as spam and now Pyzor has joined it! Yesterday I deactivated them all! I do not whitelist my domains in SA. Should I be doing it to resolve those problems? If so, how should I do it: by source address or by domain name? Which one is the more robust? Thanks again! Denis -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x2252 F: 819.821.8045 From dlovelace at HOTELS.COM Tue Jun 10 14:56:12 2003 From: dlovelace at HOTELS.COM (Dale Lovelace) Date: Thu Jan 12 21:18:28 2006 Subject: MailScanner-mrtg-0.05 Is (finally) out! Message-ID: <20030610085612.721a66e9.dlovelace@hotels.com> I've just posted the latest MailScanner-mrtg to my SourceForge site at http://mailscannermrtg.sourceforge.net/ Notes: This is a maintenance release which fixes a few reported bugs, adds a new graph for systems that use tmpfs, and most importantly works correctly under Red Hat 9! You will probably want to "diff" your old config files and the new (.rpmsave) config files and merge them. If this is confusing just email and I will try to add more description here. Want to help with mailscanner-mrtg? I'm looking for a few good perl scripters who would like to make their mark on the Open Source community! Email dale@hotels.com and I will hook you up! Changes: 0.05 Added / to end of inqueue and outqueue paths for symlinks Add graph for space used in /dev/shm/ (Ram Disk) removed "use strict" since it doesn't work in Red Hat 9 Fixed viruses check to look for both "viruses" and "problems" MailBytes now reads in MBytes instead of Bytes Thanks to Denis Beauchemin Change "Restart Threshold" to 1 -- Dale Lovelace Linux System Administrator hotels.com (469) 335-1074 From mailscanner at ecs.soton.ac.uk Tue Jun 10 14:58:54 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:28 2006 Subject: double messages? In-Reply-To: Message-ID: <5.2.0.9.2.20030610145839.04bb8c60@imap.ecs.soton.ac.uk> What version of MailScanner are you running? What version of Postfix are you running? At 14:11 10/06/2003, you wrote: >I installed MailScanner with Clamav on a Solaris 8 (sparc) box running >Postfix as the MTA. Often, but not always, 2 messages are delivered instead >of just one. The first has the 'real' message, and the second is empty. >For example, a message just came through from this list from Marc Obaid, and >it was double. The logs show the second blank message simply appearing, as >best as I can tell, although it seems that there may be 2 instances of >MailScanner trying to process the queue concurrently. Has anyone seen >this behavior, and what can I do about it? > >Thanks, > >Jay Kusler >NSCL > >Jun 10 08:53:48 jade postfix/smtpd[25820]: [ID 197553 mail.info] connect >from smtp.jiscmail.ac.uk[130.246.192.48] >Jun 10 08:53:48 jade postfix/smtpd[25820]: [ID 197553 mail.info] 4C8A6279: >client=smtp.jiscmail.ac.uk[130.246.192.48] >Jun 10 08:53:48 jade postfix/cleanup[25452]: [ID 197553 mail.info] 4C8A6279: >message-id= <1055249831.3ee5d5a71c23b@webmail.MUW.Edu> >Jun 10 08:53:48 jade postfix/qmgr[25436]: [ID 197553 mail.info] 4C8A6279: >from=, size=3460, nrcpt=1 (queue active) >Jun 10 08:53:48 jade postfix/qmgr[25436]: [ID 197553 mail.info] 4C8A6279: >to=, relay=none, delay=0, status=deferred (deferred >transport) >Jun 10 08:53:49 jade postfix/smtpd[25820]: [ID 197553 mail.info] disconnect >from smtp.jiscmail.ac.uk[130.246.192.48] > >Jun 10 08:53:52 jade.nscl.msu.edu MailScanner[25538]: New Batch: Scanning 1 >messages, 3650 bytes >Jun 10 08:53:53 jade.nscl.msu.edu MailScanner[25538]: Virus and Content >Scanning: Starting >Jun 10 08:53:53 jade.nscl.msu.edu MailScanner[25554]: New Batch: Scanning 1 >messages, 3650 bytes >Jun 10 08:53:53 jade.nscl.msu.edu MailScanner[25538]: Uninfected: Delivered >1 messages >Jun 10 08:53:53 jade postfix/qmgr[25479]: [ID 197553 mail.info] 17D259380: >from=, size=3467, nrcpt=1 (queue active) >Jun 10 08:53:53 jade.nscl.msu.edu MailScanner[25554]: Virus and Content >Scanning: Starting >Jun 10 08:53:54 jade.nscl.msu.edu MailScanner[25554]: Uninfected: Delivered >1 messages >Jun 10 08:53:54 jade postfix/qmgr[25479]: [ID 197553 mail.info] 5616F937E: >from=, size=2603, nrcpt=1 (queue active) > >Jun 10 08:53:56 jade postfix/local[25558]: [ID 197553 mail.info] 17D259380: >to=, relay=local, delay=8, status=sent >("|/usr/nsclsbin/procmail") >Jun 10 08:54:03 jade postfix/local[25577]: [ID 197553 mail.info] 5616F937E: >to=, relay=local, delay=15, status=sent >("|/usr/nsclsbin/procmail") -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Tue Jun 10 15:00:54 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:28 2006 Subject: Whitelisting your domains? In-Reply-To: <1055252327.11990.25.camel@dbeauchemin.si.usherbrooke.ca> Message-ID: <5.2.0.9.2.20030610150021.04c49388@imap.ecs.soton.ac.uk> At 14:38 10/06/2003, you wrote: >Hello, > >About a month ago I activated DCC, Razor2 and Pyzor in SA (just after >the thread on this list). I was already using Bayes. > >In the last 2 weeks Razor began to flag internal innocent messages as >spam and now Pyzor has joined it! > >Yesterday I deactivated them all! > >I do not whitelist my domains in SA. Should I be doing it to resolve >those problems? If so, how should I do it: by source address or by >domain name? Which one is the more robust? If you whitelist your domains in MS, then this won't be a problem at all. I would advise whitelisting by IP address if you easily can. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Tue Jun 10 14:56:33 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:28 2006 Subject: Notify only local senders In-Reply-To: Message-ID: <5.2.0.9.2.20030610145351.03913240@imap.ecs.soton.ac.uk> At 13:04 10/06/2003, you wrote: >I've been scanning the mail arcive for some time now. At last I found the >function I've been looking for. > >I want to notify only local senders. > > Outside ->in notify postmaster, local recipient. No external senders >notified. Set Notify Senders = /etc/MailScanner/rules/notify.senders.rules and then put this in it: To: yourdomain.com yes FromOrTo: default no > Inside -> out notify local sender, postmaster, no external recipients >notified. Set Deliver Cleaned Messages = /etc/MailScanner/rules/deliver.cleaned.rules and then put this in it To: yourdomain.com yes FromOrTo: default no You could even put both of those rulesets in the same file if you like, but I would keep them separate for clarity. Should do what you want. >The problem is I dont know how to use it, probobly simpel but I'm a newbee >whith MS..... Please help some one.... > >I'm using RH 8, Postfix & MS 4.20 > >(The orig mail thred is from last summer, 25 Jun. Subject: Notify Senders) -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Tue Jun 10 15:00:05 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:28 2006 Subject: Problem with Sophos 3.70 and sophossavi In-Reply-To: <3EE5DBA4.4030208@bangor.ac.uk> References: <5.2.1.1.2.20030607182149.03022720@imap.ecs.soton.ac.uk> Message-ID: <5.2.0.9.2.20030610145926.03903600@imap.ecs.soton.ac.uk> At 14:22 10/06/2003, you wrote: >Julian Field wrote: >>There appears to be a problem with the most recent Sophos releases and the >>sophossavi virus scanner. >>MailScanner will segfault when it first tries to set up the sophossavi >>scanner. >> >>The symptom is that MailScanner continually re-forks its child processes so >>every 10 seconds you will get a notice in your maillog saying the >>MailScanner is starting up, but no mail will be processed. > >I don't see this with 3.70 on Debian stable. I have the sav.conf file. > >Jun 10 11:48:33 epitaf MailScanner[7114]: MailScanner E-Mail Virus >Scanner version 4.21-9 starting... >Jun 10 11:48:41 epitaf MailScanner[7114]: SophosSAVI 3.70 (engine 2.14) >recognizing 82079 viruses >Jun 10 11:48:41 epitaf MailScanner[7114]: SophosSAVI using 27 IDE files >Jun 10 11:48:41 epitaf MailScanner[7114]: Using locktype = flock > >>The workaround is very simple: >> rm /etc/sav.conf >> >>The next release will include a new Sophos.install script which does this >>step for you. > >As I also use one of my MailScanner installations of Sophos to provide >an InterCheck server for my desktops, I might be concerned about an >action which might break Sophos generally. Having said that though, I >modify the install script to install InterCheck so maybe I'd just have >to remember another mod! > >(Btw I see that Sophos.install is no longer a link to either the .linux >or .solaris versions - is this intensional?) You'll find it is the same (bar a version number in a comment) as one of the other files. CVS doesn't seem to know about links :( -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Tue Jun 10 14:58:21 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:28 2006 Subject: Sophos-autoupdate on FreeBSD In-Reply-To: <1055251400.3ee5dbc8459fd@webmail.MUW.Edu> References: <3EE5D874.30405@totalise.co.uk> <06EE2C86D3DAD5119A6C0060943F3C97055E6FF4@tormail1.algorithmics.com> <1055201977.3ee51ab9081c9@webmail.MUW.Edu> <3EE59B96.7030403@totalise.co.uk> <1055249831.3ee5d5a71c23b@webmail.MUW.Edu> <3EE5D874.30405@totalise.co.uk> Message-ID: <5.2.0.9.2.20030610145733.04acdb08@imap.ecs.soton.ac.uk> At 14:23 10/06/2003, you wrote: >Hi Martin, > > > the elf one should work fine without anything else..run the sweep > > command on a directory to prove it. > >Here is what I get when I run sweep: > >$ sweep /tmp/ >/usr/libexec/ld-elf.so.1: Shared object "libc.so.3" not found What happens if you run /usr/lib/MailScanner/sophos-wrapper /tmp instead? When Sophos is installed with Sophos.install, "sweep" won't work on its own as it doesn't know where to get the libraries from. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From marco at MUW.EDU Tue Jun 10 15:17:23 2003 From: marco at MUW.EDU (Marco Obaid) Date: Thu Jan 12 21:18:28 2006 Subject: Sophos-autoupdate on FreeBSD In-Reply-To: <5.2.0.9.2.20030610145733.04acdb08@imap.ecs.soton.ac.uk> References: <3EE5D874.30405@totalise.co.uk> <06EE2C86D3DAD5119A6C0060943F3C97055E6FF4@tormail1.algorithmics.com> <1055201977.3ee51ab9081c9@webmail.MUW.Edu> <3EE59B96.7030403@totalise.co.uk> <1055249831.3ee5d5a71c23b@webmail.MUW.Edu> <3EE5D874.30405@totalise.co.uk> <5.2.0.9.2.20030610145733.04acdb08@imap.ecs.soton.ac.uk> Message-ID: <1055254643.3ee5e8733939d@webmail.MUW.Edu> Hi Julian, > What happens if you run /usr/lib/MailScanner/sophos-wrapper /tmp instead? After running Sophos.install and installing freebsd.elf.tar.Z: #/opt/MailScanner/lib/sophos-wrapper /tmp/ /usr/libexec/ld-elf.so.1: Shared object "libc.so.3" not found Then after running Sophos.install.linux and installing linux.intel.libc6.tar.Z: # /opt/MailScanner/lib/sophos-wrapper /tmp/ SWEEP virus detection utility Version 3.70, June 2003 [Linux/Intel] Includes detection for 82079 viruses, trojans and worms Copyright (c) 1989,2003 Sophos Plc, www.sophos.com System time 09:08:01, System date 10 June 2003 IDE directory is: /usr/local/Sophos/ide Using IDE file mapson-a.ide Using IDE file pecdialb.ide Using IDE file mofei-a.ide Using IDE file bugbearb.ide Using IDE file mumu-a.ide Using IDE file tunnel-a.ide Using IDE file sobig-c.ide Using IDE file magold.ide Using IDE file fnight-d.ide Using IDE file holar-h.ide Using IDE file anacon-b.ide Using IDE file panjang.ide Using IDE file peido-b.ide Using IDE file lazy-c.ide Using IDE file ircbot-c.ide Using IDE file melare-a.ide Using IDE file lovgatel.ide Using IDE file palyh-a.ide Using IDE file fizzer-a.ide Using IDE file lovgatei.ide Using IDE file winur-d.ide Using IDE file lovgatej.ide Using IDE file randon-i.ide Using IDE file boa-a.ide Using IDE file kickin-a.ide Using IDE file sdbotfam.ide Quick Sweeping 1089 files swept in 5 seconds. No viruses were discovered. End of Sweep. It seems that the Linux version *is* working on my FreeBSD system. Thank you Marco _________________________________________________________________ This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail For the latest MUW Events, visit http://www.MUW.Edu/calendar From kusler at NSCL.MSU.EDU Tue Jun 10 15:15:33 2003 From: kusler at NSCL.MSU.EDU (Jay Kusler) Date: Thu Jan 12 21:18:28 2006 Subject: double messages? In-Reply-To: <5.2.0.9.2.20030610145839.04bb8c60@imap.ecs.soton.ac.uk> References: <5.2.0.9.2.20030610145839.04bb8c60@imap.ecs.soton.ac.uk> Message-ID: <38369.35.8.32.19.1055254533.squirrel@webmail.nscl.msu.edu> MailScanner-4.21-9 Postfix 1.1.11 Thanks Jay Julian Field said: > What version of MailScanner are you running? > What version of Postfix are you running? > > At 14:11 10/06/2003, you wrote: >>I installed MailScanner with Clamav on a Solaris 8 (sparc) box running >> Postfix as the MTA. Often, but not always, 2 messages are delivered >> instead of just one. The first has the 'real' message, and the second >> is empty. For example, a message just came through from this list from >> Marc Obaid, and it was double. The logs show the second blank message >> simply appearing, as best as I can tell, although it seems that there >> may be 2 instances of MailScanner trying to process the queue >> concurrently. Has anyone seen this behavior, and what can I do about >> it? >> >>Thanks, >> >>Jay Kusler >>NSCL >> >>Jun 10 08:53:48 jade postfix/smtpd[25820]: [ID 197553 mail.info] >> connect from smtp.jiscmail.ac.uk[130.246.192.48] >>Jun 10 08:53:48 jade postfix/smtpd[25820]: [ID 197553 mail.info] >> 4C8A6279: client=smtp.jiscmail.ac.uk[130.246.192.48] >>Jun 10 08:53:48 jade postfix/cleanup[25452]: [ID 197553 mail.info] >> 4C8A6279: message-id= <1055249831.3ee5d5a71c23b@webmail.MUW.Edu> >>Jun 10 08:53:48 jade postfix/qmgr[25436]: [ID 197553 mail.info] >> 4C8A6279: from=, size=3460, nrcpt=1 >> (queue active) Jun 10 08:53:48 jade postfix/qmgr[25436]: [ID 197553 >> mail.info] 4C8A6279: to=, relay=none, delay=0, >> status=deferred (deferred transport) >>Jun 10 08:53:49 jade postfix/smtpd[25820]: [ID 197553 mail.info] >> disconnect from smtp.jiscmail.ac.uk[130.246.192.48] >> >>Jun 10 08:53:52 jade.nscl.msu.edu MailScanner[25538]: New Batch: >> Scanning 1 messages, 3650 bytes >>Jun 10 08:53:53 jade.nscl.msu.edu MailScanner[25538]: Virus and Content >> Scanning: Starting >>Jun 10 08:53:53 jade.nscl.msu.edu MailScanner[25554]: New Batch: >> Scanning 1 messages, 3650 bytes >>Jun 10 08:53:53 jade.nscl.msu.edu MailScanner[25538]: Uninfected: >> Delivered 1 messages >>Jun 10 08:53:53 jade postfix/qmgr[25479]: [ID 197553 mail.info] >> 17D259380: from=, size=3467, nrcpt=1 >> (queue active) Jun 10 08:53:53 jade.nscl.msu.edu MailScanner[25554]: >> Virus and Content Scanning: Starting >>Jun 10 08:53:54 jade.nscl.msu.edu MailScanner[25554]: Uninfected: >> Delivered 1 messages >>Jun 10 08:53:54 jade postfix/qmgr[25479]: [ID 197553 mail.info] >> 5616F937E: from=, size=2603, nrcpt=1 >> (queue active) >> >>Jun 10 08:53:56 jade postfix/local[25558]: [ID 197553 mail.info] >> 17D259380: to=, relay=local, delay=8, status=sent >>("|/usr/nsclsbin/procmail") >>Jun 10 08:54:03 jade postfix/local[25577]: [ID 197553 mail.info] >> 5616F937E: to=, relay=local, delay=15, status=sent >>("|/usr/nsclsbin/procmail") > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support From Cleveland at MAIL.WINNEFOX.ORG Tue Jun 10 15:47:48 2003 From: Cleveland at MAIL.WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:18:28 2006 Subject: No subject Message-ID: <84CFA712F666B44A94CE6BE116BAF4B0B4E9D8@mail.winnefox.org> Hello, I'm running the current version of MailScanner, along with 2.55 of SpamAssassin. I'm trying to get spamassassin to use a mySQL database for user preferences. I followed the instructions on the SpamAssassin web site for setting that up, and added what they said to the local.cf file. It doesn't seem to be working. I was told in order for it to work, spamassassin needs to be run like this: /usr/local/bin/spamc -u $RECIPIENT My question is, how is spamc started with mailscanner? Is it possible to use a database for user preferences in spamassassin with mailscanner? -- Jody Cleveland (cleveland@mail.winnefox.org) From dean.plant at ROKE.CO.UK Tue Jun 10 15:50:08 2003 From: dean.plant at ROKE.CO.UK (Plant, Dean) Date: Thu Jan 12 21:18:28 2006 Subject: Notify only local senders Message-ID: Should the Notify Senders not be: From: yourdomain.com yes FromOrTo: default no Dean Plant -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: 10 June 2003 14:57 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Notify only local senders At 13:04 10/06/2003, you wrote: >I've been scanning the mail arcive for some time now. At last I found the >function I've been looking for. > >I want to notify only local senders. > > Outside ->in notify postmaster, local recipient. No external senders >notified. Set Notify Senders = /etc/MailScanner/rules/notify.senders.rules and then put this in it: To: yourdomain.com yes FromOrTo: default no > Inside -> out notify local sender, postmaster, no external recipients >notified. Set Deliver Cleaned Messages = /etc/MailScanner/rules/deliver.cleaned.rules and then put this in it To: yourdomain.com yes FromOrTo: default no You could even put both of those rulesets in the same file if you like, but I would keep them separate for clarity. Should do what you want. >The problem is I dont know how to use it, probobly simpel but I'm a newbee >whith MS..... Please help some one.... > >I'm using RH 8, Postfix & MS 4.20 > >(The orig mail thred is from last summer, 25 Jun. Subject: Notify Senders) -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support -------------- next part -------------- Registered Office: Roke Manor Research Ltd, Siemens House, Oldbury, Bracknell, Berkshire. RG12 8FZ The information contained in this e-mail and any attachments is confidential to Roke Manor Research Ltd and must not be passed to any third party without permission. This communication is for information only and shall not create or change any contractual relationship. From mailscanner at ecs.soton.ac.uk Tue Jun 10 16:25:25 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:28 2006 Subject: No subject In-Reply-To: <84CFA712F666B44A94CE6BE116BAF4B0B4E9D8@mail.winnefox.org> Message-ID: <5.2.0.9.2.20030610161200.04b44038@imap.ecs.soton.ac.uk> This won't work with MailScanner, as MailScanner doesn't use "spamc" (it's slow), and it is always run as the same user. You can fairly easily add code to MailScanner (see CustomConfig.pm) to read per-user settings from a SQL database. There will shortly be some code appearing to do this which you will just be able to use without playing around at all. In the mean time, I might be able to find you some, but it isn't polished yet. At 15:47 10/06/2003, you wrote: >Hello, > >I'm running the current version of MailScanner, along with 2.55 of >SpamAssassin. I'm trying to get spamassassin to use a mySQL database for >user preferences. I followed the instructions on the SpamAssassin web >site for setting that up, and added what they said to the local.cf file. >It doesn't seem to be working. > >I was told in order for it to work, spamassassin needs to be run like >this: >/usr/local/bin/spamc -u $RECIPIENT > >My question is, how is spamc started with mailscanner? Is it possible to >use a database for user preferences in spamassassin with mailscanner? > > >-- >Jody Cleveland >(cleveland@mail.winnefox.org) -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From TGFurnish at HERFF-JONES.COM Tue Jun 10 16:47:55 2003 From: TGFurnish at HERFF-JONES.COM (Furnish, Trever G) Date: Thu Jan 12 21:18:28 2006 Subject: f-prot's new mailbox licensing model Message-ID: <5D8D9455134FD211AE4900A0C9DED11E0AFDDBAC@indy1ntm.herffjones.hj-int> Actually, the impression I had was that Rishi may already have antivirus scanning elsewhere. Whether he does or not, that's the situation I'm concerned with - I want to filter spam ONLY, as an incoming relay for a set of destination servers that already have their own antivirus software installed. I'm evaluating options at this point, for a spam filter - are there any features that the mailscanner+spamassassin combo has beyond what spamassassin has on its own? I suppose there's really not much point in this message - I'm going to try mailscanner regardless - but if anyone is of the oppinion that mailscanner+spamassassin isn't worth the additional effort versus just spamassassin unless it's used for antivirus stuff, then I'd appreciate hearing that (even off list). -----Original Message----- From: Spicer, Kevin [mailto:Kevin.Spicer@BMRB.CO.UK] Sent: Tuesday, June 10, 2003 6:47 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: f-prot's new mailbox licensing model > Is this a good idea? No > Also, can it be done? Yes IMHO The costs of virus scanning (from one of the cheaper vendors) are considerably less than the impact in terms of support time and lost productivity or just one mass mailing work getting through (been there, done that!). It could also be a difficult decision to justify later! Even running just Clam (which is free) will help (although they are not always up to date) BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From mailscanner at ecs.soton.ac.uk Tue Jun 10 17:06:16 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:28 2006 Subject: f-prot's new mailbox licensing model In-Reply-To: <5D8D9455134FD211AE4900A0C9DED11E0AFDDBAC@indy1ntm.herffjon es.hj-int> Message-ID: <5.2.0.9.2.20030610170234.0c696d38@imap.ecs.soton.ac.uk> I probably can't be regarded as being completely objective in this area, but I think most people will agree that deploying SpamAssassin by installing MailScanner is *much* easier than playing around with all the procmail/spamc/spamd setups that people get into trying to deploy SpamAssassin on its own. You can get it all up and running in about 10 minutes flat. If you don't want any filename checking or virus scanning at all, just set "Virus Scanning = no" in /etc/MailScanner/MailScanner.conf. To enable SpamAssassin (once you have installed it, and you don't need to set up spamc or spamd or anything like that), just set "Use SpamAssassin = yes" in MailScanner.conf. At 16:47 10/06/2003, you wrote: >Actually, the impression I had was that Rishi may already have antivirus >scanning elsewhere. > >Whether he does or not, that's the situation I'm concerned with - I want to >filter spam ONLY, as an incoming relay for a set of destination servers that >already have their own antivirus software installed. > >I'm evaluating options at this point, for a spam filter - are there any >features that the mailscanner+spamassassin combo has beyond what >spamassassin has on its own? I suppose there's really not much point in >this message - I'm going to try mailscanner regardless - but if anyone is of >the oppinion that mailscanner+spamassassin isn't worth the additional effort >versus just spamassassin unless it's used for antivirus stuff, then I'd >appreciate hearing that (even off list). > >-----Original Message----- >From: Spicer, Kevin [mailto:Kevin.Spicer@BMRB.CO.UK] >Sent: Tuesday, June 10, 2003 6:47 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: f-prot's new mailbox licensing model > > > > Is this a good idea? >No > > Also, can it be done? >Yes > >IMHO The costs of virus scanning (from one of the cheaper vendors) are >considerably less than the impact in terms of support time and lost >productivity or just one mass mailing work getting through (been there, done >that!). It could also be a difficult decision to justify later! > >Even running just Clam (which is free) will help (although they are not >always up to date) > > > >BMRB International >http://www.bmrb.co.uk >+44 (0)20 8566 5000 >_________________________________________________________________ >This message (and any attachment) is intended only for the >recipient and may contain confidential and/or privileged >material. If you have received this in error, please contact the >sender and delete this message immediately. Disclosure, copying >or other action taken in respect of this email or in >reliance on it is prohibited. BMRB International Limited >accepts no liability in relation to any personal emails, or >content of any email which does not directly relate to our >business. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From robibaro at ROBIBARO.COM Tue Jun 10 17:14:43 2003 From: robibaro at ROBIBARO.COM (E R) Date: Thu Jan 12 21:18:28 2006 Subject: No subject References: <5.2.0.9.2.20030610161200.04b44038@imap.ecs.soton.ac.uk> Message-ID: <3EE603F3.30600@robibaro.com> Would it be possible to get a copy of this code? One of my clients wants me to write him something similar, and I'm wondering where to start Julian Field wrote: > This won't work with MailScanner, as MailScanner doesn't use "spamc" > (it's > slow), and it is always run as the same user. > > You can fairly easily add code to MailScanner (see CustomConfig.pm) to > read > per-user settings from a SQL database. There will shortly be some code > appearing to do this which you will just be able to use without playing > around at all. > > In the mean time, I might be able to find you some, but it isn't > polished yet. > > At 15:47 10/06/2003, you wrote: > >> Hello, >> >> I'm running the current version of MailScanner, along with 2.55 of >> SpamAssassin. I'm trying to get spamassassin to use a mySQL database for >> user preferences. I followed the instructions on the SpamAssassin web >> site for setting that up, and added what they said to the local.cf file. >> It doesn't seem to be working. >> >> I was told in order for it to work, spamassassin needs to be run like >> this: >> /usr/local/bin/spamc -u $RECIPIENT >> >> My question is, how is spamc started with mailscanner? Is it possible to >> use a database for user preferences in spamassassin with mailscanner? >> >> >> -- >> Jody Cleveland >> (cleveland@mail.winnefox.org) > > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support From Cleveland at MAIL.WINNEFOX.ORG Tue Jun 10 17:18:22 2003 From: Cleveland at MAIL.WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:18:28 2006 Subject: No subject Message-ID: <84CFA712F666B44A94CE6BE116BAF4B0B4E9DD@mail.winnefox.org> > Would it be possible to get a copy of this code? One of my > clients wants me to write him something similar, and I'm > wondering where to start Me too! Jody From rishi at THEARGONCOMPANY.COM Tue Jun 10 17:21:51 2003 From: rishi at THEARGONCOMPANY.COM (Rishi Gangoly) Date: Thu Jan 12 21:18:28 2006 Subject: f-prot's new mailbox licensing model In-Reply-To: <5.2.0.9.2.20030610170234.0c696d38@imap.ecs.soton.ac.uk> References: <5.2.0.9.2.20030610170234.0c696d38@imap.ecs.soton.ac.uk> Message-ID: <200306102151.51947.rishi@theargoncompany.com> On Tuesday 10 Jun 2003 9:36 pm, you wrote: > I probably can't be regarded as being completely objective in this area, > but I think most people will agree that deploying SpamAssassin by > installing MailScanner is *much* easier than playing around with all the > procmail/spamc/spamd setups that people get into trying to deploy > SpamAssassin on its own. You can get it all up and running in about 10 > minutes flat. I have to second this and agree with Julian here. However, I'd like to add one warning: Do not to try and use the SpamAssasin RPM. Just use the tar.gz from their website. The RPM led to a lot of problems on my Cobalt RaQ550 server. The tar.gz worked just fine. Regards Rishi From maxsec at TOTALISE.CO.UK Tue Jun 10 17:25:15 2003 From: maxsec at TOTALISE.CO.UK (Martin Hepworth) Date: Thu Jan 12 21:18:28 2006 Subject: disclaimer mail rules syntax error Message-ID: <3EE6066B.4000801@totalise.co.uk> Hi guys Ok the config continues.... I'm trying to addin a stddislaimer.h to outbound email only. SO I edit Mailscanner.conf and put in .. Inline HTML Signature = /opt/MailScanner/etc/rules/sig.text.rules Inline Text Signature = /opt/MailScanner/etc/rules/sig.text.rules in /opt/MailScanner/etc/rules/sig.text.rules I have.. From: *@mydomain.com /opt/Mailscanner/etc/reports/ssl.sig.txt But MS complains about a syntax error. What have I done wrong...?? -- martin From ragan_davis at COLSTATE.EDU Tue Jun 10 17:37:13 2003 From: ragan_davis at COLSTATE.EDU (Mack Ragan) Date: Thu Jan 12 21:18:28 2006 Subject: ran df2mbox -- now what? Message-ID: Thanks, Chris. That method works really well, and should come in very handy and save tons of time. Now I'm gonna try to figure out a way to provide on-campus users with a web interface to the stored messages. Any ideas on this are welcomed. I'm gonna try to do something from scratch though. thanks again, mack From richard_cipher at YAHOO.COM Tue Jun 10 17:33:56 2003 From: richard_cipher at YAHOO.COM (Evert Ford) Date: Thu Jan 12 21:18:28 2006 Subject: f-prot's new mailbox licensing model In-Reply-To: <5.2.0.9.2.20030610170234.0c696d38@imap.ecs.soton.ac.uk> Message-ID: <000401c32f6e$170ad600$3401a8c0@eford001> Julian gave you his non-objective opinion. Here is my opinion: I am running Redhat 7.2 with the latest version of Mailscanner, and spammassassin 2.54 and f-prot 3.13 My original setup of spamassassin with procmail took me about 2 hours to get working. On top of that, I had to spend time tweaking procmail and sendmail for whitelisting and blacklisting. I would say total time was 4 hours. It took me 15 minutes to get MS+spamassassin+f-prot up and running, including the time needed to tweak the config files. Even if virus-scanning were done elsewhere, what would it hurt to use a setup like this with ClamAV instead of f-prot? "Free" and "Open Source" are beautiful things. Evert Ford General-Purpose Computer Guy Westone Laboratories -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Julian Field Sent: Tuesday, June 10, 2003 10:06 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: f-prot's new mailbox licensing model I probably can't be regarded as being completely objective in this area, but I think most people will agree that deploying SpamAssassin by installing MailScanner is *much* easier than playing around with all the procmail/spamc/spamd setups that people get into trying to deploy SpamAssassin on its own. You can get it all up and running in about 10 minutes flat. If you don't want any filename checking or virus scanning at all, just set "Virus Scanning = no" in /etc/MailScanner/MailScanner.conf. To enable SpamAssassin (once you have installed it, and you don't need to set up spamc or spamd or anything like that), just set "Use SpamAssassin = yes" in MailScanner.conf. At 16:47 10/06/2003, you wrote: >Actually, the impression I had was that Rishi may already have antivirus >scanning elsewhere. > >Whether he does or not, that's the situation I'm concerned with - I want to >filter spam ONLY, as an incoming relay for a set of destination servers that >already have their own antivirus software installed. > >I'm evaluating options at this point, for a spam filter - are there any >features that the mailscanner+spamassassin combo has beyond what >spamassassin has on its own? I suppose there's really not much point in >this message - I'm going to try mailscanner regardless - but if anyone is of >the oppinion that mailscanner+spamassassin isn't worth the additional effort >versus just spamassassin unless it's used for antivirus stuff, then I'd >appreciate hearing that (even off list). > >-----Original Message----- >From: Spicer, Kevin [mailto:Kevin.Spicer@BMRB.CO.UK] >Sent: Tuesday, June 10, 2003 6:47 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: f-prot's new mailbox licensing model > > > > Is this a good idea? >No > > Also, can it be done? >Yes > >IMHO The costs of virus scanning (from one of the cheaper vendors) are >considerably less than the impact in terms of support time and lost >productivity or just one mass mailing work getting through (been there, done >that!). It could also be a difficult decision to justify later! > >Even running just Clam (which is free) will help (although they are not >always up to date) > > > >BMRB International >http://www.bmrb.co.uk >+44 (0)20 8566 5000 >_________________________________________________________________ >This message (and any attachment) is intended only for the >recipient and may contain confidential and/or privileged >material. If you have received this in error, please contact the >sender and delete this message immediately. Disclosure, copying >or other action taken in respect of this email or in >reliance on it is prohibited. BMRB International Limited >accepts no liability in relation to any personal emails, or >content of any email which does not directly relate to our >business. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.483 / Virus Database: 279 - Release Date: 5/19/03 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.483 / Virus Database: 279 - Release Date: 5/19/03 From mbowman at UDCOM.COM Tue Jun 10 17:46:11 2003 From: mbowman at UDCOM.COM (Matthew Bowman) Date: Thu Jan 12 21:18:28 2006 Subject: f-prot's new mailbox licensing model Message-ID: Agreed 15 minues to setup MS+SA+F-prot with tweaks. To carry on this conversation... I think of it more as 'lines of defence' 1st line - E-mail Gateway (running MailScanner/SpamAssassin/F-Prot) 2nd line - Client's PCs Having a AV solution with MailScanner hasn't hampered e-mail flow. If I were a client I would prefer my ISP to handle dodgy e-mail, especially if I'm paying hosting. Just my 2 pence --- Matthew K Bowman Systems Administrator, UDCom From mailscanner at ecs.soton.ac.uk Tue Jun 10 17:52:51 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:28 2006 Subject: disclaimer mail rules syntax error In-Reply-To: <3EE6066B.4000801@totalise.co.uk> Message-ID: <5.2.1.1.2.20030610175233.025cbd78@imap.ecs.soton.ac.uk> Does the maillog give any detail about where the syntax error is? At 17:25 10/06/2003, you wrote: >Hi guys > >Ok the config continues.... > >I'm trying to addin a stddislaimer.h to outbound email only. SO I edit >Mailscanner.conf and put in .. > >Inline HTML Signature = /opt/MailScanner/etc/rules/sig.text.rules >Inline Text Signature = /opt/MailScanner/etc/rules/sig.text.rules > > >in /opt/MailScanner/etc/rules/sig.text.rules I have.. > > >From: *@mydomain.com /opt/Mailscanner/etc/reports/ssl.sig.txt > > >But MS complains about a syntax error. What have I done wrong...?? > >-- >martin -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From maxsec at TOTALISE.CO.UK Tue Jun 10 17:58:18 2003 From: maxsec at TOTALISE.CO.UK (Martin Hepworth) Date: Thu Jan 12 21:18:28 2006 Subject: disclaimer mail rules syntax error In-Reply-To: <5.2.1.1.2.20030610175233.025cbd78@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030610175233.025cbd78@imap.ecs.soton.ac.uk> Message-ID: <3EE60E2A.8050109@totalise.co.uk> Julian Jun 10 17:20:06 soloman MailScanner[327]: Could not read file /opt/Mailscanner/etc/reports/ssl.sig.txt Jun 10 17:20:06 soloman MailScanner[327]: Syntax error in line 1 of ruleset file /opt/MailScanner/etc/rules/sig.text.rules for keyword inlinehtmlsig file is global read-able.. -- Martinh Julian Field wrote: > Does the maillog give any detail about where the syntax error is? > > At 17:25 10/06/2003, you wrote: > >> Hi guys >> >> Ok the config continues.... >> >> I'm trying to addin a stddislaimer.h to outbound email only. SO I edit >> Mailscanner.conf and put in .. >> >> Inline HTML Signature = /opt/MailScanner/etc/rules/sig.text.rules >> Inline Text Signature = /opt/MailScanner/etc/rules/sig.text.rules >> >> >> in /opt/MailScanner/etc/rules/sig.text.rules I have.. >> >> >> From: *@mydomain.com /opt/Mailscanner/etc/reports/ssl.sig.txt >> >> >> But MS complains about a syntax error. What have I done wrong...?? >> >> -- >> martin > > > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Tue Jun 10 18:03:58 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:28 2006 Subject: disclaimer mail rules syntax error In-Reply-To: <3EE60E2A.8050109@totalise.co.uk> References: <5.2.1.1.2.20030610175233.025cbd78@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030610175233.025cbd78@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030610180335.025e6ec8@imap.ecs.soton.ac.uk> At 17:58 10/06/2003, you wrote: >Julian > >Jun 10 17:20:06 soloman MailScanner[327]: Could not read file >/opt/Mailscanner/etc/reports/ssl.sig.txt Lower-case "s" in Mailscanner. >Jun 10 17:20:06 soloman MailScanner[327]: Syntax error in line 1 of >ruleset file /opt/MailScanner/etc/rules/sig.text.rules for keyword >inlinehtmlsig > > >file is global read-able.. > >-- >Martinh > >Julian Field wrote: >>Does the maillog give any detail about where the syntax error is? >> >>At 17:25 10/06/2003, you wrote: >> >>>Hi guys >>> >>>Ok the config continues.... >>> >>>I'm trying to addin a stddislaimer.h to outbound email only. SO I edit >>>Mailscanner.conf and put in .. >>> >>>Inline HTML Signature = /opt/MailScanner/etc/rules/sig.text.rules >>>Inline Text Signature = /opt/MailScanner/etc/rules/sig.text.rules >>> >>> >>>in /opt/MailScanner/etc/rules/sig.text.rules I have.. >>> >>> >>>From: *@mydomain.com /opt/Mailscanner/etc/reports/ssl.sig.txt >>> >>> >>>But MS complains about a syntax error. What have I done wrong...?? >>> >>>-- >>>martin >> >> >>-- >>Julian Field >>www.MailScanner.info >>Professional Support Services at www.MailScanner.biz >>MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From nejc.skoberne at guest.arnes.si Tue Jun 10 18:13:15 2003 From: nejc.skoberne at guest.arnes.si (Nejc Skoberne) Date: Thu Jan 12 21:18:28 2006 Subject: Strange postfix messages [OT?] Message-ID: <1743362120.20030610191315@guest.arnes.si> Hi. When receiving mail, my log looks like this: Jun 10 19:10:43 Illusion postfix/smtpd[22901]: connect from rigljica.arnes.si[193.2.1.82] Jun 10 19:10:43 Illusion postfix/smtpd[22901]: 51A1DDF884: client=rigljica.arnes.si[193.2.1.82] Jun 10 19:10:43 Illusion postfix/cleanup[22903]: 51A1DDF884: message-id=<867590449.20030610191035@guest.arnes.si> Jun 10 19:10:43 Illusion postfix/smtpd[22901]: disconnect from rigljica.arnes.si[193.2.1.82] Jun 10 19:10:43 Illusion postfix/qmgr[22846]: 51A1DDF884: from=, size=1120, nrcpt=1 (queue active) Jun 10 19:10:43 Illusion postfix/qmgr[22846]: 51A1DDF884: to=, relay=none, delay=0, status=deferred (deferred transport) Jun 10 19:10:45 Illusion MailScanner[22865]: Postfix queue structure is depth 1 Jun 10 19:10:46 Illusion MailScanner[22860]: Postfix queue structure is depth 1 Jun 10 19:10:48 Illusion MailScanner[22871]: Postfix queue structure is depth 1 Jun 10 19:10:48 Illusion MailScanner[22866]: Postfix queue structure is depth 1 Jun 10 19:10:48 Illusion MailScanner[22871]: New Batch: Scanning 1 messages, 1471 bytes Jun 10 19:10:49 Illusion MailScanner[22871]: Spam Checks: Starting Jun 10 19:10:54 Illusion MailScanner[22863]: Postfix queue structure is depth 1 Jun 10 19:11:05 Illusion ipop3d[22910]: pop3 service init from 192.168.12.4 Jun 10 19:11:05 Illusion ipop3d[22910]: Login user=nejko host=[192.168.12.4] nmsgs=0/0 Jun 10 19:11:05 Illusion ipop3d[22910]: Logout user=nejko host=[192.168.12.4] nmsgs=0 ndele=0 Jun 10 19:11:14 Illusion MailScanner[22871]: Virus and Content Scanning: Starting Jun 10 19:11:16 Illusion MailScanner[22871]: Uninfected: Delivered 1 messages Jun 10 19:11:16 Illusion postfix/qmgr[22766]: 8C37FDF885: from=, size=1226, nrcpt=2 (queue active) Jun 10 19:11:16 Illusion postfix/local[22917]: 8C37FDF885: to=, orig_to=, relay=local, delay=33, status=sent (mailbox) I am wondering what "Postfix queue structure is depth 1" means? Maybe this is not MailScanner problem at all, but Google says completely nothing about this. Is this somethink like an error? -- Nejc Skoberne Grajska 5 SI-5220 Tolmin E-mail: nejc.skoberne@guest.arnes.si From mailscanner at ecs.soton.ac.uk Tue Jun 10 18:18:23 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:28 2006 Subject: Strange postfix messages [OT?] In-Reply-To: <1743362120.20030610191315@guest.arnes.si> Message-ID: <5.2.1.1.2.20030610181715.0281fea8@imap.ecs.soton.ac.uk> At 18:13 10/06/2003, you wrote: >Hi. > >When receiving mail, my log looks like this: > >Jun 10 19:10:43 Illusion postfix/smtpd[22901]: connect from >rigljica.arnes.si[193.2.1.82] >Jun 10 19:10:43 Illusion postfix/smtpd[22901]: 51A1DDF884: >client=rigljica.arnes.si[193.2.1.82] >Jun 10 19:10:43 Illusion postfix/cleanup[22903]: 51A1DDF884: >message-id=<867590449.20030610191035@guest.arnes.si> >Jun 10 19:10:43 Illusion postfix/smtpd[22901]: disconnect from >rigljica.arnes.si[193.2.1.82] >Jun 10 19:10:43 Illusion postfix/qmgr[22846]: 51A1DDF884: >from=, size=1120, nrcpt=1 (queue active) >Jun 10 19:10:43 Illusion postfix/qmgr[22846]: 51A1DDF884: >to=, relay=none, delay=0, status=deferred (deferred >transport) >Jun 10 19:10:45 Illusion MailScanner[22865]: Postfix queue structure is >depth 1 >Jun 10 19:10:46 Illusion MailScanner[22860]: Postfix queue structure is >depth 1 >Jun 10 19:10:48 Illusion MailScanner[22871]: Postfix queue structure is >depth 1 >Jun 10 19:10:48 Illusion MailScanner[22866]: Postfix queue structure is >depth 1 >Jun 10 19:10:48 Illusion MailScanner[22871]: New Batch: Scanning 1 >messages, 1471 bytes >Jun 10 19:10:49 Illusion MailScanner[22871]: Spam Checks: Starting >Jun 10 19:10:54 Illusion MailScanner[22863]: Postfix queue structure is >depth 1 >Jun 10 19:11:05 Illusion ipop3d[22910]: pop3 service init from 192.168.12.4 >Jun 10 19:11:05 Illusion ipop3d[22910]: Login user=nejko >host=[192.168.12.4] nmsgs=0/0 >Jun 10 19:11:05 Illusion ipop3d[22910]: Logout user=nejko >host=[192.168.12.4] nmsgs=0 ndele=0 >Jun 10 19:11:14 Illusion MailScanner[22871]: Virus and Content Scanning: >Starting >Jun 10 19:11:16 Illusion MailScanner[22871]: Uninfected: Delivered 1 messages >Jun 10 19:11:16 Illusion postfix/qmgr[22766]: 8C37FDF885: >from=, size=1226, nrcpt=2 (queue active) >Jun 10 19:11:16 Illusion postfix/local[22917]: 8C37FDF885: >to=, orig_to=, relay=local, >delay=33, status=sent (mailbox) > >I am wondering what "Postfix queue structure is depth 1" means? Maybe >this is not MailScanner problem at all, but Google says completely >nothing about this. Is this somethink like an error? It's a bit of status output from MailScanner as it works out what version of Postfix you are running. Feel free to ignore it. I might take it out in a future release, but it was very handy while I was getting the Postfix code working. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From Cleveland at MAIL.WINNEFOX.ORG Tue Jun 10 19:44:00 2003 From: Cleveland at MAIL.WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:18:28 2006 Subject: Possible to have MailScanner use SA database? Message-ID: <84CFA712F666B44A94CE6BE116BAF4B0B4E9E1@mail.winnefox.org> Hello, I'm trying to setup a database for SpamAssassin for individual user preferences. I just realized that with how MailScanner calls sa, I don't think that's possible. Is there a way to tell MS to use that database for individual user preferences? -- Jody Cleveland (cleveland@mail.winnefox.org) From ryanb at AACRAO.ORG Tue Jun 10 19:48:16 2003 From: ryanb at AACRAO.ORG (Bingham, Ryan) Date: Thu Jan 12 21:18:28 2006 Subject: Possible to have MailScanner use SA database? Message-ID: To save Julian some work, here's his response to a similar question posted about three hours ago: Julian wrote: > This won't work with MailScanner, as MailScanner > doesn't use "spamc" (it's slow), and it is always > run as the same user. > You can fairly easily add code to MailScanner > (see CustomConfig.pm) to read per-user settings > from a SQL database. There will shortly be some code > appearing to do this which you will just be able > to use without playing around at all. > In the mean time, I might be able to find you some, > but it isn't polished yet. -----Original Message----- From: Jody Cleveland [mailto:Cleveland@MAIL.WINNEFOX.ORG] Sent: Tuesday, June 10, 2003 2:44 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Possible to have MailScanner use SA database? Hello, I'm trying to setup a database for SpamAssassin for individual user preferences. I just realized that with how MailScanner calls sa, I don't think that's possible. Is there a way to tell MS to use that database for individual user preferences? -- Jody Cleveland (cleveland@mail.winnefox.org) From rishi at THEARGONCOMPANY.COM Tue Jun 10 19:36:41 2003 From: rishi at THEARGONCOMPANY.COM (Rishi Gangoly) Date: Thu Jan 12 21:18:28 2006 Subject: f-prot's new mailbox licensing model In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0EBF63C@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB0EBF63C@pascal.priv.bmrb.co.uk> Message-ID: <200306110006.41984.rishi@theargoncompany.com> On Tuesday 10 Jun 2003 5:17 pm, you wrote: > Even running just Clam (which is free) will help (although they are not > always up to date) What happens when two or more AV scanners are used? Are both used OR if the first AV scanner (f-prot) detects a virus will the second AV scanner not be used? Has anyone deployed CLAM and are happy with the results? Does the "Silent Viruses =" feature work with clam? Regards -- Rishi Gangoly Manager - Technical Operations The Argon Company Phone: +91-22-56361313 From michele at BLACKNIGHTSOLUTIONS.COM Tue Jun 10 20:03:16 2003 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: BlacknightSolutions) Date: Thu Jan 12 21:18:28 2006 Subject: Panda frustration In-Reply-To: <011001c32ef2$fd4c5f70$6f01a8c0@Laptop1> Message-ID: <200306101903.h5AJ3FB30833@camelot.blacknightsolutions.com> I'm still waiting! Mr. Michele Neylon Blacknight Solutions http://www.blacknightsolutions.com/ > > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Sanjay Patel > Sent: 10 June 2003 03:53 > To: MAILSCANNER@JISCMAIL.AC.UK > > you should get a e-mail within 24hrs from them. > > -SKP > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Michele > Neylon :: BlacknightSolutions > Sent: Monday, June 09, 2003 7:58 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Panda frustration > > > OK. Now I am annoyed. > > Although the Panda software site clearly states command line > scanning for linux and win32 after purchasing the download is > win32 binary. So, I download the linux version, which seems > to be the same thing. It works fine with our fresh install of > MailScanner. Now to update... BIG problem! The command line > version does not contain an activation code in the email, so > registering on the website is impossible, and getting updates > is only possible via the website, so I can't update > > Any ideas????? > > Mr. Michele Neylon > Blacknight Solutions > http://www.blacknightsolutions.com/ > > > > > This message (and any attachment) is intended only for the > recipient and may contain confidential and/or privileged > material. If you have received this in error, please contact > the sender and delete this message immediately. > Disclosure, copying or other action taken in respect of this > email or in reliance on it is prohibited. > > ######################################################### This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance to it is prohibited. From maxsec at TOTALISE.CO.UK Tue Jun 10 20:03:23 2003 From: maxsec at TOTALISE.CO.UK (Martin Hepworth) Date: Thu Jan 12 21:18:28 2006 Subject: disclaimer mail rules syntax error In-Reply-To: <5.2.1.1.2.20030610180335.025e6ec8@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030610175233.025cbd78@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030610175233.025cbd78@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030610180335.025e6ec8@imap.ecs.soton.ac.uk> Message-ID: <3EE62B7B.6060604@totalise.co.uk> Julian Field wrote: > At 17:58 10/06/2003, you wrote: > >> Julian >> >> Jun 10 17:20:06 soloman MailScanner[327]: Could not read file >> /opt/Mailscanner/etc/reports/ssl.sig.txt > > > Lower-case "s" in Mailscanner. > D'oh (thud, thud) -- sound of head against brick wall... :-) Thanks Julian, sometimes ya get too close to the problem.. -- Martin From mailscanner at ecs.soton.ac.uk Tue Jun 10 20:05:38 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:28 2006 Subject: f-prot's new mailbox licensing model In-Reply-To: <200306110006.41984.rishi@theargoncompany.com> References: <5C0296D26910694BB9A9BBFC577E7AB0EBF63C@pascal.priv.bmrb.co.uk> <5C0296D26910694BB9A9BBFC577E7AB0EBF63C@pascal.priv.bmrb.co.uk> Message-ID: <5.2.1.1.2.20030610200458.02581e40@imap.ecs.soton.ac.uk> At 19:36 10/06/2003, you wrote: >On Tuesday 10 Jun 2003 5:17 pm, you wrote: > > Even running just Clam (which is free) will help (although they are not > > always up to date) > >What happens when two or more AV scanners are used? > >Are both used OR if the first AV scanner (f-prot) detects a virus will the >second AV scanner not be used? They are always all used. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From raymond at PROLOCATION.NET Tue Jun 10 20:13:57 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:28 2006 Subject: f-prot's new mailbox licensing model In-Reply-To: <200306110006.41984.rishi@theargoncompany.com> Message-ID: Hi! > What happens when two or more AV scanners are used? Both are used. > Are both used OR if the first AV scanner (f-prot) detects a virus will the > second AV scanner not be used? Both. > Has anyone deployed CLAM and are happy with the results? > > Does the "Silent Viruses =" feature work with clam? Yes yes. Thats got nothing to do with Clam, but with MS. Bye, Raymond. From forrie at FORRIE.COM Tue Jun 10 20:14:27 2003 From: forrie at FORRIE.COM (Forrest Aldrich) Date: Thu Jan 12 21:18:28 2006 Subject: OT (general interest): RAV antivirus In-Reply-To: <5.2.1.1.2.20030610200458.02581e40@imap.ecs.soton.ac.uk> References: <200306110006.41984.rishi@theargoncompany.com> <5C0296D26910694BB9A9BBFC577E7AB0EBF63C@pascal.priv.bmrb.co.uk> <5C0296D26910694BB9A9BBFC577E7AB0EBF63C@pascal.priv.bmrb.co.uk> Message-ID: <5.2.1.1.2.20030610151247.06410da8@192.168.1.1> This may be of general interest... I just received an email from RAV, indicating some acquisition of their technology by Microsoft. This probably means more scanners for the MS platform. Forrest === snippet === Dear RAV User, As you are aware, we at RAV have always maintained that our antivirus technology is amongst the best available. This is now testified by a recent announcement by Microsoft Corporation on acquiring our technology. More information about this is available at www.ravantivirus.com and at www.microsoft.com From Cleveland at MAIL.WINNEFOX.ORG Tue Jun 10 20:31:27 2003 From: Cleveland at MAIL.WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:18:28 2006 Subject: Possible to have MailScanner use SA database? Message-ID: <84CFA712F666B44A94CE6BE116BAF4B0B4E9E7@mail.winnefox.org> > To save Julian some work, here's his response to a similar > question posted about three hours ago: Sorry about that. Since that subject thread didn't have a subject, I had completely overlooked it. Do you know if it's possible to have a web interface so that users can add things to their own whitelist? Jody From dwinkler at ALGORITHMICS.COM Tue Jun 10 22:50:05 2003 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:18:28 2006 Subject: OT (general interest): RAV antivirus Message-ID: <06EE2C86D3DAD5119A6C0060943F3C97055E6FFD@tormail1.algorithmics.com> Microsoft is going to discontinue all of their products. More for Microsoft less for *nix. -----Original Message----- From: Forrest Aldrich [mailto:forrie@forrie.com] Sent: Tuesday, June 10, 2003 3:14 PM To: MAILSCANNER@jiscmail.ac.uk Subject: OT (general interest): RAV antivirus This may be of general interest... I just received an email from RAV, indicating some acquisition of their technology by Microsoft. This probably means more scanners for the MS platform. Forrest === snippet === Dear RAV User, As you are aware, we at RAV have always maintained that our antivirus technology is amongst the best available. This is now testified by a recent announcement by Microsoft Corporation on acquiring our technology. More information about this is available at www.ravantivirus.com and at www.microsoft.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030610/7510c6b2/attachment.html From brose at MED.WAYNE.EDU Tue Jun 10 23:13:20 2003 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:18:28 2006 Subject: Feature request for next version??? Message-ID: Can MS run virus checks first before Spam checks and if the message is infected, not Spam check it if MS is configured to delete or quaranteen? Virus checking is faster than spam checking but since the Spamassassin checks run first, it has been detecting these virus created messages based on Razor or DCC reports as Spam. Granted the stuff is still being caught but at a performance cost. -=Bobby -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030610/bf221c8c/attachment.html From mikew at CRUCIS.NET Wed Jun 11 01:19:07 2003 From: mikew at CRUCIS.NET (Mike Watson) Date: Thu Jan 12 21:18:28 2006 Subject: f-prot's new mailbox licensing model In-Reply-To: <000401c32f6e$170ad600$3401a8c0@eford001> References: <000401c32f6e$170ad600$3401a8c0@eford001> Message-ID: <200306101919.11081.mikew@crucis.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday 10 June 2003 11:33 am, you wrote: > Julian gave you his non-objective opinion. Here is my opinion: > I am running Redhat 7.2 with the latest version of Mailscanner, and > spammassassin 2.54 and f-prot 3.13 > > My original setup of spamassassin with procmail took me about 2 hours > to get working. On top of that, I had to spend time tweaking > procmail and sendmail for whitelisting and blacklisting. I would say > total time was 4 hours. > > It took me 15 minutes to get MS+spamassassin+f-prot up and running, > including the time needed to tweak the config files. > > Even if virus-scanning were done elsewhere, what would it hurt to use > a setup like this with ClamAV instead of f-prot? "Free" and "Open > Source" are beautiful things. > > Evert Ford > General-Purpose Computer Guy > Westone Laboratories > For one, F-Prot clean, disinfects, or quarantines emails with virus when found. All ClamAV does is report it. Mike W - -- Registered Linux - 256979 NRA Life ARS: W0TMW -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+5nV+5fq6h2uDDlQRAkFEAJ9x+dn2YAPJQTQ0/Dhct/n7q6vyvwCgigyC PyT+fZ0iQfQ3okj+ZBsA8+k= =8af9 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by F-Prot and MailScanner, and is believed to be clean. From mikew at CRUCIS.NET Wed Jun 11 01:21:55 2003 From: mikew at CRUCIS.NET (Mike Watson) Date: Thu Jan 12 21:18:29 2006 Subject: f-prot's new mailbox licensing model In-Reply-To: References: Message-ID: <200306101921.55918.mikew@crucis.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday 10 June 2003 02:13 pm, you wrote: > Hi! > > > What happens when two or more AV scanners are used? > > Both are used. > > > Are both used OR if the first AV scanner (f-prot) detects a virus > > will the second AV scanner not be used? > > Both. > > > Has anyone deployed CLAM and are happy with the results? > > > > Does the "Silent Viruses =" feature work with clam? > > Yes yes. Thats got nothing to do with Clam, but with MS. > > Bye, > Raymond. Julian, when you have more than one anti-virus, what order are they used? In the order listed in the config file? Mike W - -- Registered Linux - 256979 NRA Life ARS: W0TMW -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+5nYj5fq6h2uDDlQRAh9QAKCG5UcCN9sU/DyjDMe7Z/XqWlvjRACgwf5I L0uYMy1Pzkg2WxLCEka8pSg= =pqfO -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by F-Prot and MailScanner, and is believed to be clean. From rsiagian at prismasoftsolusi.com Wed Jun 11 01:59:26 2003 From: rsiagian at prismasoftsolusi.com (Rachmad Siagian) Date: Thu Jan 12 21:18:29 2006 Subject: Problems Installing Mailscanner 4.21.9 Message-ID: <000001c32fb5$7ca28e80$0100007f@enterprise> Hi, I'm trying to install Mailscanner 4.21.9 on a Redhat 6.2 but have hit problems. I have managed to run Update-MakeMaker.sh after installing FileSpec 0.82 and run install.sh again. After a lot of output on the screen, the program ended with: Installing tnef decoder error: failed dependencies: rpmlib(PayloadFilesHavePrefix) <= 4.0-1 is needed by tnef-1.1.4-sizelimi t1 rpmlib(CompressedFileNames) <= 3.0.4-1 is needed by tnef-1.1.4-sizelimit 1 Now to install MailScanner itself. error: failed dependencies: tnef >= 1.1.1 is needed by mailscanner-4.21-9 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 is needed by mailscanner-4.21-9 rpmlib(CompressedFileNames) <= 3.0.4-1 is needed by mailscanner-4.21-9 rpmlib(VersionedDependencies) <= 3.0.3-1 is needed by mailscanner-4.21-9 Please do not forget to kill your MailScanner version 3 processes before starting version 4. Any ideas? Cheers, Joe -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030611/28a67b00/attachment.html From ryanb at AACRAO.ORG Wed Jun 11 02:26:26 2003 From: ryanb at AACRAO.ORG (Ryan Bingham) Date: Thu Jan 12 21:18:29 2006 Subject: Possible to have MailScanner use SA database? References: <84CFA712F666B44A94CE6BE116BAF4B0B4E9E7@mail.winnefox.org> Message-ID: <001201c32fb8$7ac03290$f8240340@kh06s9> > Do you know if it's possible to have a web interface so that users can > add things to their own whitelist? > > Jody Hi Jody, There's been some talk on the list about this recently; I double-checked the archives and found some references to Webmin for MailScanner. Here's the MailScanner Webmin homepage: http://lushsoft.dyndns.org/mailscanner-webmin/ It looks like by default it's meant to administer global MailScanner settings, but one archive thread mentions being able to assign users in Webmin and letting them edit their own whitelist and blacklist rules. I've never used Webmin, though, so I'll shut up and invite other more knowledgeable people to jump in at this point. Hope that at least gets you started. Ryan From forrie at FORRIE.COM Wed Jun 11 04:50:03 2003 From: forrie at FORRIE.COM (Forrest Aldrich) Date: Thu Jan 12 21:18:29 2006 Subject: Possible to have MailScanner use SA database? In-Reply-To: <001201c32fb8$7ac03290$f8240340@kh06s9> References: <84CFA712F666B44A94CE6BE116BAF4B0B4E9E7@mail.winnefox.org> Message-ID: <5.2.1.1.2.20030610234843.064d6488@192.168.1.1> I've not used Webmin before, but I downloaded the Webmin MailScanner module (which is really a tar archive) and looked at it. It's a bunch of *.cgi scripts (perl, etc) -- so it could probably be easily broken down (with enough time and patience) to be a more generalized application. I personally would like to see something done in PHP - both for managing the server configurations and for individual users. Forrest At 09:26 PM 6/10/2003, Ryan Bingham wrote: > > Do you know if it's possible to have a web interface so that users can > > add things to their own whitelist? > > > > Jody > >Hi Jody, > >There's been some talk on the list about this recently; I double-checked the >archives and found some references to Webmin for MailScanner. Here's the >MailScanner Webmin homepage: > >http://lushsoft.dyndns.org/mailscanner-webmin/ > >It looks like by default it's meant to administer global MailScanner >settings, but one archive thread mentions being able to assign users in >Webmin and letting them edit their own whitelist and blacklist rules. > >I've never used Webmin, though, so I'll shut up and invite other more >knowledgeable people to jump in at this point. > >Hope that at least gets you started. > >Ryan From raymond at PROLOCATION.NET Wed Jun 11 06:57:53 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:29 2006 Subject: f-prot's new mailbox licensing model In-Reply-To: <200306101919.11081.mikew@crucis.net> Message-ID: Hi! > For one, F-Prot clean, disinfects, or quarantines emails with virus when > found. All ClamAV does is report it. Most worms are not even wanted to be cleaned i think, the time you could clean a virus is in my eyes past time. Bye, Raymond. From raymond at PROLOCATION.NET Wed Jun 11 06:58:32 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:29 2006 Subject: f-prot's new mailbox licensing model In-Reply-To: <200306101921.55918.mikew@crucis.net> Message-ID: Hi! > > > Does the "Silent Viruses =" feature work with clam? > > > > Yes yes. Thats got nothing to do with Clam, but with MS. > Julian, when you have more than one anti-virus, what order are they > used? In the order listed in the config file? Yes. Btw! It wont harm to simply try something for a change. Bye, Raymond. From Richard.Lush at HP.COM Wed Jun 11 08:14:36 2003 From: Richard.Lush at HP.COM (Lush, Richard) Date: Thu Jan 12 21:18:29 2006 Subject: Possible to have MailScanner use SA database? Message-ID: <13095CFC38D38E418844A18124E8EC7708778B@sdcexcea01.emea.cpqcorp.net> Hi All, The webmin module is just that, a group of perl cgi scripts for managing MailScanner. There is an option for editing the whitelists but it is a global whitelist, haven't tried creating user specific whitelists but I expect you could so this with a ruleset(?). If this is something that people want then I will look at adding it in to the module. I do have plans to create a standalone gui which will allow you to manage multiple MS servers - I'm looking at adding that functionality to the webmin module to. The new gui will be non-web based but I will notbe starting work on it until much later in the year. I'd love to hear from people as to what extra things they would like to see in front end. Please mail me on webmin@lushsoft.dyndns.org. There is a new version on the way which should (hopefully) be released this Friday. It does have a lot more functionality (ability to edit all rulesets is the main one). Forrest - I did try and email another reply but it is still being blocked. Richard Webmin module author http://lushsoft.dyndns.org/mailscanner-webmin -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Forrest Aldrich Sent: 11 June 2003 04:50 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Possible to have MailScanner use SA database? I've not used Webmin before, but I downloaded the Webmin MailScanner module (which is really a tar archive) and looked at it. It's a bunch of *.cgi scripts (perl, etc) -- so it could probably be easily broken down (with enough time and patience) to be a more generalized application. I personally would like to see something done in PHP - both for managing the server configurations and for individual users. Forrest At 09:26 PM 6/10/2003, Ryan Bingham wrote: > > Do you know if it's possible to have a web interface so that users > > can add things to their own whitelist? > > > > Jody > >Hi Jody, > >There's been some talk on the list about this recently; I >double-checked the archives and found some references to Webmin for >MailScanner. Here's the MailScanner Webmin homepage: > >http://lushsoft.dyndns.org/mailscanner-webmin/ > >It looks like by default it's meant to administer global MailScanner >settings, but one archive thread mentions being able to assign users in >Webmin and letting them edit their own whitelist and blacklist rules. > >I've never used Webmin, though, so I'll shut up and invite other more >knowledgeable people to jump in at this point. > >Hope that at least gets you started. > >Ryan From support at INVICTANET.CO.UK Wed Jun 11 09:56:20 2003 From: support at INVICTANET.CO.UK (InvictaNet Customer Support) Date: Thu Jan 12 21:18:29 2006 Subject: OT (general interest): RAV antivirus In-Reply-To: <06EE2C86D3DAD5119A6C0060943F3C97055E6FFD@tormail1.algorithmics.com> Message-ID: I tend to agree with Derek. I forsee Microsoft killing the non-windows versions within 6 months. Martyn Routley ----------------------------------------------------------------- InvictaNet - The Internet in Plain English, Guaranteed http://www.invictanet.co.uk martyn@support.invictanet.co.uk phone: 08707 440180 fax: 08707 440181 Ask us about our online Antivirus and Junk mail scanning service ----------------------------------------------------------------- -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Derek Winkler Sent: 10 June 2003 22:50 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: OT (general interest): RAV antivirus Microsoft is going to discontinue all of their products. More for Microsoft less for *nix. -----Original Message----- From: Forrest Aldrich [mailto:forrie@forrie.com] Sent: Tuesday, June 10, 2003 3:14 PM To: MAILSCANNER@jiscmail.ac.uk Subject: OT (general interest): RAV antivirus This may be of general interest... I just received an email from RAV, indicating some acquisition of their technology by Microsoft. This probably means more scanners for the MS platform. Forrest From rishi at THEARGONCOMPANY.COM Wed Jun 11 10:31:53 2003 From: rishi at THEARGONCOMPANY.COM (Rishi Gangoly) Date: Thu Jan 12 21:18:29 2006 Subject: f-prot's new mailbox licensing model In-Reply-To: References: Message-ID: <200306111501.53781.rishi@theargoncompany.com> On Tuesday 10 Jun 2003 5:17 pm, you wrote: > Naturally it CAN be done but i would stronlgy advice to keep running a > virus scanner also. If not f-prot then for example ClamAV... > > Bye, > Raymond. But what would happen if Clam AV or f-prot was not used? Wouldn't MailScanner catch / trap / quarantine all the viruses? The only viruses that would probably slip thru are macro viruses and those that are sent thru compressed files... correct? Or is there something else that may happen that I haven't thought of? Regards Rishi From raymond at PROLOCATION.NET Wed Jun 11 10:50:09 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:29 2006 Subject: f-prot's new mailbox licensing model In-Reply-To: <200306111501.53781.rishi@theargoncompany.com> Message-ID: Hi! > But what would happen if Clam AV or f-prot was not used? Wouldn't MailScanner > catch / trap / quarantine all the viruses? > > The only viruses that would probably slip thru are macro viruses and those > that are sent thru compressed files... correct? Or is there something else > that may happen that I haven't thought of? MS is NOT a virus scanner. That the filename rules catch some doesnt tell much. If you like to be secure, go for a virus scanner. Pretty simple. Bye, Raymond. From Kevin.Spicer at BMRB.CO.UK Wed Jun 11 10:52:15 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:18:29 2006 Subject: f-prot's new mailbox licensing model Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0A4AD9F@pascal.priv.bmrb.co.uk> > The only viruses that would probably slip thru are macro > viruses and those > that are sent thru compressed files... correct? Or is there > something else > that may happen that I haven't thought of? I'm firmly of the opinion that there is always something else that may happen that I haven't thought of! We don't know what the next exploit might be that gets exploited by virus writers. If you want to protect against all viruses without using a virus scanner then you should block all attachements and probably strip all html content too. Theres no telling for sure what attachements may have viruses in them. One example, theres a known vulnerability in Windows XP which can be exploited by a carefully constructed mp3 or wma file. Presumably that could be exploited by a virus writer, but who would have expected an mp3 file to contain a virus - its not even executable! BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From rishi at THEARGONCOMPANY.COM Wed Jun 11 11:25:24 2003 From: rishi at THEARGONCOMPANY.COM (Rishi Gangoly) Date: Thu Jan 12 21:18:29 2006 Subject: f-prot's new mailbox licensing model In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0A4AD9F@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB0A4AD9F@pascal.priv.bmrb.co.uk> Message-ID: <200306111555.24277.rishi@theargoncompany.com> On Wednesday 11 Jun 2003 3:22 pm, you wrote: > > The only viruses that would probably slip thru are macro > > viruses and those > > that are sent thru compressed files... correct? Or is there > > something else > > that may happen that I haven't thought of? > > I'm firmly of the opinion that there is always something else that may > happen that I haven't thought of! We don't know what the next exploit > might be that gets exploited by virus writers. If you want to protect > against all viruses without using a virus scanner then you should block all > attachements and probably strip all html content too. Theres no telling > for sure what attachements may have viruses in them. One example, theres a > known vulnerability in Windows XP which can be exploited by a carefully > constructed mp3 or wma file. Presumably that could be exploited by a virus > writer, but who would have expected an mp3 file to contain a virus - its > not even executable! WOW... now that I did not know. That is information that's of great value. Thanks a million Kevin. This was the kind of information I was looking for. Thanks Regards Rishi P.S. I'm glad I switched from Windows 98 to using Redhat 8.0 on my desktop. ;-) From o.pitzeier at UPTIME.AT Wed Jun 11 12:02:12 2003 From: o.pitzeier at UPTIME.AT (Oliver Pitzeier) Date: Thu Jan 12 21:18:29 2006 Subject: Black-/Whitelists in SQL Database (WAS: RE: SQL user options) In-Reply-To: <001501c32ebf$6a0109b0$0f11a8c0@pitzeier.priv.at> Message-ID: <001001c33008$e9c7e890$020b10ac@pitzeier.priv.at> Oliver Pitzeier wrote: > Julian Field wrote: > > At 20:03 09/06/2003, you wrote: [ ... ] > > >I just read, that it is possible to have user options in a SQL > > >database. I want to do that with whitelists, blacklists... > > > > > >How can I do that? And what other 'option' can be hold by a SQL > > >database? > > > > > >I would also need the possibility to have white-/blacklists on a > > >per-user-basis... > > > Take a look in CustomConfig.pm. There is per-user whitelist and > > blacklist code there, which will give you hints as to how to read > > config options from a SQL db. > > > > There will later be more code here to read data from SQL > > dbs, but not quite yet... > > I guessed such an answer... Not the one I hoped for, but it > means I have to get into MailScanner deeper. :-) OK. I did it. :-) I wrote some code (SQL_Backlist, SQL_Whitelist), which is - at least a bit - configurable trough variables in CustomConfig.pm. You can imagine what it does... Exactly what I wanted. :-) So... Is someone interessted in this code? Julian, you may add it - after investigating it - to the main tree!? I would be pleased to add more comments, add code that handles wildcards, and so on... If there are people who need those functions - else I let it as it is and just use it myself...... Best regards, Oliver PS: There is also a test-script, that can check if the database is set up correct and the data is read correct.... From Cleveland at MAIL.WINNEFOX.ORG Wed Jun 11 13:37:53 2003 From: Cleveland at MAIL.WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:18:29 2006 Subject: Black-/Whitelists in SQL Database (WAS: RE: SQL user options) Message-ID: <84CFA712F666B44A94CE6BE116BAF4B0B4E9ED@mail.winnefox.org> > OK. I did it. :-) I wrote some code (SQL_Backlist, > SQL_Whitelist), which is - at least a bit - configurable > trough variables in CustomConfig.pm. You can imagine what it > does... Exactly what I wanted. :-) > > So... Is someone interested in this code? I would love to have that. Thanks! -- Jody Cleveland (cleveland@mail.winnefox.org) From Cleveland at MAIL.WINNEFOX.ORG Wed Jun 11 13:45:08 2003 From: Cleveland at MAIL.WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:18:29 2006 Subject: Possible to have MailScanner use SA database? Message-ID: <84CFA712F666B44A94CE6BE116BAF4B0B4E9EE@mail.winnefox.org> > I personally would like to see something done in PHP - both > for managing the server configurations and for individual users. I'd have to say ditto on that. Ideally, I'd like a page users can go to, log in, and modify their white/ black lists. I know you can do it with spamassassin, so there's got to be a way with mailscanner. I'd rather stay away from webmin for users. That's the last place I want them. Jody From mbowman at UDCOM.COM Wed Jun 11 13:47:25 2003 From: mbowman at UDCOM.COM (Matthew Bowman) Date: Thu Jan 12 21:18:29 2006 Subject: Possible to have MailScanner use SA database? Message-ID: That is something I would be interested in to. Features: Admin Interface - Global rulesets - User Admin User Interface - Maintainance of white/black lists - Allowed filenames - Virus Notifications - Normal and High Scoring thresholds - Spam Actions --- Matthew K Bowman Systems Administrator, UDCom 174 Park Avenue West, Mansfield. Ohio 44902 Tel : 419-524-4330 Fax : 419-524-8757 Email : mbowman@udcom.com Web: http://www.udcom.com/ Jody Cleveland Sent by: MailScanner mailing list 06/11/2003 08:45 AM Please respond to MailScanner mailing list To: MAILSCANNER@JISCMAIL.AC.UK cc: Subject: Re: Possible to have MailScanner use SA database? > I personally would like to see something done in PHP - both > for managing the server configurations and for individual users. I'd have to say ditto on that. Ideally, I'd like a page users can go to, log in, and modify their white/ black lists. I know you can do it with spamassassin, so there's got to be a way with mailscanner. I'd rather stay away from webmin for users. That's the last place I want them. Jody From dwinkler at ALGORITHMICS.COM Wed Jun 11 13:48:43 2003 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:18:29 2006 Subject: OT (general interest): RAV antivirus Message-ID: <06EE2C86D3DAD5119A6C0060943F3C97055E6FFE@tormail1.algorithmics.com> Wasn't my opinion, Microsoft has stated this to the press. -----Original Message----- From: InvictaNet Customer Support [mailto:support@invictanet.co.uk] Sent: Wednesday, June 11, 2003 4:56 AM To: MAILSCANNER@jiscmail.ac.uk Subject: Re: OT (general interest): RAV antivirus I tend to agree with Derek. I forsee Microsoft killing the non-windows versions within 6 months. Martyn Routley ----------------------------------------------------------------- InvictaNet - The Internet in Plain English, Guaranteed http://www.invictanet.co.uk martyn@support.invictanet.co.uk phone: 08707 440180 fax: 08707 440181 Ask us about our online Antivirus and Junk mail scanning service ----------------------------------------------------------------- -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Derek Winkler Sent: 10 June 2003 22:50 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: OT (general interest): RAV antivirus Microsoft is going to discontinue all of their products. More for Microsoft less for *nix. -----Original Message----- From: Forrest Aldrich [mailto:forrie@forrie.com] Sent: Tuesday, June 10, 2003 3:14 PM To: MAILSCANNER@jiscmail.ac.uk Subject: OT (general interest): RAV antivirus This may be of general interest... I just received an email from RAV, indicating some acquisition of their technology by Microsoft. This probably means more scanners for the MS platform. Forrest -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030611/dcc5d98e/attachment.html From Cleveland at MAIL.WINNEFOX.ORG Wed Jun 11 13:53:57 2003 From: Cleveland at MAIL.WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:18:29 2006 Subject: Possible to have MailScanner use SA database? Message-ID: <84CFA712F666B44A94CE6BE116BAF4B0B4E9F1@mail.winnefox.org> > Features: > > Admin Interface > - Global rulesets > - User Admin > User Interface > - Maintainance of white/black lists > - Allowed filenames > - Virus Notifications > - Normal and High Scoring thresholds > - Spam Actions That's exactly everything I'd be looking for too. Unfortunately, I can't program, but I'd be willing to test anything someone made. -- Jody Cleveland (cleveland@mail.winnefox.org) From Richard.Lush at HP.COM Wed Jun 11 14:03:55 2003 From: Richard.Lush at HP.COM (Lush, Richard) Date: Thu Jan 12 21:18:29 2006 Subject: Possible to have MailScanner use SA database? Message-ID: <13095CFC38D38E418844A18124E8EC7708778D@sdcexcea01.emea.cpqcorp.net> I'll look into after I get the new version of the webmin module out this week. I expect it will run under Apache (or any thing that supports perl cgi). I'll keep you all posted. Please email me off list (webmin@lushsoft.dyndns.org) for ideas around the interface look and feel. Cheers Richard -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jody Cleveland Sent: 11 June 2003 13:54 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Possible to have MailScanner use SA database? > Features: > > Admin Interface > - Global rulesets > - User Admin > User Interface > - Maintainance of white/black lists > - Allowed filenames > - Virus Notifications > - Normal and High Scoring thresholds > - Spam Actions That's exactly everything I'd be looking for too. Unfortunately, I can't program, but I'd be willing to test anything someone made. -- Jody Cleveland (cleveland@mail.winnefox.org) From JEN at AH.DK Wed Jun 11 14:09:42 2003 From: JEN at AH.DK (Jan Elmqvist Nielsen) Date: Thu Jan 12 21:18:29 2006 Subject: Kaspersky 4.0.3, MS 4.21-9 and redhat 9 Message-ID: Is any of you running kaspersky 4.0.3, MS 4.2xx and redhat 9, and are you catching any virus? I tryed with kaspersky 3.0 build 136 without any luck. when I am running the kaspersky-wrapper it detects the virus! I have Kaspersky 3.0 build 136, MS 4.21-6 and redhat 7.3 installation, which is working fine!! Any ideas? Is it the redhat version? /Jan Elmqvist Nielsen From damian at WORKGROUPSOLUTIONS.COM Wed Jun 11 14:15:50 2003 From: damian at WORKGROUPSOLUTIONS.COM (Damian Mendoza) Date: Thu Jan 12 21:18:29 2006 Subject: F-Prot and Mail Scanner Message-ID: Hi, An update: End-User error as messages were not going thru MailScanner. MailScanner is working perfectly with F-Prot antivirus. Regards, Damian Workgroup Solutions 20532 El Toro Rd, Suite 107 Mission Viejo, CA 92692 949 586-2200 Developers of SpamGate - Stop SPAM today at the Gateway! -----Original Message----- From: Damian Mendoza Sent: Monday, June 09, 2003 4:43 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: F-Prot and Mail Scanner Hi, I installed F-Prot and MailScanner on an SMTP gateway for a customer. My customer tells me that F-Prot is only blocking 10% of the viruses. They had 9 messages get passed the F-Prot/MailScanner gateway and 1 message was stopped according to the maillog. Norton Antivirus on the Exchange server told us about the 9 messages. Any ideas? F-Prot is getting the updates based on the Maillog file. Thanks, Damian From y.huang at UTORONTO.CA Wed Jun 11 14:49:34 2003 From: y.huang at UTORONTO.CA (Bruce Huang) Date: Thu Jan 12 21:18:29 2006 Subject: Spam score not add up Message-ID: Dear all, One question hope anyone's advise: I start to add my own tests on spam.assassin.prefs.conf. The rule is body SPAM_SITE_001 /www.abc.com/i describe SPAM_SITE_001 Testing score 10.0 The /etc/mail/spamassassin/local.cf links to /opt/MailScanner/etc/spam.assassin.prefs.conf With a test, I expect to have a score greater than 10, instead of 3.6. See bellow for test result. X-mailer: Pegasus Mail for Windows (v4.01) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body X-MailScanner-Information: Please contact the ISP for more information X-MailScanner: Found to be clean X-MailScanner-SpamCheck: not spam, SpamAssassin (score=3.6, required 5, BAYES_00, SPAM_SITE_001) X-MailScanner-SpamScore: sss X-PMFLAGS: 34078848 0 1 Y0604D.CNM www.abc.com Thanks for any advise. Regards, Bruce From mailscanner at ecs.soton.ac.uk Wed Jun 11 14:43:08 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:29 2006 Subject: f-prot's new mailbox licensing model In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0A4AD9F@pascal.priv.bmrb.co .uk> Message-ID: <5.2.0.9.2.20030611144204.04958aa0@imap.ecs.soton.ac.uk> At 10:52 11/06/2003, you wrote: > > The only viruses that would probably slip thru are macro > > viruses and those > > that are sent thru compressed files... correct? Or is there > > something else > > that may happen that I haven't thought of? > >I'm firmly of the opinion that there is always something else that may >happen that I haven't thought of! We don't know what the next exploit >might be that gets exploited by virus writers. If you want to protect >against all viruses without using a virus scanner then you should block >all attachements and probably strip all html content too. Theres no >telling for sure what attachements may have viruses in them. One example, >theres a known vulnerability in Windows XP which can be exploited by a >carefully constructed mp3 or wma file. Presumably that could be exploited >by a virus writer, but who would have expected an mp3 file to contain a >virus - its not even executable! Many moons ago, I fell foul of this myself. Who would have thought that a plain-text email containing no MIME attachments or HTML could have contained a virus? Then "MyParty-A" appeared... -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Wed Jun 11 14:45:22 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:29 2006 Subject: Problems Installing Mailscanner 4.21.9 In-Reply-To: <000001c32fb5$7ca28e80$0100007f@enterprise> Message-ID: <5.2.0.9.2.20030611144444.038c29f8@imap.ecs.soton.ac.uk> You need a newer version of the "rpm" tool and its libraries. At 01:59 11/06/2003, you wrote: >Hi, > >I'm trying to install Mailscanner 4.21.9 on a Redhat 6.2 but have hit >problems. I have managed to run Update-MakeMaker.sh after installing >FileSpec 0.82 and run install.sh again. After a lot of output on the >screen, the program ended with: > >Installing tnef decoder > >error: failed dependencies: > rpmlib(PayloadFilesHavePrefix) <= 4.0-1 is needed by > tnef-1.1.4-sizelimi >t1 > rpmlib(CompressedFileNames) <= 3.0.4-1 is needed by > tnef-1.1.4-sizelimit >1 > >Now to install MailScanner itself. > >error: failed dependencies: > tnef >= 1.1.1 is needed by mailscanner-4.21-9 > rpmlib(PayloadFilesHavePrefix) <= 4.0-1 is needed by > mailscanner-4.21-9 > rpmlib(CompressedFileNames) <= 3.0.4-1 is needed by > mailscanner-4.21-9 > rpmlib(VersionedDependencies) <= 3.0.3-1 is needed by > mailscanner-4.21-9 >Please do not forget to kill your MailScanner version 3 processes >before starting version 4. > >Any ideas? > >Cheers, > >Joe -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030611/1edb5c15/attachment.html From dwinkler at ALGORITHMICS.COM Wed Jun 11 14:49:35 2003 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:18:29 2006 Subject: Spam score not add up Message-ID: <06EE2C86D3DAD5119A6C0060943F3C97055E7000@tormail1.algorithmics.com> score SPAM_SITE_001 10.0 not score 10.0 -----Original Message----- From: Bruce Huang [mailto:y.huang@UTORONTO.CA] Sent: Wednesday, June 11, 2003 9:50 AM To: MAILSCANNER@jiscmail.ac.uk Subject: Spam score not add up Dear all, One question hope anyone's advise: I start to add my own tests on spam.assassin.prefs.conf. The rule is body SPAM_SITE_001 /www.abc.com/i describe SPAM_SITE_001 Testing score 10.0 The /etc/mail/spamassassin/local.cf links to /opt/MailScanner/etc/spam.assassin.prefs.conf With a test, I expect to have a score greater than 10, instead of 3.6. See bellow for test result. X-mailer: Pegasus Mail for Windows (v4.01) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body X-MailScanner-Information: Please contact the ISP for more information X-MailScanner: Found to be clean X-MailScanner-SpamCheck: not spam, SpamAssassin (score=3.6, required 5, BAYES_00, SPAM_SITE_001) X-MailScanner-SpamScore: sss X-PMFLAGS: 34078848 0 1 Y0604D.CNM www.abc.com Thanks for any advise. Regards, Bruce -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030611/d827a791/attachment.html From mailscanner at ecs.soton.ac.uk Wed Jun 11 14:55:23 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:29 2006 Subject: Spam score not add up In-Reply-To: Message-ID: <5.2.0.9.2.20030611145429.04964370@imap.ecs.soton.ac.uk> At 14:49 11/06/2003, you wrote: >Dear all, > >One question hope anyone's advise: > >I start to add my own tests on spam.assassin.prefs.conf. >The rule is > >body SPAM_SITE_001 /www.abc.com/i >describe SPAM_SITE_001 Testing >score 10.0 > >The /etc/mail/spamassassin/local.cf links >to /opt/MailScanner/etc/spam.assassin.prefs.conf > >With a test, I expect to have a score greater than 10, instead of 3.6. See >bellow for test result. > >X-mailer: Pegasus Mail for Windows (v4.01) >Content-type: text/plain; charset=US-ASCII >Content-transfer-encoding: 7BIT >Content-description: Mail message body >X-MailScanner-Information: Please contact the ISP for more information >X-MailScanner: Found to be clean >X-MailScanner-SpamCheck: not spam, SpamAssassin (score=3.6, required 5, > BAYES_00, SPAM_SITE_001) >X-MailScanner-SpamScore: sss >X-PMFLAGS: 34078848 0 1 Y0604D.CNM But it hit the BAYES_00 rule as well, which has a negative score. If you have a very recent MailScanner, you can switch on an option that will show you the score of each rule that "hits". -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From y.huang at UTORONTO.CA Wed Jun 11 14:55:51 2003 From: y.huang at UTORONTO.CA (Bruce Huang) Date: Thu Jan 12 21:18:29 2006 Subject: Spam score not add up References: <06EE2C86D3DAD5119A6C0060943F3C97055E7000@tormail1.algorithmics.com> Message-ID: <002f01c33021$2d001520$5b426480@ad.geog.utoronto.ca> RE: Spam score not add upSorry for the information. The rule is body SPAM_SITE_001 /www.abc.com/i describe SPAM_SITE_001 Testing score SPAM_SITE_001 10.0 Regards, Bruce ----- Original Message ----- From: Derek Winkler To: MAILSCANNER@JISCMAIL.AC.UK Sent: Wednesday, June 11, 2003 9:49 AM Subject: Re: Spam score not add up score SPAM_SITE_001 10.0 not score 10.0 -----Original Message----- From: Bruce Huang [mailto:y.huang@UTORONTO.CA] Sent: Wednesday, June 11, 2003 9:50 AM To: MAILSCANNER@jiscmail.ac.uk Subject: Spam score not add up Dear all, One question hope anyone's advise: I start to add my own tests on spam.assassin.prefs.conf. The rule is body SPAM_SITE_001 /www.abc.com/i describe SPAM_SITE_001 Testing score 10.0 The /etc/mail/spamassassin/local.cf links to /opt/MailScanner/etc/spam.assassin.prefs.conf With a test, I expect to have a score greater than 10, instead of 3.6. See bellow for test result. X-mailer: Pegasus Mail for Windows (v4.01) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body X-MailScanner-Information: Please contact the ISP for more information X-MailScanner: Found to be clean X-MailScanner-SpamCheck: not spam, SpamAssassin (score=3.6, required 5, BAYES_00, SPAM_SITE_001) X-MailScanner-SpamScore: sss X-PMFLAGS: 34078848 0 1 Y0604D.CNM www.abc.com Thanks for any advise. Regards, Bruce -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030611/36bfb59d/attachment.html From y.huang at UTORONTO.CA Wed Jun 11 15:07:59 2003 From: y.huang at UTORONTO.CA (Bruce Huang) Date: Thu Jan 12 21:18:29 2006 Subject: Spam score not add up References: <5.2.0.9.2.20030611145429.04964370@imap.ecs.soton.ac.uk> Message-ID: <004901c33022$de035ed0$5b426480@ad.geog.utoronto.ca> > But it hit the BAYES_00 rule as well, which has a negative score. If you > have a very recent MailScanner, you can switch on an option that will show > you the score of each rule that "hits". I am using MailScanner 4.20-3, and can not find the option. Would you mind to let me know where it is? Thanks, Bruce From o.pitzeier at UPTIME.AT Wed Jun 11 15:08:46 2003 From: o.pitzeier at UPTIME.AT (Oliver Pitzeier) Date: Thu Jan 12 21:18:29 2006 Subject: Black-/Whitelists in SQL Database (WAS: RE: SQL user options) In-Reply-To: <84CFA712F666B44A94CE6BE116BAF4B0B4E9ED@mail.winnefox.org> Message-ID: <001901c33022$f99097d0$020b10ac@pitzeier.priv.at> > > OK. I did it. :-) I wrote some code (SQL_Backlist, SQL_Whitelist), > > which is - at least a bit - configurable trough variables in > > CustomConfig.pm. You can imagine what it does... Exactly what I > > wanted. :-) > > > > So... Is someone interested in this code? > > I would love to have that. Thanks! Please find it here: http://filelister.linux-kernel.at/?current=/tarballs/MailScanner/ Please keep in mind, that is is still some kind of beta stage... I have it running here, but I wrote it this night in about 1 hour. :-) For me it's stable, if Julian says it's fine. :-))) xs Best regards, Oliver From marco at MUW.EDU Wed Jun 11 15:19:32 2003 From: marco at MUW.EDU (Marco Obaid) Date: Thu Jan 12 21:18:29 2006 Subject: Using ramfs for incoming queue In-Reply-To: <002f01c33021$2d001520$5b426480@ad.geog.utoronto.ca> References: <06EE2C86D3DAD5119A6C0060943F3C97055E7000@tormail1.algorithmics.com> <002f01c33021$2d001520$5b426480@ad.geog.utoronto.ca> Message-ID: <1055341172.3ee73a7493594@webmail.MUW.Edu> Good day all, I am exploring using ramfs for MS incoming queue. This is a Redhat 7.3 system with 3GB RAM. I am using the following command: $ mount -t -o maxsize=n none /var/spool/MailScanner/incoming ramfs My question is, what is a decent size for n? I know that is probably site-dependent, but an advice is appreciated. This particular system handles an average of 20,000 messages per day. Thank you Marco _________________________________________________________________ This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail For the latest MUW Events, visit http://www.MUW.Edu/calendar From raymond at PROLOCATION.NET Wed Jun 11 15:18:34 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:29 2006 Subject: Using ramfs for incoming queue In-Reply-To: <1055341172.3ee73a7493594@webmail.MUW.Edu> Message-ID: Hi! > My question is, what is a decent size for n? > > I know that is probably site-dependent, but an advice is appreciated. This > particular system handles an average of 20,000 messages per day. If you look on your system now, i guess you can estimate ok :) Please also mind that in case of heavy incomming mail you will most likely be stuck if you push this too low. But thats no news to you i guess... Bye, Raymond. From FCaen at CI.LAKEWOOD.WA.US Wed Jun 11 15:20:44 2003 From: FCaen at CI.LAKEWOOD.WA.US (Francois Caen) Date: Thu Jan 12 21:18:29 2006 Subject: f-prot's new mailbox licensing model Message-ID: -----Original Message----- From: Spicer, Kevin [mailto:Kevin.Spicer@BMRB.CO.UK] > One example, theres a known vulnerability in Windows XP which can be > exploited by a carefully constructed mp3 or wma file. Presumably that > could be exploited by a virus writer, but who would have expected an > mp3 file to contain a virus - its not even executable! Yep. Same thing for PDFs. I even remember an article about trying to hide viruses in JPEGs. Can't remember if that was successful or not. But this all proves that even though filetype filtering is a great tool, it is not sufficient. --------------------------------------------- Francois Caen Network Information Systems Engineer - Webmaster City of Lakewood, WA (253) 512-2269 NOTICE: The Information contained in this transmission is privileged and confidential. It is intended for the use of the individual or entity named above. If the reader of this message is not the intended addressee or other legitimate recipient, the reader is hereby notified that any consideration, dissemination or duplication of this communication is strictly prohibited. If the addressee has received this communication in error, please return it to the above address by mail and notify this office by telephone. City of Lakewood From tony.johansson at SVENSKAKYRKAN.SE Wed Jun 11 15:25:49 2003 From: tony.johansson at SVENSKAKYRKAN.SE (Tony Johansson) Date: Thu Jan 12 21:18:29 2006 Subject: eTrust Inoculate Message-ID: <3C4F5084EF16D4119CE700508B6B8B10058D0D60@nt.svenskakyrkan.se> I have problems getting eTrust inoculate to work with MailScanner. Details: eTrust version: eTrust Antivirus for Linux (Build 1892) (from the eTrust AntiVirus version 7 CD) Os: Red Hat 7.3 with default sendmail MailScanner: 4.21-9 Virus scanner in MailScanner.conf is set to f-prot and inoculate. F-prot finds viruses, inoculate does not and theres nothing in the maillog about inoculate. incoulate-wrapper DOES work however, see following output: "[root@localhost viruses]# /usr/lib/MailScanner/inoculate-wrapper . File /tmp/viruses/./BUG.0LL is infected by virus: Win32/Bugbear.Worm File /tmp/viruses/./BUGBEAR.0OM is infected by virus: Win32/Bugbear.Worm File /tmp/viruses/./klez.0OM is infected by virus: Win32/Klez.H.Worm File /tmp/viruses/./sircam.0OM is infected by virus: Win32/SirCam.Worm Total Files Scanned: 8 Total Viruses Found: 4 Total Infected Files Found: 4 Scan Mode: Secure *** End Of Summary *** " Version info and options of inocmd32: [root@localhost MailScanner]# inocmd32 InoculateIT Engine version: 23.61.00 2003/04/08 InoculateIT Signature version: virsig.da0 23.61.46 2003/06/10 Usage:inocmd32 [ -options ] file|directory|drive ... -options: : ENG can be one of: Ino or Vet : MOD Scan mode can be one of: Secure or Reviewer (default Secure) : ACT Infected file action can be one of: Cure, Rename, Delete or Move : EXE Specified files (based on the 'Specified' extension list) : EXC Exclude files (based on the 'Exclude' extension list) : ARC Scan archive files : NEX Detect compressed files by content, not file extension : NOS No subdirectory traverse : FIL: Only scan files that match (shell wildcard) : SCA Special Cure Action (ACT must be set to Cure) can be one of: CB (Copy Before), DT (Delete Trojan), RF (Rename if cure fails) or MF (Move if cure fails) : MCA Macro Cure Action can be either: RA (remove all) or RI (remove infected) : SPM Special Mode can only be: H (heuristics) : SFI Stop at first infection in archive : SRF Skip regular file scanning of archives : LIS: Create scan report file : APP: Append scan report to file : UNI / is directory separator rather than switch introducer : VER Verbose mode : COU: Message every scanned files : COU Message every 1000 scanned files : SIG Display signature version numbers : SIG: Display signature version numbers of engine located in : HEL or ? Display this help file|directory|drive ...: Specify at least one file, directory or drive to scan regards, Tony From Kevin.Spicer at BMRB.CO.UK Wed Jun 11 15:32:24 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:18:29 2006 Subject: f-prot's new mailbox licensing model Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0EBF641@pascal.priv.bmrb.co.uk> > I even remember an article about trying to > hide viruses in JPEGs. That was largely marketing from one of the big AV vendors. There was a virus spreading through jpegs, but you had to already have been infected by another virus which then made you vulnerable to the jpeg one. Uninfected PC's had nothing to fear from that particular jpeg. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From lbergman at wtxs.net Wed Jun 11 15:44:23 2003 From: lbergman at wtxs.net (Lewis Bergman) Date: Thu Jan 12 21:18:29 2006 Subject: Black-/Whitelists in SQL Database (WAS: RE: SQL user options) In-Reply-To: <84CFA712F666B44A94CE6BE116BAF4B0B4E9ED@mail.winnefox.org> References: <84CFA712F666B44A94CE6BE116BAF4B0B4E9ED@mail.winnefox.org> Message-ID: <200306110944.23279.lbergman@wtxs.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday 11 June 2003 07:37 am, Jody Cleveland wrote: > > OK. I did it. :-) I wrote some code (SQL_Backlist, > > SQL_Whitelist), which is - at least a bit - configurable > > trough variables in CustomConfig.pm. You can imagine what it > > does... Exactly what I wanted. :-) > > > > So... Is someone interested in this code? > > I would love to have that. Thanks! I would second that. I am not ready to use it yet but I have been looking for a way to do per user black/white lists. Sounds very promising. - -- Lewis Bergman Texas Communications 4309 Maple St. Abilene, TX 79602-8044 915-695-6962 ext 115 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+50BHpT00mQjG01gRAn2FAJ0VmoFI/JBDVF/mHTLT1fwabMn0NgCgkCTA NeIOlKhOgRAQmHB0rNgpWJ0= =4x6i -----END PGP SIGNATURE----- From o.pitzeier at UPTIME.AT Wed Jun 11 15:47:22 2003 From: o.pitzeier at UPTIME.AT (Oliver Pitzeier) Date: Thu Jan 12 21:18:29 2006 Subject: Black-/Whitelists in SQL Database (WAS: RE: SQL user options) In-Reply-To: <200306110944.23279.lbergman@wtxs.net> Message-ID: <001e01c33028$5e03ac70$020b10ac@pitzeier.priv.at> Lewis Bergman wrote: > On Wednesday 11 June 2003 07:37 am, Jody Cleveland wrote: > > > OK. I did it. :-) I wrote some code (SQL_Backlist, > SQL_Whitelist), > > > which is - at least a bit - configurable trough variables in > > > CustomConfig.pm. You can imagine what it does... Exactly what I > > > wanted. :-) > > > > > > So... Is someone interested in this code? > > > > I would love to have that. Thanks! > > I would second that. I am not ready to use it yet but I have > been looking for a way to do per user black/white lists. > > Sounds very promising. Please see my other mail... I uploaded it to my server, so everyone can download it easily... Best regards, Oliver From kusler at NSCL.MSU.EDU Wed Jun 11 15:58:54 2003 From: kusler at NSCL.MSU.EDU (Jay Kusler) Date: Thu Jan 12 21:18:29 2006 Subject: double messages? Message-ID: I upgraded to Postfix 2.0.11 yesterday to see if that would fix things, but no luck. These second (empty) messages still happen. I've had 2 today, out of about 20 emails. Any hints on where I could look? Thanks, Jay Kusler On Tue, 10 Jun 2003 10:15:33 -0400, Jay Kusler wrote: >MailScanner-4.21-9 >Postfix 1.1.11 > >Thanks > >Jay > > > >Julian Field said: >> What version of MailScanner are you running? >> What version of Postfix are you running? >> >> At 14:11 10/06/2003, you wrote: >>>I installed MailScanner with Clamav on a Solaris 8 (sparc) box running >>> Postfix as the MTA. Often, but not always, 2 messages are delivered >>> instead of just one. The first has the 'real' message, and the second >>> is empty. For example, a message just came through from this list from >>> Marc Obaid, and it was double. The logs show the second blank message >>> simply appearing, as best as I can tell, although it seems that there >>> may be 2 instances of MailScanner trying to process the queue >>> concurrently. Has anyone seen this behavior, and what can I do about >>> it? >>> >>>Thanks, >>> >>>Jay Kusler >>>NSCL >>> >>>Jun 10 08:53:48 jade postfix/smtpd[25820]: [ID 197553 mail.info] >>> connect from smtp.jiscmail.ac.uk[130.246.192.48] >>>Jun 10 08:53:48 jade postfix/smtpd[25820]: [ID 197553 mail.info] >>> 4C8A6279: client=smtp.jiscmail.ac.uk[130.246.192.48] >>>Jun 10 08:53:48 jade postfix/cleanup[25452]: [ID 197553 mail.info] >>> 4C8A6279: message-id= <1055249831.3ee5d5a71c23b@webmail.MUW.Edu> >>>Jun 10 08:53:48 jade postfix/qmgr[25436]: [ID 197553 mail.info] >>> 4C8A6279: from=, size=3460, nrcpt=1 >>> (queue active) Jun 10 08:53:48 jade postfix/qmgr[25436]: [ID 197553 >>> mail.info] 4C8A6279: to=, relay=none, delay=0, >>> status=deferred (deferred transport) >>>Jun 10 08:53:49 jade postfix/smtpd[25820]: [ID 197553 mail.info] >>> disconnect from smtp.jiscmail.ac.uk[130.246.192.48] >>> >>>Jun 10 08:53:52 jade.nscl.msu.edu MailScanner[25538]: New Batch: >>> Scanning 1 messages, 3650 bytes >>>Jun 10 08:53:53 jade.nscl.msu.edu MailScanner[25538]: Virus and Content >>> Scanning: Starting >>>Jun 10 08:53:53 jade.nscl.msu.edu MailScanner[25554]: New Batch: >>> Scanning 1 messages, 3650 bytes >>>Jun 10 08:53:53 jade.nscl.msu.edu MailScanner[25538]: Uninfected: >>> Delivered 1 messages >>>Jun 10 08:53:53 jade postfix/qmgr[25479]: [ID 197553 mail.info] >>> 17D259380: from=, size=3467, nrcpt=1 >>> (queue active) Jun 10 08:53:53 jade.nscl.msu.edu MailScanner[25554]: >>> Virus and Content Scanning: Starting >>>Jun 10 08:53:54 jade.nscl.msu.edu MailScanner[25554]: Uninfected: >>> Delivered 1 messages >>>Jun 10 08:53:54 jade postfix/qmgr[25479]: [ID 197553 mail.info] >>> 5616F937E: from=, size=2603, nrcpt=1 >>> (queue active) >>> >>>Jun 10 08:53:56 jade postfix/local[25558]: [ID 197553 mail.info] >>> 17D259380: to=, relay=local, delay=8, status=sent >>>("|/usr/nsclsbin/procmail") >>>Jun 10 08:54:03 jade postfix/local[25577]: [ID 197553 mail.info] >>> 5616F937E: to=, relay=local, delay=15, status=sent >>>("|/usr/nsclsbin/procmail") >> >> -- >> Julian Field >> www.MailScanner.info >> MailScanner thanks transtec Computers for their support From Kevin.Spicer at BMRB.CO.UK Wed Jun 11 16:03:57 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:18:29 2006 Subject: double messages? Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0EBF642@pascal.priv.bmrb.co.uk> > > I upgraded to Postfix 2.0.11 yesterday to see if that would > fix things, but > no luck. These second (empty) messages still happen. I've > had 2 today, out > of about 20 emails. Any hints on where I could look? Probably way off base but... I had a similar problem months ago - but with sendmail. Turned out our exchange server was set to make ETRN requests to our Mailscanner box. Julian has since modified the sendmail startup scripts to defend against this, but I don't know whether it might affect other mailers. Probably not your problem but something to rule out at least! BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From forrie at FORRIE.COM Wed Jun 11 16:06:52 2003 From: forrie at FORRIE.COM (Forrest Aldrich) Date: Thu Jan 12 21:18:29 2006 Subject: OT (general interest): RAV antivirus In-Reply-To: <06EE2C86D3DAD5119A6C0060943F3C97055E6FFE@tormail1.algorith mics.com> Message-ID: <5.2.1.1.2.20030611110354.02008eb0@192.168.1.1> Interesting, since the customer support people at RAV haven't replied to my inquiry about this. This is their full statement about this. I would imagine it would be difficult to just "discontinue" other Unix-based products, since there are undoubtedly many service contracts and higher-end users that have paid a lot of $$ for the product and support - so either they will continue to operate independently as RAV, with MS licensing their technology for their own use, or MS will have to provide for some contingency/alternative. Forrest >>>>>>>>>>>>>>>>>>>>>>>> Dear RAV User, As you are aware, we at RAV have always maintained that our antivirus technology is amongst the best available. This is now testified by a recent announcement by Microsoft Corporation on acquiring our technology. More information about this is available at www.ravantivirus.com and at www.microsoft.com As always, we would like to reiterate that our customers are important to us and that we will continue to maintain and provide the same high level of service that we have had in the past. Technical support for the product will continue to be provided both by GeCAD and its authorised distributors. In addition, you will continue to receive virus signature updates, alerts and advisories. The company's web site www.ravantivirus.com will also continue to be available. Should you have any further questions, please do not hesitate to contact us. We continue to look forward to your ongoing support. Thank you. Sincerely Yours, Radu Georgescu President GeCAD Software s.r.l. Additional information on the transaction available on http://www.ravantivirus.com <<<<<<<<<<<<<<<<<<<<<<< At 08:48 AM 6/11/2003, Derek Winkler wrote: >Wasn't my opinion, Microsoft has stated this to the press. > >-----Original Message----- >From: InvictaNet Customer Support >[mailto:support@invictanet.co.uk] >Sent: Wednesday, June 11, 2003 4:56 AM >To: MAILSCANNER@jiscmail.ac.uk >Subject: Re: OT (general interest): RAV antivirus > >I tend to agree with Derek. I forsee Microsoft killing the non-windows >versions within 6 months. > >Martyn Routley >----------------------------------------------------------------- >InvictaNet - The Internet in Plain English, Guaranteed >http://www.invictanet.co.uk >martyn@support.invictanet.co.uk >phone: 08707 440180 >fax: 08707 440181 >Ask us about our online Antivirus and Junk mail scanning service >----------------------------------------------------------------- >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK]On >Behalf >Of Derek Winkler >Sent: 10 June 2003 22:50 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: OT (general interest): RAV antivirus > >Microsoft is going to discontinue all of their products. >More for Microsoft less for *nix. >-----Original Message----- >From: Forrest Aldrich [mailto:forrie@forrie.com] >Sent: Tuesday, June 10, 2003 3:14 PM >To: MAILSCANNER@jiscmail.ac.uk >Subject: OT (general interest): RAV antivirus > >This may be of general interest... I just received an email from RAV, >indicating some acquisition of their technology by Microsoft. This >probably means more scanners for the MS platform. > >Forrest From Denis.Beauchemin at USHERBROOKE.CA Wed Jun 11 16:24:06 2003 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:18:29 2006 Subject: Spam score not add up In-Reply-To: <004901c33022$de035ed0$5b426480@ad.geog.utoronto.ca> References: <5.2.0.9.2.20030611145429.04964370@imap.ecs.soton.ac.uk> <004901c33022$de035ed0$5b426480@ad.geog.utoronto.ca> Message-ID: <1055345046.16452.44.camel@dbeauchemin.si.usherbrooke.ca> I think it is not there. You need 4.21-9. The score for BAYES_00 can be found by: grep BAYES_00 /usr/share/spamassassin/50_scores.cf score BAYES_00 0 0 -5.300 -5.200 If the scores file is not located there, try a "locate 50_scores.cf" and then grep that file. Denis Le mer 11/06/2003 ? 10:07, Bruce Huang a ?crit : > > But it hit the BAYES_00 rule as well, which has a negative score. If you > > have a very recent MailScanner, you can switch on an option that will show > > you the score of each rule that "hits". > I am using MailScanner 4.20-3, and can not find the option. Would you mind > to let me know where it is? > > Thanks, > > Bruce -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x2252 F: 819.821.8045 From mailscanner at ecs.soton.ac.uk Wed Jun 11 16:16:49 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:29 2006 Subject: Black-/Whitelists in SQL Database (WAS: RE: SQL user options) In-Reply-To: <200306110944.23279.lbergman@wtxs.net> References: <84CFA712F666B44A94CE6BE116BAF4B0B4E9ED@mail.winnefox.org> <84CFA712F666B44A94CE6BE116BAF4B0B4E9ED@mail.winnefox.org> Message-ID: <5.2.0.9.2.20030611161617.038f1d28@imap.ecs.soton.ac.uk> At 15:44 11/06/2003, you wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >On Wednesday 11 June 2003 07:37 am, Jody Cleveland wrote: > > > OK. I did it. :-) I wrote some code (SQL_Backlist, > > > SQL_Whitelist), which is - at least a bit - configurable > > > trough variables in CustomConfig.pm. You can imagine what it > > > does... Exactly what I wanted. :-) > > > > > > So... Is someone interested in this code? > > > > I would love to have that. Thanks! >I would second that. I am not ready to use it yet but I have been looking for >a way to do per user black/white lists. Sounds very promising. If all you need is file-based per-user and per-domain black+whitelists, then there is already code in CustomConfig.pm to do this for you. It's only the SQL bit that's missing. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Wed Jun 11 16:13:21 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:29 2006 Subject: Spam score not add up In-Reply-To: <004901c33022$de035ed0$5b426480@ad.geog.utoronto.ca> References: <5.2.0.9.2.20030611145429.04964370@imap.ecs.soton.ac.uk> Message-ID: <5.2.0.9.2.20030611161259.0382b6c0@imap.ecs.soton.ac.uk> At 15:07 11/06/2003, you wrote: > > But it hit the BAYES_00 rule as well, which has a negative score. If you > > have a very recent MailScanner, you can switch on an option that will show > > you the score of each rule that "hits". >I am using MailScanner 4.20-3, and can not find the option. Would you mind >to let me know where it is? Sorry, just looked in the ChangeLog myself and I only introduced it in 4.21. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Wed Jun 11 16:14:52 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:29 2006 Subject: Using ramfs for incoming queue In-Reply-To: <1055341172.3ee73a7493594@webmail.MUW.Edu> References: <002f01c33021$2d001520$5b426480@ad.geog.utoronto.ca> <06EE2C86D3DAD5119A6C0060943F3C97055E7000@tormail1.algorithmics.com> <002f01c33021$2d001520$5b426480@ad.geog.utoronto.ca> Message-ID: <5.2.0.9.2.20030611161343.044c36d0@imap.ecs.soton.ac.uk> At 15:19 11/06/2003, you wrote: >Good day all, > >I am exploring using ramfs for MS incoming queue. > >This is a Redhat 7.3 system with 3GB RAM. I am using the following command: > >$ mount -t -o maxsize=n none /var/spool/MailScanner/incoming ramfs > >My question is, what is a decent size for n? > >I know that is probably site-dependent, but an advice is appreciated. This >particular system handles an average of 20,000 messages per day. Use tmpfs and not ramfs and you don't need to worry about it, the OS will expand and contract it dynamically for you. mount -t tmpfs tmpfs /var/spool/MailScanner/incoming (but obviously put the relevant info into your /etc/fstab so it gets mounted at boot-time). -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From marco at MUW.EDU Wed Jun 11 16:41:05 2003 From: marco at MUW.EDU (Marco Obaid) Date: Thu Jan 12 21:18:29 2006 Subject: Using ramfs for incoming queue In-Reply-To: <5.2.0.9.2.20030611161343.044c36d0@imap.ecs.soton.ac.uk> References: <002f01c33021$2d001520$5b426480@ad.geog.utoronto.ca> <06EE2C86D3DAD5119A6C0060943F3C97055E7000@tormail1.algorithmics.com> <002f01c33021$2d001520$5b426480@ad.geog.utoronto.ca> <5.2.0.9.2.20030611161343.044c36d0@imap.ecs.soton.ac.uk> Message-ID: <1055346065.3ee74d91433d8@webmail.MUW.Edu> Quoting Julian Field : > Use tmpfs and not ramfs and you don't need to worry about it, the OS will > expand and contract it dynamically for you. > mount -t tmpfs tmpfs /var/spool/MailScanner/incoming > (but obviously put the relevant info into your /etc/fstab so it gets > mounted at boot-time). Thank you Julian. You amaze me with your knowledge. I wonder what is your IQ? I tried it and I see significant improvment so far :) Marco _________________________________________________________________ This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail For the latest MUW Events, visit http://www.MUW.Edu/calendar From Cleveland at MAIL.WINNEFOX.ORG Wed Jun 11 16:47:25 2003 From: Cleveland at MAIL.WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:18:29 2006 Subject: Black-/Whitelists in SQL Database (WAS: RE: SQL user options) Message-ID: <84CFA712F666B44A94CE6BE116BAF4B0B4E9FD@mail.winnefox.org> > Please find it here: > http://filelister.linux-kernel.at/?current=/tarballs/MailScanner/ I've never seen a .patch file before. How do I apply that? Jody From mailscanner at ecs.soton.ac.uk Wed Jun 11 16:59:36 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:29 2006 Subject: Black-/Whitelists in SQL Database (WAS: RE: SQL user options) In-Reply-To: <84CFA712F666B44A94CE6BE116BAF4B0B4E9FD@mail.winnefox.org> Message-ID: <5.2.0.9.2.20030611165750.04fcc958@imap.ecs.soton.ac.uk> At 16:47 11/06/2003, you wrote: > > Please find it here: > > http://filelister.linux-kernel.at/?current=/tarballs/MailScanner/ > >I've never seen a .patch file before. How do I apply that? Using the "patch" command :-) Usual syntax is along the lines of one of these: patch < foobar.patch patch -p0 < foobar.patch patch -p1 < foobar.patch If it asks you for the name of the file to patch you are either in the wrong directory or got the "p" number wrong. "patch" files are just the output of the "diff" command. "patch" is more of a sentient life-form than a command, it's far too damn clever! :-) -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From lilvalo at MIKIBOY.COM Wed Jun 11 16:55:03 2003 From: lilvalo at MIKIBOY.COM (Valmiki N. Ramsewak) Date: Thu Jan 12 21:18:29 2006 Subject: mailscanner + procmail + gentoo Message-ID: <20030611155503.GA7343@mikiboy.com> Hi, I'm using gentoo. I got mcafee and sendmail working.. I also installed mailscanner, and made the changes to the /etc/conf.d/sendmail file (/etc/init.d/sendmail reads the options from there) It all starts up fine, but nothing gets scanned by mailscanner, and I'm not sure why.. I don't see it in the headers..... Thanks Valmiki Feel free to hit me upon AIM at lilvalo or MSN at this email. Thanks also any comments and tips welcome From raymond at PROLOCATION.NET Wed Jun 11 17:34:36 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:29 2006 Subject: mailscanner + procmail + gentoo In-Reply-To: <20030611155503.GA7343@mikiboy.com> Message-ID: Hi! > I'm using gentoo. I got mcafee and sendmail working.. I also installed > mailscanner, and made the changes to the /etc/conf.d/sendmail file > (/etc/init.d/sendmail reads the options from there) It all starts up fine, > but nothing gets scanned by mailscanner, and I'm not sure why.. I don't see > it in the headers..... You should STOP sendmail. The mailscanner script should run sendmail. Bye, Raymond. From TGFurnish at HERFF-JONES.COM Wed Jun 11 17:39:21 2003 From: TGFurnish at HERFF-JONES.COM (Furnish, Trever G) Date: Thu Jan 12 21:18:29 2006 Subject: Using ramfs for incoming queue Message-ID: <5D8D9455134FD211AE4900A0C9DED11E0AFDDBB9@indy1ntm.herffjones.hj-int> Julian Field said: > [...snip...] > mount -t tmpfs tmpfs /var/spool/MailScanner/incoming "tmpfs"? What's that? My mount manual page says nothing about that fs type, although it seems to work. Any idea where to get more info? -t. From marco at MUW.EDU Wed Jun 11 17:45:51 2003 From: marco at MUW.EDU (Marco Obaid) Date: Thu Jan 12 21:18:29 2006 Subject: Using ramfs for incoming queue In-Reply-To: <5D8D9455134FD211AE4900A0C9DED11E0AFDDBB9@indy1ntm.herffjones.hj-int> References: <5D8D9455134FD211AE4900A0C9DED11E0AFDDBB9@indy1ntm.herffjones.hj-int> Message-ID: <1055349951.3ee75cbf4c4cd@webmail.MUW.Edu> Hi, > "tmpfs"? What's that? My mount manual page says nothing about that fs > type, although it seems to work. Any idea where to get more info? Try this link: http://wks.uts.ohio-state.edu/sysadm_course/html/sysadm-66.html Or, google "tmpfs" ... Marco _________________________________________________________________ This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail For the latest MUW Events, visit http://www.MUW.Edu/calendar From Kevin.Spicer at BMRB.CO.UK Wed Jun 11 17:42:27 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:18:29 2006 Subject: Using ramfs for incoming queue Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0EBF644@pascal.priv.bmrb.co.uk> Old man page maybe? Here the relevent bits from mine (Mandrake 9.1).... Mount options for tmpfs The following parameters accept a suffix k, m or g for Ki, Mi, Gi (binary kilo, mega and giga) and can be changed on remount. size=nbytes Override default size of the filesystem. The size is given in bytes, and rounded down to entire pages. The default is half of the memory. nr_blocks= Set number of blocks. nr_inodes= Set number of inodes. mode= Set initial permissions of the root directory. > -----Original Message----- > From: Furnish, Trever G [mailto:TGFurnish@HERFF-JONES.COM] > Sent: 11 June 2003 17:39 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Using ramfs for incoming queue > > > Julian Field said: > > [...snip...] > > mount -t tmpfs tmpfs /var/spool/MailScanner/incoming > > "tmpfs"? What's that? My mount manual page says nothing > about that fs > type, although it seems to work. Any idea where to get more info? > > -t. > BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From mailscanner at ecs.soton.ac.uk Wed Jun 11 18:04:21 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:29 2006 Subject: Using ramfs for incoming queue In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0EBF644@pascal.priv.bmrb.co .uk> Message-ID: <5.2.1.1.2.20030611180250.025718a8@imap.ecs.soton.ac.uk> At 17:42 11/06/2003, you wrote: >Old man page maybe? Here the relevent bits from mine (Mandrake 9.1).... > > >Mount options for tmpfs > The following parameters accept a suffix k, m or g for Ki, > Mi, Gi > (binary kilo, mega and giga) and can be changed on remount. > > size=nbytes > Override default size of the filesystem. The size > is given in > bytes, and rounded down to entire pages. The default is > half of > the memory. Note this is the maximum size. It doesn't allocate half your RAM at startup, it just uses it as needed, allocated out of the spare RAM that is used for IO buffers and disk cache. There is not normally any reason to specify any mount options for tmpfs at all. It's best to leave the OS to manage it all for you. > nr_blocks= > Set number of blocks. > > nr_inodes= > Set number of inodes. > > mode= Set initial permissions of the root directory. > > > > > -----Original Message----- > > From: Furnish, Trever G [mailto:TGFurnish@HERFF-JONES.COM] > > Sent: 11 June 2003 17:39 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Using ramfs for incoming queue > > > > > > Julian Field said: > > > [...snip...] > > > mount -t tmpfs tmpfs /var/spool/MailScanner/incoming > > > > "tmpfs"? What's that? My mount manual page says nothing > > about that fs > > type, although it seems to work. Any idea where to get more info? > > > > -t. > > > > > >BMRB International >http://www.bmrb.co.uk >+44 (0)20 8566 5000 >_________________________________________________________________ >This message (and any attachment) is intended only for the >recipient and may contain confidential and/or privileged >material. If you have received this in error, please contact the >sender and delete this message immediately. Disclosure, copying >or other action taken in respect of this email or in >reliance on it is prohibited. BMRB International Limited >accepts no liability in relation to any personal emails, or >content of any email which does not directly relate to our >business. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From y.huang at UTORONTO.CA Wed Jun 11 18:14:03 2003 From: y.huang at UTORONTO.CA (Bruce Huang) Date: Thu Jan 12 21:18:29 2006 Subject: Spam score not add up References: <5.2.0.9.2.20030611145429.04964370@imap.ecs.soton.ac.uk> <004901c33022$de035ed0$5b426480@ad.geog.utoronto.ca> <1055345046.16452.44.camel@dbeauchemin.si.usherbrooke.ca> Message-ID: <00b901c3303c$dc4890a0$5b426480@ad.geog.utoronto.ca> Ahh, it make sense to me know. The score for BAYES in the 50_scores.cf says score BAYES_00 0 0 -6.400 -6.400 Therefore the score is correct. Thanks for all your advise. Cheers, Bruce ----- Original Message ----- From: "Denis Beauchemin" To: Sent: Wednesday, June 11, 2003 11:24 AM Subject: Re: Spam score not add up > I think it is not there. You need 4.21-9. > > The score for BAYES_00 can be found by: > grep BAYES_00 /usr/share/spamassassin/50_scores.cf > score BAYES_00 0 0 -5.300 -5.200 > > If the scores file is not located there, try a "locate 50_scores.cf" and > then grep that file. > > Denis > > Le mer 11/06/2003 ? 10:07, Bruce Huang a ?crit : > > > But it hit the BAYES_00 rule as well, which has a negative score. If you > > > have a very recent MailScanner, you can switch on an option that will show > > > you the score of each rule that "hits". > > I am using MailScanner 4.20-3, and can not find the option. Would you mind > > to let me know where it is? > > > > Thanks, > > > > Bruce > -- > Denis Beauchemin, analyste > Universit? de Sherbrooke, S.T.I. > T: 819.821.8000x2252 F: 819.821.8045 > From lilvalo at MIKIBOY.COM Wed Jun 11 17:56:11 2003 From: lilvalo at MIKIBOY.COM (Valmiki N. Ramsewak) Date: Thu Jan 12 21:18:29 2006 Subject: mailscanner + procmail + gentoo In-Reply-To: References: <20030611155503.GA7343@mikiboy.com> Message-ID: <20030611165611.GA8053@mikiboy.com> On Wed, Jun 11, 2003 at 06:34:36PM +0200, Raymond Dijkxhoorn wrote: > Hi! > > > I'm using gentoo. I got mcafee and sendmail working.. I also installed > > mailscanner, and made the changes to the /etc/conf.d/sendmail file > > (/etc/init.d/sendmail reads the options from there) It all starts up fine, > > but nothing gets scanned by mailscanner, and I'm not sure why.. I don't see > > it in the headers..... > > You should STOP sendmail. The mailscanner script should run sendmail. > Well yea I figured that out. But this is the problem. In gentoo you have a dir /etc/init.d with all the startup scripts, just like in redhat... then you use a script rc-update to add and remove programs you want to start on the different boot levels. I have been doing the check_mailscanner thing and then an nmap and no port 25 is open...... So i'm guessing something is wrong big time? Any help appreciated, I'll make a temp acct if someone wants to look around my system... Thanks Valmiki From mailscanner at ecs.soton.ac.uk Wed Jun 11 18:26:34 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:29 2006 Subject: mailscanner + procmail + gentoo In-Reply-To: <20030611165611.GA8053@mikiboy.com> References: <20030611155503.GA7343@mikiboy.com> Message-ID: <5.2.1.1.2.20030611182431.03be5d00@imap.ecs.soton.ac.uk> You need to start 3 processes: 1. A sendmail with "-bd" to supply the SMTP service. 2. A sendmail with "-q15m" (or some other time after the "-q" to deliver the outgoing messages. 3. A MailScanner to join the two together. "check_MailScanner" only starts up number 3. You need to start up numbers 1 and 2 as well. Sample command lines for these are in the installation documentation for the tar distribution. At 17:56 11/06/2003, you wrote: >On Wed, Jun 11, 2003 at 06:34:36PM +0200, Raymond Dijkxhoorn wrote: > > Hi! > > > > > I'm using gentoo. I got mcafee and sendmail working.. I also installed > > > mailscanner, and made the changes to the /etc/conf.d/sendmail file > > > (/etc/init.d/sendmail reads the options from there) It all starts up > fine, > > > but nothing gets scanned by mailscanner, and I'm not sure why.. I > don't see > > > it in the headers..... > > > > You should STOP sendmail. The mailscanner script should run sendmail. > > > >Well yea I figured that out. But this is the problem. In gentoo you have a >dir /etc/init.d with all the startup scripts, just like in redhat... >then you use a script rc-update to add and remove programs you want to >start on the different boot levels. >I have been doing the check_mailscanner thing and then an nmap and no port >25 is open...... So i'm guessing something is wrong big time? > >Any help appreciated, I'll make a temp acct if someone wants to look >around my system... > >Thanks > >Valmiki -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From lilvalo at MIKIBOY.COM Wed Jun 11 18:46:55 2003 From: lilvalo at MIKIBOY.COM (Valmiki N. Ramsewak) Date: Thu Jan 12 21:18:29 2006 Subject: mailscanner + procmail + gentoo In-Reply-To: <5.2.1.1.2.20030611182431.03be5d00@imap.ecs.soton.ac.uk> References: <20030611155503.GA7343@mikiboy.com> <5.2.1.1.2.20030611182431.03be5d00@imap.ecs.soton.ac.uk> Message-ID: <20030611174655.GA8562@mikiboy.com> And in that specific order? valmiki On Wed, Jun 11, 2003 at 06:26:34PM +0100, Julian Field wrote: > You need to start 3 processes: > > 1. A sendmail with "-bd" to supply the SMTP service. > 2. A sendmail with "-q15m" (or some other time after the "-q" to deliver > the outgoing messages. > 3. A MailScanner to join the two together. > > "check_MailScanner" only starts up number 3. You need to start up numbers 1 > and 2 as well. Sample command lines for these are in the installation > documentation for the tar distribution. > > At 17:56 11/06/2003, you wrote: > >On Wed, Jun 11, 2003 at 06:34:36PM +0200, Raymond Dijkxhoorn wrote: > >> Hi! > >> > >> > I'm using gentoo. I got mcafee and sendmail working.. I also installed > >> > mailscanner, and made the changes to the /etc/conf.d/sendmail file > >> > (/etc/init.d/sendmail reads the options from there) It all starts up > >fine, > >> > but nothing gets scanned by mailscanner, and I'm not sure why.. I > >don't see > >> > it in the headers..... > >> > >> You should STOP sendmail. The mailscanner script should run sendmail. > >> > > > >Well yea I figured that out. But this is the problem. In gentoo you have a > >dir /etc/init.d with all the startup scripts, just like in redhat... > >then you use a script rc-update to add and remove programs you want to > >start on the different boot levels. > >I have been doing the check_mailscanner thing and then an nmap and no port > >25 is open...... So i'm guessing something is wrong big time? > > > >Any help appreciated, I'll make a temp acct if someone wants to look > >around my system... > > > >Thanks > > > >Valmiki > > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Wed Jun 11 18:57:49 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:29 2006 Subject: mailscanner + procmail + gentoo In-Reply-To: <20030611174655.GA8562@mikiboy.com> References: <5.2.1.1.2.20030611182431.03be5d00@imap.ecs.soton.ac.uk> <20030611155503.GA7343@mikiboy.com> <5.2.1.1.2.20030611182431.03be5d00@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030611185712.03c07e78@imap.ecs.soton.ac.uk> Doesn't matter. I would personally start them up in the numeric order I gave, but it doesn't really make any difference. At 18:46 11/06/2003, you wrote: >And in that specific order? > >valmiki >On Wed, Jun 11, 2003 at 06:26:34PM +0100, Julian Field wrote: > > You need to start 3 processes: > > > > 1. A sendmail with "-bd" to supply the SMTP service. > > 2. A sendmail with "-q15m" (or some other time after the "-q" to deliver > > the outgoing messages. > > 3. A MailScanner to join the two together. > > > > "check_MailScanner" only starts up number 3. You need to start up numbers 1 > > and 2 as well. Sample command lines for these are in the installation > > documentation for the tar distribution. > > > > At 17:56 11/06/2003, you wrote: > > >On Wed, Jun 11, 2003 at 06:34:36PM +0200, Raymond Dijkxhoorn wrote: > > >> Hi! > > >> > > >> > I'm using gentoo. I got mcafee and sendmail working.. I also installed > > >> > mailscanner, and made the changes to the /etc/conf.d/sendmail file > > >> > (/etc/init.d/sendmail reads the options from there) It all starts up > > >fine, > > >> > but nothing gets scanned by mailscanner, and I'm not sure why.. I > > >don't see > > >> > it in the headers..... > > >> > > >> You should STOP sendmail. The mailscanner script should run sendmail. > > >> > > > > > >Well yea I figured that out. But this is the problem. In gentoo you have a > > >dir /etc/init.d with all the startup scripts, just like in redhat... > > >then you use a script rc-update to add and remove programs you want to > > >start on the different boot levels. > > >I have been doing the check_mailscanner thing and then an nmap and no port > > >25 is open...... So i'm guessing something is wrong big time? > > > > > >Any help appreciated, I'll make a temp acct if someone wants to look > > >around my system... > > > > > >Thanks > > > > > >Valmiki > > > > -- > > Julian Field > > www.MailScanner.info > > Professional Support Services at www.MailScanner.biz > > MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From steve.douglas at SBIINCORPORATED.COM Wed Jun 11 19:56:10 2003 From: steve.douglas at SBIINCORPORATED.COM (Steve Douglas) Date: Thu Jan 12 21:18:29 2006 Subject: F-Prot and Mail Scanner Message-ID: <3963522F0E71474CB14C0FF54A6914F701114FEC@omar.schtre.com> Is your gateway configured with F-Prot "file server" or with F-Prot eMail gateway version? Just curious? Thanks. > -----Original Message----- > From: Damian Mendoza [mailto:damian@WORKGROUPSOLUTIONS.COM] > Sent: Wednesday, June 11, 2003 8:16 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: F-Prot and Mail Scanner > > Hi, > > An update: End-User error as messages were not going thru MailScanner. > MailScanner is working perfectly with F-Prot antivirus. > > Regards, > > Damian > > Workgroup Solutions > 20532 El Toro Rd, Suite 107 > Mission Viejo, CA 92692 > 949 586-2200 > Developers of SpamGate - Stop SPAM today at the Gateway! > > -----Original Message----- > From: Damian Mendoza > Sent: Monday, June 09, 2003 4:43 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: F-Prot and Mail Scanner > > > Hi, > > I installed F-Prot and MailScanner on an SMTP gateway for a customer. My > customer tells me that F-Prot is only blocking 10% of the viruses. They > had 9 messages get passed the F-Prot/MailScanner gateway and 1 message was > stopped according to the maillog. > > Norton Antivirus on the Exchange server told us about the 9 messages. > > Any ideas? F-Prot is getting the updates based on the Maillog file. > > Thanks, > > Damian From kvue at WADSNET.COM Wed Jun 11 20:03:06 2003 From: kvue at WADSNET.COM (Kham Vue) Date: Thu Jan 12 21:18:29 2006 Subject: how to disable Fragmented file option References: <5.2.1.1.2.20030611182431.03be5d00@imap.ecs.soton.ac.uk> <20030611155503.GA7343@mikiboy.com> <5.2.1.1.2.20030611182431.03be5d00@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030611185712.03c07e78@imap.ecs.soton.ac.uk> Message-ID: <01cc01c3304c$1a56f4e0$fa00010a@THINKPAD1800> I'm running MaiLScanner Version 3.27-1. Where is the option to not check or delete fragmented files. Some employees send large files and break it using Outlook Express. MailScanner can't read these files and mark them as possible viruses. Thankx in advance From mailscanner at ecs.soton.ac.uk Wed Jun 11 20:22:11 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:29 2006 Subject: how to disable Fragmented file option In-Reply-To: <01cc01c3304c$1a56f4e0$fa00010a@THINKPAD1800> References: <5.2.1.1.2.20030611182431.03be5d00@imap.ecs.soton.ac.uk> <20030611155503.GA7343@mikiboy.com> <5.2.1.1.2.20030611182431.03be5d00@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030611185712.03c07e78@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030611202041.0265ee98@imap.ecs.soton.ac.uk> I can't remember whether you can disable this in the old version 3. If you upgrade to 4, this is very easy. Discouraging people from splitting emails this way is a better idea. There is no way that any system can reliably virus-check these files without being open to denial-of-service attacks. At 20:03 11/06/2003, you wrote: >I'm running MaiLScanner Version 3.27-1. >Where is the option to not check or delete fragmented files. > >Some employees send large files and break it using Outlook Express. > >MailScanner can't read these files and mark them as possible viruses. > > >Thankx in advance -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From guymon at RAEINTERNET.COM Wed Jun 11 21:13:58 2003 From: guymon at RAEINTERNET.COM (Jon Guymon) Date: Thu Jan 12 21:18:29 2006 Subject: AV plugins and loggin References: <5.2.1.1.2.20030611182431.03be5d00@imap.ecs.soton.ac.uk> <20030611155503.GA7343@mikiboy.com> <5.2.1.1.2.20030611182431.03be5d00@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030611185712.03c07e78@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030611202041.0265ee98@imap.ecs.soton.ac.uk> Message-ID: <3EE78D86.6000303@raeinternet.com> Recently installed MailScanner, no errors, mail flows freely. Installed RAV and Sophos AV products, each works properly. Added "-r" to syslog to facilitate MailScanner logging. Unfortunately eicar passes right through without incident, and nothing is logged to syslog (except for the regular sendmail messages). I'm not sure that the 2-phase sendmail setup is doing what it should, but I'm not sure how to check. I'm pretty sure I can trouble-shoot this, but I need to know where to look. The install docs aren't too telling. Any pointers would be great! Scanned by RAV AntiVirus for MailServers. AntiVirus, AntiSpam, Content Filtering. http://raeinternet.com From kusler at NSCL.MSU.EDU Wed Jun 11 21:27:35 2003 From: kusler at NSCL.MSU.EDU (Jay Kusler) Date: Thu Jan 12 21:18:29 2006 Subject: double messages? Message-ID: On Wed, 11 Jun 2003 16:03:57 +0100, Spicer, Kevin wrote: >> >> I upgraded to Postfix 2.0.11 yesterday to see if that would >> fix things, but >> no luck. These second (empty) messages still happen. I've >> had 2 today, out >> of about 20 emails. Any hints on where I could look? > >Probably way off base but... >I had a similar problem months ago - but with sendmail. Turned out our >exchange server was set to make ETRN requests to our Mailscanner box. >Julian has since modified the sendmail startup scripts to defend against >this, but I don't know whether it might affect other mailers. Probably not >your problem but something to rule out at least! Thanks Kevin. I don't think that's the problem here: one box does everything. This is the sequence of events I'm seeing. I guess, if I'm right, that the real question is 'why does that second MailScanner instance start up 1 second after the other one?'. I tried upping the Queue Scan Interval to 20 seconds hoping that would help, but it doesn't seem to. I have not tried cutting Max Children back to 1, but perhaps that's next: somewhat of a waste on a dual-cpu box. Perhaps there is a lock not getting set, or some race condition with locking? I'm at a loss what to look at next. Thanks for your help, Jay Kusler ----------------------------------------------------------------------- Annotated /var/log/syslog follows: Connect to the mail server (jade) smtpd and stick the incoming message into /var/spool/postfix.in/deferred rather than deliver it ---------------------------------------------------------------------- Jun 11 15:20:22 jade postfix/smtpd[13517]: [ID 197553 mail.info] disconnect from sys10.mail.msu.edu[35.9.75.110] Jun 11 15:20:22 jade postfix/qmgr[4999]: [ID 197553 mail.info] AF3D0F3: from=, size=1167, nrcpt=1 (queue active) Jun 11 15:20:22 jade postfix/qmgr[4999]: [ID 197553 mail.info] AF3D0F3: to=, relay=none, delay=0, status=deferred (deferred transport) MailScanner (pid 5146) starts up and scans /var/spool/postfix.in/deferred and finds the message to me ---------------------------------------------------------------------- Jun 11 15:20:26 jade.nscl.msu.edu MailScanner[5146]: New Batch: Scanning 1 messages, 1505 bytes Jun 11 15:20:26 jade.nscl.msu.edu MailScanner[5146]: Virus and Content Scanning: Starting Here is the funky part: another MailScanner process (pid 5095) starts up and tries to process the same mail message ------------------------------------------------------------------------ Jun 11 15:20:27 jade.nscl.msu.edu MailScanner[5095]: New Batch: Scanning 1 messages, 1505 bytes The first MailScanner process declares all to be well, and (presumably) puts the uninfected message into /var/spool/postfix/incoming ----------------------------------------------------------------------- Jun 11 15:20:27 jade.nscl.msu.edu MailScanner[5146]: Uninfected: Delivered 1 messages The qmgr notices the message and hands it off to procmail to actually deliver ----------------------------------------------------------------------- Jun 11 15:20:27 jade postfix/qmgr[5040]: [ID 197553 mail.info] 09432938B: from=, size=1261, nrcpt=2 (queue active) Meanwhile the second MailScanner instance (pid 5095) scans the same message, which for some reason is nothing but a header with no body and puts it also into /var/spool/postfix/incoming where qmgr finds it and also hands it off to procmail for delivery ----------------------------------------------------------------------- 11 15:20:27 jade.nscl.msu.edu MailScanner[5095]: Virus and Content Scanning: Starting Jun 11 15:20:28 jade.nscl.msu.edu MailScanner[5095]: Uninfected: Delivered 1 messages Jun 11 15:20:28 jade postfix/qmgr[5040]: [ID 197553 mail.info] A167D9380: from=, size=1111, nrcpt=2 (queue active) Finally, both messages are delivered, 7 seconds apart. ------------------------------------------------------------------------- Jun 11 15:20:29 jade postfix/local[16398]: [ID 197553 mail.info] 09432938B: to=, relay=local, delay=7, status=sent ("|/usr/nsclsbin/procmail") Jun 11 15:20:36 jade postfix/local[17949]: [ID 197553 mail.info] A167D9380: to=, relay=local, delay=14, status=sent ("|/usr/nsclsbin/procmail") From mailscanner at ecs.soton.ac.uk Wed Jun 11 21:30:02 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:30 2006 Subject: AV plugins and loggin In-Reply-To: <3EE78D86.6000303@raeinternet.com> References: <5.2.1.1.2.20030611182431.03be5d00@imap.ecs.soton.ac.uk> <20030611155503.GA7343@mikiboy.com> <5.2.1.1.2.20030611182431.03be5d00@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030611185712.03c07e78@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030611202041.0265ee98@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030611212920.026573d8@imap.ecs.soton.ac.uk> You should see MailScanner headers in the messages coming out. Did you stop the original sendmail process before starting up MailScanner and its 2 sendmail processes? At 21:13 11/06/2003, you wrote: >Recently installed MailScanner, no errors, mail flows freely. >Installed RAV and Sophos AV products, each works properly. >Added "-r" to syslog to facilitate MailScanner logging. > >Unfortunately eicar passes right through without incident, and nothing >is logged to syslog (except for the regular sendmail messages). > >I'm not sure that the 2-phase sendmail setup is doing what it should, >but I'm not sure how to check. > >I'm pretty sure I can trouble-shoot this, but I need to know where to >look. The install docs aren't too telling. > >Any pointers would be great! > > > > >Scanned by RAV AntiVirus for MailServers. AntiVirus, AntiSpam, Content >Filtering. http://raeinternet.com -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From hciss at HCIWS.COM Wed Jun 11 21:43:55 2003 From: hciss at HCIWS.COM (Matt) Date: Thu Jan 12 21:18:30 2006 Subject: Autoupdate Message-ID: <001901c3305a$302ea8e0$7801a8c0@matthew> I am using autoupdate script provided with mailscanner to keep f-prot up to date. What has been strange lately is that it always says that everything is already up to date and there is nothing to be done. It does seem to be updating on occassion though because the files have been kept up to date. Any idea why? I use this script to call autoupdate in cron.daily. #!/bin/bash perl /usr/local/f-prot/autoupdate exit 0 The other thing. I noticed there is a quiet option in the autoupdate script. Right now I have it set to 0 since I want to know its working. Getting an email in my admin account everyday gets old though. It would be so much nicer if it was silent unless it actually found an update. That way I would only get a message every few days when it did actually update and I could check for updates more frequently. Is that possible? Matt From kevins at BMRB.CO.UK Wed Jun 11 21:50:00 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:30 2006 Subject: double messages? In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0011758CA@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB0011758CA@pascal.priv.bmrb.co.uk> Message-ID: <1055364600.11842.18.camel@bach.kevinspicer.co.uk> >I tried upping the Queue Scan Interval to 20 seconds hoping that >would help, but it doesn't seem to. I have not tried cutting Max >Children back to 1, but perhaps that's next: somewhat of a waste on a >dual-cpu box. Perhaps there is a lock not getting set, or some race >condition with locking? locking would seem like the obvious choice, wouldn't it. I'm not sure which kind of locking MailScanner uses by defaultwith Postfix. One (probably obvious) check - this is a local drive isn't it (I know its unlikely anyone would be using NFS for a mail queue, but worth making sure). I notice from your original post that you are running Solaris 8, I've just found this little snippet with Google... "Welcome to the world of POSIX fcntl() locking, which is the only locking that Postfix can use on System-V systems such as Solaris, HP-UX and others." I'm taking it out of context, but it came from the keyboard of Wietse Venema so it should be reliable information (heres the link http://archives.neohapsis.com/archives/postfix/2000-12/0521.html) Now, if MailScanner is using flock (which it does by default for sendmail I can see this might be the problem. You might like to try setting Lock Type = posix where #Lock Type = flock appears (commented out) near the end of MailScanner.conf. One word of caution, I'm guessing completely(!) and screwing with locking could make things much worse :( Maybe worth waiting for a second opinion or two from others! BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From lilvalo at MIKIBOY.COM Wed Jun 11 21:51:20 2003 From: lilvalo at MIKIBOY.COM (Valmiki N. Ramsewak) Date: Thu Jan 12 21:18:30 2006 Subject: Autoupdate In-Reply-To: <001901c3305a$302ea8e0$7801a8c0@matthew> References: <001901c3305a$302ea8e0$7801a8c0@matthew> Message-ID: <20030611205120.GD8996@mikiboy.com> On Wed, Jun 11, 2003 at 03:43:55PM -0500, Matt wrote: > I am using autoupdate script provided with mailscanner to keep f-prot up to > date. What has been strange lately is that it always says that everything > is already up to date and there is nothing to be done. It does seem to be > updating on occassion though because the files have been kept up to date. > Any idea why? > > I use this script to call autoupdate in cron.daily. > > #!/bin/bash > perl /usr/local/f-prot/autoupdate > exit 0 > > The other thing. I noticed there is a quiet option in the autoupdate > script. Right now I have it set to 0 since I want to know its working. > Getting an email in my admin account everyday gets old though. It would be > so much nicer if it was silent unless it actually found an update. That way > I would only get a message every few days when it did actually update and I > could check for updates more frequently. Is that possible? > Sure it is. I'm not sure what the output looks like. But essentially compare the two outputs.... look for something different and run a an if statement thru..... thats how i would do it valmiki From kevins at BMRB.CO.UK Wed Jun 11 21:53:54 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:30 2006 Subject: Autoupdate In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0011758CC@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB0011758CC@pascal.priv.bmrb.co.uk> Message-ID: <1055364834.11845.22.camel@bach.kevinspicer.co.uk> >I use this script to call autoupdate in cron.daily. >#!/bin/bash >perl /usr/local/f-prot/autoupdate >exit 0 Do you by any chance have update_virus_scanners in /etc/cron.hourly ? That will update f-prot hourly which is probably why your (nightly) cron.daily script doesn't find any update required. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From mailscanner at ecs.soton.ac.uk Wed Jun 11 21:58:54 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:30 2006 Subject: Autoupdate In-Reply-To: <001901c3305a$302ea8e0$7801a8c0@matthew> Message-ID: <5.2.1.1.2.20030611215716.03d6c930@imap.ecs.soton.ac.uk> At 21:43 11/06/2003, you wrote: >I am using autoupdate script provided with mailscanner to keep f-prot up to >date. What has been strange lately is that it always says that everything >is already up to date and there is nothing to be done. It does seem to be >updating on occassion though because the files have been kept up to date. >Any idea why? > >I use this script to call autoupdate in cron.daily. > >#!/bin/bash >perl /usr/local/f-prot/autoupdate >exit 0 If you are using MailScanner version 4, then you should have a cron job in /etc/cron.hourly which calls my global updater (update_virus_scanners) which updates all the scanners that are installed. You should have deleted your cron job to call f-prot/autoupdate when you upgraded from version 3 to 4. >The other thing. I noticed there is a quiet option in the autoupdate >script. Right now I have it set to 0 since I want to know its working. >Getting an email in my admin account everyday gets old though. It would be >so much nicer if it was silent unless it actually found an update. That way >I would only get a message every few days when it did actually update and I >could check for updates more frequently. Is that possible? See above. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From guymon at RAEINTERNET.COM Wed Jun 11 22:00:59 2003 From: guymon at RAEINTERNET.COM (Jon Guymon) Date: Thu Jan 12 21:18:30 2006 Subject: AV plugins and loggin References: <5.2.1.1.2.20030611182431.03be5d00@imap.ecs.soton.ac.uk> <20030611155503.GA7343@mikiboy.com> <5.2.1.1.2.20030611182431.03be5d00@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030611185712.03c07e78@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030611202041.0265ee98@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030611212920.026573d8@imap.ecs.soton.ac.uk> Message-ID: <3EE7988B.2060006@raeinternet.com> Yeah. Stopped sendmail, started MailScanner. Did it all again to make sure, but no help. The messages have no MailScanner header. Does MailScanner installation make sendmail.(mc|cf) changes so the two sendmails get along? Sorry to seem like a tool. Even if someone just pointed me to documentation a little more thorough than the various install FAQs and quickstart guides, that would help. Thanks! Julian Field wrote: > You should see MailScanner headers in the messages coming out. Did you > stop > the original sendmail process before starting up MailScanner and its 2 > sendmail processes? > > At 21:13 11/06/2003, you wrote: > >> Recently installed MailScanner, no errors, mail flows freely. >> Installed RAV and Sophos AV products, each works properly. >> Added "-r" to syslog to facilitate MailScanner logging. >> >> Unfortunately eicar passes right through without incident, and nothing >> is logged to syslog (except for the regular sendmail messages). >> >> I'm not sure that the 2-phase sendmail setup is doing what it should, >> but I'm not sure how to check. >> >> I'm pretty sure I can trouble-shoot this, but I need to know where to >> look. The install docs aren't too telling. >> >> Any pointers would be great! >> >> >> >> >> Scanned by RAV AntiVirus for MailServers. AntiVirus, AntiSpam, Content >> Filtering. http://raeinternet.com > > > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > > > Scanned by RAV AntiVirus for MailServers. AntiVirus, AntiSpam, Content > Filtering. http://raeinternet.com Scanned by RAV AntiVirus for MailServers. AntiVirus, AntiSpam, Content Filtering. http://raeinternet.com From kevins at BMRB.CO.UK Wed Jun 11 22:09:43 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:30 2006 Subject: AV plugins and loggin In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0011758D1@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB0011758D1@pascal.priv.bmrb.co.uk> Message-ID: <1055365784.15883.2.camel@bach.kevinspicer.co.uk> >On Wed, 2003-06-11 at 22:00, Jon Guymon wrote: >Yeah. Stopped sendmail, started MailScanner. Did it all again to make >sure, but no help. The messages have no MailScanner header. Did you make sure there were no sendmail processes running before starting MailScanner? I've seen the init scripts not properly kill sendmail. Stop both mailscanner and sendmail, make sure all sendmail processes are gone then start MailScanner. You shouldn't need to touch sendmail mc|cf files, MailScanner adds the necessary arguments on the command line. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From lilvalo at MIKIBOY.COM Wed Jun 11 22:20:10 2003 From: lilvalo at MIKIBOY.COM (Valmiki N. Ramsewak) Date: Thu Jan 12 21:18:30 2006 Subject: mailscanner + procmail + gentoo In-Reply-To: <5.2.1.1.2.20030611185712.03c07e78@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030611182431.03be5d00@imap.ecs.soton.ac.uk> <20030611155503.GA7343@mikiboy.com> <5.2.1.1.2.20030611182431.03be5d00@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030611185712.03c07e78@imap.ecs.soton.ac.uk> Message-ID: <20030611212010.GA10680@mikiboy.com> Ok I finally got it working, thanks for the general outlay Julian. And thanks for such a great project. Gentoo users, just in case you're new, you need to place this file in the /etc/init.d/ dir, give it a chmod 755 and then add it to the startup.I name the file mailscanner so rc-update add mailscanner and remember to stop sendmail fromstarting up rc-update del sendmail have fun Valmiki ----- start file-------- #!/sbin/runscript # Distributed under the terms of the GNU General Public License, v2 or later # Created by Valmiki N. Ramsewak for use with the mailscanner and sendmail. # Basically everything is just like the other init scripts in gentoo, everything # else is just paths to sendmail and the check_mailscanner script from the # the mailscanner file. depend() { need net use logger } start() { echo "Starting MailScanner daemons" /usr/bin/newaliases > /dev/null 2>&1 (cd /var/spool/mqueue; rm -f xf*) ebegin " incoming sendmail: " /usr/sbin/sendmail -bd -OPrivacyOptions=noetrn -ODeliveryMode=queueonly -OQueueDirectory=/var/spool/mqueue.in eend $? ebegin " outgoing sendmail: " /usr/sbin/sendmail -q15m eend $? ebegin " MailScanner: " /opt/MailScanner/bin/check_mailscanner > /dev/null eend $? } stop() { echo "Shutting down MailScanner daemons:" ebegin " sendmail: " killall -9 sendmail eend $? ebegin " MailScanner: " killall -9 MailScanner eend $? } ---------end file ---------- From guymon at RAEINTERNET.COM Wed Jun 11 22:22:14 2003 From: guymon at RAEINTERNET.COM (Jon Guymon) Date: Thu Jan 12 21:18:30 2006 Subject: AV plugins and loggin References: <5C0296D26910694BB9A9BBFC577E7AB0011758D1@pascal.priv.bmrb.co.uk> <1055365784.15883.2.camel@bach.kevinspicer.co.uk> Message-ID: <3EE79D86.9040107@raeinternet.com> Kevin Spicer wrote: >Did you make sure there were no sendmail processes running before >starting MailScanner? I've seen the init scripts not properly kill >sendmail. Stop both mailscanner and sendmail, make sure all sendmail >processes are gone then start MailScanner. > Yep, nothing left running. MailScanner starts normally, logging: Jun 11 16:16:24 localhost MailScanner[16605]: MailScanner E-Mail Virus Scanner version 4.21-9 starting... Jun 11 16:16:24 localhost MailScanner[16605]: Using locktype = flock five times (normal right?). From then on mail flows normally, but there are no added headers, and no eicar stoppage. >You shouldn't need to touch sendmail mc|cf files, MailScanner adds the >necessary arguments on the command line. > > > Scanned by RAV AntiVirus for MailServers. AntiVirus, AntiSpam, Content Filtering. http://raeinternet.com From kevins at BMRB.CO.UK Wed Jun 11 22:26:41 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:30 2006 Subject: double messages? In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0011758CD@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB0011758CD@pascal.priv.bmrb.co.uk> Message-ID: <1055366802.15994.6.camel@bach.kevinspicer.co.uk> >locking would seem like the obvious choice, wouldn't it. I'm not sure >which kind of locking MailScanner uses by default with Postfix. Digging around a bit in a box with postfix (but not MS) installed, you can find which kind of locking your postfix install can use by doing a postconf -l BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From kevins at BMRB.CO.UK Wed Jun 11 22:32:26 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:30 2006 Subject: AV plugins and loggin In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0011758D4@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB0011758D4@pascal.priv.bmrb.co.uk> Message-ID: <1055367147.15883.12.camel@bach.kevinspicer.co.uk> >Yep, nothing left running. MailScanner starts normally, logging: >Jun 11 16:16:24 localhost MailScanner[16605]: MailScanner E-Mail Virus >Scanner version 4.21-9 starting... >Jun 11 16:16:24 localhost MailScanner[16605]: Using locktype = flock >five times (normal right?). Yes, 1 for each child. > From then on mail flows normally, but there are no added headers, and > no eicar stoppage. Whats this in your sig...? Is this on your MS machine or elsewhere? >Scanned by RAV AntiVirus for MailServers. AntiVirus, AntiSpam, Content > Filtering. http://raeinternet.com If that doesn't help could you post enough of your mail log to show the sequence of events when a mail is recieved and dispatched. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From peter at UCGBOOK.COM Wed Jun 11 22:55:08 2003 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:18:30 2006 Subject: AV plugins and loggin In-Reply-To: <3EE79D86.9040107@raeinternet.com> References: <5C0296D26910694BB9A9BBFC577E7AB0011758D1@pascal.priv.bmrb.co.uk> <1055365784.15883.2.camel@bach.kevinspicer.co.uk> <3EE79D86.9040107@raeinternet.com> Message-ID: <1055368508.1981.1.camel@rocco.bonivart.home> Could you post how you start Sendmail? Have you separated it into two commands? One listening on port 25 and queueing to mqueue.in and one delivering from mqueue? /Peter Bonivart --Unix lovers do it in the Sun On Wed, 2003-06-11 at 23:22, Jon Guymon wrote: > Kevin Spicer wrote: > > >Did you make sure there were no sendmail processes running before > >starting MailScanner? I've seen the init scripts not properly kill > >sendmail. Stop both mailscanner and sendmail, make sure all sendmail > >processes are gone then start MailScanner. > > > Yep, nothing left running. MailScanner starts normally, logging: > > Jun 11 16:16:24 localhost MailScanner[16605]: MailScanner E-Mail Virus > Scanner version 4.21-9 starting... > Jun 11 16:16:24 localhost MailScanner[16605]: Using locktype = flock > > five times (normal right?). > > From then on mail flows normally, but there are no added headers, and > no eicar stoppage. > > >You shouldn't need to touch sendmail mc|cf files, MailScanner adds the > >necessary arguments on the command line. > > > > > > > > > > > > > Scanned by RAV AntiVirus for MailServers. AntiVirus, AntiSpam, Content Filtering. http://raeinternet.com From peter at UCGBOOK.COM Wed Jun 11 22:59:55 2003 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:18:30 2006 Subject: logging problem In-Reply-To: <3EE4E5DD.7010800@dalsemi.com> References: <3EE4E5DD.7010800@dalsemi.com> Message-ID: <1055368795.1980.6.camel@rocco.bonivart.home> Strange, I have a similar setup (Solaris 9, Sendmail 8.12.9, MailScanner 4.21-6 and SpamAssassin 2.54). The only thing I changed in MailScanner.conf regarding this was "Log Spam = yes". Nothing is changed in the system and everything is logged. Do you get any logs at all from sendmail/mailscanner/spamassassin? /Peter Bonivart --Unix lovers do it in the Sun On Mon, 2003-06-09 at 21:54, David Vosburgh wrote: > I have installed MailScanner-4.21-9, Mail-SpamAssassin-2.55, and all the > related perl modules on a Sun system recently jumpstarted with 2.8 and a > recent patch cluster. Sendmail is v8.12.9. > > Everything seems to be working as advertised, with the exception of > logging. I am using the default "Syslog Facility = mail" option, and > have turned on spam logging with "Log Spam = yes". My syslog.conf has a > single entry for mail logging: > > mail.info /var/adm/maillog > > I read the FAQ and some posts on this list, and have tried the following > without success (always re-starting MailScanner after the change): > > 1) starting syslog without the "-t" option > 2) removed the syslog patch 110945-07 (now -05) > 3) removed the "eval" from the setlogsock syslog command under the Start > section of Log.pm > 4) added a "mail.debug /opt/MailScanner/var/log" to syslog.conf > > Any ideas on where to go from here? > > Thanks, > > Dave From guymon at RAEINTERNET.COM Wed Jun 11 23:00:12 2003 From: guymon at RAEINTERNET.COM (Jon Guymon) Date: Thu Jan 12 21:18:30 2006 Subject: AV plugins and loggin References: <5C0296D26910694BB9A9BBFC577E7AB0011758D4@pascal.priv.bmrb.co.uk> <1055367147.15883.12.camel@bach.kevinspicer.co.uk> Message-ID: <3EE7A66C.5010100@raeinternet.com> Forgive the long message. The sig is added by a different server, I'm not using the MailScanner server in production yet. What follows is a transcript of stopping MailScanner, starting it, examining the maillog while sending an eicar message, and the header of the message when it reaches its destination. enjoy :] [root@wayne init.d]# /etc/init.d/MailScanner stop Shutting down MailScanner daemons: MailScanner: [ OK ] incoming sendmail: [ OK ] outgoing sendmail: [ OK ] [root@wayne init.d]# /etc/init.d/sendmail stop Shutting down sendmail: [FAILED] [root@wayne init.d]# ps afx | grep sendmail [root@wayne init.d]# /etc/init.d/MailScanner start Starting MailScanner daemons: incoming sendmail: [ OK ] outgoing sendmail: [ OK ] MailScanner: [ OK ] [root@wayne init.d]# ps afx | grep sendmail 16817 ? S 0:00 sendmail: accepting connections 16826 ? S 0:00 /usr/sbin/sendmail -q15m -OPidFile /var/run/sendmail. [root@wayne init.d]# tail -f /var/log/maillog Jun 11 16:52:05 localhost MailScanner[16603]: MailScanner child caught a SIGHUP Jun 11 16:52:05 localhost MailScanner[16602]: MailScanner child caught a SIGHUP Jun 11 16:52:25 localhost sendmail[16808]: alias database /etc/aliases rebuilt by gnarg Jun 11 16:52:25 localhost sendmail[16808]: /etc/aliases: 42 aliases, longest 57 bytes, 489 bytes total Jun 11 16:52:26 localhost sendmail[16817]: starting daemon (8.11.6): SMTP Jun 11 16:52:26 localhost sendmail[16826]: starting daemon (8.11.6): queueing@00:15:00 Jun 11 16:52:27 localhost MailScanner[16845]: MailScanner E-Mail Virus Scanner version 4.21-9 starting... Jun 11 16:52:27 localhost MailScanner[16845]: Using locktype = flock Jun 11 16:52:37 localhost MailScanner[16851]: MailScanner E-Mail Virus Scanner version 4.21-9 starting... Jun 11 16:52:37 localhost MailScanner[16851]: Using locktype = flock Jun 11 16:52:47 localhost MailScanner[16853]: MailScanner E-Mail Virus Scanner version 4.21-9 starting... Jun 11 16:52:47 localhost MailScanner[16853]: Using locktype = flock Jun 11 16:52:57 localhost MailScanner[16854]: MailScanner E-Mail Virus Scanner version 4.21-9 starting... Jun 11 16:52:57 localhost MailScanner[16854]: Using locktype = flock Jun 11 16:53:07 localhost MailScanner[16855]: MailScanner E-Mail Virus Scanner version 4.21-9 starting... Jun 11 16:53:07 localhost MailScanner[16855]: Using locktype = flock Jun 11 16:55:03 localhost sendmail[16867]: h5BKt2x16867: from=root, size=96, class=0, nrcpts=1, msgid=<200306112055.h5BKt2x16867@wayne.raeinternet.com>, relay=root@localhost Jun 11 16:55:03 localhost sendmail[16870]: h5BKt2x16867: to=XXXX@slackworks.com, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:00, mailer=esmtp, pri=30096, relay=chopper.slackworks.com. [64.244.30.42], dsn=2.0.0, stat=Sent (h5BLswi7027397 Message accepted for delivery) --------- From - Wed Jun 11 17:54:30 2003 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Return-Path: Received: from wayne.raeinternet.com (raeinternet.com [216.150.133.100]) by chopper.slackworks.com (8.12.8/8.12.8) with ESMTP id h5BLswi7027397 for Message-Id: <200306112055.h5BKt2x16867@wayne.raeinternet.com> To: XXXX@slackworks.com X-DCC-servers-Metrics: chopper.slackworks.com 1049; Body=9 Fuz1=9 X-Spam-Status: No, hits=0.0 required=10.0 tests=none version=2.52 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.52 (1.174.2.8-2003-03-24-exp) Kevin Spicer wrote >If that doesn't help could you post enough of your mail log to show the >sequence of events when a mail is recieved and dispatched. > > > Scanned by RAV AntiVirus for MailServers. AntiVirus, AntiSpam, Content Filtering. http://raeinternet.com From kevins at BMRB.CO.UK Wed Jun 11 23:10:15 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:30 2006 Subject: AV plugins and loggin In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0011758D9@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB0011758D9@pascal.priv.bmrb.co.uk> Message-ID: <1055369416.15883.18.camel@bach.kevinspicer.co.uk> Jun 11 16:55:03 localhost sendmail[16867]: h5BKt2x16867: from=root, ^^^^ A-Ha(?) You're sending mail out from the machine itself to test, which means that your MUA is probably invoking sendmail directly and so it never touches mqueue.in and hence never goes through mailscanner. Try using an MUA that you can configure to connect to localhost:25 via SMTP, it'll probably work. Or even just telnet to localhost:25 if you know how to speak SMTP. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From kevins at BMRB.CO.UK Wed Jun 11 23:14:52 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:30 2006 Subject: AV plugins and loggin In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0011758D7@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB0011758D7@pascal.priv.bmrb.co.uk> Message-ID: <1055369693.15883.23.camel@bach.kevinspicer.co.uk> On Wed, 2003-06-11 at 22:55, Peter Bonivart wrote: Could you post how you start Sendmail? Have you separated it into two commands? One listening on port 25 and queueing to mqueue.in and one delivering from mqueue? Basically... # incoming mail /usr/lib/sendmail -bd -OPrivacyOptions=noetrn \ -ODeliveryMode=queueonly \ -OQueueDirectory=/var/spool/mqueue.in # queue runner for outgoing mail /usr/lib/sendmail -q15m But theres some good init scripts for most systems kicking around that deal with MailScanner and the MTA. Theres probably one in your mailscanner distribution. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From TGFurnish at HERFF-JONES.COM Wed Jun 11 23:31:46 2003 From: TGFurnish at HERFF-JONES.COM (Furnish, Trever G) Date: Thu Jan 12 21:18:30 2006 Subject: sophos licensing - one user or per "address"? Message-ID: <5D8D9455134FD211AE4900A0C9DED11E0AFDDBC9@indy1ntm.herffjones.hj-int> I'm curious - for those of you using sophos on a mailscanner system acting only as a relay (not a "mailbox server"), did you license it based on the number of recipients for whom you would deliver email or did you get a single-user license (or something else I'm failing to imagine)? Considering that we're talking about a mail relay, I personally think it's silly to license a package based on the number of destination addresses being protected by the product, given that the number includes not only your internal users but also the people they send email to (assuming that you filter outbound mail as well as inbound mail). Sophos sales rep would obviously like me to license based on the number of internal users I have on my destination system, which seems rather ridiculous. -t. From lists at STHOMAS.NET Wed Jun 11 23:47:25 2003 From: lists at STHOMAS.NET (Steve Thomas) Date: Thu Jan 12 21:18:30 2006 Subject: sophos licensing - one user or per "address"? In-Reply-To: <5D8D9455134FD211AE4900A0C9DED11E0AFDDBC9@indy1ntm.herffjones.hj-int>; from TGFurnish@HERFF-JONES.COM on Wed, Jun 11, 2003 at 05:31:46PM -0500 References: <5D8D9455134FD211AE4900A0C9DED11E0AFDDBC9@indy1ntm.herffjones.hj-int> Message-ID: <20030611154725.A1127@sthomas.net> We have a license that covers all our users, however, we use it on the desktops as well. When I was setting up the license with the Sophos rep, I asked about the mail server and he told me that because we were licensing each user's desktop, we'd be able to use it on the mail server without any problem. I know that doesn't do much to answer your question, but I thought I'd throw it out there. On Wed, Jun 11, 2003 at 05:31:46PM -0500, Furnish, Trever G is rumored to have said: > > I'm curious - for those of you using sophos on a mailscanner system acting > only as a relay (not a "mailbox server"), did you license it based on the > number of recipients for whom you would deliver email or did you get a > single-user license (or something else I'm failing to imagine)? > > Considering that we're talking about a mail relay, I personally think it's > silly to license a package based on the number of destination addresses > being protected by the product, given that the number includes not only your > internal users but also the people they send email to (assuming that you > filter outbound mail as well as inbound mail). > > Sophos sales rep would obviously like me to license based on the number of > internal users I have on my destination system, which seems rather > ridiculous. > > -t. -- Steve Thomas ---------------------------------------------------------- "...subatomic matter in a particle accelerator that exists for only a few microseconds seems to exhibit more uptime than the RIAA's website." -- Andrew Orlowski TheRegister.co.uk From richard.lush at NTLWORLD.COM Wed Jun 11 23:38:01 2003 From: richard.lush at NTLWORLD.COM (Richard Lush) Date: Thu Jan 12 21:18:30 2006 Subject: MailScanner Webmin Module 0.6 BETA Released Message-ID: Hi All, I am pleased to announce the release of the next version of the webmin module. This version has all the latest options for MailScanner 4.21, and the abilty to text edit all the ruleset options. Please email me webmin@lushsoft.dyndns.org of any issues you find (hopefully there are non) and any additional features you want to see etc. Regards Richard From mike at CAMAROSS.NET Wed Jun 11 23:54:28 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:18:30 2006 Subject: sophos licensing - one user or per "address"? In-Reply-To: <5D8D9455134FD211AE4900A0C9DED11E0AFDDBC9@indy1ntm.herffjones.hj-int> Message-ID: <001d01c3306c$6a0a7fa0$6701a8c0@home.middlefinger.net> Their licensing scheme is so cryptic, I almost got pissed enough to not use their product. After a few conversations back and forth with the rep, I finally licensed a single user...since only one user is running sweep per machine. Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Furnish, Trever G Sent: Wednesday, June 11, 2003 5:32 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: sophos licensing - one user or per "address"? I'm curious - for those of you using sophos on a mailscanner system acting only as a relay (not a "mailbox server"), did you license it based on the number of recipients for whom you would deliver email or did you get a single-user license (or something else I'm failing to imagine)? Considering that we're talking about a mail relay, I personally think it's silly to license a package based on the number of destination addresses being protected by the product, given that the number includes not only your internal users but also the people they send email to (assuming that you filter outbound mail as well as inbound mail). Sophos sales rep would obviously like me to license based on the number of internal users I have on my destination system, which seems rather ridiculous. -t. From kusler at NSCL.MSU.EDU Thu Jun 12 05:13:46 2003 From: kusler at NSCL.MSU.EDU (Jay Kusler) Date: Thu Jan 12 21:18:30 2006 Subject: double messages? In-Reply-To: <1055364600.11842.18.camel@bach.kevinspicer.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB0011758CA@pascal.priv.bmrb.co.uk> <1055364600.11842.18.camel@bach.kevinspicer.co.uk> Message-ID: <20030612041346.GA27522@nscl.msu.edu> Thanks Kevin. I bit the bullet and switched to posix locking: no help. I also changed the number of children to 1: no help I'm stumped. Anybody? Thanks, Jay On Wed, Jun 11, 2003 at 09:50:00PM +0100, Kevin Spicer wrote: > Date: Wed, 11 Jun 2003 21:50:00 +0100 > Subject: Re: double messages? > From: Kevin Spicer > To: MAILSCANNER@JISCMAIL.AC.UK > > >I tried upping the Queue Scan Interval to 20 seconds hoping that > >would help, but it doesn't seem to. I have not tried cutting Max > >Children back to 1, but perhaps that's next: somewhat of a waste on a > >dual-cpu box. Perhaps there is a lock not getting set, or some race > >condition with locking? > > locking would seem like the obvious choice, wouldn't it. I'm not sure > which kind of locking MailScanner uses by defaultwith Postfix. One > (probably obvious) check - this is a local drive isn't it (I know its > unlikely anyone would be using NFS for a mail queue, but worth making > sure). > > I notice from your original post that you are running Solaris 8, I've > just found this little snippet with Google... > > "Welcome to the world of POSIX fcntl() locking, which is the only > locking that Postfix can use on System-V systems such as Solaris, HP-UX > and others." > > I'm taking it out of context, but it came from the keyboard of Wietse > Venema so it should be reliable information (heres the link > http://archives.neohapsis.com/archives/postfix/2000-12/0521.html) > > Now, if MailScanner is using flock (which it does by default for > sendmail I can see this might be the problem. You might like to try > setting > Lock Type = posix > where > #Lock Type = flock > appears (commented out) near the end of MailScanner.conf. > > One word of caution, I'm guessing completely(!) and screwing with > locking could make things much worse :( Maybe worth waiting for a > second opinion or two from others! > > > > > BMRB International > http://www.bmrb.co.uk > +44 (0)20 8566 5000 > _________________________________________________________________ > This message (and any attachment) is intended only for the > recipient and may contain confidential and/or privileged > material. If you have received this in error, please contact the > sender and delete this message immediately. Disclosure, copying > or other action taken in respect of this email or in > reliance on it is prohibited. BMRB International Limited > accepts no liability in relation to any personal emails, or > content of any email which does not directly relate to our > business. ---end quoted text--- From tomas at SAP.SE Thu Jun 12 07:21:53 2003 From: tomas at SAP.SE (Tomas Hellberg) Date: Thu Jan 12 21:18:30 2006 Subject: Notify only local senders Message-ID: It looks like I?ve got every thing working. Exept for one smal thing my users don?t get any mail from my mailgate. If I send a virus mail from local it gets stopt. The log tells me that MS send a mail to the sender, but the sender never gets any mail. I get a mail as admin. Mail from the Internet works just fine. My users get a warning and the sender don?t get annything. I think I is something wrong whith my sendmail path? I?m using postfix 2.0.8 on a RH 8 system. Help annyone .. PS thanx so far .. On Tue, 10 Jun 2003 15:50:08 +0100, Plant, Dean wrote: >Should the Notify Senders not be: > >From: yourdomain.com yes >FromOrTo: default no > >Dean Plant > >-----Original Message----- >From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] >Sent: 10 June 2003 14:57 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Notify only local senders > > >At 13:04 10/06/2003, you wrote: >>I've been scanning the mail arcive for some time now. At last I found the >>function I've been looking for. >> >>I want to notify only local senders. >> >> Outside ->in notify postmaster, local recipient. No external senders >>notified. > >Set > Notify Senders = /etc/MailScanner/rules/notify.senders.rules >and then put this in it: >To: yourdomain.com yes >FromOrTo: default no > >> Inside -> out notify local sender, postmaster, no external recipients >>notified. > >Set > Deliver Cleaned Messages = >/etc/MailScanner/rules/deliver.cleaned.rules >and then put this in it >To: yourdomain.com yes >FromOrTo: default no > >You could even put both of those rulesets in the same file if you like, but >I would keep them separate for clarity. > >Should do what you want. > > > >>The problem is I dont know how to use it, probobly simpel but I'm a newbee >>whith MS..... Please help some one.... >> >>I'm using RH 8, Postfix & MS 4.20 >> >>(The orig mail thred is from last summer, 25 Jun. Subject: Notify Senders) > >-- >Julian Field >www.MailScanner.info >MailScanner thanks transtec Computers for their support > >Registered Office: Roke Manor Research Ltd, Siemens House, Oldbury, Bracknell, >Berkshire. RG12 8FZ > >The information contained in this e-mail and any attachments is confidential to Roke >Manor Research Ltd and must not be passed to any third party without permission. This >communication is for information only and shall not create or change any contractual >relationship. > From o.pitzeier at UPTIME.AT Thu Jun 12 10:14:27 2003 From: o.pitzeier at UPTIME.AT (Oliver Pitzeier) Date: Thu Jan 12 21:18:30 2006 Subject: Black-/Whitelists in SQL Database (WAS: RE: SQL user options) In-Reply-To: <5.2.0.9.2.20030611161617.038f1d28@imap.ecs.soton.ac.uk> Message-ID: <001d01c330c3$06fd85e0$020b10ac@pitzeier.priv.at> Hi Julian! Hi folks! Julian Field wrote: > >On Wednesday 11 June 2003 07:37 am, Jody Cleveland wrote: > > > > OK. I did it. :-) I wrote some code (SQL_Backlist, > > > > SQL_Whitelist), > > > > which is - at least a bit - configurable trough variables in > > > > CustomConfig.pm. You can imagine what it does... Exactly what I > > > > wanted. :-) > > > > > > > > So... Is someone interested in this code? > > > > > > I would love to have that. Thanks! > > I would second that. I am not ready to use it yet but I have been > > looking for a way to do per user black/white lists. Sounds very > > promising. > > If all you need is file-based per-user and per-domain > black+whitelists, then there is already code in > CustomConfig.pm to do this for you. It's only the SQL bit > that's missing. First: It's the SQL bit, which was - as I told you - really easy to code, since MailScanner is Perl! :-) Second: You can easily create a frontend (which will follow within the next days) with SQL-based black-/whitelists, to let your users do the black-/whitelisting theirself. I do use a Cyrus IMAPd/Sendmail combination here, which is fine, since we do use Sieve as well... Now I do also have the posibility to give my users the option to not only add some Sieve-rules, but add black-/whitelists. You cannot imagine how happy my users are. :-)))) Best regards, Oliver From o.pitzeier at UPTIME.AT Thu Jun 12 10:18:58 2003 From: o.pitzeier at UPTIME.AT (Oliver Pitzeier) Date: Thu Jan 12 21:18:30 2006 Subject: Black-/Whitelists in SQL Database (WAS: RE: SQL user options) In-Reply-To: <84CFA712F666B44A94CE6BE116BAF4B0B4E9FD@mail.winnefox.org> Message-ID: <001e01c330c3$a8cb0820$020b10ac@pitzeier.priv.at> Jody Cleveland wrote: > > Please find it here: > > http://filelister.linux-kernel.at/?current=/tarballs/MailScanner/ > > I've never seen a .patch file before. How do I apply that? See Julian's answer. I also added the whole CustomConfig.pm, so you can simply overwrite the old one (please make a backup of that file before!). You may give "diff" a try so you see the differences between the old and the new file... Best regards, Oliver From maxsec at TOTALISE.CO.UK Thu Jun 12 10:53:50 2003 From: maxsec at TOTALISE.CO.UK (Martin Hepworth) Date: Thu Jan 12 21:18:30 2006 Subject: sophos licensing - one user or per "address"? In-Reply-To: <5D8D9455134FD211AE4900A0C9DED11E0AFDDBC9@indy1ntm.herffjones.hj-int> References: <5D8D9455134FD211AE4900A0C9DED11E0AFDDBC9@indy1ntm.herffjones.hj-int> Message-ID: <3EE84DAE.1060402@totalise.co.uk> Furnish, Trever G wrote: > I'm curious - for those of you using sophos on a mailscanner system acting > only as a relay (not a "mailbox server"), did you license it based on the > number of recipients for whom you would deliver email or did you get a > single-user license (or something else I'm failing to imagine)? > > Considering that we're talking about a mail relay, I personally think it's > silly to license a package based on the number of destination addresses > being protected by the product, given that the number includes not only your > internal users but also the people they send email to (assuming that you > filter outbound mail as well as inbound mail). > > Sophos sales rep would obviously like me to license based on the number of > internal users I have on my destination system, which seems rather > ridiculous. > > -t. Hi cheapest way is to use the savi licence and for that you'll pay for each user protected. Other way is per machine proctected but this tends to be more expensive. eg our 101 user SAVI licence costs around 500.00 UK pounds per year for a two year licence. -- martin From mailscanner at ecs.soton.ac.uk Thu Jun 12 11:13:43 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:30 2006 Subject: Notify only local senders In-Reply-To: Message-ID: <5.2.1.1.2.20030612111255.0421d958@imap.ecs.soton.ac.uk> Most common cause of this is that you have edited the reports/xx/sender* files and screwed up the headers in them. At 07:21 12/06/2003, you wrote: >It looks like I?ve got every thing working. Exept for one smal thing my >users don?t get any mail from my mailgate. > >If I send a virus mail from local it gets stopt. The log tells me that MS >send a mail to the sender, but the sender never gets any mail. I get a mail >as admin. > >Mail from the Internet works just fine. My users get a warning and the >sender don?t get annything. > >I think I is something wrong whith my sendmail path? I?m using postfix >2.0.8 on a RH 8 system. > >Help annyone .. > >PS thanx so far .. > > >On Tue, 10 Jun 2003 15:50:08 +0100, Plant, Dean >wrote: > > >Should the Notify Senders not be: > > > >From: yourdomain.com yes > >FromOrTo: default no > > > >Dean Plant > > > >-----Original Message----- > >From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > >Sent: 10 June 2003 14:57 > >To: MAILSCANNER@JISCMAIL.AC.UK > >Subject: Re: Notify only local senders > > > > > >At 13:04 10/06/2003, you wrote: > >>I've been scanning the mail arcive for some time now. At last I found the > >>function I've been looking for. > >> > >>I want to notify only local senders. > >> > >> Outside ->in notify postmaster, local recipient. No external senders > >>notified. > > > >Set > > Notify Senders = /etc/MailScanner/rules/notify.senders.rules > >and then put this in it: > >To: yourdomain.com yes > >FromOrTo: default no > > > >> Inside -> out notify local sender, postmaster, no external recipients > >>notified. > > > >Set > > Deliver Cleaned Messages = > >/etc/MailScanner/rules/deliver.cleaned.rules > >and then put this in it > >To: yourdomain.com yes > >FromOrTo: default no > > > >You could even put both of those rulesets in the same file if you like, but > >I would keep them separate for clarity. > > > >Should do what you want. > > > > > > > >>The problem is I dont know how to use it, probobly simpel but I'm a newbee > >>whith MS..... Please help some one.... > >> > >>I'm using RH 8, Postfix & MS 4.20 > >> > >>(The orig mail thred is from last summer, 25 Jun. Subject: Notify Senders) > > > >-- > >Julian Field > >www.MailScanner.info > >MailScanner thanks transtec Computers for their support > > > >Registered Office: Roke Manor Research Ltd, Siemens House, Oldbury, >Bracknell, > >Berkshire. RG12 8FZ > > > >The information contained in this e-mail and any attachments is >confidential to Roke > >Manor Research Ltd and must not be passed to any third party without >permission. This > >communication is for information only and shall not create or change any >contractual > >relationship. > > -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From vosburgh at DALSEMI.COM Thu Jun 12 12:32:15 2003 From: vosburgh at DALSEMI.COM (David Vosburgh) Date: Thu Jan 12 21:18:30 2006 Subject: logging problem References: <3EE4E5DD.7010800@dalsemi.com> <1055368795.1980.6.camel@rocco.bonivart.home> Message-ID: <3EE864BF.80305@dalsemi.com> I get the normal sendmail logs to maillog, but nothing from mailscanner/spamassassin. I did some testing with Sys::Syslog and I think that's where the problem is. Even extremely simple attempts to log a message failed (without errors). A quick look on SunSolve didn't reveal any known compatibility issues with syslogd, although there was a very current patch for syslog out there. Because we need to get the spam logging working to collect metrics prior to a production roll-out, I brute forced it by changing a few of the Sys:Syslog calls in Log.pm to use system calls to logger instead. Dave Peter Bonivart wrote: >Strange, I have a similar setup (Solaris 9, Sendmail 8.12.9, MailScanner >4.21-6 and SpamAssassin 2.54). The only thing I changed in >MailScanner.conf regarding this was "Log Spam = yes". Nothing is changed >in the system and everything is logged. > >Do you get any logs at all from sendmail/mailscanner/spamassassin? > >/Peter Bonivart > >--Unix lovers do it in the Sun > >On Mon, 2003-06-09 at 21:54, David Vosburgh wrote: > > >>I have installed MailScanner-4.21-9, Mail-SpamAssassin-2.55, and all the >>related perl modules on a Sun system recently jumpstarted with 2.8 and a >>recent patch cluster. Sendmail is v8.12.9. >> >>Everything seems to be working as advertised, with the exception of >>logging. I am using the default "Syslog Facility = mail" option, and >>have turned on spam logging with "Log Spam = yes". My syslog.conf has a >>single entry for mail logging: >> >>mail.info /var/adm/maillog >> >>I read the FAQ and some posts on this list, and have tried the following >>without success (always re-starting MailScanner after the change): >> >>1) starting syslog without the "-t" option >>2) removed the syslog patch 110945-07 (now -05) >>3) removed the "eval" from the setlogsock syslog command under the Start >>section of Log.pm >>4) added a "mail.debug /opt/MailScanner/var/log" to syslog.conf >> >>Any ideas on where to go from here? >> >>Thanks, >> >>Dave >> >> > > > -- Dave Vosburgh Sr. Unix System Administrator Dallas Semiconductor vosburgh@dalsemi.com 972-371-4418 From mailscanner at ecs.soton.ac.uk Thu Jun 12 13:47:38 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:30 2006 Subject: logging problem In-Reply-To: <3EE864BF.80305@dalsemi.com> References: <3EE4E5DD.7010800@dalsemi.com> <1055368795.1980.6.camel@rocco.bonivart.home> Message-ID: <5.2.0.9.2.20030612134554.04e9cd18@imap.ecs.soton.ac.uk> Have you read the syslogd man page and added the "-T" option to the syslogd command in /etc/init.d/syslog. I seem to remember you usually need to turn this on. At 12:32 12/06/2003, you wrote: >I get the normal sendmail logs to maillog, but nothing from >mailscanner/spamassassin. > >I did some testing with Sys::Syslog and I think that's where the problem >is. Even extremely simple attempts to log a message failed (without >errors). A quick look on SunSolve didn't reveal any known compatibility >issues with syslogd, although there was a very current patch for syslog >out there. Because we need to get the spam logging working to collect >metrics prior to a production roll-out, I brute forced it by changing a >few of the Sys:Syslog calls in Log.pm to use system calls to logger instead. > >Dave > >Peter Bonivart wrote: > >>Strange, I have a similar setup (Solaris 9, Sendmail 8.12.9, MailScanner >>4.21-6 and SpamAssassin 2.54). The only thing I changed in >>MailScanner.conf regarding this was "Log Spam = yes". Nothing is changed >>in the system and everything is logged. >> >>Do you get any logs at all from sendmail/mailscanner/spamassassin? >> >>/Peter Bonivart >> >>--Unix lovers do it in the Sun >> >>On Mon, 2003-06-09 at 21:54, David Vosburgh wrote: >> >> >>>I have installed MailScanner-4.21-9, Mail-SpamAssassin-2.55, and all the >>>related perl modules on a Sun system recently jumpstarted with 2.8 and a >>>recent patch cluster. Sendmail is v8.12.9. >>> >>>Everything seems to be working as advertised, with the exception of >>>logging. I am using the default "Syslog Facility = mail" option, and >>>have turned on spam logging with "Log Spam = yes". My syslog.conf has a >>>single entry for mail logging: >>> >>>mail.info /var/adm/maillog >>> >>>I read the FAQ and some posts on this list, and have tried the following >>>without success (always re-starting MailScanner after the change): >>> >>>1) starting syslog without the "-t" option >>>2) removed the syslog patch 110945-07 (now -05) >>>3) removed the "eval" from the setlogsock syslog command under the Start >>>section of Log.pm >>>4) added a "mail.debug /opt/MailScanner/var/log" to syslog.conf >>> >>>Any ideas on where to go from here? >>> >>>Thanks, >>> >>>Dave >>> >> >> > >-- > >Dave Vosburgh >Sr. Unix System Administrator >Dallas Semiconductor >vosburgh@dalsemi.com 972-371-4418 -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From vosburgh at DALSEMI.COM Thu Jun 12 14:30:08 2003 From: vosburgh at DALSEMI.COM (David Vosburgh) Date: Thu Jan 12 21:18:30 2006 Subject: logging problem References: <3EE4E5DD.7010800@dalsemi.com> <1055368795.1980.6.camel@rocco.bonivart.home> <5.2.0.9.2.20030612134554.04e9cd18@imap.ecs.soton.ac.uk> Message-ID: <3EE88060.20306@dalsemi.com> I have, but there is no "-T" option to syslogd for Solaris (at least from 2.6 through 2.8). There is a "-t" option (disable the syslogd UPD port), which is the default, and the way syslogd was running when I first started MailScanner. When that didn't work, I read the FAQ, which suggested removing it. I did, but it didn't fix the logging problem. Dave Julian Field wrote: > Have you read the syslogd man page and added the "-T" option to the > syslogd > command in /etc/init.d/syslog. I seem to remember you usually need to > turn > this on. > > At 12:32 12/06/2003, you wrote: > >> I get the normal sendmail logs to maillog, but nothing from >> mailscanner/spamassassin. >> >> I did some testing with Sys::Syslog and I think that's where the problem >> is. Even extremely simple attempts to log a message failed (without >> errors). A quick look on SunSolve didn't reveal any known compatibility >> issues with syslogd, although there was a very current patch for syslog >> out there. Because we need to get the spam logging working to collect >> metrics prior to a production roll-out, I brute forced it by changing a >> few of the Sys:Syslog calls in Log.pm to use system calls to logger >> instead. >> >> Dave >> >> Peter Bonivart wrote: >> >>> Strange, I have a similar setup (Solaris 9, Sendmail 8.12.9, >>> MailScanner >>> 4.21-6 and SpamAssassin 2.54). The only thing I changed in >>> MailScanner.conf regarding this was "Log Spam = yes". Nothing is >>> changed >>> in the system and everything is logged. >>> >>> Do you get any logs at all from sendmail/mailscanner/spamassassin? >>> >>> /Peter Bonivart >>> >>> --Unix lovers do it in the Sun >>> >>> On Mon, 2003-06-09 at 21:54, David Vosburgh wrote: >>> >>> >>>> I have installed MailScanner-4.21-9, Mail-SpamAssassin-2.55, and >>>> all the >>>> related perl modules on a Sun system recently jumpstarted with 2.8 >>>> and a >>>> recent patch cluster. Sendmail is v8.12.9. >>>> >>>> Everything seems to be working as advertised, with the exception of >>>> logging. I am using the default "Syslog Facility = mail" option, and >>>> have turned on spam logging with "Log Spam = yes". My syslog.conf >>>> has a >>>> single entry for mail logging: >>>> >>>> mail.info /var/adm/maillog >>>> >>>> I read the FAQ and some posts on this list, and have tried the >>>> following >>>> without success (always re-starting MailScanner after the change): >>>> >>>> 1) starting syslog without the "-t" option >>>> 2) removed the syslog patch 110945-07 (now -05) >>>> 3) removed the "eval" from the setlogsock syslog command under the >>>> Start >>>> section of Log.pm >>>> 4) added a "mail.debug /opt/MailScanner/var/log" to syslog.conf >>>> >>>> Any ideas on where to go from here? >>>> >>>> Thanks, >>>> >>>> Dave >>>> >>> >>> >> >> -- >> >> Dave Vosburgh >> Sr. Unix System Administrator >> Dallas Semiconductor >> vosburgh@dalsemi.com 972-371-4418 > > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > -- Dave Vosburgh Sr. Unix System Administrator Dallas Semiconductor vosburgh@dalsemi.com 972-371-4418 From damian at WORKGROUPSOLUTIONS.COM Thu Jun 12 14:43:53 2003 From: damian at WORKGROUPSOLUTIONS.COM (Damian Mendoza) Date: Thu Jan 12 21:18:30 2006 Subject: F-Prot and Mail Scanner Message-ID: F-Prot file Server -----Original Message----- From: Steve Douglas [mailto:steve.douglas@SBIINCORPORATED.COM] Sent: Wednesday, June 11, 2003 11:56 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: F-Prot and Mail Scanner Is your gateway configured with F-Prot "file server" or with F-Prot eMail gateway version? Just curious? Thanks. > -----Original Message----- > From: Damian Mendoza [mailto:damian@WORKGROUPSOLUTIONS.COM] > Sent: Wednesday, June 11, 2003 8:16 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: F-Prot and Mail Scanner > > Hi, > > An update: End-User error as messages were not going thru MailScanner. > MailScanner is working perfectly with F-Prot antivirus. > > Regards, > > Damian > > Workgroup Solutions > 20532 El Toro Rd, Suite 107 > Mission Viejo, CA 92692 > 949 586-2200 > Developers of SpamGate - Stop SPAM today at the Gateway! > > -----Original Message----- > From: Damian Mendoza > Sent: Monday, June 09, 2003 4:43 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: F-Prot and Mail Scanner > > > Hi, > > I installed F-Prot and MailScanner on an SMTP gateway for a customer. My > customer tells me that F-Prot is only blocking 10% of the viruses. They > had 9 messages get passed the F-Prot/MailScanner gateway and 1 message was > stopped according to the maillog. > > Norton Antivirus on the Exchange server told us about the 9 messages. > > Any ideas? F-Prot is getting the updates based on the Maillog file. > > Thanks, > > Damian From Richard.Hopkins at BRISTOL.AC.UK Thu Jun 12 14:40:41 2003 From: Richard.Hopkins at BRISTOL.AC.UK (Richard Hopkins) Date: Thu Jan 12 21:18:30 2006 Subject: logging problem In-Reply-To: <3EE88060.20306@dalsemi.com> References: <3EE88060.20306@dalsemi.com> Message-ID: <281421572.1055428841@rjh1.cse.bris.ac.uk> For us, SpamAssassin stopped logging when syslogd was restarted with a "-t" (Solaris 2.8 systems). Richard --On Thursday, June 12, 2003 8:30 AM -0500 David Vosburgh wrote: > I have, but there is no "-T" option to syslogd for Solaris (at least > from 2.6 through 2.8). There is a "-t" option (disable the syslogd UPD > port), which is the default, and the way syslogd was running when I > first started MailScanner. When that didn't work, I read the FAQ, which > suggested removing it. I did, but it didn't fix the logging problem. > > Dave > > Julian Field wrote: > >> Have you read the syslogd man page and added the "-T" option to the >> syslogd >> command in /etc/init.d/syslog. I seem to remember you usually need to >> turn >> this on. >> >> At 12:32 12/06/2003, you wrote: >> >>> I get the normal sendmail logs to maillog, but nothing from >>> mailscanner/spamassassin. >>> >>> I did some testing with Sys::Syslog and I think that's where the problem >>> is. Even extremely simple attempts to log a message failed (without >>> errors). A quick look on SunSolve didn't reveal any known compatibility >>> issues with syslogd, although there was a very current patch for syslog >>> out there. Because we need to get the spam logging working to collect >>> metrics prior to a production roll-out, I brute forced it by changing a >>> few of the Sys:Syslog calls in Log.pm to use system calls to logger >>> instead. >>> >>> Dave >>> >>> Peter Bonivart wrote: >>> >>>> Strange, I have a similar setup (Solaris 9, Sendmail 8.12.9, >>>> MailScanner >>>> 4.21-6 and SpamAssassin 2.54). The only thing I changed in >>>> MailScanner.conf regarding this was "Log Spam = yes". Nothing is >>>> changed >>>> in the system and everything is logged. >>>> >>>> Do you get any logs at all from sendmail/mailscanner/spamassassin? >>>> >>>> /Peter Bonivart >>>> >>>> --Unix lovers do it in the Sun >>>> >>>> On Mon, 2003-06-09 at 21:54, David Vosburgh wrote: >>>> >>>> >>>>> I have installed MailScanner-4.21-9, Mail-SpamAssassin-2.55, and >>>>> all the >>>>> related perl modules on a Sun system recently jumpstarted with 2.8 >>>>> and a >>>>> recent patch cluster. Sendmail is v8.12.9. >>>>> >>>>> Everything seems to be working as advertised, with the exception of >>>>> logging. I am using the default "Syslog Facility = mail" option, and >>>>> have turned on spam logging with "Log Spam = yes". My syslog.conf >>>>> has a >>>>> single entry for mail logging: >>>>> >>>>> mail.info /var/adm/maillog >>>>> >>>>> I read the FAQ and some posts on this list, and have tried the >>>>> following >>>>> without success (always re-starting MailScanner after the change): >>>>> >>>>> 1) starting syslog without the "-t" option >>>>> 2) removed the syslog patch 110945-07 (now -05) >>>>> 3) removed the "eval" from the setlogsock syslog command under the >>>>> Start >>>>> section of Log.pm >>>>> 4) added a "mail.debug /opt/MailScanner/var/log" to syslog.conf >>>>> >>>>> Any ideas on where to go from here? >>>>> >>>>> Thanks, >>>>> >>>>> Dave >>>>> >>>> >>>> >>> >>> -- >>> >>> Dave Vosburgh >>> Sr. Unix System Administrator >>> Dallas Semiconductor >>> vosburgh@dalsemi.com 972-371-4418 >> >> >> -- >> Julian Field >> www.MailScanner.info >> MailScanner thanks transtec Computers for their support >> > > -- > > Dave Vosburgh > Sr. Unix System Administrator > Dallas Semiconductor > vosburgh@dalsemi.com 972-371-4418 > Richard Hopkins, Information Services, Computer Centre, University of Bristol, Bristol, BS8 1UD, UK Tel +44 117 928 7859 Fax +44 117 929 1576 From Jan-Peter.Koopmann at SECEIDOS.DE Thu Jun 12 14:54:26 2003 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:18:30 2006 Subject: FreeBSD port: 4.21-9 Message-ID: <1BC1890A8420BD4B87C157DE2243A66164FC@ghost.intern.akctech.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, the current version can be downloaded here: http://www.seceidos.de/downloads/freebsd/ports/mailscanner-4.21.9.tgz or http://www.seceidos.de/downloads/freebsd/ports/mailscanner-current.tgz Regards, JP -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.2 iQA/AwUBPuiGEMljry2L+pqYEQJj7wCgyCPiclOnx/IIZnIbCOzlZCz/NfMAoPmb 0Xvl3wNyj6liOYc1r8ZttZnm =mZqu -----END PGP SIGNATURE----- From zabriskw at ITECH.NET Thu Jun 12 15:43:38 2003 From: zabriskw at ITECH.NET (Kris Zabriskie) Date: Thu Jan 12 21:18:30 2006 Subject: Quarantine Removal Tool Message-ID: <000501c330f1$03a914d0$0c02a8c0@itech.dom> Hey guys. I am currently working on a PHP page that will parse a mail.log and retrieve spam (as determined by SA and MailScanner). Currently I am developing it on a Tru64 machine running Sendmail. I am just curious if anyone would be interested in obtaining a copy. If there is enough of a desire for it, I will continually work on it in my spare time, and make the documentation a little better, and all of that fun stuff. **DISCLAIMER** I am not the worlds best programmer!!! In fact, I really don't know PHP =) I'm sure most of you could do a better job, but I am hoping that it will get the job done. Also, I will NOT release this to anyone unless it is all right with Julian. Kris Zabriskie Network Admin / Consultant I-Tech Inc. zabriskw@itech.net 717-657-3035 From maxsec at TOTALISE.CO.UK Thu Jun 12 15:54:46 2003 From: maxsec at TOTALISE.CO.UK (Martin Hepworth) Date: Thu Jan 12 21:18:30 2006 Subject: Quarantine Removal Tool In-Reply-To: <000501c330f1$03a914d0$0c02a8c0@itech.dom> References: <000501c330f1$03a914d0$0c02a8c0@itech.dom> Message-ID: <3EE89436.7070208@totalise.co.uk> Kris Zabriskie wrote: > Hey guys. I am currently working on a PHP page that will parse a mail.log > and retrieve spam (as determined by SA and MailScanner). Currently I am > developing it on a Tru64 machine running Sendmail. I am just curious if > anyone would be interested in obtaining a copy. If there is enough of a > desire for it, I will continually work on it in my spare time, and make the > documentation a little better, and all of that fun stuff. > > **DISCLAIMER** > I am not the worlds best programmer!!! In fact, I really don't know PHP =) > I'm sure most of you could do a better job, but I am hoping that it will get > the job done. Also, I will NOT release this to anyone unless it is all > right with Julian. > > > Kris Zabriskie > Network Admin / Consultant > I-Tech Inc. > zabriskw@itech.net > 717-657-3035 Kris me me me me damn will have to install php/apache on server.... cd /usr/port.... :-) -- Martin From dan at OXNARDSD.ORG Thu Jun 12 16:02:00 2003 From: dan at OXNARDSD.ORG (Dan Kubilos) Date: Thu Jan 12 21:18:30 2006 Subject: Quarantine Removal Tool In-Reply-To: <000501c330f1$03a914d0$0c02a8c0@itech.dom> Message-ID: I'd be happy to have such a thing. On Thu, 12 Jun 2003, Kris Zabriskie wrote: > Hey guys. I am currently working on a PHP page that will parse a mail.log > and retrieve spam (as determined by SA and MailScanner). Currently I am > developing it on a Tru64 machine running Sendmail. I am just curious if > anyone would be interested in obtaining a copy. If there is enough of a > desire for it, I will continually work on it in my spare time, and make the > documentation a little better, and all of that fun stuff. > > **DISCLAIMER** > I am not the worlds best programmer!!! In fact, I really don't know PHP =) > I'm sure most of you could do a better job, but I am hoping that it will get > the job done. Also, I will NOT release this to anyone unless it is all > right with Julian. > > > Kris Zabriskie > Network Admin / Consultant > I-Tech Inc. > zabriskw@itech.net > 717-657-3035 > -- Dan Kubilos __\o_ ^ K-8 Tech Coord http://www.oxnardsd.org From marco at MUW.EDU Thu Jun 12 17:08:11 2003 From: marco at MUW.EDU (Marco Obaid) Date: Thu Jan 12 21:18:30 2006 Subject: Acceptance of Domain Literals In-Reply-To: References: Message-ID: <1055434091.3ee8a56bc93b3@webmail.MUW.Edu> Hi, Does anyone know how to make sendmail accept domain literals? DNSreport.com gives me this warning: **************************************************************** WARN: One or more of your mailservers does not accept mail in the domain literal format (user@[0.0.0.0]). Mailservers are technically required RFC1123 5.2.17 to accept mail to domain literals for any of its IP addresses. Not accepting domain literals can make it more difficult to test your mailserver, and can prevent you from receiving E-mail from people reporting problems with your mailserver. However, it is unlikely that any problems will occur if the domain literals are not accepted. wso.muw.edu's postmaster@[209.147.208.15] response: >>> RCPT TO: <<< 550 5.7.1 ... Relaying denied. IP name possibly forged [69.2.200.182] ***************************************************************** This machine is a Redhat 9 patched up-to-date. Is this worth worrying about? I noticed that many mailservers have the same warning. My FreeBSD system appears to be "Accepting Domain Literals". I compared "sendmail.cf" from both machines and nothing too obvious about it. Thank you for any advice Marco _________________________________________________________________ This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail For the latest MUW Events, visit http://www.MUW.Edu/calendar From mbowman at UDCOM.COM Thu Jun 12 17:14:59 2003 From: mbowman at UDCOM.COM (Matthew Bowman) Date: Thu Jan 12 21:18:30 2006 Subject: Enabling/Disabling Spam Filtering Message-ID: Hello If I wanted to disable spam filtering for a domain passing through an e-mail gateway would all I have to do is add a line in spam.whitelist.rules FromOrTo: @domain.tld yes Then service MailScanner reload ? The objective is to setup all domains to pass thru a gateway but only enable spam filtering for some of them. That is the default would be disabled. -- Virus Scanning would be on for all domains.. Is there a better way of doing this without routing the MX to the recipient's mail server ? Thanks Matthew From ryanb at AACRAO.ORG Thu Jun 12 17:35:50 2003 From: ryanb at AACRAO.ORG (Bingham, Ryan) Date: Thu Jan 12 21:18:30 2006 Subject: Enabling/Disabling Spam Filtering Message-ID: Hi Matthew, I think you could do this in MailScanner.conf. Take a look at this section: # Do you want to check messages to see if they are spam? # This can also be the filename of a ruleset. Spam checks = yes Instead of "Spam checks = yes" you could specify a ruleset instead: Spam checks = /etc/MailScanner/rules/spamdomains.rules Then in your spamdomains.rules file you could have entries like FromOrTo: somedomain.com no FromOrTo: mydomain.com yes FromOrTo: default yes Everyone feel free to correct me if I messed something up. Ryan -----Original Message----- From: Matthew Bowman [mailto:mbowman@UDCOM.COM] Sent: Thursday, June 12, 2003 12:15 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Enabling/Disabling Spam Filtering Hello If I wanted to disable spam filtering for a domain passing through an e-mail gateway would all I have to do is add a line in spam.whitelist.rules FromOrTo: @domain.tld yes Then service MailScanner reload ? The objective is to setup all domains to pass thru a gateway but only enable spam filtering for some of them. That is the default would be disabled. -- Virus Scanning would be on for all domains.. Is there a better way of doing this without routing the MX to the recipient's mail server ? Thanks Matthew From mbowman at UDCOM.COM Thu Jun 12 17:39:26 2003 From: mbowman at UDCOM.COM (Matthew Bowman) Date: Thu Jan 12 21:18:31 2006 Subject: Enabling/Disabling Spam Filtering Message-ID: Arggg... ok doh! i should RTFM next time.. silly me :) "Bingham, Ryan" Sent by: MailScanner mailing list 06/12/2003 12:35 PM Please respond to MailScanner mailing list To: MAILSCANNER@JISCMAIL.AC.UK cc: Subject: Re: Enabling/Disabling Spam Filtering Hi Matthew, I think you could do this in MailScanner.conf. Take a look at this section: # Do you want to check messages to see if they are spam? # This can also be the filename of a ruleset. Spam checks = yes Instead of "Spam checks = yes" you could specify a ruleset instead: Spam checks = /etc/MailScanner/rules/spamdomains.rules Then in your spamdomains.rules file you could have entries like FromOrTo: somedomain.com no FromOrTo: mydomain.com yes FromOrTo: default yes Everyone feel free to correct me if I messed something up. Ryan -----Original Message----- From: Matthew Bowman [mailto:mbowman@UDCOM.COM] Sent: Thursday, June 12, 2003 12:15 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Enabling/Disabling Spam Filtering Hello If I wanted to disable spam filtering for a domain passing through an e-mail gateway would all I have to do is add a line in spam.whitelist.rules FromOrTo: @domain.tld yes Then service MailScanner reload ? The objective is to setup all domains to pass thru a gateway but only enable spam filtering for some of them. That is the default would be disabled. -- Virus Scanning would be on for all domains.. Is there a better way of doing this without routing the MX to the recipient's mail server ? Thanks Matthew From ryanb at AACRAO.ORG Thu Jun 12 17:44:32 2003 From: ryanb at AACRAO.ORG (Bingham, Ryan) Date: Thu Jan 12 21:18:31 2006 Subject: Enabling/Disabling Spam Filtering Message-ID: Actually, that's one of the things I like most about this list. Rarely do you get the typical, in-your-face RTFM when you ask an innocent question. So, in that spirit, glad I could help! Ryan -----Original Message----- From: Matthew Bowman [mailto:mbowman@UDCOM.COM] Sent: Thursday, June 12, 2003 12:39 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Enabling/Disabling Spam Filtering Arggg... ok doh! i should RTFM next time.. silly me :) "Bingham, Ryan" Sent by: MailScanner mailing list 06/12/2003 12:35 PM Please respond to MailScanner mailing list To: MAILSCANNER@JISCMAIL.AC.UK cc: Subject: Re: Enabling/Disabling Spam Filtering Hi Matthew, I think you could do this in MailScanner.conf. Take a look at this section: # Do you want to check messages to see if they are spam? # This can also be the filename of a ruleset. Spam checks = yes Instead of "Spam checks = yes" you could specify a ruleset instead: Spam checks = /etc/MailScanner/rules/spamdomains.rules Then in your spamdomains.rules file you could have entries like FromOrTo: somedomain.com no FromOrTo: mydomain.com yes FromOrTo: default yes Everyone feel free to correct me if I messed something up. Ryan -----Original Message----- From: Matthew Bowman [mailto:mbowman@UDCOM.COM] Sent: Thursday, June 12, 2003 12:15 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Enabling/Disabling Spam Filtering Hello If I wanted to disable spam filtering for a domain passing through an e-mail gateway would all I have to do is add a line in spam.whitelist.rules FromOrTo: @domain.tld yes Then service MailScanner reload ? The objective is to setup all domains to pass thru a gateway but only enable spam filtering for some of them. That is the default would be disabled. -- Virus Scanning would be on for all domains.. Is there a better way of doing this without routing the MX to the recipient's mail server ? Thanks Matthew From tsevy at EPX.COM Thu Jun 12 18:06:06 2003 From: tsevy at EPX.COM (Tom Sevy) Date: Thu Jan 12 21:18:31 2006 Subject: Enabling/Disabling Spam Filtering Message-ID: <005101c33104$ebe8d240$bc0aa8c0@epx.com> I thought this was to be configured in /etc/MailScanner/rules/spam.whitelist.rules -- no? From mbowman at UDCOM.COM Thu Jun 12 18:12:07 2003 From: mbowman at UDCOM.COM (Matthew Bowman) Date: Thu Jan 12 21:18:31 2006 Subject: Enabling/Disabling Spam Filtering Message-ID: MailScanner.conf is where I needed to set it up Spam Check = /etc/MailScanner/rules/spam.check.rules FromOrTo: yahoo.com no FromOrTo: default yes --- Matthew K Bowman Systems Administrator, UDCom 174 Park Avenue West, Mansfield. Ohio 44902 Tel : 419-524-4330 Fax : 419-524-8757 Email : mbowman@udcom.com Web: http://www.udcom.com/ Tom Sevy Sent by: MailScanner mailing list 06/12/2003 01:06 PM Please respond to MailScanner mailing list To: MAILSCANNER@JISCMAIL.AC.UK cc: Subject: Re: Enabling/Disabling Spam Filtering I thought this was to be configured in /etc/MailScanner/rules/spam.whitelist.rules -- no? From mailscanner at ecs.soton.ac.uk Thu Jun 12 18:32:09 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:31 2006 Subject: Enabling/Disabling Spam Filtering In-Reply-To: <005101c33104$ebe8d240$bc0aa8c0@epx.com> Message-ID: <5.2.1.1.2.20030612183033.0255ac70@imap.ecs.soton.ac.uk> At 18:06 12/06/2003, you wrote: >I thought this was to be configured in >/etc/MailScanner/rules/spam.whitelist.rules -- no? That's another way of doing it. You can either whitelist the domain, or disable spam checks for the domain. The results are pretty much the same, apart from the wording you will see in the headers. If you whitelist them, the spam checks will say it is whitelisted. If you disable spam checks for the domain, the spam headers won't appear at all. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Thu Jun 12 18:28:16 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:31 2006 Subject: Quarantine Removal Tool In-Reply-To: <000501c330f1$03a914d0$0c02a8c0@itech.dom> Message-ID: <5.2.1.1.2.20030612182736.0255a7b8@imap.ecs.soton.ac.uk> At 15:43 12/06/2003, you wrote: >I am not the worlds best programmer!!! In fact, I really don't know PHP =) >I'm sure most of you could do a better job, but I am hoping that it will get >the job done. Also, I will NOT release this to anyone unless it is all >right with Julian. It's fine by me. The more supporting tools developed by other people, the better. But please release it under the GNU Public Licence if at all possible. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From dot at DOTAT.AT Thu Jun 12 19:20:51 2003 From: dot at DOTAT.AT (Tony Finch) Date: Thu Jan 12 21:18:31 2006 Subject: how to map MS process id to SM process id? In-Reply-To: Message-ID: "Chris W. Parker" wrote: > >When checking the maillog I'd like to be able to pull all the records = >pertaining to a certain mail. I've emailed some patches to Julian that allow you to turn on more logging of message-IDs by MailScanner in order to improve trackability. I don't think the patches cover all the bases yet, and I'm a bit behind with releases of MailScanner at the moment so I don't know if the option has been incorporated into the standard version. Tony. -- f.a.n.finch http://dotat.at/ FISHER: WEST OR SOUTHWEST 4 OR 5, OCCASIONALLY 6 IN EAST. SHOWERS. MODERATE OR GOOD. From dot at DOTAT.AT Thu Jun 12 19:27:56 2003 From: dot at DOTAT.AT (Tony Finch) Date: Thu Jan 12 21:18:31 2006 Subject: logging problem In-Reply-To: Message-ID: David Vosburgh wrote: > >Everything seems to be working as advertised, with the exception of >logging. What is the problem? Does /var/adm/mailllog exist? (If not, touch it.) Tony. -- f.a.n.finch http://dotat.at/ RATTRAY HEAD TO BERWICK ON TWEED: SOUTHWEST 3 OR 4 LOCALLY 5 ON THURSDAY NIGHT, BECOMING MAINLY WEST TO NORTHWEST 2 OR 3 LATER FRIDAY. OCCASIONAL SHOWERS WITH RISK OF THUNDER ON THURSDAY EVENING, MAINLY FAIR ON FRIDAY. GOOD OCCASIONALLY MODERATE. SLIGHT. From zabriskw at ITECH.NET Thu Jun 12 20:08:22 2003 From: zabriskw at ITECH.NET (Kris Zabriskie) Date: Thu Jan 12 21:18:31 2006 Subject: Quarantine Removal Tool References: <5.2.1.1.2.20030612182736.0255a7b8@imap.ecs.soton.ac.uk> Message-ID: <000a01c33115$feb6e860$0c02a8c0@itech.dom> You got it! ----- Original Message ----- From: "Julian Field" To: Sent: Thursday, June 12, 2003 1:28 PM Subject: Re: Quarantine Removal Tool > At 15:43 12/06/2003, you wrote: > >I am not the worlds best programmer!!! In fact, I really don't know PHP =) > >I'm sure most of you could do a better job, but I am hoping that it will get > >the job done. Also, I will NOT release this to anyone unless it is all > >right with Julian. > > It's fine by me. The more supporting tools developed by other people, the > better. But please release it under the GNU Public Licence if at all possible. > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > From eric_long at MINERVAENGINEERING.COM Thu Jun 12 20:30:30 2003 From: eric_long at MINERVAENGINEERING.COM (Eric Long) Date: Thu Jan 12 21:18:31 2006 Subject: Weired Error Message-ID: On Fri, 6 Jun 2003 15:12:19 +0100, Julian Field wrote: >At 14:25 06/06/2003, you wrote: >>Good day everyone, >> >>I am seeing this error in my logs (repeadtly): >> >>Jun 6 06:42:54 avsmtp01 MailScanner[21510]: Cannot >>parse /var/spool/MailScanner/incoming/21510/h56BgeQd021498.header and , Can't >>locate object method "debug" via package "MIME::Parser::FileInto::MailScanner" >>at /opt/MailScanner/lib/MailScanner/Message.pm line 2603. > >This means that your Perl, for some unknown reason, is not picking up the >inherited packages correctly. >You should be able to simply comment out (or delete) the "debug" lines on >lines 2603, 2614, 2624, 2647. > >What version of perl are you running? I have never come across this before, >not ever. I also began seeing this message yesterday and when it happens MailScanner (4.14) aborts and restarts. Originally, I thought it had to do with a buggy MIME package install. As of yesterday the CPAN data base listed MIME-tools 6ALPHA as the latest and that tarball is very small. Playing around I managed to install MIME-tools 6.200_01, which at least appears to be a complete installation. Everything seemed to be going well last night, but I discovered this morning that mail scanning had stopped when MailScanner hit a message that triggered the debug line at 2313 in Message.pm (for the version I'm running). From then on MailScanner continually aborted, restarted, and then aborted again. Six hours later the machine had completely locked up. After rebooting I commented out line 2313 and restarted MailScanner. It immediately ran into the problem again (on line 2324). Then my machine locked. I am now running on MailScanner 3.15 which does not seem to have this problem and the couple of hundered backlogged e-mails are getting processed. I've commented out the rest of the debug statements in Message.pm, but won't be restarting the 4.14 installation until all of my backlog is cleared. So, I guess the question is, what happened to MIME-tools and which version should I downgrade to? Eric. From info at pro-invest.ca Thu Jun 12 20:38:25 2003 From: info at pro-invest.ca (Professional Investments Investor Services) Date: Thu Jan 12 21:18:31 2006 Subject: Mcafee autoupdate revisited Message-ID: I left this for a week to see if the usual Wednesday dat would get updated by cron.hourly/update_virus_scanners. In my cron system logs, I see that it does indeed (run-parts >/etc/cron.hourly , however the dat has not been updated. If I run the command as described in your post everything goes as prescribed. Where else can I look for any possible errors etc? Has anyone else had any issues? Thanks, >>>>>>>>>>>>>>>>>>>>> Mark Tavares IS Tech Support Professional Investments Inc. 1-888-548-8868 <<<<<<<<<<<<<<<<<<<<< -----Original Message----- From: Julian Field [mailto:mailscanner@ecs.soton.ac.uk] Sent: Friday, June 06, 2003 10:13 AM To: info@pro-invest.ca Cc: mailscanner@jiscmail.ac.uk Subject: Re: Mcafee autoupdate revisited Try running /usr/lib/MailScanner/mcafee-autoupdate and see if it says anything useful (or posts anything useful in your maillog). At 14:32 06/06/2003, you wrote: >HI, > >Sorry to badger this one, but I do not believe my autoupdate is working >correctly. I have recently upgraded to 4.21-9, have removed the previous >cron job that I had been calling and am relying on the rpm installed >update_virus_scanners that is implemented in my cron.hourly directory. In my >system log I can see that 04:01:01 pilx CROND[26206]: (root) CMD (run-parts >/etc/cron.hourly) runs and then no subsequent errors however yesterday upon >reading more regarding bugbear.b I checked my latest dat file and it had not >been upgraded to mcafee's release on June 5th. Should I be looking elsewhere >for an error? If you could please direct me to some things to check that >would be greatly appreciated. > >Thanks again, > > >>>>>>>>>>>>>>>>>>>>> >Mark Tavares >IS Tech Support >Professional Investments Inc. >1-888-548-8868 ><<<<<<<<<<<<<<<<<<<<< -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From marco at MUW.EDU Thu Jun 12 21:12:30 2003 From: marco at MUW.EDU (Marco Obaid) Date: Thu Jan 12 21:18:31 2006 Subject: Weired Error In-Reply-To: References: Message-ID: <1055448750.3ee8deaed1567@webmail.MUW.Edu> Hi Eric, > So, I guess the question is, what happened to MIME-tools and which version > should I downgrade to? What OS is your server running? Marco _________________________________________________________________ This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail For the latest MUW Events, visit http://www.MUW.Edu/calendar From nathan at TCPNETWORKS.NET Thu Jun 12 22:02:46 2003 From: nathan at TCPNETWORKS.NET (Nathan Johanson) Date: Thu Jan 12 21:18:31 2006 Subject: OT: Sendmail & Vacation Auto-Responder Message-ID: Off topic, but was hoping I could pick the brains of some of you Sendmail gurus... While I'm not particularly excited about it, a few of our clients want to use vacation auto-responders for email. I did a little research and discovered two different options: - Sendmail's vacation program - Procmail recipe Question: Which option is the most secure and least obtrusive? I'm leaning toward the Sendmail vacation program, but it doesn't look like RedHat includes it in their Sendmail RPM distribution (oddly enough). It is included in the Sendmail source, however. I also found a "port of the 386bsd vacation program" at http://sourceforge.net/projects/vacation/ (v 1.2.6.1), but don't know whether I should trust it as there's no md5sum or similar integrity check. I wonder, would it work if I simply downloaded the Sendmail source (corresponding to my version), compiled just the vacation utility, and manually dropped it into /sbin? Or should I chuck the vacation idea, and go with the procmail method? Or maybe there's some other way to accomplish this? Thanks in advance. Sincerely, Nathan Johanson Email: nathan@tcpnetworks.net -----Original Message----- From: Richard Lush [mailto:richard.lush@NTLWORLD.COM] Sent: Wednesday, June 11, 2003 3:38 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: MailScanner Webmin Module 0.6 BETA Released Hi All, I am pleased to announce the release of the next version of the webmin module. This version has all the latest options for MailScanner 4.21, and the abilty to text edit all the ruleset options. Please email me webmin@lushsoft.dyndns.org of any issues you find (hopefully there are non) and any additional features you want to see etc. Regards Richard From eric_long at MINERVAENGINEERING.COM Thu Jun 12 21:55:01 2003 From: eric_long at MINERVAENGINEERING.COM (Eric Long) Date: Thu Jan 12 21:18:31 2006 Subject: Weired Error Message-ID: <53096319E8DCD411963C00B0D0AA228B285BBA@ALEXIS> It's a Cobalt Qube2 (MIPS) running a Linux 2.2 kernel amd Perl 5.6.1. Eric. -----Original Message----- From: Marco Obaid To: MAILSCANNER@JISCMAIL.AC.UK Sent: 6/12/03 1:12 PM Subject: Re: Weired Error Hi Eric, > So, I guess the question is, what happened to MIME-tools and which version > should I downgrade to? What OS is your server running? Marco _________________________________________________________________ This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail For the latest MUW Events, visit http://www.MUW.Edu/calendar From lists at STHOMAS.NET Thu Jun 12 22:25:44 2003 From: lists at STHOMAS.NET (Steve Thomas) Date: Thu Jan 12 21:18:31 2006 Subject: OT: Sendmail & Vacation Auto-Responder In-Reply-To: ; from nathan@TCPNETWORKS.NET on Thu, Jun 12, 2003 at 02:02:46PM -0700 References: Message-ID: <20030612142544.A8228@sthomas.net> On Thu, Jun 12, 2003 at 02:02:46PM -0700, Nathan Johanson is rumored to have said: > > Question: Which option is the most secure and least obtrusive? I'm > leaning toward the Sendmail vacation program, but it doesn't look like > RedHat includes it in their Sendmail RPM distribution (oddly enough). It Check here: http://www.rpmfind.net/linux/rpm2html/search.php?query=vacation I'd go with vacation, as it keeps a db of addresses it's replied to and won't send the reply to the same person twice. You could do that with procmail, but why would you want to go through the trouble? -- Steve Thomas ---------------------------------------------------------- "...subatomic matter in a particle accelerator that exists for only a few microseconds seems to exhibit more uptime than the RIAA's website." -- Andrew Orlowski TheRegister.co.uk From TGFurnish at HERFF-JONES.COM Thu Jun 12 22:47:24 2003 From: TGFurnish at HERFF-JONES.COM (Furnish, Trever G) Date: Thu Jan 12 21:18:32 2006 Subject: OT: Sendmail & Vacation Auto-Responder Message-ID: <5D8D9455134FD211AE4900A0C9DED11E0AFDDBDE@indy1ntm.herffjones.hj-int> Trouble? Funny - the procmailex (procmail examples) manual page contains a procmail recipe to do exactly that. :-) But don't use either - just tell the morons no. No autoresponders, ever. Assuming that doesn't work, man procmailex and search for vacation. -- Trever -----Original Message----- From: Steve Thomas [mailto:lists@STHOMAS.NET] Sent: Thursday, June 12, 2003 4:26 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: OT: Sendmail & Vacation Auto-Responder On Thu, Jun 12, 2003 at 02:02:46PM -0700, Nathan Johanson is rumored to have said: > > Question: Which option is the most secure and least obtrusive? I'm > leaning toward the Sendmail vacation program, but it doesn't look like > RedHat includes it in their Sendmail RPM distribution (oddly enough). It Check here: http://www.rpmfind.net/linux/rpm2html/search.php?query=vacation I'd go with vacation, as it keeps a db of addresses it's replied to and won't send the reply to the same person twice. You could do that with procmail, but why would you want to go through the trouble? -- Steve Thomas ---------------------------------------------------------- "...subatomic matter in a particle accelerator that exists for only a few microseconds seems to exhibit more uptime than the RIAA's website." -- Andrew Orlowski TheRegister.co.uk From raymond at PROLOCATION.NET Fri Jun 13 00:21:36 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:32 2006 Subject: MailScanner-mrtg-0.05 Is (finally) out! In-Reply-To: <20030610085612.721a66e9.dlovelace@hotels.com> Message-ID: Dale, Nice work > I've just posted the latest MailScanner-mrtg to my SourceForge site > at http://mailscannermrtg.sourceforge.net/ Tried it, but with RH9 it doesnt give any output on the sendmail stats. [root@vmx01 sbin]# ./mailscanner-mrtg sendmail 0 0 50 days MailScanner at vmx01.prolocation.net But there are a couple running: [root@vmx01 sbin]# ps -ax | grep sendmail 23126 ? S 0:00 [sendmail] 23131 ? S 0:00 [sendmail] 23137 ? S 0:00 [sendmail] 26573 ? S 0:00 [sendmail] 26915 pts/2 S 0:00 grep sendmail [root@vmx01 sbin]# Most likely due to the [] around sendmail. Could you have a look ? Would be nice to get that graph also going again :) Thanks! Raymond. From christopher.albert at MCGILL.CA Fri Jun 13 00:49:15 2003 From: christopher.albert at MCGILL.CA (chris albert) Date: Thu Jan 12 21:18:32 2006 Subject: Only one mailscanner process, children die. Message-ID: <3EE9117B.6080508@mcgill.ca> Hi, I'm back testing mailscanner after changing jobs. Using MailScanner-4.21-9 on a solaris 8 machine with SA 2.55, sendmail 8.12.9, no virus scanning. I've noticed that I only get one mailscanner process and that when it tries to spawn a child it dies (becomes a zombie). Anybody noticed this before? Chris From raymond at PROLOCATION.NET Fri Jun 13 00:54:45 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:32 2006 Subject: Only one mailscanner process, children die. In-Reply-To: <3EE9117B.6080508@mcgill.ca> Message-ID: Hi! > I'm back testing mailscanner after changing jobs. > Using MailScanner-4.21-9 on a solaris 8 machine with SA 2.55, sendmail > 8.12.9, no virus scanning. > I've noticed that I only get one mailscanner process and that when it tries > to spawn a child it dies (becomes a zombie). > Anybody noticed this before? Most likely due to a config error or for example a SA that isnt working properly. Bye, Raymond. From michele at BLACKNIGHTSOLUTIONS.COM Fri Jun 13 08:13:18 2003 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: BlacknightSolutions) Date: Thu Jan 12 21:18:32 2006 Subject: Stored Spam GUI? Message-ID: <200306130713.h5D7D8A21530@camelot.blacknightsolutions.com> Hi all I was just wondering if anybody had come up with a GUI for the stored SPAM quarantine? Michele ######################################################### This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance to it is prohibited. From tomas at SAP.SE Fri Jun 13 08:26:33 2003 From: tomas at SAP.SE (Tomas Hellberg) Date: Thu Jan 12 21:18:32 2006 Subject: Notify only local senders Message-ID: Thanx every ting works like a dream... I was the sender files, but I don't remeber changin anythig. Some one better check the Swedich (se) files to make sure they are ok. Probobly just me keeping forgetting things and I did screw with them, but you newer know.... better to check one time to many..... Thanx once more...... On Thu, 12 Jun 2003 11:13:43 +0100, Julian Field wrote: >Most common cause of this is that you have edited the reports/xx/sender* >files and screwed up the headers in them. > >At 07:21 12/06/2003, you wrote: >>It looks like I?ve got every thing working. Exept for one smal thing my >>users don?t get any mail from my mailgate. >> >>If I send a virus mail from local it gets stopt. The log tells me that MS >>send a mail to the sender, but the sender never gets any mail. I get a mail >>as admin. >> >>Mail from the Internet works just fine. My users get a warning and the >>sender don?t get annything. >> >>I think I is something wrong whith my sendmail path? I?m using postfix >>2.0.8 on a RH 8 system. >> >>Help annyone .. >> >>PS thanx so far .. >> >> >>On Tue, 10 Jun 2003 15:50:08 +0100, Plant, Dean >>wrote: >> >> >Should the Notify Senders not be: >> > >> >From: yourdomain.com yes >> >FromOrTo: default no >> > >> >Dean Plant >> > >> >-----Original Message----- >> >From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] >> >Sent: 10 June 2003 14:57 >> >To: MAILSCANNER@JISCMAIL.AC.UK >> >Subject: Re: Notify only local senders >> > >> > >> >At 13:04 10/06/2003, you wrote: >> >>I've been scanning the mail arcive for some time now. At last I found the >> >>function I've been looking for. >> >> >> >>I want to notify only local senders. >> >> >> >> Outside ->in notify postmaster, local recipient. No external senders >> >>notified. >> > >> >Set >> > Notify Senders = /etc/MailScanner/rules/notify.senders.rules >> >and then put this in it: >> >To: yourdomain.com yes >> >FromOrTo: default no >> > >> >> Inside -> out notify local sender, postmaster, no external recipients >> >>notified. >> > >> >Set >> > Deliver Cleaned Messages = >> >/etc/MailScanner/rules/deliver.cleaned.rules >> >and then put this in it >> >To: yourdomain.com yes >> >FromOrTo: default no >> > >> >You could even put both of those rulesets in the same file if you like, but >> >I would keep them separate for clarity. >> > >> >Should do what you want. >> > >> > >> > >> >>The problem is I dont know how to use it, probobly simpel but I'm a newbee >> >>whith MS..... Please help some one.... >> >> >> >>I'm using RH 8, Postfix & MS 4.20 >> >> >> >>(The orig mail thred is from last summer, 25 Jun. Subject: Notify Senders) >> > >> >-- >> >Julian Field >> >www.MailScanner.info >> >MailScanner thanks transtec Computers for their support >> > >> >Registered Office: Roke Manor Research Ltd, Siemens House, Oldbury, >>Bracknell, >> >Berkshire. RG12 8FZ >> > >> >The information contained in this e-mail and any attachments is >>confidential to Roke >> >Manor Research Ltd and must not be passed to any third party without >>permission. This >> >communication is for information only and shall not create or change any >>contractual >> >relationship. >> > > >-- >Julian Field >www.MailScanner.info >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support From michele at BLACKNIGHTSOLUTIONS.COM Fri Jun 13 08:40:21 2003 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: BlacknightSolutions) Date: Thu Jan 12 21:18:32 2006 Subject: Panda - Still no joy Message-ID: <200306130740.h5D7eAA23147@camelot.blacknightsolutions.com> I'm pulling out what little hair I have left! Still no sign of anything from Panda. I rang one of their local numbers and spent ten minutes listening to a series of guided menus that basically repeated what was on their site. Anybody know what I can do? Michele (who is feeling really frustrated) ######################################################### This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance to it is prohibited. From dot at DOTAT.AT Fri Jun 13 09:17:59 2003 From: dot at DOTAT.AT (Tony Finch) Date: Thu Jan 12 21:18:32 2006 Subject: Only one mailscanner process, children die. In-Reply-To: Message-ID: chris albert wrote: > >I've noticed that I only get one mailscanner process and that when it tries >to spawn a child it dies (becomes a zombie). What does it do when debug = yes? Tony. -- f.a.n.finch http://dotat.at/ FAEROES: CYCLONIC BECOMING VARIABLE 4 OR 5, DECREASING 3 OR 4 LATER. RAIN AT TIMES. MODERATE OR GOOD, OCCASIONALLY POOR. From kfliong at WOFS.COM Fri Jun 13 09:44:46 2003 From: kfliong at WOFS.COM (kfliong) Date: Thu Jan 12 21:18:32 2006 Subject: Problem trying to allow certain files with .exe Message-ID: <5.2.1.1.0.20030613164443.025231c0@192.168.10.2> <<< No Message Collected >>> From j.figueira at mail.pt Fri Jun 13 10:13:59 2003 From: j.figueira at mail.pt (J. Figueira) Date: Thu Jan 12 21:18:32 2006 Subject: Antivirus and licenses Message-ID: <200306130914.h5D9E5S14839@ori.rl.ac.uk> Hello, Hello, I think we are loosing the focus here on the antivirus and the licences. If possible, I would like someone to clear this up. This question has been arising for some time, in some posts, but I have never seen some answer clearing it up. We use the antivirus to scan e-mail... that's true, but... we are using mailscanner. In my perspective the license we would need is for a simple command-line tool. Nothing more! If I buy an Antivirus with sendmail support, that washes dishes, and takes me coffee ƒº etc. etc. I wouldn't be needing mailscanner. (Of course I would :) it's a very nice piece of software, I think you get the point). In a strictly technical point of view this is true. In the legal plan I am not so sure this is true... I think that the thing here is that when the commercial services of the antivirus companies hear "mail" and ¡§antivirus¡¨ in the sane sentence, it sounds like "money" for them¡K If someone could clear this up it would be nice. Best regards J -- Adira já ao Net Dialup Light. Acesso profissional gratuito. NovisNet, a Internet de quem trabalha. http://www.novisnet.pt From kfliong at WOFS.COM Fri Jun 13 10:36:28 2003 From: kfliong at WOFS.COM (kfliong) Date: Thu Jan 12 21:18:32 2006 Subject: testing Message-ID: <5.2.1.1.0.20030613173603.02582478@192.168.10.2> Hi, I am new to mailscanner. This is a test to see if this mailing list works. TQ. From kfliong at WOFS.COM Fri Jun 13 10:58:35 2003 From: kfliong at WOFS.COM (kfliong) Date: Thu Jan 12 21:18:32 2006 Subject: anyone getting this? Message-ID: <5.2.1.1.0.20030613175803.0256d0e8@192.168.10.2> Hi, I have installed MailScanner successfully. By default all files with .exe extension are filtered as virus. But I need to allow this file - TTIAdv(doc).exe to go through because it is not a virus. I have tried adding this line : allow TTIAdv(doc).exe$ - - into the beginning of the list. Of course I have checked to make sure there's tabs instead of spaces. How come it doesn't work? I still get those files filtered as {virus?}. I have also tried /TTIAdv(doc).exe$ and TTIAdv*.exe$ with no avail. I have also looked at the documentation which does not explain about the syntax of filename manipulation. I have search in the mailing list but none can help. Please help. Thanks in advance. ps. keep up the good work improving MailScanner. From Kevin.Spicer at BMRB.CO.UK Fri Jun 13 11:12:35 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:18:32 2006 Subject: anyone getting this? Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0EBF650@pascal.priv.bmrb.co.uk> > I need to allow this file - > TTIAdv(doc).exe to go through because it is not a virus. > > I have tried adding this line : > > allow TTIAdv(doc).exe$ - - > > into the beginning of the list. Of course I have checked to make sure > there's tabs instead of spaces. How come it doesn't work? I > still get those > files filtered as {virus?}. Its a perl regular expression IIRC. I think you need ^TTUAdv\(doc\)\.exe$ but some perl RE guru may know better. see man perlre for more details. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From m.sapsed at BANGOR.AC.UK Fri Jun 13 12:07:42 2003 From: m.sapsed at BANGOR.AC.UK (Martin Sapsed) Date: Thu Jan 12 21:18:32 2006 Subject: OT: Sendmail & Vacation Auto-Responder References: Message-ID: <3EE9B07E.5020804@bangor.ac.uk> Nathan Johanson wrote: > Off topic, but was hoping I could pick the brains of some of you > Sendmail gurus... I'm not a sendmail guru but I have an opinion on this! ;-) > While I'm not particularly excited about it, a few of our clients want > to use vacation auto-responders for email. I did a little research and > discovered two different options: > > - Sendmail's vacation program > - Procmail recipe I much prefer the procmail solution because it's much more configurable. For example, it's a breeze to make procmail only auto-respond to people in your domain or to ignore certain Precedence headers or .... That way your colleagues don't send confirmations of valid e-mails to spammers and don't annoy people on mailing lists! I've also heard stories (but they may be just that) of people seeing vacation-type messages, looking them up in the phone book and burgling their house. Cheers, Martin -- Martin Sapsed Information Services "Who do you say I am?" University of Wales, Bangor Jesus of Nazareth From JEN at AH.DK Fri Jun 13 12:16:34 2003 From: JEN at AH.DK (Jan Elmqvist Nielsen) Date: Thu Jan 12 21:18:32 2006 Subject: Vedr.: Kaspersky 4.0.3, MS 4.21-9 and redhat 9 Message-ID: Problem solved... It's redhat 9 and also redhat 8. I made a new install. with redhat 7.3 (on the same server) and both kaspersky 3.0 and 4.0 is working with MS 4.21-9 The next thing I wil try is an opgrade to redhat 9 :-) /Jan >>> JEN@AH.DK 11-06-2003 15:09:42 >>> Is any of you running kaspersky 4.0.3, MS 4.2xx and redhat 9, and are you catching any virus? I tryed with kaspersky 3.0 build 136 without any luck. when I am running the kaspersky-wrapper it detects the virus! I have Kaspersky 3.0 build 136, MS 4.21-6 and redhat 7.3 installation, which is working fine!! Any ideas? Is it the redhat version? /Jan Elmqvist Nielsen From steinkel at PA.NET Fri Jun 13 14:27:29 2003 From: steinkel at PA.NET (Leland J. Steinke) Date: Thu Jan 12 21:18:32 2006 Subject: Antivirus and licenses References: <200306130914.h5D9E5S14839@ori.rl.ac.uk> Message-ID: <3EE9D141.6070402@pa.net> J. Figueira wrote: > Hello, > > Hello, > > I think we are loosing the focus here on the antivirus and the licences. If Well, I went and asked f-prot about licensing for an application that only uses the command-line scanner thus: > We have several linux applications, both in-house and customer, that require > only the f-prot command-line scanner and not the f-prot daemon scanner. Will > the "F-Prot Antivirus for Linux Workstations" be sufficient for our needs? I did not mention MailScanner at all. At worst, this is a sin of omission ;-). Anyway, here is the reply: > The difference between F-Prot Antivirus for Linux Workstations and the one > for Linux File Servers is how it is used. > > The license fee for F-Prot Antivirus for Linux File Servers is based on the > number of servers that the license should cover. For the Linux Workstations > however, the license fee is based on the number of workstations covered. > > Our website offers you the possibility to calculate the license fee for > various numbers of workstations. Please access the calculator from the > following path: > > http://www.f-prot.com/products/corporate_users/unix/linux/fileserver.html > > http://www.f-prot.com/products/corporate_users/unix/linux/workstations.html > > Please do not hesitate to contact us if you need any further information. So, I guess I get an incomplete answer to my, admittedly, intentionally incomplete question. I am recommending to my management that we go with the Linux File Server version. We do not need to, but we think it is a good compromise. What do others think? Leland From P.G.M.Peters at CIV.UTWENTE.NL Fri Jun 13 14:44:52 2003 From: P.G.M.Peters at CIV.UTWENTE.NL (Peter Peters) Date: Thu Jan 12 21:18:32 2006 Subject: Antivirus and licenses In-Reply-To: <3EE9D141.6070402@pa.net> References: <200306130914.h5D9E5S14839@ori.rl.ac.uk> <3EE9D141.6070402@pa.net> Message-ID: <29ljev0u6fettm9i1kk6hcd91646pesbpd@4ax.com> On Fri, 13 Jun 2003 09:27:29 -0400, you wrote: >I am recommending to my management that we go with the Linux File Server >version. We do not need to, but we think it is a good compromise. > >What do others think? We just ordered 3 licenses for Linux File Server (actually a renew for two and one extra for our new server). -- Peter Peters, senior netwerkbeheerder Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/civ From steve.freegard at LBSLTD.CO.UK Fri Jun 13 15:11:00 2003 From: steve.freegard at LBSLTD.CO.UK (Steve Freegard) Date: Thu Jan 12 21:18:32 2006 Subject: Announce: MailScanner-Console-0.1 Message-ID: <67D9E7698329D411936E00508B6590B902793C1A@neelix.lbsltd.co.uk> Hi All, I've written a web based front-end to MailScanner using a modified &SQLLogging routine, PHP, MySQL and JpGraph. Current features: ** Recent messages - displays a highlighted view of the last 50 messages processed by MailScanner and allows you to drill-down for detailed information on each message. ** Reporting - allow you to create filtered HTML reports with graphs (using JpGraph). ** Tools - allows you to view the MailScanner.conf file and associated rules, displays Sophos information such as version/loaded IDE's This is the first time I've ever released any code - it's functional - but not pretty. It should work well for those people who hate trawling through /var/log/maillog and want a quick overview of what their mail gateway is doing, and is also good for when you have a Helpdesk manned by people you don't want logging into you mail gateway but still need access to view stuff (as in my case). It probably won't be any good for the people with high throughput of messages, as the customised SQLLogging routine logs to the database in real-time, so might slow your gateway down (although I'd be interested if someone could benchmark it). Also if anyone can come up with a better name - please do.... Further info, download and screenshots at http://www.smf.f2s.com/mailscanner/ Kind regards, Steve. -- Steve Freegard Systems Manager Littlehampton Book Services Ltd. Tel: +44 (0)1903 82 8594 Fax: +44 (0)1903 82 8620 -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete the message from your mailbox. This footnote also confirms that this email message has been swept by MailScanner (www.mailscanner.info) for the presence of computer viruses. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030613/6f2fb926/attachment.html From nathan at TCPNETWORKS.NET Fri Jun 13 15:12:43 2003 From: nathan at TCPNETWORKS.NET (Nathan Johanson) Date: Thu Jan 12 21:18:32 2006 Subject: OT: Sendmail & Vacation Auto-Responder Message-ID: Thanks for the tips everyone. I've beat my chest and preach about the disadvantages of autoresponders (it's obtrusive, annoys people, and fills up the postmaster mailbox). However, if the clients want it and the clients pay my salary, what can I do... I even have one client that replies to every message she gets (using a client side rule, of course) telling everyone that she "received their message and will respond shortly." Eek. -Nathan -----Original Message----- From: Martin Sapsed [mailto:m.sapsed@BANGOR.AC.UK] Sent: Fri 6/13/2003 4:07 AM To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Re: OT: Sendmail & Vacation Auto-Responder Nathan Johanson wrote: > Off topic, but was hoping I could pick the brains of some of you > Sendmail gurus... I'm not a sendmail guru but I have an opinion on this! ;-) > While I'm not particularly excited about it, a few of our clients want > to use vacation auto-responders for email. I did a little research and > discovered two different options: > > - Sendmail's vacation program > - Procmail recipe I much prefer the procmail solution because it's much more configurable. For example, it's a breeze to make procmail only auto-respond to people in your domain or to ignore certain Precedence headers or .... That way your colleagues don't send confirmations of valid e-mails to spammers and don't annoy people on mailing lists! I've also heard stories (but they may be just that) of people seeing vacation-type messages, looking them up in the phone book and burgling their house. Cheers, Martin -- Martin Sapsed Information Services "Who do you say I am?" University of Wales, Bangor Jesus of Nazareth From jfalgout at CO.JEFFERSON.CO.US Fri Jun 13 15:13:58 2003 From: jfalgout at CO.JEFFERSON.CO.US (Jeff Falgout) Date: Thu Jan 12 21:18:32 2006 Subject: Antivirus and licenses Message-ID: >>> P.G.M.Peters@CIV.UTWENTE.NL 06/13/03 7:44 AM >>> On Fri, 13 Jun 2003 09:27:29 -0400, you wrote: >I am recommending to my management that we go with the Linux File Server >version. We do not need to, but we think it is a good compromise. > >What do others think? I have been working with Sophos, and made the same mistake about mentioning mail. All the sales rep saw was dollar signs. They gave me an outrageous price, but I played the game. I told them that we would have to redesign the the architecture of our mail relay due to the prohibitive cost, and that we were looking at stripping off the attachments and scanning them with A/V. I presented him with the quotes from other vendors, and He finally admitted that I would be in compliance with the Sophos license if I scanned files as a batch (which is exactly what MailScanner does) using a server license. The price was 1/5th price of the product they pitch as a mail scanning solution. YMMV Jeff From m.anderlini at DATABASE.IT Fri Jun 13 15:08:15 2003 From: m.anderlini at DATABASE.IT (Marcello Anderlini) Date: Thu Jan 12 21:18:32 2006 Subject: trouble with double extension Message-ID: <2FA349F95CF3644FAFC92070E642EB6A03763B@beta.dbdomain.database.it> Hello, I'm an happy user of mailscanner 3.20.4 (I know it's very old but it run very well), from about one year. I discover just in this day that if a file his named as: dummy.ordini.exe It's not checked because my filename.rules.conf check only for extension long 3 characters. What can I do avoid this ? This is the lines for check double extension deny \.[a-z][a-z0-9]{2,3}\.[a-z0-9]{3}$ Thanks and sorry for my worst english. Dr. Marcello Anderlini m.anderlini@database.it --------------------------------------------- Database Informatica S.r.l. Microsoft Certified Partner Tel. +39059775070 Fax. +39059779545 http://www.database.it --------------------------------------------- -- <> -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030613/2d1776a5/attachment.html From info at pro-invest.ca Fri Jun 13 15:12:46 2003 From: info at pro-invest.ca (Professional Investments Investor Services) Date: Thu Jan 12 21:18:32 2006 Subject: Mcafee autoupdate revisited In-Reply-To: <1055512607.25490.14.camel@dbeauchemin.si.usherbrooke.ca> Message-ID: How do you receive an email update, is there a setting that needs to be configured? >>>>>>>>>>>>>>>>>>>>> Mark Tavares IS Tech Support Professional Investments Inc. 1-888-548-8868 <<<<<<<<<<<<<<<<<<<<< -----Original Message----- From: Denis Beauchemin [mailto:Denis.Beauchemin@USherbrooke.ca] Sent: Friday, June 13, 2003 9:57 AM To: info@pro-invest.ca Subject: Re: Mcafee autoupdate revisited This works OK here with RH 7.3 and MS 4.21-9. I receive an email only when the scanner is updated. I use the default cron.hourly script but had to rename /usr/lib/MailScanner/mcafee-autoupdate.rpmnew to /usr/lib/MailScanner/mcafee-autoupdate after the upgrade. Denis Le jeu 12/06/2003 ? 15:38, Professional Investments Investor Services a ?crit : > I left this for a week to see if the usual Wednesday dat would get updated > by cron.hourly/update_virus_scanners. In my cron system logs, I see that it > does indeed (run-parts >/etc/cron.hourly , however the dat has not been > updated. If I run the command as described in your post everything goes as > prescribed. Where else can I look for any possible errors etc? Has anyone > else had any issues? > > Thanks, > > > > >>>>>>>>>>>>>>>>>>>>> > Mark Tavares > IS Tech Support > Professional Investments Inc. > 1-888-548-8868 > <<<<<<<<<<<<<<<<<<<<< > > > > -----Original Message----- > From: Julian Field [mailto:mailscanner@ecs.soton.ac.uk] > Sent: Friday, June 06, 2003 10:13 AM > To: info@pro-invest.ca > Cc: mailscanner@jiscmail.ac.uk > Subject: Re: Mcafee autoupdate revisited > > Try running /usr/lib/MailScanner/mcafee-autoupdate and see if it says > anything useful (or posts anything useful in your maillog). > > At 14:32 06/06/2003, you wrote: > >HI, > > > >Sorry to badger this one, but I do not believe my autoupdate is working > >correctly. I have recently upgraded to 4.21-9, have removed the previous > >cron job that I had been calling and am relying on the rpm installed > >update_virus_scanners that is implemented in my cron.hourly directory. In > my > >system log I can see that 04:01:01 pilx CROND[26206]: (root) CMD (run-parts > >/etc/cron.hourly) runs and then no subsequent errors however yesterday upon > >reading more regarding bugbear.b I checked my latest dat file and it had > not > >been upgraded to mcafee's release on June 5th. Should I be looking > elsewhere > >for an error? If you could please direct me to some things to check that > >would be greatly appreciated. > > > >Thanks again, > > > > >>>>>>>>>>>>>>>>>>>>> > >Mark Tavares > >IS Tech Support > >Professional Investments Inc. > >1-888-548-8868 > ><<<<<<<<<<<<<<<<<<<<< > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x2252 F: 819.821.8045 From FCaen at CI.LAKEWOOD.WA.US Fri Jun 13 15:39:34 2003 From: FCaen at CI.LAKEWOOD.WA.US (Francois Caen) Date: Thu Jan 12 21:18:32 2006 Subject: MailScanner-mrtg-0.05 Is (finally) out! Message-ID: -----Original Message----- From: Raymond Dijkxhoorn [mailto:raymond@PROLOCATION.NET] > Most likely due to the [] around sendmail. This is a bug that was fixed in kernel 2.4.21-rc2 Fix the cause (kernel), not the consequence (mrtg-mailscanner). :) --------------------------------------------- Francois Caen Network Information Systems Engineer - Webmaster City of Lakewood, WA (253) 512-2269 NOTICE: The Information contained in this transmission is privileged and confidential. It is intended for the use of the individual or entity named above. If the reader of this message is not the intended addressee or other legitimate recipient, the reader is hereby notified that any consideration, dissemination or duplication of this communication is strictly prohibited. If the addressee has received this communication in error, please return it to the above address by mail and notify this office by telephone. City of Lakewood From richard_cipher at YAHOO.COM Fri Jun 13 16:28:08 2003 From: richard_cipher at YAHOO.COM (Evert Ford) Date: Thu Jan 12 21:18:32 2006 Subject: trouble with double extension In-Reply-To: <2FA349F95CF3644FAFC92070E642EB6A03763B@beta.dbdomain.database.it> Message-ID: I would try the following: deny \.[a-z0-9]+\.[a-z0-9]{3}$ Evert Ford Computer Guy Westone Laboraties -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Marcello Anderlini Sent: Friday, June 13, 2003 8:08 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: trouble with double extension Hello, I?m an happy user of mailscanner 3.20.4 (I know it?s very old but it run very well), from about one year. I discover just in this day that if a file his named as: dummy.ordini.exe It?s not checked because my filename.rules.conf check only for extension long 3 characters. What can I do avoid this ? This is the lines for check double extension deny \.[a-z][a-z0-9]{2,3}\.[a-z0-9]{3}$ Thanks and sorry for my worst english. Dr. Marcello Anderlini m.anderlini@database.it --------------------------------------------- Database Informatica S.r.l. Microsoft Certified Partner Tel. +39059775070 Fax. +39059779545 http://www.database.it --------------------------------------------- -- Messaggio verificato dal servizio antivirus di Database Informatica --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.483 / Virus Database: 279 - Release Date: 5/19/03 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.483 / Virus Database: 279 - Release Date: 5/19/03 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030613/bd90a758/attachment.html From brent at MIRABITO.COM Fri Jun 13 16:37:14 2003 From: brent at MIRABITO.COM (Brent Strignano) Date: Thu Jan 12 21:18:32 2006 Subject: MailScanner Restarting every 5 minutes Message-ID: <62E46E0C3CB8024C807447814E1B20A501CC9B@granitemail.mirabito.com> Last night I upgraded to 4.21-9 from 4.19 and ever since I get this in my maillog every 5 minutes. Jun 13 11:16:13 gateway MailScanner[13605]: MailScanner child caught a SIGHUP Jun 13 11:16:13 gateway MailScanner[13587]: MailScanner child caught a SIGHUP The everything restarts. I'm not losing mail but every 5 minutes sendmail is trying to send the 600 spam bounces that are in the out queue. In MailScanner.conf is Child Processes = 2 Restart Every = 14400 That should be every 4 hours? Any ideas? Thanks Brent Strignano System Administrator Granite Capital Holdings Sidney, NY USA -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030613/d0029c13/attachment.html From m.anderlini at DATABASE.IT Fri Jun 13 16:38:31 2003 From: m.anderlini at DATABASE.IT (Marcello Anderlini) Date: Thu Jan 12 21:18:33 2006 Subject: R: trouble with double extension In-Reply-To: <2FA349F95CF3644FAFC92070E642EB6A15D9CD@beta.dbdomain.database.it> Message-ID: <2FA349F95CF3644FAFC92070E642EB6A0F5813@beta.dbdomain.database.it> Thanks for you help but It does not work. Someone else have other suggestion ? Thanks again. Dr. Marcello Anderlini m.anderlini@database.it --------------------------------------------- Database Informatica S.r.l. Microsoft Certified Partner Tel. +39059775070 Fax. +39059779545 http://www.database.it --------------------------------------------- -----Messaggio originale----- Da: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] Per conto di Evert Ford Inviato: venerd? 13 giugno 2003 17.28 A: MAILSCANNER@JISCMAIL.AC.UK Oggetto: Re: trouble with double extension I would try the following: deny \.[a-z0-9]+\.[a-z0-9]{3}$ Evert Ford Computer Guy Westone Laboraties -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Marcello Anderlini Sent: Friday, June 13, 2003 8:08 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: trouble with double extension Hello, I?m an happy user of mailscanner 3.20.4 (I know it?s very old but it run very well), from about one year. I discover just in this day that if a file his named as: dummy.ordini.exe It?s not checked because my filename.rules.conf check only for extension long 3 characters. What can I do avoid this ? This is the lines for check double extension deny \.[a-z][a-z0-9]{2,3}\.[a-z0-9]{3}$ Thanks and sorry for my worst english. Dr. Marcello Anderlini m.anderlini@database.it --------------------------------------------- Database Informatica S.r.l. Microsoft Certified Partner Tel. +39059775070 Fax. +39059779545 http://www.database.it --------------------------------------------- -- Messaggio verificato dal servizio antivirus di Database Informatica --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.483 / Virus Database: 279 - Release Date: 5/19/03 -- Messaggio verificato dal servizio antivirus di Database Informatica -- <> -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030613/ee28d3da/attachment.html From mike at ZANKER.ORG Fri Jun 13 16:58:33 2003 From: mike at ZANKER.ORG (Mike Zanker) Date: Thu Jan 12 21:18:33 2006 Subject: MailScanner Restarting every 5 minutes In-Reply-To: <62E46E0C3CB8024C807447814E1B20A501CC9B@granitemail.mirabito.com> References: <62E46E0C3CB8024C807447814E1B20A501CC9B@granitemail.mirabito .com> Message-ID: <126185187.1055523513@jemima.zanker.org> On 13 June 2003 11:37 -0400 Brent Strignano wrote: > Last night I upgraded to 4.21-9 from 4.19 and ever since I get this > in my maillog every 5 minutes. > > Jun 13 11:16:13 gateway MailScanner[13605]: MailScanner child caught > a SIGHUP Jun 13 11:16:13 gateway MailScanner[13587]: MailScanner > child caught a SIGHUP Are you running mailscanner-mrtg? You can turn this option off in its configuration file. Mike. From mkipness at GENIANT.COM Fri Jun 13 17:07:51 2003 From: mkipness at GENIANT.COM (Max Kipness) Date: Thu Jan 12 21:18:33 2006 Subject: Restart for change of rules Message-ID: <036A6BCC9FD10749AD3CE32255AF49A6017CF51E@dalsxc01.geniant.net> I believe the answer is yes, but I just wanted to check. Is it necessary to restart the MailScanner (which restarts Sendmail) for every config change, addition to rules, etc? Thanks, Max From mikea at MIKEA.ATH.CX Fri Jun 13 17:19:29 2003 From: mikea at MIKEA.ATH.CX (mikea) Date: Thu Jan 12 21:18:33 2006 Subject: Restart for change of rules In-Reply-To: <036A6BCC9FD10749AD3CE32255AF49A6017CF51E@dalsxc01.geniant.net>; from mkipness@GENIANT.COM on Fri, Jun 13, 2003 at 11:07:51AM -0500 References: <036A6BCC9FD10749AD3CE32255AF49A6017CF51E@dalsxc01.geniant.net> Message-ID: <20030613111929.A92633@mikea.ath.cx> On Fri, Jun 13, 2003 at 11:07:51AM -0500, Max Kipness wrote: > I believe the answer is yes, but I just wanted to check. > > Is it necessary to restart the MailScanner (which restarts Sendmail) for > every config change, addition to rules, etc? And in particular is it necessary to restart MS to pick up changes to the whitelist? -- Mike Andrews mikea@mikea.ath.cx Tired old sysadmin since 1964 From cparker at SWATGEAR.COM Fri Jun 13 17:23:23 2003 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:18:33 2006 Subject: Restart for change of rules Message-ID: <001BD19C96E6E64E8750D72C2EA0ECEE2B7C55@ati-ex-01.ati.local> mikea wrote: > On Fri, Jun 13, 2003 at 11:07:51AM -0500, Max Kipness wrote: > > I believe the answer is yes, but I just wanted to check. > > > > Is it necessary to restart the MailScanner (which restarts > > Sendmail) for every config change, addition to rules, etc? > > And in particular is it necessary to restart MS to pick up changes to > the whitelist? Whitelist no because it checks it each time it processes a mail. But for configuration changes yes. Someone correct me if I'm wrong. Chris. From Kevin.Spicer at BMRB.CO.UK Fri Jun 13 17:25:42 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:18:33 2006 Subject: Restart for change of rules Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0EBF651@pascal.priv.bmrb.co.uk> > > Is it necessary to restart the MailScanner (which restarts > Sendmail) for > > every config change, addition to rules, etc? > > And in particular is it necessary to restart MS to pick up changes to > the whitelist? > You can just reload the mailscanner processes (service MailScanner reload on RedHat like systems) sendmail doesn't need to be restarted unless you've messed with its configuration. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From mailscanner at ecs.soton.ac.uk Fri Jun 13 17:32:54 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:33 2006 Subject: Restart for change of rules In-Reply-To: <036A6BCC9FD10749AD3CE32255AF49A6017CF51E@dalsxc01.geniant. net> Message-ID: <5.2.0.9.2.20030613173229.0420e4e0@imap.ecs.soton.ac.uk> You only need to do a "reload" not a "restart". "reload" is equivalent to doing a "kill -HUP" on all the MailScanner processes. At 17:07 13/06/2003, you wrote: >I believe the answer is yes, but I just wanted to check. > >Is it necessary to restart the MailScanner (which restarts Sendmail) for >every config change, addition to rules, etc? > >Thanks, >Max -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Fri Jun 13 17:35:15 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:33 2006 Subject: Restart for change of rules In-Reply-To: <001BD19C96E6E64E8750D72C2EA0ECEE2B7C55@ati-ex-01.ati.local > Message-ID: <5.2.0.9.2.20030613173446.043e2e30@imap.ecs.soton.ac.uk> At 17:23 13/06/2003, you wrote: >mikea wrote: > > > On Fri, Jun 13, 2003 at 11:07:51AM -0500, Max Kipness wrote: > > > I believe the answer is yes, but I just wanted to check. > > > > > > Is it necessary to restart the MailScanner (which restarts > > > Sendmail) for every config change, addition to rules, etc? > > > > And in particular is it necessary to restart MS to pick up changes to > > the whitelist? > >Whitelist no because it checks it each time it processes a mail. But for >configuration changes yes. > >Someone correct me if I'm wrong. With pleasure :-) MailScanner doesn't re-read any configuration files for every mail message. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mkipness at GENIANT.COM Fri Jun 13 18:03:12 2003 From: mkipness at GENIANT.COM (Max Kipness) Date: Thu Jan 12 21:18:33 2006 Subject: Restart for change of rules Message-ID: <036A6BCC9FD10749AD3CE32255AF49A6017CF520@dalsxc01.geniant.net> Great, this is what I was looking for. This seems to have a very small impact when doing: service MailScanner reload, and it processes very quickly without touching Sendmail. Thanks... > -----Original Message----- > From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > Sent: Friday, June 13, 2003 11:35 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Restart for change of rules > > > At 17:23 13/06/2003, you wrote: > >mikea wrote: > > > > > On Fri, Jun 13, 2003 at 11:07:51AM -0500, Max Kipness wrote: > > > > I believe the answer is yes, but I just wanted to check. > > > > > > > > Is it necessary to restart the MailScanner (which restarts > > > > Sendmail) for every config change, addition to rules, etc? > > > > > > And in particular is it necessary to restart MS to pick > up changes > > > to the whitelist? > > > >Whitelist no because it checks it each time it processes a mail. But > >for configuration changes yes. > > > >Someone correct me if I'm wrong. > > With pleasure :-) > > MailScanner doesn't re-read any configuration files for every > mail message. > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > From mailscanner at ecs.soton.ac.uk Fri Jun 13 17:26:45 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:33 2006 Subject: Notify only local senders In-Reply-To: Message-ID: <5.2.0.9.2.20030613172613.043ddbe8@imap.ecs.soton.ac.uk> I have just been through all the language files and changed the "To:" "From:" and "Subject:" headers back into English. You probably need to do this to /etc/MailScanner/reports/se/sender* At 08:26 13/06/2003, you wrote: >Thanx every ting works like a dream... > >I was the sender files, but I don't remeber changin anythig. Some one >better check the Swedich (se) files to make sure they are ok. Probobly just >me keeping forgetting things and I did screw with them, but you newer >know.... better to check one time to many..... > >Thanx once more...... > > >On Thu, 12 Jun 2003 11:13:43 +0100, Julian Field > wrote: > > >Most common cause of this is that you have edited the reports/xx/sender* > >files and screwed up the headers in them. > > > >At 07:21 12/06/2003, you wrote: > >>It looks like I?ve got every thing working. Exept for one smal thing my > >>users don?t get any mail from my mailgate. > >> > >>If I send a virus mail from local it gets stopt. The log tells me that MS > >>send a mail to the sender, but the sender never gets any mail. I get a >mail > >>as admin. > >> > >>Mail from the Internet works just fine. My users get a warning and the > >>sender don?t get annything. > >> > >>I think I is something wrong whith my sendmail path? I?m using postfix > >>2.0.8 on a RH 8 system. > >> > >>Help annyone .. > >> > >>PS thanx so far .. > >> > >> > >>On Tue, 10 Jun 2003 15:50:08 +0100, Plant, Dean > >>wrote: > >> > >> >Should the Notify Senders not be: > >> > > >> >From: yourdomain.com yes > >> >FromOrTo: default no > >> > > >> >Dean Plant > >> > > >> >-----Original Message----- > >> >From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > >> >Sent: 10 June 2003 14:57 > >> >To: MAILSCANNER@JISCMAIL.AC.UK > >> >Subject: Re: Notify only local senders > >> > > >> > > >> >At 13:04 10/06/2003, you wrote: > >> >>I've been scanning the mail arcive for some time now. At last I found >the > >> >>function I've been looking for. > >> >> > >> >>I want to notify only local senders. > >> >> > >> >> Outside ->in notify postmaster, local recipient. No external >senders > >> >>notified. > >> > > >> >Set > >> > Notify Senders = /etc/MailScanner/rules/notify.senders.rules > >> >and then put this in it: > >> >To: yourdomain.com yes > >> >FromOrTo: default no > >> > > >> >> Inside -> out notify local sender, postmaster, no external >recipients > >> >>notified. > >> > > >> >Set > >> > Deliver Cleaned Messages = > >> >/etc/MailScanner/rules/deliver.cleaned.rules > >> >and then put this in it > >> >To: yourdomain.com yes > >> >FromOrTo: default no > >> > > >> >You could even put both of those rulesets in the same file if you like, >but > >> >I would keep them separate for clarity. > >> > > >> >Should do what you want. > >> > > >> > > >> > > >> >>The problem is I dont know how to use it, probobly simpel but I'm a >newbee > >> >>whith MS..... Please help some one.... > >> >> > >> >>I'm using RH 8, Postfix & MS 4.20 > >> >> > >> >>(The orig mail thred is from last summer, 25 Jun. Subject: Notify >Senders) > >> > > >> >-- > >> >Julian Field > >> >www.MailScanner.info > >> >MailScanner thanks transtec Computers for their support > >> > > >> >Registered Office: Roke Manor Research Ltd, Siemens House, Oldbury, > >>Bracknell, > >> >Berkshire. RG12 8FZ > >> > > >> >The information contained in this e-mail and any attachments is > >>confidential to Roke > >> >Manor Research Ltd and must not be passed to any third party without > >>permission. This > >> >communication is for information only and shall not create or change any > >>contractual > >> >relationship. > >> > > > > >-- > >Julian Field > >www.MailScanner.info > >Professional Support Services at www.MailScanner.biz > >MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From cparker at SWATGEAR.COM Fri Jun 13 18:10:34 2003 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:18:33 2006 Subject: Restart for change of rules Message-ID: <001BD19C96E6E64E8750D72C2EA0ECEE2B7C57@ati-ex-01.ati.local> Julian Field wrote: > > > And in particular is it necessary to restart MS to pick up > > > changes to the whitelist? > > > > Whitelist no because it checks it each time it processes a mail. > > But for configuration changes yes. > > > > Someone correct me if I'm wrong. > > With pleasure :-) > > MailScanner doesn't re-read any configuration files for every > mail message. Thanks. ;) Chris. From steve.douglas at SBIINCORPORATED.COM Fri Jun 13 18:22:29 2003 From: steve.douglas at SBIINCORPORATED.COM (Steve Douglas) Date: Thu Jan 12 21:18:33 2006 Subject: F-Prot and Mail Scanner Message-ID: <3963522F0E71474CB14C0FF54A6914F70111500F@omar.schtre.com> Cool. Thanks. Glad to hear it is running fine. SD :-) > -----Original Message----- > From: Damian Mendoza [mailto:damian@WORKGROUPSOLUTIONS.COM] > Sent: Thursday, June 12, 2003 8:44 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: F-Prot and Mail Scanner > > F-Prot file Server > > -----Original Message----- > From: Steve Douglas [mailto:steve.douglas@SBIINCORPORATED.COM] > Sent: Wednesday, June 11, 2003 11:56 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: F-Prot and Mail Scanner > > > Is your gateway configured with F-Prot "file server" or with F-Prot eMail > gateway version? > > Just curious? Thanks. > > > -----Original Message----- > > From: Damian Mendoza [mailto:damian@WORKGROUPSOLUTIONS.COM] > > Sent: Wednesday, June 11, 2003 8:16 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: F-Prot and Mail Scanner > > > > Hi, > > > > An update: End-User error as messages were not going thru MailScanner. > > MailScanner is working perfectly with F-Prot antivirus. > > > > Regards, > > > > Damian > > > > Workgroup Solutions > > 20532 El Toro Rd, Suite 107 > > Mission Viejo, CA 92692 > > 949 586-2200 > > Developers of SpamGate - Stop SPAM today at the Gateway! > > > > -----Original Message----- > > From: Damian Mendoza > > Sent: Monday, June 09, 2003 4:43 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: F-Prot and Mail Scanner > > > > > > Hi, > > > > I installed F-Prot and MailScanner on an SMTP gateway for a customer. My > > customer tells me that F-Prot is only blocking 10% of the viruses. They > > had 9 messages get passed the F-Prot/MailScanner gateway and 1 message > was > > stopped according to the maillog. > > > > Norton Antivirus on the Exchange server told us about the 9 messages. > > > > Any ideas? F-Prot is getting the updates based on the Maillog file. > > > > Thanks, > > > > Damian From mikea at MIKEA.ATH.CX Fri Jun 13 18:35:04 2003 From: mikea at MIKEA.ATH.CX (mikea) Date: Thu Jan 12 21:18:33 2006 Subject: possibly stupid question: saving copies of spam Message-ID: <20030613123504.A92971@mikea.ath.cx> I know that I can have MailScanner save copies of every mail, or of mail to/from selected people, using rules. I haven't found a way to save copies of mail which has been marked as spam (score > threshold). If there is a way to do this, I would be very grateful to be shown where I've overlooked it. My rationale: My employer uses Lotus Notes, which does not let me see the unmodified body of the spam, but only the "structured text" and (using the "document properties" pop-up) the first 3K or so of each part of each attachment. Since many spams have attachments longer than 3K, this means that I lose lots of useful data going the "document properties" route. The "structured text" doesn't preserve the headers all that well, and does really ugly things to the body. The foregoing being true, I need a way to save spam for examination. I would prefer to save it in mailbox format, given the choice, and hope against hope that this can be done. -- Mike Andrews mikea@mikea.ath.cx Tired old sysadmin since 1964 From brent at MIRABITO.COM Fri Jun 13 18:39:35 2003 From: brent at MIRABITO.COM (Brent Strignano) Date: Thu Jan 12 21:18:33 2006 Subject: MailScanner Restarting every 5 minutes Message-ID: <62E46E0C3CB8024C807447814E1B20A50176C5@granitemail.mirabito.com> Thanks Mike, I think that was it. Brent Strignano System Administrator Granite Capital Holdings -----Original Message----- From: Mike Zanker [mailto:mike@ZANKER.ORG] Sent: Friday, June 13, 2003 11:59 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MailScanner Restarting every 5 minutes On 13 June 2003 11:37 -0400 Brent Strignano wrote: > Last night I upgraded to 4.21-9 from 4.19 and ever since I get this in > my maillog every 5 minutes. > > Jun 13 11:16:13 gateway MailScanner[13605]: MailScanner child caught a > SIGHUP Jun 13 11:16:13 gateway MailScanner[13587]: MailScanner child > caught a SIGHUP Are you running mailscanner-mrtg? You can turn this option off in its configuration file. Mike. From mkipness at GENIANT.COM Fri Jun 13 18:57:53 2003 From: mkipness at GENIANT.COM (Max Kipness) Date: Thu Jan 12 21:18:33 2006 Subject: Reports for blacklisted emails Message-ID: <036A6BCC9FD10749AD3CE32255AF49A6017CF521@dalsxc01.geniant.net> Doing some testing I noticed that if I add an email to the blacklist rule, it does indeed work, but it it's removed silently besides logging in the mail logfile. Sender does not get a report and users get nothing. Is there anyway to change this behavior. Thanks, Max From ryan at MARINOCRANE.COM Fri Jun 13 19:34:01 2003 From: ryan at MARINOCRANE.COM (Ryan Pitt) Date: Thu Jan 12 21:18:33 2006 Subject: Announce: MailScanner-Console-0.1 References: <67D9E7698329D411936E00508B6590B902793C1A@neelix.lbsltd.co.uk> Message-ID: <3EEA1919.90202@marinocrane.com> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030613/bdea645c/attachment.html From tony.johansson at SVENSKAKYRKAN.SE Fri Jun 13 20:09:58 2003 From: tony.johansson at SVENSKAKYRKAN.SE (Tony Johansson) Date: Thu Jan 12 21:18:33 2006 Subject: Virusscanners as a rule set Message-ID: Hello, I was tinkering a little with rules regarding multiple domains. What I would like to achive is to use f-prot for one domain and rav for another. I tried pointing to a rule set but got the error "Value of virusscanners cannot be a ruleset, only a simple value" Any plans on implementing this as a feature? regards, Tony From mailscanner at ecs.soton.ac.uk Fri Jun 13 21:05:26 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:33 2006 Subject: possibly stupid question: saving copies of spam In-Reply-To: <20030613123504.A92971@mikea.ath.cx> Message-ID: <5.2.1.1.2.20030613210503.02699ea8@imap.ecs.soton.ac.uk> At 18:35 13/06/2003, you wrote: >I know that I can have MailScanner save copies of every mail, or of >mail to/from selected people, using rules. I haven't found a way to >save copies of mail which has been marked as spam (score > threshold). >If there is a way to do this, I would be very grateful to be shown >where I've overlooked it. Look at the "store" Spam Action. >My rationale: > >My employer uses Lotus Notes, which does not let me see the unmodified >body of the spam, but only the "structured text" and (using the >"document properties" pop-up) the first 3K or so of each part of each >attachment. Since many spams have attachments longer than 3K, this >means that I lose lots of useful data going the "document properties" >route. The "structured text" doesn't preserve the headers all that >well, and does really ugly things to the body. > >The foregoing being true, I need a way to save spam for examination. I >would prefer to save it in mailbox format, given the choice, and hope >against hope that this can be done. > >-- >Mike Andrews >mikea@mikea.ath.cx >Tired old sysadmin since 1964 -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Fri Jun 13 21:09:31 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:33 2006 Subject: Virusscanners as a rule set In-Reply-To: Message-ID: <5.2.1.1.2.20030613210707.024b7410@imap.ecs.soton.ac.uk> At 20:09 13/06/2003, you wrote: >Hello, > >I was tinkering a little with rules regarding multiple domains. What I >would like to achive is to use f-prot for one domain and rav for another. > >I tried pointing to a rule set but got the error "Value of virusscanners >cannot be a ruleset, only a simple value" > >Any plans on implementing this as a feature? No, afraid not. Messages are scanned in batches. Each message in each batch might cause a different virus scanner to be run. So you would have to apply one virus scanner to some messages, another to other messages, etc. Which is kinda hard :-( It breaks the whole "message batch" structure. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Fri Jun 13 21:06:35 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:33 2006 Subject: Reports for blacklisted emails In-Reply-To: <036A6BCC9FD10749AD3CE32255AF49A6017CF521@dalsxc01.geniant. net> Message-ID: <5.2.1.1.2.20030613210612.022ea020@imap.ecs.soton.ac.uk> At 18:57 13/06/2003, you wrote: >Doing some testing I noticed that if I add an email to the blacklist >rule, it does indeed work, but it it's removed silently besides logging >in the mail logfile. Sender does not get a report and users get nothing. >Is there anyway to change this behavior. Set other "Spam Actions". These get applied to blacklisted addresses. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mikea at MIKEA.ATH.CX Fri Jun 13 21:14:20 2003 From: mikea at MIKEA.ATH.CX (mikea) Date: Thu Jan 12 21:18:33 2006 Subject: possibly stupid question: saving copies of spam In-Reply-To: <5.2.1.1.2.20030613210503.02699ea8@imap.ecs.soton.ac.uk>; from mailscanner@ECS.SOTON.AC.UK on Fri, Jun 13, 2003 at 09:05:26PM +0100 References: <20030613123504.A92971@mikea.ath.cx> <5.2.1.1.2.20030613210503.02699ea8@imap.ecs.soton.ac.uk> Message-ID: <20030613151420.A93962@mikea.ath.cx> On Fri, Jun 13, 2003 at 09:05:26PM +0100, Julian Field wrote: > At 18:35 13/06/2003, you wrote: > >I know that I can have MailScanner save copies of every mail, or of > >mail to/from selected people, using rules. I haven't found a way to > >save copies of mail which has been marked as spam (score > threshold). > >If there is a way to do this, I would be very grateful to be shown > >where I've overlooked it. > > Look at the "store" Spam Action. I realize how unlikely it is that you will find yourself in the central United States. Nevertheless, you have earned yourself a steak dinner at The Cattlemens' Cafe, one of the ten or twelve best steakhouses on the North American continent. Should you find that you will be in the Oklahoma City area, please let me know in sufficient time to arrange things, and then please let me take you to dinner. Oh, and (again) _thanks_ for MailScanner! -- Mike Andrews mikea@mikea.ath.cx Tired old sysadmin since 1964 From raymond at PROLOCATION.NET Sat Jun 14 00:04:39 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:33 2006 Subject: MailScanner-mrtg-0.05 Is (finally) out! In-Reply-To: Message-ID: Hi! > > Most likely due to the [] around sendmail. > This is a bug that was fixed in kernel 2.4.21-rc2 > Fix the cause (kernel), not the consequence (mrtg-mailscanner). > :) Ohw well, once its stabil, and no rc stuff i will move it to my production boxes :) Thanks, Raymond. From mkipness at GENIANT.COM Sat Jun 14 01:49:24 2003 From: mkipness at GENIANT.COM (Max Kipness) Date: Thu Jan 12 21:18:33 2006 Subject: Announce: MailScanner-Console-0.1 Message-ID: <036A6BCC9FD10749AD3CE32255AF49A601709F9A@dalsxc01.geniant.net> Awesome looking product. Have you ever thought of creating a button next to each message that would allow you to send the message to the original recipient? I get this request all the time from my users and was thinking of creating my own web console to do this. For the time being I have all spam delivered to a mail account so I can forward to original user if necessary. Max -----Original Message----- From: Steve Freegard [mailto:steve.freegard@LBSLTD.CO.UK] Sent: Friday, June 13, 2003 9:11 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Announce: MailScanner-Console-0.1 Hi All, I've written a web based front-end to MailScanner using a modified &SQLLogging routine, PHP, MySQL and JpGraph. Current features: ** Recent messages - displays a highlighted view of the last 50 messages processed by MailScanner and allows you to drill-down for detailed information on each message. ** Reporting - allow you to create filtered HTML reports with graphs (using JpGraph). ** Tools - allows you to view the MailScanner.conf file and associated rules, displays Sophos information such as version/loaded IDE's This is the first time I've ever released any code - it's functional - but not pretty. It should work well for those people who hate trawling through /var/log/maillog and want a quick overview of what their mail gateway is doing, and is also good for when you have a Helpdesk manned by people you don't want logging into you mail gateway but still need access to view stuff (as in my case). It probably won't be any good for the people with high throughput of messages, as the customised SQLLogging routine logs to the database in real-time, so might slow your gateway down (although I'd be interested if someone could benchmark it). Also if anyone can come up with a better name - please do.... Further info, download and screenshots at http://www.smf.f2s.com/mailscanner/ Kind regards, Steve. -- Steve Freegard Systems Manager Littlehampton Book Services Ltd. Tel: +44 (0)1903 82 8594 Fax: +44 (0)1903 82 8620 -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete the message from your mailbox. This footnote also confirms that this email message has been swept by MailScanner (www.mailscanner.info) for the presence of computer viruses. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030613/4275d9dc/attachment.html From ap at HPI.COM Sat Jun 14 01:20:22 2003 From: ap at HPI.COM (Adam Polkosnik) Date: Thu Jan 12 21:18:33 2006 Subject: OT: Sendmail & Vacation Auto-Responder In-Reply-To: References: Message-ID: <3EEA6A46.1090506@hpi.com> There's something quite powerfull that your users can configure from a squirrel-mail (webmail client) plugin, if you have a cyrus-imapd with timsieved (server side sieve scripting) working properly... (hint: sendmail calls deliver with improper parameters causing bogus return-path being added on to headers) Nathan Johanson wrote: >Off topic, but was hoping I could pick the brains of some of you >Sendmail gurus... > >While I'm not particularly excited about it, a few of our clients want >to use vacation auto-responders for email. I did a little research and >discovered two different options: > >- Sendmail's vacation program >- Procmail recipe > >Question: Which option is the most secure and least obtrusive? I'm >leaning toward the Sendmail vacation program, but it doesn't look like >RedHat includes it in their Sendmail RPM distribution (oddly enough). It >is included in the Sendmail source, however. I also found a "port of the >386bsd vacation program" at http://sourceforge.net/projects/vacation/ (v >1.2.6.1), but don't know whether I should trust it as there's no md5sum >or similar integrity check. I wonder, would it work if I simply >downloaded the Sendmail source (corresponding to my version), compiled >just the vacation utility, and manually dropped it into /sbin? > >Or should I chuck the vacation idea, and go with the procmail method? Or >maybe there's some other way to accomplish this? > >Thanks in advance. > >Sincerely, > >Nathan Johanson >Email: nathan@tcpnetworks.net > > From rsiagian at prismasoftsolusi.com Sat Jun 14 09:59:14 2003 From: rsiagian at prismasoftsolusi.com (Rachmad Siagian) Date: Thu Jan 12 21:18:33 2006 Subject: Problem Starting MailScanner Message-ID: <000801c33253$451c9000$0100007f@enterprise> Hi, I have installed MailScanner 4.21.9 on Redhat 6.2 running Sendmail 8.9.3-20. When I try to start the service, error messages comes up: Starting MailScanner daemons: incoming sendmail: 554 readcf: unknown option name PidFile OK ] outgoing sendmail: readcf: unknown option name PidFile OK ] MailScanner: OK ] When I check the SMTP port, it turns out that it is not working. Any advice? Cheers, Rmad -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030614/4619b67d/attachment.html From peter at UCGBOOK.COM Sat Jun 14 10:16:30 2003 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:18:33 2006 Subject: Problem Starting MailScanner In-Reply-To: <000801c33253$451c9000$0100007f@enterprise> References: <000801c33253$451c9000$0100007f@enterprise> Message-ID: <1055582190.1985.6.camel@rocco.bonivart.home> I'm not sure but I assume MailScanner expects a newer version of Sendmail. Anyway, you should upgrade Sendmail for security reasons. /Peter Bonivart --Unix lovers do it in the Sun On Sat, 2003-06-14 at 10:59, Rachmad Siagian wrote: > Hi, > > I have installed MailScanner 4.21.9 on Redhat 6.2 running Sendmail > 8.9.3-20. When I try to start the service, error messages comes up: > > Starting MailScanner daemons: > incoming sendmail: 554 readcf: unknown option name PidFile > OK ] > outgoing sendmail: readcf: unknown option name PidFile > OK ] > MailScanner: OK ] > > When I check the SMTP port, it turns out that it is not working. > > Any advice? > > Cheers, > > Rmad From mailscanner at BARENDSE.TO Sat Jun 14 17:05:41 2003 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:18:33 2006 Subject: spam black/white lists case sensitive? Message-ID: I'm using MS 4.20-3 and noticed that some blacklisted mail is not being tagged / filtered. My spam blacklist is all in lowercase, whereas the sender's domain name uses uppercase letters as well. I have this in my blacklist file: From: @globalautoindustry.com yes The spammer is sending mail from @GlobalAutoIndustry.com Are these lists case sensitive? From mailscanner at ecs.soton.ac.uk Sat Jun 14 17:23:16 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:33 2006 Subject: spam black/white lists case sensitive? In-Reply-To: Message-ID: <5.2.1.1.2.20030614172259.0245ed70@imap.ecs.soton.ac.uk> What MTA are you using? At 17:05 14/06/2003, you wrote: >I'm using MS 4.20-3 and noticed that some blacklisted mail is not being >tagged / filtered. > >My spam blacklist is all in lowercase, whereas the sender's domain name >uses uppercase letters as well. > >I have this in my blacklist file: >From: @globalautoindustry.com yes > >The spammer is sending mail from @GlobalAutoIndustry.com > >Are these lists case sensitive? -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at BARENDSE.TO Sat Jun 14 17:29:36 2003 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:18:33 2006 Subject: spam black/white lists case sensitive? In-Reply-To: <5.2.1.1.2.20030614172259.0245ed70@imap.ecs.soton.ac.uk> Message-ID: RedHat's sendmail-8.12.8-5.80 that comes with RH8.0 On Sat, 14 Jun 2003, Julian Field wrote: > What MTA are you using? > > At 17:05 14/06/2003, you wrote: > >I'm using MS 4.20-3 and noticed that some blacklisted mail is not being > >tagged / filtered. > > > >My spam blacklist is all in lowercase, whereas the sender's domain name > >uses uppercase letters as well. > > > >I have this in my blacklist file: > >From: @globalautoindustry.com yes > > > >The spammer is sending mail from @GlobalAutoIndustry.com > > > >Are these lists case sensitive? > > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > From mailscanner at ecs.soton.ac.uk Sat Jun 14 17:41:34 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:33 2006 Subject: spam black/white lists case sensitive? In-Reply-To: References: <5.2.1.1.2.20030614172259.0245ed70@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030614173941.045be3f8@imap.ecs.soton.ac.uk> At 17:29 14/06/2003, you wrote: >RedHat's sendmail-8.12.8-5.80 that comes with RH8.0 > >On Sat, 14 Jun 2003, Julian Field wrote: > > > What MTA are you using? > > > > At 17:05 14/06/2003, you wrote: > > >I'm using MS 4.20-3 and noticed that some blacklisted mail is not being > > >tagged / filtered. > > > > > >My spam blacklist is all in lowercase, whereas the sender's domain name > > >uses uppercase letters as well. > > > > > >I have this in my blacklist file: > > >From: @globalautoindustry.com yes > > > > > >The spammer is sending mail from @GlobalAutoIndustry.com > > > > > >Are these lists case sensitive? Before it stores the sender address of the mail, it converts it to lower-case: $message->{from} = lc($from); -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From kevins at BMRB.CO.UK Sat Jun 14 17:47:07 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:33 2006 Subject: spam black/white lists case sensitive? In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB001175934@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB001175934@pascal.priv.bmrb.co.uk> Message-ID: <1055609231.13618.0.camel@bach.kevinspicer.co.uk> I have this in my blacklist file: From: @globalautoindustry.com yes I'm not sure if it matters but shouldn't that be *@globalautoindustry.com ??? BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From penguin at DHCP.NET Sat Jun 14 17:38:18 2003 From: penguin at DHCP.NET (penguin) Date: Thu Jan 12 21:18:33 2006 Subject: spam black/white lists case sensitive? In-Reply-To: Message-ID: <000001c33293$5f9334d0$0200a8c0@penguin> Hello Remco (penguin here :-)), I suggest upgrading to 8.12.9 ASAP, since there are a number of serious vulnerabilities associated with 8.12.8. Check your sendmail.mc file if you're using the case-sensitive feature of sendmail; this 'feature' was the cause of my problems once. --- A. Eijkhoudt > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Remco Barendse > Sent: Saturday, 14 June, 2003 18:30 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: spam black/white lists case sensitive? > > > RedHat's sendmail-8.12.8-5.80 that comes with RH8.0 > > On Sat, 14 Jun 2003, Julian Field wrote: > > > What MTA are you using? > > > > At 17:05 14/06/2003, you wrote: > > >I'm using MS 4.20-3 and noticed that some blacklisted mail > is not being > > >tagged / filtered. > > > > > >My spam blacklist is all in lowercase, whereas the > sender's domain name > > >uses uppercase letters as well. > > > > > >I have this in my blacklist file: > > >From: @globalautoindustry.com yes > > > > > >The spammer is sending mail from @GlobalAutoIndustry.com > > > > > >Are these lists case sensitive? > > > > -- > > Julian Field > > www.MailScanner.info > > Professional Support Services at www.MailScanner.biz > > MailScanner thanks transtec Computers for their support > > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gerry at DORFAM.CA Sat Jun 14 19:43:12 2003 From: gerry at DORFAM.CA (Gerry Doris) Date: Thu Jan 12 21:18:33 2006 Subject: Please-Top Posting or Bottom but NOT both! In-Reply-To: <5.2.1.1.2.20030614173941.045be3f8@imap.ecs.soton.ac.uk> Message-ID: On Sat, 14 Jun 2003, Julian Field wrote: > At 17:29 14/06/2003, you wrote: > >RedHat's sendmail-8.12.8-5.80 that comes with RH8.0 > > > >On Sat, 14 Jun 2003, Julian Field wrote: > > > > > What MTA are you using? > > > > > > At 17:05 14/06/2003, you wrote: > > > >I'm using MS 4.20-3 and noticed that some blacklisted mail is not being > > > >tagged / filtered. > > > > > > > >My spam blacklist is all in lowercase, whereas the sender's domain name > > > >uses uppercase letters as well. > > > > > > > >I have this in my blacklist file: > > > >From: @globalautoindustry.com yes > > > > > > > >The spammer is sending mail from @GlobalAutoIndustry.com > > > > > > > >Are these lists case sensitive? > > Before it stores the sender address of the mail, it converts it to lower-case: > $message->{from} = lc($from); > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support Boy, it sure would be nice if people consistently replied at the top of messages or the bottom (where posted replies should go!). I'm not overly hung up about this but when some messages are top posted and others in the same thread are bottom posted...well, it sure makes it difficult to read!!! -- Gerry "The lyfe so short, the craft so long to learne" Chaucer From michele at BLACKNIGHTSOLUTIONS.COM Sat Jun 14 19:47:11 2003 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: BlacknightSolutions) Date: Thu Jan 12 21:18:33 2006 Subject: Please-Top Posting or Bottom but NOT both! In-Reply-To: Message-ID: <200306141847.h5EIl4L11105@camelot.blacknightsolutions.com> I think it depends on your email client. I'd prefer to bottom post, but I haven't managed to persuade outlook to comply, whereas Squirrel is more than happy to do it :-( Mr. Michele Neylon Blacknight Solutions http://www.blacknightsolutions.com/ Spam & Virus scanning available > > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Gerry Doris > Sent: 14 June 2003 20:43 > To: MAILSCANNER@JISCMAIL.AC.UK > > On Sat, 14 Jun 2003, Julian Field wrote: > > > At 17:29 14/06/2003, you wrote: > > >RedHat's sendmail-8.12.8-5.80 that comes with RH8.0 > > > > > >On Sat, 14 Jun 2003, Julian Field wrote: > > > > > > > What MTA are you using? > > > > > > > > At 17:05 14/06/2003, you wrote: > > > > >I'm using MS 4.20-3 and noticed that some blacklisted > mail is not > > > > >being tagged / filtered. > > > > > > > > > >My spam blacklist is all in lowercase, whereas the sender's > > > > >domain name uses uppercase letters as well. > > > > > > > > > >I have this in my blacklist file: > > > > >From: @globalautoindustry.com yes > > > > > > > > > >The spammer is sending mail from @GlobalAutoIndustry.com > > > > > > > > > >Are these lists case sensitive? > > > > Before it stores the sender address of the mail, it > converts it to lower-case: > > $message->{from} = lc($from); > > -- > > Julian Field > > www.MailScanner.info > > Professional Support Services at www.MailScanner.biz MailScanner > > thanks transtec Computers for their support > > Boy, it sure would be nice if people consistently replied at > the top of messages or the bottom (where posted replies should go!). > > I'm not overly hung up about this but when some messages are > top posted and others in the same thread are bottom > posted...well, it sure makes it difficult to read!!! > > -- > Gerry > > "The lyfe so short, the craft so long to learne" Chaucer > ######################################################### This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance to it is prohibited. From steve.freegard at LBSLTD.CO.UK Sat Jun 14 21:54:29 2003 From: steve.freegard at LBSLTD.CO.UK (Steve Freegard) Date: Thu Jan 12 21:18:33 2006 Subject: Announce: MailScanner-Console-0.1 Message-ID: <67D9E7698329D411936E00508B6590B902773941@neelix.lbsltd.co.uk> Hi Ryan, >> Suggested Name: MailWatch for MailScanner I knew someone would be able to come up with a better name! - thanks for this, it will be known as 'MailWatch for MailScanner' from the next version onward. >> I have installed this app and it looks very impressive. Thanks ;-)) >> Are we going to use this list for "debugging" this application... As long as Julian and others don't mind?? - if not then feel free to email me direct to either this address or the address at the top of each source file. Responses to your points: 1) The jpgraph directory and index.php files are symbolic links to jpgraph-1.12.1 and status.php respectivly - maybe your version of tar didn't preserve them? - did you extract then using 'tar -zxvf'? 2) The sophos status screen just runs Julian's sophos-wrapper script and pipes the output to an awk script which htmlizes the output - have a look in sophos_status.php - you may need to alter the paths depending on your setup. I'll come up with a better method in the next release. 3) Not sure on this one - can you be more specific? If you can mail me the file 'images/cache/top_receipient_by_volume.png' so I can see it would be even more helpful. 4) I forgot to mention in the INSTALL docs that you need to make sure that 'Detailed Spam Report = yes' is set in MailScanner.conf otherwise the matching rules don't get written to the database. You can also (optionally) set 'Include Scores in SpamAssassin Report = yes'. There are also a couple of other things I've noticed myself since posting the release: - I didn't mention in the documentation that to get the detailed description of the matching SA rules in the Message Detail screen you need to run 'Update SpamAssassin Rule Descriptions' from the 'Other' menu. - There was a typo in reports.php for 'Total Mail by Date', you'll need to correct the link to get this to work. >> Thanks for taking the time to put this together for us all. No problem - thank you for the kind words and the recommendation :-) Kind regards, Steve -- Steve Freegard Systems Manager Littlehampton Book Services Ltd. -----Original Message----- From: Ryan Pitt To: MAILSCANNER@JISCMAIL.AC.UK Sent: 13/06/03 19:34 Subject: Re: Announce: MailScanner-Console-0.1 Suggested Name: MailWatch for MailScanner but thats just off the top of my head. I have installed this app and it looks very impressive. It is obviously early days yet as there are a few bugs that we have found. Are we going to use this list for "debugging" this application or do you have something else in mind. Here are a few: 1. The jpgraph-1.12.1 folder needs to be renamed in the distribution to just jpgraph as a few reports are looking for this folder. 2. Sophos status doesnt seem to come up with anything at all for me. Maybe I am missing something here. 3. Top Recipients by Volume report seems to have something funky going on with the graph. 4. SpamAssassin Rule Hits also doesnt seem to be returning any values for me. Thats about all for now. Thanks for taking the time to put this together for us all. I recommend this application to those that are interested in seeing the output from MailScanner etc in a graphical form. Very useful information. Regards Ryan Pitt Steve Freegard wrote: Hi All, I've written a web based front-end to MailScanner using a modified &SQLLogging routine, PHP, MySQL and JpGraph. Current features: ** Recent messages - displays a highlighted view of the last 50 messages processed by MailScanner and allows you to drill-down for detailed information on each message. ** Reporting - allow you to create filtered HTML reports with graphs (using JpGraph). ** Tools - allows you to view the MailScanner.conf file and associated rules, displays Sophos information such as version/loaded IDE's This is the first time I've ever released any code - it's functional - but not pretty. It should work well for those people who hate trawling through /var/log/maillog and want a quick overview of what their mail gateway is doing, and is also good for when you have a Helpdesk manned by people you don't want logging into you mail gateway but still need access to view stuff (as in my case). It probably won't be any good for the people with high throughput of messages, as the customised SQLLogging routine logs to the database in real-time, so might slow your gateway down (although I'd be interested if someone could benchmark it). Also if anyone can come up with a better name - please do.... Further info, download and screenshots at http://www.smf.f2s.com/mailscanner/ Kind regards, Steve. -- Steve Freegard Systems Manager Littlehampton Book Services Ltd. Tel: +44 (0)1903 82 8594 Fax: +44 (0)1903 82 8620 --- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete the message from your mailbox. This footnote also confirms that this email message has been swept by MailScanner (www.mailscanner.info) for the presence of computer viruses. From steve.freegard at LBSLTD.CO.UK Sat Jun 14 22:07:50 2003 From: steve.freegard at LBSLTD.CO.UK (Steve Freegard) Date: Thu Jan 12 21:18:33 2006 Subject: Announce: MailScanner-Console-0.1 Message-ID: <67D9E7698329D411936E00508B6590B902773942@neelix.lbsltd.co.uk> Hi Max, >> Awesome looking product. Thanks! >> Have you ever thought of creating a button next to each message that would allow you to send the message to the original recipient? I 'tag' the messages with the '{Spam?}' text prepended to the subject so my users can filter the messages using a rule in Outlook to move the message to their own 'Spam' folder, so I hadn't thought of doing this myself. I'll have a look at doing this for you as I think it would be a useful feature being able to re-send all types of quarantined files (spam, blocked files etc.). Kind regards, Steve. -- Steve Freegard Systems Manager Littlehampton Book Services Ltd. -----Original Message----- From: Max Kipness To: MAILSCANNER@JISCMAIL.AC.UK Sent: 14/06/03 01:49 Subject: Re: Announce: MailScanner-Console-0.1 Awesome looking product. Have you ever thought of creating a button next to each message that would allow you to send the message to the original recipient? I get this request all the time from my users and was thinking of creating my own web console to do this. For the time being I have all spam delivered to a mail account so I can forward to original user if necessary. Max -----Original Message----- From: Steve Freegard [mailto:steve.freegard@LBSLTD.CO.UK] Sent: Friday, June 13, 2003 9:11 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Announce: MailScanner-Console-0.1 Hi All, I've written a web based front-end to MailScanner using a modified &SQLLogging routine, PHP, MySQL and JpGraph. Current features: ** Recent messages - displays a highlighted view of the last 50 messages processed by MailScanner and allows you to drill-down for detailed information on each message. ** Reporting - allow you to create filtered HTML reports with graphs (using JpGraph). ** Tools - allows you to view the MailScanner.conf file and associated rules, displays Sophos information such as version/loaded IDE's This is the first time I've ever released any code - it's functional - but not pretty. It should work well for those people who hate trawling through /var/log/maillog and want a quick overview of what their mail gateway is doing, and is also good for when you have a Helpdesk manned by people you don't want logging into you mail gateway but still need access to view stuff (as in my case). It probably won't be any good for the people with high throughput of messages, as the customised SQLLogging routine logs to the database in real-time, so might slow your gateway down (although I'd be interested if someone could benchmark it). Also if anyone can come up with a better name - please do.... Further info, download and screenshots at http://www.smf.f2s.com/mailscanner/ Kind regards, Steve. -- Steve Freegard Systems Manager Littlehampton Book Services Ltd. Tel: +44 (0)1903 82 8594 Fax: +44 (0)1903 82 8620 -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete the message from your mailbox. This footnote also confirms that this email message has been swept by MailScanner (www.mailscanner.info) for the presence of computer viruses. -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete the message from your mailbox. This footnote also confirms that this email message has been swept by MailScanner (www.mailscanner.info) for the presence of computer viruses. From mailscanner at CARLO65.DE Sun Jun 15 10:15:49 2003 From: mailscanner at CARLO65.DE (Roland Ehle) Date: Thu Jan 12 21:18:33 2006 Subject: Starting problems on SuSE 8.1 Message-ID: <3EEC3945.3010100@carlo65.de> Hi, since I migrated from SuSE 7.3 to SuSE 8.1 I have problems with starting MailScanner. I start MailScanner 4.21-9 with "rcMailScanner start" and I get "failed" on standard out, but MailScanner seems to be working fine. Same is, when MailScanner is started at boot. Any ideas. Thanks and regards, Roland From mailscanner at ecs.soton.ac.uk Sun Jun 15 15:18:10 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:33 2006 Subject: Starting problems on SuSE 8.1 In-Reply-To: <3EEC3945.3010100@carlo65.de> Message-ID: <5.2.1.1.2.20030615151714.02521dd8@imap.ecs.soton.ac.uk> Have you disabled sendmail since your upgrade? I'll test it under SuSE 8.2 some time soon too, a nice guy at work bought me a copy :-) At 10:15 15/06/2003, you wrote: >Hi, > >since I migrated from SuSE 7.3 to SuSE 8.1 I have problems with starting >MailScanner. > >I start MailScanner 4.21-9 with "rcMailScanner start" and I get "failed" >on standard out, but MailScanner seems to be working fine. Same is, when >MailScanner is started at boot. > >Any ideas. > >Thanks and regards, > >Roland -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mikew at CRUCIS.NET Sun Jun 15 17:18:15 2003 From: mikew at CRUCIS.NET (Mike Watson) Date: Thu Jan 12 21:18:34 2006 Subject: Puzzling maillog entries Message-ID: <200306151118.16035.mikew@crucis.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've been searching the archives and haven't yet found this. I upgraded to 4.21-9 a week or so ago. I'm usgin RH8.0 with sendmail 8.12.8 and spamassassin 2.44. All "appears" to be working well other than two things. The cpu load level is running at 70% on the average and that is 25-30% higher that last week prior to the upgrade. In additional, I'm seeing this entry repeated in maillog: Jun 15 10:05:36 cameron MailScanner[21518]: Using locktype = flock Jun 15 10:05:40 cameron sendmail[21470]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon MTA: cannot bind: Address already in use Jun 15 10:05:40 cameron sendmail[21470]: daemon MTA: problem creating SMTP socket Jun 15 10:05:43 cameron MailScanner[21519]: MailScanner E-Mail Virus Scanner version 4.21-9 starting... Jun 15 10:05:45 cameron sendmail[21470]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon MTA: cannot bind: Address already in use Jun 15 10:05:45 cameron sendmail[21470]: daemon MTA: problem creating SMTP socket . . until this occurs... . Jun 15 10:05:46 cameron MailScanner[21519]: Using locktype = flock Jun 15 10:05:50 cameron sendmail[21470]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon MTA: cannot bind: Address already in use Jun 15 10:05:50 cameron sendmail[21470]: daemon MTA: problem creating SMTP socket Jun 15 10:05:50 cameron sendmail[21470]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon MTA: server SMTP socket wedged: exiting Is MailScanner/sendmail working properly? Mike W - -- Registered Linux - 256979 NRA Life ARS: W0TMW -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD4DBQE+7JxH5fq6h2uDDlQRAhXUAJY7Ycr9a2uzgNOFswg08xHUEPQ8AJ48Jiut d2HYKaOCv1obUacCZosUOQ== =Cjv5 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by F-Prot and MailScanner, and is believed to be clean. From mailscanner at CARLO65.DE Sun Jun 15 17:26:16 2003 From: mailscanner at CARLO65.DE (Roland Ehle) Date: Thu Jan 12 21:18:34 2006 Subject: Starting problems on SuSE 8.1 In-Reply-To: <5.2.1.1.2.20030615151714.02521dd8@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030615151714.02521dd8@imap.ecs.soton.ac.uk> Message-ID: <3EEC9E28.2050701@carlo65.de> Hi Julian, Julian Field schrieb: > Have you disabled sendmail since your upgrade? Yes I did and I have the same thing on three machines, one of which was completely new installed. The thing is, it is working, just the word "failed" on startup is a little bit confusing. Regards, Roland From mailscanner at ecs.soton.ac.uk Sun Jun 15 17:35:56 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:34 2006 Subject: Puzzling maillog entries In-Reply-To: <200306151118.16035.mikew@crucis.net> Message-ID: <5.2.1.1.2.20030615173347.0271c218@imap.ecs.soton.ac.uk> You have 2 sendmail processes competing to provide SMTP service. Make sure the original sendmail startup script is disable: chkconfig sendmail off Then stop and start MailScanner: service MailScanner stop #Give it a few seconds to shut down gracefully ps ax #Check that there weren't any MailScanner or sendmail processes left behind service MailScanner start At 17:18 15/06/2003, you wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >I've been searching the archives and haven't yet found this. > >I upgraded to 4.21-9 a week or so ago. I'm usgin RH8.0 with sendmail >8.12.8 and spamassassin 2.44. > >All "appears" to be working well other than two things. The cpu load >level is running at 70% on the average and that is 25-30% higher that >last week prior to the upgrade. In additional, I'm seeing this entry >repeated in maillog: > >Jun 15 10:05:36 cameron MailScanner[21518]: Using locktype = flock > >Jun 15 10:05:40 cameron sendmail[21470]: NOQUEUE: SYSERR(root): >opendaemonsocket: daemon MTA: cannot bind: Address already in use > >Jun 15 10:05:40 cameron sendmail[21470]: daemon MTA: problem creating >SMTP socket > >Jun 15 10:05:43 cameron MailScanner[21519]: MailScanner E-Mail Virus >Scanner version 4.21-9 starting... > >Jun 15 10:05:45 cameron sendmail[21470]: NOQUEUE: SYSERR(root): >opendaemonsocket: daemon MTA: cannot bind: Address already in use >Jun 15 10:05:45 cameron sendmail[21470]: daemon MTA: problem creating >SMTP socket >. >. >until this occurs... >. >Jun 15 10:05:46 cameron MailScanner[21519]: Using locktype = flock > >Jun 15 10:05:50 cameron sendmail[21470]: NOQUEUE: SYSERR(root): >opendaemonsocket: daemon MTA: cannot bind: Address already in use > >Jun 15 10:05:50 cameron sendmail[21470]: daemon MTA: problem creating >SMTP socket > >Jun 15 10:05:50 cameron sendmail[21470]: NOQUEUE: SYSERR(root): >opendaemonsocket: daemon MTA: server SMTP socket wedged: exiting > >Is MailScanner/sendmail working properly? > >Mike W > >- -- >Registered Linux - 256979 >NRA Life >ARS: W0TMW > > > > > > > > >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.0.7 (GNU/Linux) > >iD4DBQE+7JxH5fq6h2uDDlQRAhXUAJY7Ycr9a2uzgNOFswg08xHUEPQ8AJ48Jiut >d2HYKaOCv1obUacCZosUOQ== >=Cjv5 >-----END PGP SIGNATURE----- > > >-- >This message has been scanned for viruses and >dangerous content by F-Prot and MailScanner, >and is believed to be clean. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From raymond at PROLOCATION.NET Sun Jun 15 21:49:42 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:34 2006 Subject: SA temp dir ... In-Reply-To: <67D9E7698329D411936E00508B6590B902773941@neelix.lbsltd.co.uk> Message-ID: Hi! I noticed that SpamAssassin was using the normal tmp dir on my system to do its actions. Cant that be altered ? I am using tmpfs for my /var/spool/MailScanner/incoming and it would be nice it SA also could work there, would speed things up i think.... less disk i/o. Any way to do that Julian ? Perhaps a new switch in the SA config part ? Bye, Raymond. From greyhair at GREYHAIR.NET Sun Jun 15 21:46:46 2003 From: greyhair at GREYHAIR.NET (Greyhair) Date: Thu Jan 12 21:18:34 2006 Subject: sendmail -Ac option Message-ID: <008901c3337f$4141cb80$6645a8c0@laptop> I'm using Redhat 7.3 (8.11.6-25.73) & 9.0 (8.12.8-5.90) (all Redhat rpm) and all works great if I remove the -Ac option. (other wise sendmail fails to load saying unknown -A) What is (or was) the -Ac option? Why was it needed and is there a replacement option? I haven't found any information on this other than "don't use -Ac" ... thanks From gavin at NETERGY.COM Sun Jun 15 22:31:13 2003 From: gavin at NETERGY.COM (Gavin Nelmes-Crocker) Date: Thu Jan 12 21:18:34 2006 Subject: Announce: MailScanner-Console-0.1 In-Reply-To: <67D9E7698329D411936E00508B6590B902793C1A@neelix.lbsltd.co.uk> Message-ID: hey just had a quick look and this looks AWESOME - does or will it allow you to edit the mailscanner.conf file -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Steve Freegard Sent: 13 June 2003 15:11 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Announce: MailScanner-Console-0.1 Hi All, I've written a web based front-end to MailScanner using a modified &SQLLogging routine, PHP, MySQL and JpGraph. Current features: ** Recent messages - displays a highlighted view of the last 50 messages processed by MailScanner and allows you to drill-down for detailed information on each message. ** Reporting - allow you to create filtered HTML reports with graphs (using JpGraph). ** Tools - allows you to view the MailScanner.conf file and associated rules, displays Sophos information such as version/loaded IDE's This is the first time I've ever released any code - it's functional - but not pretty. It should work well for those people who hate trawling through /var/log/maillog and want a quick overview of what their mail gateway is doing, and is also good for when you have a Helpdesk manned by people you don't want logging into you mail gateway but still need access to view stuff (as in my case). It probably won't be any good for the people with high throughput of messages, as the customised SQLLogging routine logs to the database in real-time, so might slow your gateway down (although I'd be interested if someone could benchmark it). Also if anyone can come up with a better name - please do.... Further info, download and screenshots at http://www.smf.f2s.com/mailscanner/ Kind regards, Steve. -- Steve Freegard Systems Manager Littlehampton Book Services Ltd. Tel: +44 (0)1903 82 8594 Fax: +44 (0)1903 82 8620 -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete the message from your mailbox. This footnote also confirms that this email message has been swept by MailScanner (www.mailscanner.info) for the presence of computer viruses. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030615/32a2bae0/attachment.html From greyhair at GREYHAIR.NET Sun Jun 15 22:58:17 2003 From: greyhair at GREYHAIR.NET (Greyhair) Date: Thu Jan 12 21:18:34 2006 Subject: SA temp dir ... References: Message-ID: <009f01c33389$3dfdb880$6645a8c0@laptop> you could edit the configure file in the spamassassin source from the 2.55 source: # Create a (secure) tmp directory for tmp files. : ${TMPDIR=/tmp} { tmp=`(umask 077 && mktemp -d -q "$TMPDIR/csXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" you could change the TMPDIR line to the directory you want. Make sure your permissions are 100% correct!! Then recompile. Is it worth it? ----- Original Message ----- From: "Raymond Dijkxhoorn" To: Sent: Sunday, June 15, 2003 3:49 PM Subject: SA temp dir ... > Hi! > > I noticed that SpamAssassin was using the normal tmp dir on my system to > do its actions. Cant that be altered ? I am using tmpfs for my > /var/spool/MailScanner/incoming and it would be nice it SA also could work > there, would speed things up i think.... less disk i/o. > > Any way to do that Julian ? Perhaps a new switch in the SA config part ? > > Bye, > Raymond. > From raymond at PROLOCATION.NET Sun Jun 15 23:12:13 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:34 2006 Subject: SA temp dir ... In-Reply-To: <009f01c33389$3dfdb880$6645a8c0@laptop> Message-ID: Hi! > you could edit the configure file in the spamassassin source > from the 2.55 source: > > # Create a (secure) tmp directory for tmp files. > : ${TMPDIR=/tmp} > { > tmp=`(umask 077 && mktemp -d -q "$TMPDIR/csXXXXXX") 2>/dev/null` && > test -n "$tmp" && test -d "$tmp" But would be better if it was possible on commandline also. > you could change the TMPDIR line to the directory you want. Make sure your > permissions are 100% correct!! Then recompile. Is it worth it? I think it is, it will save io. Bye, Raymond. From mikew at CRUCIS.NET Sun Jun 15 23:55:56 2003 From: mikew at CRUCIS.NET (Mike Watson) Date: Thu Jan 12 21:18:34 2006 Subject: Puzzling maillog entries In-Reply-To: <5.2.1.1.2.20030615173347.0271c218@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030615173347.0271c218@imap.ecs.soton.ac.uk> Message-ID: <200306151755.56974.mikew@crucis.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thanks. That appears to have taken care it. Any idea why this only appeared after upgrading from 4.12 to 4.21? Mike W On Sunday 15 June 2003 11:35 am, you wrote: > You have 2 sendmail processes competing to provide SMTP service. > Make sure the original sendmail startup script is disable: > chkconfig sendmail off > Then stop and start MailScanner: > service MailScanner stop > #Give it a few seconds to shut down gracefully > ps ax > #Check that there weren't any MailScanner or sendmail > processes left behind > service MailScanner start > > At 17:18 15/06/2003, you wrote: > >-----BEGIN PGP SIGNED MESSAGE----- > >Hash: SHA1 > > > >I've been searching the archives and haven't yet found this. > > > >I upgraded to 4.21-9 a week or so ago. I'm usgin RH8.0 with sendmail > >8.12.8 and spamassassin 2.44. > > > >All "appears" to be working well other than two things. The cpu > > load level is running at 70% on the average and that is 25-30% > > higher that last week prior to the upgrade. In additional, I'm > > seeing this entry repeated in maillog: > > > >Jun 15 10:05:36 cameron MailScanner[21518]: Using locktype = flock > > > >Jun 15 10:05:40 cameron sendmail[21470]: NOQUEUE: SYSERR(root): > >opendaemonsocket: daemon MTA: cannot bind: Address already in use > > > >Jun 15 10:05:40 cameron sendmail[21470]: daemon MTA: problem > > creating SMTP socket > > > >Jun 15 10:05:43 cameron MailScanner[21519]: MailScanner E-Mail Virus > >Scanner version 4.21-9 starting... > > > >Jun 15 10:05:45 cameron sendmail[21470]: NOQUEUE: SYSERR(root): > >opendaemonsocket: daemon MTA: cannot bind: Address already in use > >Jun 15 10:05:45 cameron sendmail[21470]: daemon MTA: problem > > creating SMTP socket > >. > >. > >until this occurs... > >. > >Jun 15 10:05:46 cameron MailScanner[21519]: Using locktype = flock > > > >Jun 15 10:05:50 cameron sendmail[21470]: NOQUEUE: SYSERR(root): > >opendaemonsocket: daemon MTA: cannot bind: Address already in use > > > >Jun 15 10:05:50 cameron sendmail[21470]: daemon MTA: problem > > creating SMTP socket > > > >Jun 15 10:05:50 cameron sendmail[21470]: NOQUEUE: SYSERR(root): > >opendaemonsocket: daemon MTA: server SMTP socket wedged: exiting > > > >Is MailScanner/sendmail working properly? > > > >Mike W > > > >- -- > >Registered Linux - 256979 > >NRA Life > >ARS: W0TMW > > > > > > > > > > > > > > > > > >-----BEGIN PGP SIGNATURE----- > >Version: GnuPG v1.0.7 (GNU/Linux) > > > >iD4DBQE+7JxH5fq6h2uDDlQRAhXUAJY7Ycr9a2uzgNOFswg08xHUEPQ8AJ48Jiut > >d2HYKaOCv1obUacCZosUOQ== > >=Cjv5 > >-----END PGP SIGNATURE----- > > > > > >-- > >This message has been scanned for viruses and > >dangerous content by F-Prot and MailScanner, > >and is believed to be clean. - -- Registered Linux - 256979 NRA Life ARS: W0TMW -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+7Pl85fq6h2uDDlQRAmjXAJ4vtgy9gIe1oiuY2MegwRM/+ZDQrgCfUWwH nVLSTD5Z8EVa19L8Jl9B5FI= =DZsZ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by F-Prot and MailScanner, and is believed to be clean. From greyhair at GREYHAIR.NET Mon Jun 16 03:31:50 2003 From: greyhair at GREYHAIR.NET (Greyhair) Date: Thu Jan 12 21:18:34 2006 Subject: SA temp dir ... References: Message-ID: <000f01c333af$74b5f100$6645a8c0@laptop> Hi. You should bring this up with the spamassassin guys. I think it would be a smart move on their end. If you or someone is good with perl you could create a configuration variable for the tmp directory, I guess that the spamassassin guys would incorporate the changes faster if it were given to them. ----- Original Message ----- From: "Raymond Dijkxhoorn" To: Sent: Sunday, June 15, 2003 5:12 PM Subject: Re: SA temp dir ... > Hi! > > > you could edit the configure file in the spamassassin source > > from the 2.55 source: > > > > # Create a (secure) tmp directory for tmp files. > > : ${TMPDIR=/tmp} > > { > > tmp=`(umask 077 && mktemp -d -q "$TMPDIR/csXXXXXX") 2>/dev/null` && > > test -n "$tmp" && test -d "$tmp" > > But would be better if it was possible on commandline also. > > > you could change the TMPDIR line to the directory you want. Make sure your > > permissions are 100% correct!! Then recompile. Is it worth it? > > I think it is, it will save io. > > Bye, > Raymond. > From kfliong at WOFS.COM Mon Jun 16 04:20:03 2003 From: kfliong at WOFS.COM (kfliong) Date: Thu Jan 12 21:18:34 2006 Subject: MailScanner Restarting every 5 minutes In-Reply-To: <62E46E0C3CB8024C807447814E1B20A501CC9B@granitemail.mirabit o.com> Message-ID: <5.2.1.1.0.20030616111740.02533498@192.168.10.2> Most of the spams are being sent using a bogus email account. So, if you set your mailscanner to bounce spams, then you will get this problem. Tons of errors from your sendmail saying that the email address does not exist. Try setting mailscanner to ignore spams instead. At 11:37 AM 6/13/2003 -0400, you wrote: >Last night I upgraded to 4.21-9 from 4.19 and ever since I get this in my >maillog every 5 minutes. > >Jun 13 11:16:13 gateway MailScanner[13605]: MailScanner child caught a SIGHUP >Jun 13 11:16:13 gateway MailScanner[13587]: MailScanner child caught a SIGHUP > >The everything restarts. I'm not losing mail but every 5 minutes sendmail >is trying to send the 600 spam bounces that are in the out queue. > >In MailScanner.conf is > >Child Processes = 2 >Restart Every = 14400 > >That should be every 4 hours? > >Any ideas? > >Thanks > >Brent Strignano >System Administrator >Granite Capital Holdings >Sidney, NY USA > From kfliong at WOFS.COM Mon Jun 16 04:40:06 2003 From: kfliong at WOFS.COM (kfliong) Date: Thu Jan 12 21:18:34 2006 Subject: anyone getting this? In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0EBF650@pascal.priv.bmrb.co .uk> Message-ID: <5.2.1.1.0.20030616113918.025371c8@192.168.10.2> Nope... adding this line ^TTUAdv\(doc\)\.exe$ doesn't work. Anyone? At 11:12 AM 6/13/2003 +0100, you wrote: > > I need to allow this file - > > TTIAdv(doc).exe to go through because it is not a virus. > > > > I have tried adding this line : > > > > allow TTIAdv(doc).exe$ - - > > > > into the beginning of the list. Of course I have checked to make sure > > there's tabs instead of spaces. How come it doesn't work? I > > still get those > > files filtered as {virus?}. > >Its a perl regular expression IIRC. I think you need >^TTUAdv\(doc\)\.exe$ but some perl RE guru may know better. see man >perlre for more details. > > > >BMRB International >http://www.bmrb.co.uk >+44 (0)20 8566 5000 >_________________________________________________________________ >This message (and any attachment) is intended only for the >recipient and may contain confidential and/or privileged >material. If you have received this in error, please contact the >sender and delete this message immediately. Disclosure, copying >or other action taken in respect of this email or in >reliance on it is prohibited. BMRB International Limited >accepts no liability in relation to any personal emails, or >content of any email which does not directly relate to our >business. From Kevin.Spicer at BMRB.CO.UK Mon Jun 16 08:17:44 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:18:34 2006 Subject: anyone getting this? Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0EBF652@pascal.priv.bmrb.co.uk> Sorry there was a typo in there, should have been ^TTIAdv\(doc\)\.exe$ > -----Original Message----- > From: kfliong [mailto:kfliong@WOFS.COM] > Sent: 16 June 2003 04:40 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: anyone getting this? > > > Nope... adding this line > > ^TTUAdv\(doc\)\.exe$ > > doesn't work. > > Anyone? > > At 11:12 AM 6/13/2003 +0100, you wrote: > > > I need to allow this file - > > > TTIAdv(doc).exe to go through because it is not a virus. > > > > > > I have tried adding this line : > > > > > > allow TTIAdv(doc).exe$ - - > > > > > > into the beginning of the list. Of course I have checked > to make sure > > > there's tabs instead of spaces. How come it doesn't work? I > > > still get those > > > files filtered as {virus?}. > > > >Its a perl regular expression IIRC. I think you need > >^TTUAdv\(doc\)\.exe$ but some perl RE guru may know better. see man > >perlre for more details. > > > > > > > >BMRB International > >http://www.bmrb.co.uk > >+44 (0)20 8566 5000 > >_________________________________________________________________ > >This message (and any attachment) is intended only for the > >recipient and may contain confidential and/or privileged > >material. If you have received this in error, please contact the > >sender and delete this message immediately. Disclosure, copying > >or other action taken in respect of this email or in > >reliance on it is prohibited. BMRB International Limited > >accepts no liability in relation to any personal emails, or > >content of any email which does not directly relate to our > >business. > BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From raymond at PROLOCATION.NET Mon Jun 16 08:50:36 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:34 2006 Subject: SA temp dir ... In-Reply-To: <000f01c333af$74b5f100$6645a8c0@laptop> Message-ID: Hi! > You should bring this up with the spamassassin guys. I think it would be a > move on their end. If you or someone is good with perl you could create a > configuration variable for the tmp directory, I guess that the spamassassin > incorporate the changes faster if it were given to them. If i was a perl hero i would, but i am not :) Bye, Raymond. From john at TRADOC.FR Mon Jun 16 08:58:40 2003 From: john at TRADOC.FR (John Wilcock) Date: Thu Jan 12 21:18:34 2006 Subject: Please-Top Posting or Bottom but NOT both! In-Reply-To: <200306141847.h5EIl4L11105@camelot.blacknightsolutions.com> References: <200306141847.h5EIl4L11105@camelot.blacknightsolutions.com> Message-ID: <73uqevco6n5a6c2k6vs5ph5v80d7m36qt3@tradoc.fr> On Sat, 14 Jun 2003 20:47:11 +0200, Michele Neylon :: BlacknightSolutions wrote: > I'd prefer to bottom post, but I haven't managed to persuade outlook to > comply Try http://jump.to/outlook-quotefix Or just manual editing of the composed message :-) John. -- -- Over 2000 webcams from ski resorts around the world - http://www.snoweye.com/ -- Translate your technical documents and web pages - http://www.tradoc.fr/ From steve.freegard at LBSLTD.CO.UK Mon Jun 16 09:12:00 2003 From: steve.freegard at LBSLTD.CO.UK (Steve Freegard) Date: Thu Jan 12 21:18:34 2006 Subject: Announce: MailScanner-Console-0.1 Message-ID: <67D9E7698329D411936E00508B6590B902793C29@neelix.lbsltd.co.uk> Hi Gavin, Thanks for the kind words. Unfortunatly you can't edit MailScanner.conf with it at present, only view the entries - but I will add your request to the wishlist and try to implement this in a future version. Kind regards, Steve. -- Steve Freegard Systems Manager Littlehampton Book Services Ltd. _____ From: Gavin Nelmes-Crocker [mailto:gavin@NETERGY.COM] Sent: 15 June 2003 22:31 To: MAILSCANNER@JISCMAIL.AC.UK hey just had a quick look and this looks AWESOME - does or will it allow you to edit the mailscanner.conf file -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Steve Freegard Sent: 13 June 2003 15:11 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Announce: MailScanner-Console-0.1 Hi All, I've written a web based front-end to MailScanner using a modified &SQLLogging routine, PHP, MySQL and JpGraph. Current features: ** Recent messages - displays a highlighted view of the last 50 messages processed by MailScanner and allows you to drill-down for detailed information on each message. ** Reporting - allow you to create filtered HTML reports with graphs (using JpGraph). ** Tools - allows you to view the MailScanner.conf file and associated rules, displays Sophos information such as version/loaded IDE's This is the first time I've ever released any code - it's functional - but not pretty. It should work well for those people who hate trawling through /var/log/maillog and want a quick overview of what their mail gateway is doing, and is also good for when you have a Helpdesk manned by people you don't want logging into you mail gateway but still need access to view stuff (as in my case). It probably won't be any good for the people with high throughput of messages, as the customised SQLLogging routine logs to the database in real-time, so might slow your gateway down (although I'd be interested if someone could benchmark it). Also if anyone can come up with a better name - please do.... Further info, download and screenshots at http://www.smf.f2s.com/mailscanner/ Kind regards, Steve. -- Steve Freegard Systems Manager Littlehampton Book Services Ltd. Tel: +44 (0)1903 82 8594 Fax: +44 (0)1903 82 8620 -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete the message from your mailbox. This footnote also confirms that this email message has been swept by MailScanner (www.mailscanner.info) for the presence of computer viruses. -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete the message from your mailbox. This footnote also confirms that this email message has been swept by MailScanner (www.mailscanner.info) for the presence of computer viruses. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030616/c0350fb4/attachment.html From raymond at PROLOCATION.NET Mon Jun 16 09:20:54 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:34 2006 Subject: Announce: MailScanner-Console-0.1 In-Reply-To: <67D9E7698329D411936E00508B6590B902793C29@neelix.lbsltd.co.uk> Message-ID: Hi Steve, > Thanks for the kind words. Unfortunatly you can't edit MailScanner.conf > with it at present, only view the entries - but I will add your request to > the wishlist and try to implement this in a future version. What i would like is, and perhaps thats allready possible now, to let it log to a remote sql server and do the rest on that box ... So let only the local mailscanner dump the records, and the rest elsewhere to offload the box. On heavilly loaded MS boxes that would be best. Then you also can combine stats of scanners. Thanks, Raymond. From steve.freegard at LBSLTD.CO.UK Mon Jun 16 09:38:51 2003 From: steve.freegard at LBSLTD.CO.UK (Steve Freegard) Date: Thu Jan 12 21:18:34 2006 Subject: Announce: MailScanner-Console-0.1 Message-ID: <67D9E7698329D411936E00508B6590B902793C30@neelix.lbsltd.co.uk> Hi Raymond, It should be possible to do this already - basically as long as you have the Perl DBI & DBD drivers for MySQL installed on the MailScanner boxes you can change the login parameters in CustomConfig.pm to point to another machine which has MySQL running on it, all you need to do is grant permissions on the database to the MailScanner boxes. If you fancy being the first person to try this - I'd be happy to knock up some instructions for you. Kind regards, Steve -- Steve Freegard Systems Manager Littlehampton Book Services Ltd. -----Original Message----- From: Raymond Dijkxhoorn [mailto:raymond@PROLOCATION.NET] Sent: 16 June 2003 09:21 To: MAILSCANNER@JISCMAIL.AC.UK Hi Steve, > Thanks for the kind words. Unfortunatly you can't edit MailScanner.conf > with it at present, only view the entries - but I will add your request to > the wishlist and try to implement this in a future version. What i would like is, and perhaps thats allready possible now, to let it log to a remote sql server and do the rest on that box ... So let only the local mailscanner dump the records, and the rest elsewhere to offload the box. On heavilly loaded MS boxes that would be best. Then you also can combine stats of scanners. Thanks, Raymond. -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete the message from your mailbox. This footnote also confirms that this email message has been swept by MailScanner (www.mailscanner.info) for the presence of computer viruses. From raymond at PROLOCATION.NET Mon Jun 16 09:41:51 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:34 2006 Subject: Announce: MailScanner-Console-0.1 In-Reply-To: <67D9E7698329D411936E00508B6590B902793C30@neelix.lbsltd.co.uk> Message-ID: Hi! > It should be possible to do this already - basically as long as you have the > Perl DBI & DBD drivers for MySQL installed on the MailScanner boxes you can > change the login parameters in CustomConfig.pm to point to another machine > which has MySQL running on it, all you need to do is grant permissions on > the database to the MailScanner boxes. > > If you fancy being the first person to try this - I'd be happy to knock up > some instructions for you. Sure! Would love to. The stuff looks promising so want to try it :) Thanks, Raymond. From dot at DOTAT.AT Mon Jun 16 11:54:43 2003 From: dot at DOTAT.AT (Tony Finch) Date: Thu Jan 12 21:18:34 2006 Subject: Restart for change of rules In-Reply-To: Message-ID: Julian Field wrote: >You only need to do a "reload" not a "restart". >"reload" is equivalent to doing a "kill -HUP" on all the MailScanner processes. I generally just leave it to pick up the new configuration when the child processes die naturally of old age. Tony. -- f.a.n.finch http://dotat.at/ LANDS END TO ST DAVIDS HEAD INCLUDING THE BRISTOL CHANNEL: VARIABLE MAINLY NORTHEAST TO EAST 2 OR 3 LOCALLY 3 OR 4, BECOMING MAINLY NORTHWEST TO WEST 3 OR 4. FAIR WITH ISOLATED SHOWERS AND SOME COASTAL MIST PATCHES. GOOD LOCALLY MODERATE OR POOR. SLIGHT. From mailscanner at ecs.soton.ac.uk Mon Jun 16 11:44:28 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:34 2006 Subject: sendmail -Ac option In-Reply-To: <008901c3337f$4141cb80$6645a8c0@laptop> Message-ID: <5.2.0.9.2.20030616114259.038b5c30@imap.ecs.soton.ac.uk> At 21:46 15/06/2003, you wrote: >I'm using Redhat 7.3 (8.11.6-25.73) & 9.0 (8.12.8-5.90) (all Redhat rpm) and >all works great if I remove the -Ac option. (other wise sendmail fails to >load saying unknown -A) >What is (or was) the -Ac option? >Why was it needed and is there a replacement option? >I haven't found any information on this other than "don't use -Ac" ... >thanks The "-Ac" option is used when starting the sendmail process that handles the "submit" queue which is a fairly recent addition to sendmail. If the "-Ac" option gives you an error, comment out the entire command that starts that copy of sendmail as you don't want it running at all. Don't just remove the "-Ac", remove the entire command. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Mon Jun 16 11:55:12 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:34 2006 Subject: SA temp dir ... In-Reply-To: References: <67D9E7698329D411936E00508B6590B902773941@neelix.lbsltd.co.uk> Message-ID: <5.2.0.9.2.20030616115302.0392bda8@imap.ecs.soton.ac.uk> From what I see of the SpamAssassin source, all you need to do is tweak the init.d script so that it does TMPDIR=/var/spool/MailScanner/satemp export TMPDIR before it starts MailScanner. Obviously you want to make ...../satemp a directory that your "Run As User" can write to, and you presumably want to mount it using tmpfs. The other, much simpler, alternative, is simply to mount your "/tmp" using tmpfs, which is what things like Solaris do anyway. At 21:49 15/06/2003, you wrote: >Hi! > >I noticed that SpamAssassin was using the normal tmp dir on my system to >do its actions. Cant that be altered ? I am using tmpfs for my >/var/spool/MailScanner/incoming and it would be nice it SA also could work >there, would speed things up i think.... less disk i/o. > >Any way to do that Julian ? Perhaps a new switch in the SA config part ? > >Bye, >Raymond. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mkipness at GENIANT.COM Mon Jun 16 16:40:10 2003 From: mkipness at GENIANT.COM (Max Kipness) Date: Thu Jan 12 21:18:34 2006 Subject: Question about spam.actions.rules Message-ID: <036A6BCC9FD10749AD3CE32255AF49A601709F9F@dalsxc01.geniant.net> Hello - I'm trying to deliver to certain domains, but not to certain individuals at a domain. I have one person that does not want to receive tagged email, all the others do. Is this the right order to achieve this? Or should I have the individual at the bottom of the list: To: user1@domain1.com delete To: user2@domain1.com delete To: *@domain2.com forward spam@domain2.com To: *@domain1.com deliver FromOrTo: default deliver Thanks, Max From cparker at SWATGEAR.COM Mon Jun 16 17:02:56 2003 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:18:34 2006 Subject: Please-Top Posting or Bottom but NOT both! Message-ID: <001BD19C96E6E64E8750D72C2EA0ECEE2B7C5D@ati-ex-01.ati.local> John Wilcock wrote: > On Sat, 14 Jun 2003 20:47:11 +0200, Michele Neylon :: > BlacknightSolutions wrote: > > I'd prefer to bottom post, but I haven't managed to persuade > > outlook to comply > > Try http://jump.to/outlook-quotefix And for all the people that don't like Gator and popups: http://home.in.tum.de/~jain/software/outlook-quotefix/ chris. From mkipness at GENIANT.COM Mon Jun 16 18:03:14 2003 From: mkipness at GENIANT.COM (Max Kipness) Date: Thu Jan 12 21:18:34 2006 Subject: Question about spam.actions.rules (Update) Message-ID: <036A6BCC9FD10749AD3CE32255AF49A6017CF577@dalsxc01.geniant.net> Seems like it doesn't work regardles of whether I add the individual email addresses before or after the entire domain rule. It's processing both. Anyway around this? ------------------------------------------------------------------------ --------------- Hello - I'm trying to deliver to certain domains, but not to certain individuals at a domain. I have one person that does not want to receive tagged email, all the others do. Is this the right order to achieve this? Or should I have the individual at the bottom of the list: To: user1@domain1.com delete To: user2@domain1.com delete To: *@domain2.com forward spam@domain2.com To: *@domain1.com deliver FromOrTo: default deliver Thanks, Max From steve.freegard at LBSLTD.CO.UK Mon Jun 16 18:10:25 2003 From: steve.freegard at LBSLTD.CO.UK (Steve Freegard) Date: Thu Jan 12 21:18:34 2006 Subject: Announce: MailWatch for MailScanner 0.2 (was MailScanner-Console ) Message-ID: <67D9E7698329D411936E00508B6590B902793C5A@neelix.lbsltd.co.uk> Hi All, I've just uploaded a new version to http://www.smf.f2s.com/mailscanner/ - see the Change Log for the details. Kind regards, Steve. -- Steve Freegard Systems Manager Littlehampton Book Services Ltd. Tel: +44 (0)1903 82 8594 Fax: +44 (0)1903 82 8620 -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete the message from your mailbox. This footnote also confirms that this email message has been swept by MailScanner (www.mailscanner.info) for the presence of computer viruses. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030616/8cc4cea3/attachment.html From steve.freegard at LBSLTD.CO.UK Mon Jun 16 18:18:28 2003 From: steve.freegard at LBSLTD.CO.UK (Steve Freegard) Date: Thu Jan 12 21:18:34 2006 Subject: Announce: MailScanner-Console-0.1 Message-ID: <67D9E7698329D411936E00508B6590B902793C5B@neelix.lbsltd.co.uk> Hi Raymond, Sorry I didn't manage to get this done sooner (I can't seem to be able to write stuff anywhere near as fast as Julian!) - See the new version (0.2) which contains the instructions on how to do this. I've added a new 'hostname' column to the database which will hold the hostname of the MailScanner gateway that inserted the entry to the log, I'll add some new reports to show mail volume per gateway in a future release. Let me know how you get on. Kind regards, Steve. -- Steve Freegard Systems Manager Littlehampton Book Services Ltd. -----Original Message----- From: Raymond Dijkxhoorn [mailto:raymond@PROLOCATION.NET] Sent: 16 June 2003 09:42 To: MAILSCANNER@JISCMAIL.AC.UK Hi! > It should be possible to do this already - basically as long as you have the > Perl DBI & DBD drivers for MySQL installed on the MailScanner boxes you can > change the login parameters in CustomConfig.pm to point to another machine > which has MySQL running on it, all you need to do is grant permissions on > the database to the MailScanner boxes. > > If you fancy being the first person to try this - I'd be happy to knock up > some instructions for you. Sure! Would love to. The stuff looks promising so want to try it :) Thanks, Raymond. -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete the message from your mailbox. This footnote also confirms that this email message has been swept by MailScanner (www.mailscanner.info) for the presence of computer viruses. From raymond at PROLOCATION.NET Mon Jun 16 18:25:05 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:34 2006 Subject: Announce: MailScanner-Console-0.1 In-Reply-To: <67D9E7698329D411936E00508B6590B902793C5B@neelix.lbsltd.co.uk> Message-ID: Hi! > Sorry I didn't manage to get this done sooner (I can't seem to be able to > write stuff anywhere near as fast as Julian!) - See the new version (0.2) > which contains the instructions on how to do this. Dont feel sorry. Its amazingly fast. :=) I will go ant try this tonight! > I've added a new 'hostname' column to the database which will hold the > hostname of the MailScanner gateway that inserted the entry to the log, I'll > add some new reports to show mail volume per gateway in a future release. > > Let me know how you get on. I will. Thanks, Raymond. From evertjan at VANRAMSELAAR.NL Mon Jun 16 18:37:17 2003 From: evertjan at VANRAMSELAAR.NL (Evert Jan van Ramselaar) Date: Thu Jan 12 21:18:34 2006 Subject: Announce: MailWatch for MailScanner 0.2 (was MailScanner-Console ) In-Reply-To: <67D9E7698329D411936E00508B6590B902793C5A@neelix.lbsltd.co.uk> References: <67D9E7698329D411936E00508B6590B902793C5A@neelix.lbsltd.co.uk> Message-ID: <3EEE004D.3030004@vanramselaar.nl> Steve Freegard wrote: > Hi All, > > I've just uploaded a new version to > http://www.smf.f2s.com/mailscanner/ Hey there, About to install this and give it a try. Anyway, I can't seem to find 'create.sql' in this distribution. Is this the same query as explained on http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/95.html ? -- Evert Jan van Ramselaar Van Ramselaar Info Tech From mailscanner at ecs.soton.ac.uk Mon Jun 16 18:55:06 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:34 2006 Subject: Question about spam.actions.rules In-Reply-To: <036A6BCC9FD10749AD3CE32255AF49A601709F9F@dalsxc01.geniant. net> Message-ID: <5.2.1.1.2.20030616185355.012e3ff0@imap.ecs.soton.ac.uk> Currently all the spam actions for all matching rules are added together, they don't over-ride later ones. I may well change this, assuming it's not going to upset too many people who already use it! At 16:40 16/06/2003, you wrote: >Hello - > >I'm trying to deliver to certain domains, but not to certain individuals >at a domain. I have one person that does not want to receive tagged >email, all the others do. > >Is this the right order to achieve this? Or should I have the individual >at the bottom of the list: > >To: user1@domain1.com delete >To: user2@domain1.com delete > >To: *@domain2.com forward spam@domain2.com >To: *@domain1.com deliver >FromOrTo: default deliver > >Thanks, >Max -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Mon Jun 16 19:04:00 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:34 2006 Subject: Question about spam.actions.rules (Update) In-Reply-To: <036A6BCC9FD10749AD3CE32255AF49A6017CF577@dalsxc01.geniant. net> Message-ID: <5.2.1.1.2.20030616185800.0257ee90@imap.ecs.soton.ac.uk> At 18:03 16/06/2003, you wrote: >Seems like it doesn't work regardles of whether I add the individual >email addresses before or after the entire domain rule. It's processing >both. Anyway around this? A quick hack is to edit /usr/lib/MailScanner/MailScanner/ConfigDefs.pl. Look for the "SpamActions" line (note it is very long). It is currently in the "[All,YesNo]" section. Move it to the "[First,YesNo]" section. Then restart MailScanner. Anyone got any objections to me making this change in the main distribution? Or are there loads of you about there using the "all matching rules" feature of Spam Actions rulesets? >Hello - > >I'm trying to deliver to certain domains, but not to certain individuals >at a domain. I have one person that does not want to receive tagged >email, all the others do. > >Is this the right order to achieve this? Or should I have the individual >at the bottom of the list: > >To: user1@domain1.com delete >To: user2@domain1.com delete > >To: *@domain2.com forward spam@domain2.com >To: *@domain1.com deliver >FromOrTo: default deliver > >Thanks, >Max -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From Krishna_shekhar at GMX.NET Tue Jun 17 07:47:13 2003 From: Krishna_shekhar at GMX.NET (Krishna) Date: Thu Jan 12 21:18:34 2006 Subject: MailScanner with Trend Micro Message-ID: <5.2.1.1.0.20030616234437.00a71eb0@pop.gmx.net> Hi, MailScanner works great!! Till now I was using F-prot. I want to switch now to Trend Micro Viruswall gateway. Tried it but does not work. Maillog shows sent many times, but no Mail!!! Is there a particular fix for this to work? regards Krishna http://www.KrisinDigitalAge.com From michele at BLACKNIGHTSOLUTIONS.COM Mon Jun 16 19:23:03 2003 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: BlacknightSolutions) Date: Thu Jan 12 21:18:34 2006 Subject: Spam action query Message-ID: <200306161822.h5GIMsI05864@camelot.blacknightsolutions.com> Hi all I was wondering if there was some way of either generating a daily per user report of Spam blocked or a per message/batch per user report (though that would be almost as bad as the Spam we are trying to stop!) Michele ######################################################### This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance to it is prohibited. From Cleveland at MAIL.WINNEFOX.ORG Mon Jun 16 19:27:23 2003 From: Cleveland at MAIL.WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:18:34 2006 Subject: Announce: MailScanner-Console-0.1 Message-ID: <84CFA712F666B44A94CE6BE116BAF4B0B4EA47@mail.winnefox.org> > I've written a web based front-end to MailScanner using a > modified &SQLLogging routine, PHP, MySQL and JpGraph. I was looking at this, and I think it looks fantastic. I have one question though regarding privacy. I'm going to pitch this to my boss, and my network admin brought up a good point. "This program will tell us, at a glance, who is talking to who and about what." Does anyone else see any privacy concerns with this? Jody From jaearick at COLBY.EDU Mon Jun 16 19:35:36 2003 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:18:34 2006 Subject: Spam action query In-Reply-To: <200306161822.h5GIMsI05864@camelot.blacknightsolutions.com> References: <200306161822.h5GIMsI05864@camelot.blacknightsolutions.com> Message-ID: Hi, For what it is worth, I've just spent the last week or two writing such a script. Please note that the "paint is still wet" but if it helps you, good. Also note: a) I'm not a full-time perl coder, so be gentle. I also should have put in more comments about what the code is doing. b) It is tailored to my needs. I use sendmail, spamassassin, RBL+, spamhaus, and spamcop -- so those are the things I look for and count. Suggestions to make this script more general and usable are welcome. c) The script reads both /etc/passwd (to find out about real users), and /etc/mail/aliases (to map alias names to real users). Note the hardwired stuff for domain, real_root, and real_postmaster at the top. Change to you needs. d) It works when I run it interactively, but when it runs via cron it gives me all zeroes. Dunno why yet. I'm looking at that. Comments from the mailscanner crowd are welcome. Improvements are certainly needed to be more useful to the rest of y'all. ----------------------------------- Jeff A. Earickson, Ph.D Senior UNIX Sysadmin and Email Guru Information Technology Services Colby College, 4214 Mayflower Hill, Waterville ME, 04901-8842 phone: 207-872-3659 (fax = 3076) ----------------------------------- On Mon, 16 Jun 2003, Michele Neylon :: BlacknightSolutions wrote: > Date: Mon, 16 Jun 2003 20:23:03 +0200 > From: "Michele Neylon :: BlacknightSolutions" > > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Spam action query > > Hi all > > I was wondering if there was some way of either generating a daily per user > report of Spam blocked or a per message/batch per user report (though that > would be almost as bad as the Spam we are trying to stop!) > > Michele > > > > ######################################################### > This message (and any attachment) is intended only for the > recipient and may contain confidential and/or privileged > material. If you have received this in error, please contact the > sender and delete this message immediately. Disclosure, copying > or other action taken in respect of this email or in > reliance to it is prohibited. > -------------- next part -------------- #!/usr/bin/perl -w use Carp; $DEBUG = 0; $Logfile = "/var/adm/syslog/0"; $Logfile = $ARGV[0] if defined $ARGV[0]; #---initialize global counters $localdomain = "colby.edu"; $real_postmaster = "jaearick"; $real_root = "jaearick"; $limit = 0; $linesread = 0; $number_noqueues = 0; $number_gethostbyaddr = 0; $num_mail_msgs = 0; $number_single_line_mysteries = 0; $num_incomplete_msgs = 0; $Total_check_rcpt = 0; $Relay_denied = 0; $message_queued = 0; $message_timeout = 0; $reset_connections = 0; $Bogus_domain = 0; $Unresolved = 0; $User_unknown = 0; $mailscanner_content_rejects = 0; $Msg_deleted_by_MailScanner = 0; $Msg_too_large = 0; $invalid_hostname = 0; $Virus_infections = 0; $No_mail_start = 0; $Msg_aborted = 0; $Msg_deferred = 0; $fragmented_message = 0; $premature_eom = 0; $io_error = 0; $dsn_rejected = 0; $syntax_error = 0; $address_too_long = 0; $no_user_address = 0; $lost_input_channel = 0; $temp_lookup_failure = 0; $too_many_hops = 0; $unbalanced_delimiters = 0; $total_total = 0; $total_clean = 0; $total_maybe_spam = 0; $total_discard = 0; $total_mail_abuse = 0; $total_spamcop = 0; $total_spamhaus = 0; $total_spam_domain = 0; $total_spam_IP = 0; $total_spammer = 0; Read_passwd_file(); #while(($key, $value) = each %password) #{ # print "$key ==> $value\n"; #} Read_Aliases_File(); #while(($key, $value) = each %alias) #{ # print "$key ==> $value\n"; #} #---open the syslog file, either in gzip of plain format if ($Logfile =~ /\.gz$/) { open(LOG, "zcat $Logfile |") or die "Cannot access log file $!"; } else { open(LOG, $Logfile) or die "Cannot access log file $!"; } #---read the logfile while() { $linesread++; $MessageID = "NULL"; #---syslog lines spewed by sendmail if(/sendmail\[.*]:/) { if(/starting daemon/ || /started as/ || /deferring connections/ || /rejecting connections/ || /accepting connections/ || /grew WorkList/ || /alias database/ || /\/etc\/mail\/aliases:/ || /\/etc\/mail\/mailman.aliases:/ || /POPAUTH RELAY/) { next; } #---extract the unique sendmail msg id $MessageID = $1 if /sendmail\[.*]: \[.*] (\S+): /; #---if the message was a NOQUEUE then #---note where the connection came from if($MessageID eq "NOQUEUE") { $number_noqueues++; #$noq = $1 if / \[(\S+)\]$/; #$noqueue_relay{$noq}++; } elsif($MessageID eq "gethostbyaddr") { $number_gethostbyaddr++; } #---otherwise, append all message lines #---together into a hash else { $num_mail_msgs++ if !defined $mailmsg{$MessageID}; $num_incomplete_msgs++ if !defined $mailmsg{$MessageID}; $mailmsg{$MessageID} .= $_; } #---if sendmail marks the message as done, then #---we have a complete transaction. Analyze the #---message, then delete from the hash if(/$MessageID: done;/) { Analyze_Complete_Message($MessageID); delete($mailmsg{$MessageID}); $num_incomplete_msgs--; } next; #--- skip to the next line } #---mailscanner syslogging if(/MailScanner\[.*]:/) { #---mailscanner found a virus infection if(/INFECTED/) { $MessageID = $1 if /\.\/(\S+)\//; $num_mail_msgs++ if !defined $mailmsg{$MessageID}; $num_incomplete_msgs++ if !defined $mailmsg{$MessageID}; $mailmsg{$MessageID} .= $_; } if(/Content Checks: Detected/ || /Content Checks: Fixed/) { $MessageID = $1 if /in (\S+)$/; $num_mail_msgs++ if !defined $mailmsg{$MessageID}; $num_incomplete_msgs++ if !defined $mailmsg{$MessageID}; $mailmsg{$MessageID} .= $_; } #---mailscanner made a decision about a message if(/Spam Actions: message/) { $MessageID = $1 if /Spam Actions: message (\S+)/; $num_mail_msgs++ if !defined $mailmsg{$MessageID}; $num_incomplete_msgs++ if !defined $mailmsg{$MessageID}; $mailmsg{$MessageID} .= $_; } #---spamassassin scored a message, add it to the #---sendmail message hash if(/SpamAssassin \(score=/) { $MessageID = $1 if /Message (\S+) from/; $num_mail_msgs++ if !defined $mailmsg{$MessageID}; $num_incomplete_msgs++ if !defined $mailmsg{$MessageID}; $mailmsg{$MessageID} .= $_; } next; #--- skip to the next line } } close(LOG); #---at this point we have read the logfile, analyzed all of #---the messages that were marked as done, and now we have #---a hash array left of those messages that didn't make it. print "=== Lines read in the file = $linesread\n"; print "=== Number of NOQUEUEs = $number_noqueues\n"; print "=== gethostbyaddr complaints = $number_gethostbyaddr\n"; print "=== Total mail messages\t\t= $num_mail_msgs\n"; printf ("=== Complete mail messages\t= %d\n",$num_mail_msgs - $num_incomplete_msgs); print "=== Incomplete mail messages\t= $num_incomplete_msgs\n\n"; #---analyze the remaining incomplete messages $num_unprocessed = 0; while(($key, $message) = each %mailmsg) { $value = Analyze_Incomplete_Message($key); if($value == 0) { $num_unprocessed++; } delete($mailmsg{$MessageID}); } print "\n=== unprocessed messages = $num_unprocessed\n"; print "=== check_rcpt failures = $Total_check_rcpt\n"; print "=== single-line failures = $number_single_line_mysteries\n"; print "=== Unknown users = $User_unknown\n"; print "=== RSET connections = $reset_connections\n"; print "=== Address or headers too large = $address_too_long\n"; print "=== Syntax error = $syntax_error\n"; print "=== fragmented messages rejected = $fragmented_message\n"; print "=== mailscanner rejected contents = $mailscanner_content_rejects\n"; print "=== deferred messages = $Msg_deferred\n"; print "=== DSN rejected = $dsn_rejected\n"; print "=== I/O errors = $io_error\n"; print "=== too many hops = $too_many_hops\n"; print "=== aborted messages = $Msg_aborted\n"; print "=== Premature End-of-Message = $premature_eom\n"; print "=== lost-input-channel messages = $lost_input_channel\n"; print "=== temporary lookup failures = $temp_lookup_failure\n"; print "=== invalid host/route addresses = $invalid_hostname\n"; print "=== No user address = $no_user_address\n"; print "=== queued messages = $message_queued\n"; print "=== message timeouts = $message_timeout\n"; print "=== unbalanced delimiters = $unbalanced_delimiters\n"; print "=== messages deleted by MailScanner = $Msg_deleted_by_MailScanner\n"; print "=== messages too large = $Msg_too_large\n"; print "=== with no MAIL/ETRN/EXPN/VRFY = $No_mail_start\n"; print "=== Virus Infected messages = $Virus_infections\n"; #---print noqueue relays #foreach $k (sort keys %noqueue_relay) #{ # print "$k: $noqueue_relay{$k}\n"; #} print "\n=== Total emails per user"; print " (top $limit)" if $limit; print ":\n"; @usertotal = sort {$email_total{$b} <=> $email_total{$a}} keys(%email_total); @usertotal = splice(@usertotal,0,$limit) if $limit; printf("%8s:\t%-7s\t%-7s\t%-7s\t%-7s\t%-7s\t%-7s\t%-7s\t%-7s\t%-7s\t%-7s\n", "UserID","TOTAL","CLEAN","MAYBE","DISCRD","MAPS","SPMCOP","SPMHUS", "DOMAIN","IP-NUM","SPAMMER"); for $user (@usertotal) { #printf("%8s: %5d %5d %5d %5d %5d %5d %5d %5d %5d %5d\n", printf("%8s:\t%5d\t%5d\t%5d\t%5d\t%5d\t%5d\t%5d\t%5d\t%5d\t%5d\n", $user, $email_total{$user}, $email_clean{$user},$email_maybe_spam{$user}, $email_discard{$user},$email_mail_abuse{$user}, $email_spamcop{$user},$email_spamhaus{$user}, $email_spam_domain{$user},$email_spam_IP{$user}, $email_spammer{$user}); } print "---------------------------------------------------------------------\n"; printf("%8s:\t%-7s\t%-7s\t%-7s\t%-7s\t%-7s\t%-7s\t%-7s\t%-7s\t%-7s\t%-7s\n", "Totals","TOTAL","CLEAN","MAYBE","DISCRD","MAPS","SPMCOP","SPMHUS", "DOMAIN","IP-NUM","SPAMMER"); #printf("%8s: %5d %5d %5d %5d %5d %5d %5d %5d %5d %5d\n","Totals", printf("%8s:\t%5d\t%5d\t%5d\t%5d\t%5d\t%5d\t%5d\t%5d\t%5d\t%5d\n", $total_total,$total_clean,$total_maybe_spam,$total_discard, $total_mail_abuse,$total_spamcop,$total_spamhaus,$total_spam_domain, $total_spam_IP,$total_spammer); sub Analyze_Complete_Message() { my($ID, $maybe_spam, $line, $recipient); my(@lines, @fields, @whoto); my($spamscore, $spamaction, $mailer, $to); $ID = $_[0]; if($DEBUG eq 1) { print "\n==== Routine Analyze_Complete_Message: $ID\n"; print "$mailmsg{$ID}\n"; } #---did spamassassin complain about the message? #---if so, what was the action? $maybe_spam = 0; $maybe_spam = 1 if $mailmsg{$ID} =~ /SpamAssassin/; if($maybe_spam eq 1) { $spamscore = $1 if $mailmsg{$ID} =~ /score=(\d+),/; $spamscore = $1+($2/10) if $mailmsg{$ID} =~ /score=(\d+)\.(\d+),/; $spamaction = $1 if $mailmsg{$ID} =~ /actions are (\S+)/; #printf("%s: score = %f, action = %s\n",$ID,$spamscore,$spamaction); } #---split the hash into an array of lines @lines = split /\n/, $mailmsg{$ID}; foreach $line (@lines) { #---we are looking for "to" lines with "stat=Sent" #---which are deliveries to people if($line =~ /stat=Sent/) { #---look for the mailer= and to= info @fields = split /\s/, $line; foreach $field (@fields) { $mailer = $1 if $field =~ /mailer=(\S+),/; if($field =~ /to=/) { $tofield = $'; } } $mailer =~ tr/A-Z/a-z/; #---skip outbound email, only count local deliveries next if $mailer ne "local"; #---process individual local recipients #---we do not need to worry about aliases or bogus #---userids, because sendmail has already figured this out @whoto = split /,/, $tofield; foreach $to (@whoto) { $recipient = get_recipient($ID,$to); if($DEBUG eq 1) { print "$ID: maybe_spam=$maybe_spam, recipient=$recipient\n"; } if($maybe_spam eq 1) { set_email_total($recipient); $total_maybe_spam++; $email_maybe_spam{$recipient}++; } else { set_email_total($recipient); $total_clean++; $email_clean{$recipient}++; } } } } } sub Analyze_Incomplete_Message() { my($ID, $line, $domain, $to); my(@lines, $processed_msg); my(@fields, @whoto, $field, $tofield); $ID = $_[0]; if($DEBUG eq 2) { print "\n==== Routine Analyze_Incomplete_Message: $ID\n"; print "$mailmsg{$ID}\n"; } #---split the hash into an array of lines @lines = split /\n/, $mailmsg{$ID}; #---if there is only one line then a total mystery if(scalar(@lines) == 1) { $number_single_line_mysteries++; return 1; } #---the message was internal to the machine, eg from #---root or postmaster. It consists only of a to and #---from line, with the to going to relay 127.0.0.1. if(scalar(@lines) == 2 && $lines[0] =~ /from=/ && $lines[1] =~ /to=/ && $lines[1] =~ /mailer=relay/ && $lines[1] =~ /relay=\[127.0.0.1\]/) { @fields = split /\s/, $lines[1]; foreach $field (@fields) { if($field =~ /to=/) { $tofield = $'; } } @whoto = split /,/, $tofield; foreach $to (@whoto) { $to = debracket($to,"<",">"); $domain = domainof($to); if($domain eq $localdomain) { $recipient = get_recipient($ID,$to); set_email_total($recipient); $total_clean++; $email_clean{$recipient}++; } } return 1; } $processed_msg = 0; foreach $line (@lines) { if($line =~ /ruleset=check_rcpt/) { $Total_check_rcpt++; $processed_msg = 1; $no_such_user = 0; #---extract the user from the arg1 line @fields = split /,/, $line; foreach $field (@fields) { if($field =~ /arg1=/) { $tofield = $'; } } #print "---tofield = $tofield\n"; @whoto = split /,/, $tofield; foreach $to (@whoto) { $to = debracket($to,"<",">"); $domain = domainof($to); if($domain eq $localdomain) { $recipient = get_recipient($ID,$to); if(defined $alias{$recipient}) { #print "resetting $recipient to $alias{$recipient}\n"; $recipient = $alias{$recipient}; } if($recipient eq "UNKNOWN" || !defined $password{$recipient}) { $no_such_user = 1; } } else { $no_such_user = 1; } } if($no_such_user == 1) { #print "$ID: no such user $tofield\n"; $User_unknown++; next; } if($line =~ /discard$/) { set_email_total($recipient); $total_discard++; $email_discard{$recipient}++; } elsif($line =~ /http:\/\/mail-abuse.org\/cgi-bin\/lookup/) { set_email_total($recipient); $total_mail_abuse++; $email_mail_abuse{$recipient}++; } elsif($line =~ /http:\/\/spamcop.net\/bl.shtml/) { set_email_total($recipient); $total_spamcop++; $email_spamcop{$recipient}++; } elsif($line =~ /http:\/\/www.abuse.net\/sbl.phtml/) { set_email_total($recipient); $total_spamhaus++; $email_spamhaus{$recipient}++; } elsif($line =~ /Domain banned because of SPAM/) { set_email_total($recipient); $total_spam_domain++; $email_spam_domain{$recipient}++; } elsif($line =~ /IP number banned because of SPAM/) { set_email_total($recipient); $total_spam_IP++; $email_spam_IP{$recipient}++; } elsif($line =~ /Mail from SPAMMERs rejected/) { set_email_total($recipient); $total_spammer++; $email_spammer{$recipient}++; } elsif($line =~ /Relaying denied/) { $Relay_denied++; } elsif($line =~ /Temporary lookup failure/) { $temp_lookup_failure++; } elsif($line =~ /virus/i) { $Virus_infections++; } elsif($line =~ /User address required/) { $no_user_address++; } elsif($line =~ /Domain of sender .* does not exist/) { $Bogus_domain++; } elsif($line =~ /Cannot resolve PTR record/ || $line =~ /does not resolve/ || $line =~ /defunct/ || $line =~ /disconnected/ || $line =~ /Do you mean/ || $line =~ /Fix your return address/) { $Unresolved++; } else { print "unknown check_rcpt: $ID, $line\n"; } } if($line =~ /actions are deliver,striphtml/) { $processed_msg = 1; } if($line =~ /Address .* too long/ || $line =~ /headers too large/) { $address_too_long++; $processed_msg = 1; } if($line =~ /Content Checks: Detected/) { $mailscanner_content_rejects++; $processed_msg = 1; } if($line =~ /did not issue MAIL\/EXPN\/VRFY\/ETRN/) { $No_mail_start++; $processed_msg = 1; } if($line =~ /INFECTED/) { $Virus_infections++; $processed_msg = 1; } if($line =~ /invalid domain name/) { $Bogus_domain++; $processed_msg = 1; } if($line =~ /actions are delete/) { $Msg_deleted_by_MailScanner++; $processed_msg = 1; } if($line =~ /Invalid route address/ || $line =~ /Invalid host name/ || $line =~ /Cannot mail directly to files/ || $line =~ / Hostname required/) { $invalid_hostname++; $processed_msg = 1; } if($line =~ /lost input channel/) { $lost_input_channel++; $processed_msg = 1; } if($line =~ /we do not allow DSN/) { $dsn_rejected++; $processed_msg = 1; } if($line =~ /premature EOM/) { $premature_eom++; $processed_msg = 1; } if($line =~ /stat=aborted/) { $Msg_aborted++; $processed_msg = 1; } if($line =~ /stat=Deferred/ || $line =~ /could not send message for past . day/) { $Msg_deferred++; $processed_msg = 1; } if($line =~ /stat=I\/O error/) { $io_error++; $processed_msg = 1; } if($line =~ /stat=Message exceeds maximum fixed size/) { $Msg_too_large++; $processed_msg = 1; } if($line =~ /stat=RSET$/i) { $reset_connections++; $processed_msg = 1; } if($line =~ /stat=queued$/) { $message_queued++; $processed_msg = 1; } if($line =~ /stat=timeout waiting for input/) { $message_timeout++; $processed_msg = 1; } if($line =~ /rejected fragmented message/) { $fragmented_message++; $processed_msg = 1; } if($line =~ /Syntax error in mailbox address/ || $line =~ /8-bit character in mailbox address/ || $line =~ /syntax illegal for recipient addresses/) { $syntax_error++; $processed_msg = 1; } if($line =~ /Too many hops/) { $too_many_hops++; $processed_msg = 1; } if($line =~ /\.\.\. Unbalanced/) { $unbalanced_delimiters++; $processed_msg = 1; } if($line =~ /User unknown/) { $User_unknown++; $processed_msg = 1; } } if($processed_msg ne 1) { if($DEBUG eq 4) { printf("%s (%d lines): check...\n",$ID,scalar(@lines)); print "$mailmsg{$ID}\n"; } &Analyze_Complete_Message($ID); } return $processed_msg; } sub debracket #---returns the string between "leftchar" and "rightchar" #---or just the string if rightchar or leftchar don't exist { my($string, $leftchar, $rightchar, $left, $right); $string = $_[0]; $leftchar = $_[1]; $rightchar = $_[2]; $left = index($string,$leftchar); $right = rindex($string,$rightchar); #print "debracket: $left, $right, $string\n"; if($left < 0 || $right < 0) { return $string; } else { return substr($string, $left+1, ($right-$left)-1); } } sub domainof #---returns the domain part of "user@some.domain" or localdomain #---if no at sign is found in the string #---assumes that angle brackets have been removed from the arg { my($user, $domain); if(index($_[0],"@") < 0) { return $localdomain; } ($user, $domain) = split(/@/,$_[0],2); $domain = debracket($domain,"<",">"); $domain =~ tr/A-Z/a-z/; return $domain; } sub get_recipient #---boil an email address down to plain userid { my($ID, $recipient); $ID = $_[0]; $recipient = $_[1]; if($recipient =~ /^$/) { #confess "$ID: blank recipient\n"; $recipient = "UNKNOWN"; return $recipient; } #---rip the angle brackets off, if any $recipient = debracket($recipient,"<",">"); #---rip off the domain stuff, if any $recipient = userof($recipient); #---convert to lower case $recipient =~ tr/A-Z/a-z/; #---if there are any leading backslash pairs #---caused by vacation, remove them too $recipient = $' if $recipient =~ /\\\\/; #---if recipient is a blank, then report if($recipient =~ /^$/) { #print "$ID: unknown recipient\n"; $recipient = "UNKNOWN"; return $recipient; } #---if recipient is postmaster return real postmaster if($recipient eq "postmaster") { return $real_postmaster; } #---if recipient is root return real root if($recipient eq "root") { return $real_root; } return $recipient; } sub Read_Aliases_File #---read and store /etc/mail/aliases { my($left, $right, $user, $to, $domain); my(@whoto); open(ALIASES, "aliases") or die "Cannot access alias file $!"; while() { chomp; next if /^$/; next if /^#/; next if /REDIRECT/; ($left, $right) = split /:/, $_; #print "alias: $left to $right"; if($right =~ /,/) { @whoto = split /,/, $right; foreach $to (@whoto) { $domain = domainof($to); $recipient = get_recipient("NULL",$to); if($domain eq $localdomain) { if(defined $password{$recipient}) { #print "$left aliased to $recipient\n"; if(defined $alias{$left}) { $alias{$left} .= ","; $alias{$left} .= $recipient; } else { $alias{$left} = $recipient; } } else { if(defined $alias{$recipient}) { #print "second level1: $left, $recipient\n"; if(defined $alias{$left}) { $alias{$left} .= ","; $alias{$left} .= $alias{$recipient}; } else { $alias{$left} = $alias{$recipient}; } } else { print "alias $recipient not in passwd\n" if $DEBUG > 0; } } } } } else { $domain = domainof($right); $recipient = get_recipient("NULL",$right); if($domain eq $localdomain) { if(defined $password{$recipient}) { #print "$left aliased to $recipient\n"; $alias{$left} = $recipient; } else { if(defined $alias{$recipient}) { #print "second level2: $left, $recipient\n"; $alias{$left} = $alias{$recipient}; } else { print "alias $recipient not in passwd\n" if $DEBUG > 0; } } } } } } sub Read_passwd_file #---read and store /etc/passwd { my($userid, $pw, $uid); open(PASSWD, "passwd") or die "Cannot access alias file $!"; while() { chomp; ($userid, $pw, $uid) = split /:/, $_; $password{$userid} = $uid; } close(PASSWD); } sub set_email_total #---if email_total has not been set for a user, then the #---counter arrays are all initialized for that user, #---otherwise the email_total is just incremented { if(defined($email_total{$_[0]})) { $email_total{$_[0]}++; } else { $email_total{$_[0]}++; $email_clean{$_[0]} = 0; $email_maybe_spam{$_[0]} = 0; $email_discard{$_[0]} = 0; $email_mail_abuse{$_[0]} = 0; $email_spamcop{$_[0]} = 0; $email_spamhaus{$_[0]} = 0; $email_spam_domain{$_[0]} = 0; $email_spam_IP{$_[0]} = 0; $email_spammer{$_[0]} = 0; } $total_total++; } sub userof #---returns the user part of "user@some.domain" or localdomain #---if no at sign is found in the string #---assumes that angle brackets have been removed from the arg { my($user, $domain); if(index($_[0],"@") < 0) { return $_[0]; } ($user, $domain) = split(/@/,$_[0],2); return $user; } From forrie at FORRIE.COM Mon Jun 16 19:37:42 2003 From: forrie at FORRIE.COM (Forrest Aldrich) Date: Thu Jan 12 21:18:34 2006 Subject: OT: RAV info In-Reply-To: <84CFA712F666B44A94CE6BE116BAF4B0B4EA47@mail.winnefox.org> Message-ID: <5.2.1.1.2.20030616143617.03a23fb8@192.168.1.1> I received a few private responses, so I'm posting this comment here for general consumption, regarding the future of RAV Antivirus. A general heads-up to those that use the product. I've asked them if they know whether MS will provide UNIX versions (although I would tend to doubt they will). I'm glad I didn't renew my subscription with them. _F Date: 16 Jun 2003 16:04:08 -0000 Message-ID: <20030616160408.3383.qmail@myrav.ravantivirus.com> To: Forrest Aldrich Subject: Re: Important RAV Announcement From: RAV Customer Support Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 16 Jun 2003 16:04:08.0510 (UTC) FILETIME=[EB23DDE0:01C33420] X-UID: 16720 Dear Forrest, Due to Microsoft acquisition of RAV Intelectual Property Rights, our objective now is to gradually withdrawn RAV products from the market, which is why we will soon discontinue to sell RAV products. All RAV products will not be further improved (upgraded with new versions). However, GeCAD will fulfil its obligations by assuring support (Virus Signatures, Outbreak alerts and advisories, Triggered Updates, Statistics Site Announcements and Technical Support) until the service expiration of present customers. If you have further questions, do not hesitate to contact us. Best regards, -- Ioana Marin Marketing Assistant mailto:customer@ravantivirus.com From michele at BLACKNIGHTSOLUTIONS.COM Mon Jun 16 19:39:34 2003 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: BlacknightSolutions) Date: Thu Jan 12 21:18:34 2006 Subject: Spam action query In-Reply-To: Message-ID: <200306161839.h5GIdPI06941@camelot.blacknightsolutions.com> Thanks Jeff! We'll have a look at it and see what we can get it to do :-) Michele ######################################################### This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance to it is prohibited. From dh at UPTIME.AT Mon Jun 16 19:45:26 2003 From: dh at UPTIME.AT (David) Date: Thu Jan 12 21:18:35 2006 Subject: Legal Implications was(Re: Announce: MailScanner-Console-0.1) In-Reply-To: <84CFA712F666B44A94CE6BE116BAF4B0B4EA47@mail.winnefox.org> Message-ID: On Montag, Juni 16, 2003, at 08:27 Uhr, Jody Cleveland wrote: >> I've written a web based front-end to MailScanner using a >> modified &SQLLogging routine, PHP, MySQL and JpGraph. > > I was looking at this, and I think it looks fantastic. I have one > question though regarding privacy. I'm going to pitch this to my boss, > and my network admin brought up a good point. "This program will tell > us, at a glance, who is talking to who and about what." > > Does anyone else see any privacy concerns with this? > I can only speak for some of us, But let me try to explain the situation for most European union members. In Austria electronic communication is protected by the telecommunications act an the postal secrecy law. Which basically means the following. If you are 100% sure that your employees pass only work related Mail messages via you corporate network you may review the mail traffic, you may even view the body of each message because that is believed to be within right of use of the company. This means that you do not even necessarily need consent from your employees. Here comes the bog but, as soon as only a SINGLE message which is private passes over your corporate network NO message may be reviewed without EXPLICIT consent of the whole body of employees. However there is no real application for this yet because it has never been discussed in a court of law. The basic rule is, that you need to bind your employees explicitly to a contract which states "You may not send or receive _any_ private messages here at work". Since most companies do not have such a policy in place and it does not seem very feasible you may neither archive mail messages, nor review the contents of mail messages on your corporate network without prior consent of the employees. I hope that helps -d -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GCC d+ s: a-- C+ UB++++ P+ L++ E--- W N+ o+++ K w-- O M+ V++ PS PE Y++ PGP++++ t+ 5 X- R+ tv-- b++++ DI D+ G e++++ h+ r++ y++ ------END GEEK CODE BLOCK------ -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 186 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030616/f719d2d2/PGP.bin From greyhair at GREYHAIR.NET Mon Jun 16 19:50:52 2003 From: greyhair at GREYHAIR.NET (Greyhair) Date: Thu Jan 12 21:18:35 2006 Subject: Announce: MailScanner-Console-0.1 References: <84CFA712F666B44A94CE6BE116BAF4B0B4EA47@mail.winnefox.org> Message-ID: <009b01c33438$362abf90$ad0110ac@x173cpt> > >From: "Jody Cleveland" >To: > > Does anyone else see any privacy concerns with this? > > Jody > If you are in a corporate environment (email is for your company only) then YES and NO. You need to make a decision: emails are company property or not. If they are company property, issue a corporate policy stating that company email, like company money, belongs to the company and the company has the right to audit and track all company property. If you decide that emails could be or are private then do not even "test" the product, as it would violate your decision. This could be a tool to check if an employee is "talking to the enemy". Perhaps to show that you should use some additional spyware ... If you are an ISP or providing a service to a Third party then YES! This would be the biggest NO-No ever!! DON'T use the console without modifying first! Not even for a short time. From kevins at BMRB.CO.UK Mon Jun 16 19:55:42 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:35 2006 Subject: MailScanner with Trend Micro In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB001175960@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB001175960@pascal.priv.bmrb.co.uk> Message-ID: <1055789746.13963.2.camel@bach.kevinspicer.co.uk> On Tue, 2003-06-17 at 07:47, Krishna wrote: >Hi, > MailScanner works great!! Till now I was using F-prot. I want to >switch now to Trend Micro Viruswall gateway. >Tried it but does not work. >Maillog shows sent many times, but no Mail!!! I think your problem is that you are using the wrong scanner. You shouldn't need the vendors 'email virus scanner' what you need is the simple commandline file scanner (since mailscanner presents a collection of files to be scanned). This applies to all vendors products BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From greyhair at GREYHAIR.NET Mon Jun 16 20:48:54 2003 From: greyhair at GREYHAIR.NET (Greyhair) Date: Thu Jan 12 21:18:35 2006 Subject: MailScanner with Trend Micro References: <5.2.1.1.0.20030616234437.00a71eb0@pop.gmx.net> Message-ID: <00c701c33440$516264e0$ad0110ac@x173cpt> I'm not try to be rude but, isn't Trend Micro Viruswall gateway already catching your SMTP, HTTP, and FTP Internet traffic? If so the all you need is for Mailscanner to kick spam. I'm no expert, but wouldn't Trend Micro's ServerProtect be closer to what you want to use (possibly cheaper)? From Steve at swaney.com Mon Jun 16 21:41:21 2003 From: Steve at swaney.com (Stephen Swaney) Date: Thu Jan 12 21:18:35 2006 Subject: MailScanner with Trend Micro In-Reply-To: <5.2.1.1.0.20030617015552.00a63218@pop.gmx.net> References: <5.2.1.1.0.20030616234437.00a71eb0@pop.gmx.net> <5.2.1.1.0.20030617015552.00a63218@pop.gmx.net> Message-ID: <1055796080.30104.183.camel@speedy> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: smiley-3.png Type: image/png Size: 819 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030616/31b8cc88/smiley-3.png From steve.douglas at SBIINCORPORATED.COM Mon Jun 16 21:45:32 2003 From: steve.douglas at SBIINCORPORATED.COM (Steve Douglas) Date: Thu Jan 12 21:18:35 2006 Subject: Autoupdate Message-ID: <3963522F0E71474CB14C0FF54A6914F701115026@omar.schtre.com> Speaking of this very situation, if I modify the "ScanOptions=" in the f-prot-wrapper will this be okay. With no options is there another location that will nuke infected emails? SD :-) > -----Original Message----- > From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > Sent: Wednesday, June 11, 2003 3:59 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Autoupdate > > At 21:43 11/06/2003, you wrote: > >I am using autoupdate script provided with mailscanner to keep f-prot up > to > >date. What has been strange lately is that it always says that > everything > >is already up to date and there is nothing to be done. It does seem to > be > >updating on occassion though because the files have been kept up to date. > >Any idea why? > > > >I use this script to call autoupdate in cron.daily. > > > >#!/bin/bash > >perl /usr/local/f-prot/autoupdate > >exit 0 > > If you are using MailScanner version 4, then you should have a cron job in > /etc/cron.hourly which calls my global updater (update_virus_scanners) > which updates all the scanners that are installed. You should have deleted > your cron job to call f-prot/autoupdate when you upgraded from version 3 > to 4. > > >The other thing. I noticed there is a quiet option in the autoupdate > >script. Right now I have it set to 0 since I want to know its working. > >Getting an email in my admin account everyday gets old though. It would > be > >so much nicer if it was silent unless it actually found an update. That > way > >I would only get a message every few days when it did actually update and > I > >could check for updates more frequently. Is that possible? > > See above. > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support From christopher.albert at MCGILL.CA Mon Jun 16 22:18:11 2003 From: christopher.albert at MCGILL.CA (Christopher Albert) Date: Thu Jan 12 21:18:35 2006 Subject: Advantages to using Mailscanner for Spam Filtering only !? [WasRe: MailScanner with Trend Micro] In-Reply-To: <1055796080.30104.183.camel@speedy> References: <5.2.1.1.0.20030616234437.00a71eb0@pop.gmx.net> <5.2.1.1.0.20030617015552.00a63218@pop.gmx.net> <1055796080.30104.183.camel@speedy> Message-ID: <3EEE3413.7020003@mcgill.ca> Stephen >>/ >>I am using SpamAssassin with procmail. I don' t think I need MailScanner >>since SpamAssassin is executed by procmail for every incoming mail and is >>currently reading user preferences from a >>SQL database and now recently switched to Trend. >>/ >> > I would disagree on several counts: > > 1. MailScanner calling SpamAssassin is much more efficient that > calling SpamAssassin from procmail > 2. MailScanner will protect your system and users from many more types > of attack than SpamAssassin and MicroTrend alone. > 3. MailScanner can read SQL preferences from and SQL database and look > for some very nice enhancements in this area soon. > 4. MailScanner provides an "attachment" feature which spares your > users the nasty images and verbiage > I'd like to elaborate on this discussion by generalizing it to the question of "Why should I use Mailscanner if I just want to filter spam site-wide?". I ask this question first since I am planning to roll out a site-wide anti-spam solution for a large university, but the AV is already done at another tier, so MS's excellent capabilities to integrate multiple AV products is moot. Secondly, I've just started a collaborative document in progress at the Linux Documnentation Project for an Anti-Spam-Howto where I plan to have a section on site-wide spam filtering where MS will have an important place. As far as I can tell, the site-wide solutions for integrating Spamassassin(SA) on a largish site are MS, amavisd-new, and spamd, and possibly a milter solution, though I dont know how the latter extends across MTAs. Some of the advantages of MS, in addition to the ones Stephen mentioned above, are 1. MTA agnosticism -- in general software that spans platforms and applications tends to be more robust. 2. A meta-level of control over both the MTA and SA (for things like white/black lists and its extensible rules syntax). 3. Unified logging, including log analysis tools like the MS-mrtg and Mailwatch projects, in addition to the possibilities to support even more sophisticated cluster configurations implied by the move to SQL backend support. 4. The possibility of on the fly damage control -- even if AV is done at another tier MS allows the possibility of a second line of defense, perhaps long before an AV vendor releases a data file update. (Though recent viruses like polymorphic bugbear-b complicate everyones lives). 5. A large active community of users, and this excellent mailing list. Let me know if I have missed anything. Chris From Denis.Beauchemin at USHERBROOKE.CA Mon Jun 16 14:42:06 2003 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:18:35 2006 Subject: spam black/white lists case sensitive? In-Reply-To: <5.2.1.1.2.20030614173941.045be3f8@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030614172259.0245ed70@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030614173941.045be3f8@imap.ecs.soton.ac.uk> Message-ID: <200306160942.06823.Denis.Beauchemin@USherbrooke.ca> Julian, Does it mean that everything I write in my white/black lists should be in lower case? Denis Le Samedi 14 Juin 2003 12:41, vous avez ?crit : > At 17:29 14/06/2003, you wrote: > >RedHat's sendmail-8.12.8-5.80 that comes with RH8.0 > > > >On Sat, 14 Jun 2003, Julian Field wrote: > > > What MTA are you using? > > > > > > At 17:05 14/06/2003, you wrote: > > > >I'm using MS 4.20-3 and noticed that some blacklisted mail is not > > > > being tagged / filtered. > > > > > > > >My spam blacklist is all in lowercase, whereas the sender's domain > > > > name uses uppercase letters as well. > > > > > > > >I have this in my blacklist file: > > > >From: @globalautoindustry.com yes > > > > > > > >The spammer is sending mail from @GlobalAutoIndustry.com > > > > > > > >Are these lists case sensitive? > > Before it stores the sender address of the mail, it converts it to > lower-case: $message->{from} = lc($from); > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x2252 F: 819.821.8045 From brent at WHITE-DEV.QUATRO.COM Mon Jun 16 22:24:30 2003 From: brent at WHITE-DEV.QUATRO.COM (Brent) Date: Thu Jan 12 21:18:35 2006 Subject: *side note* pyzor server ip has changed Message-ID: <200306162136.h5GLaWY32640@white-dev.quatro.com> It looks like the pyzor server ip changed today. Anyone using it should "pyzor discover" to get the new ip. https://sourceforge.net/mailarchive/forum.php?thread_id=2581923 &forum_id=8711 Brent -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030616/66180c22/attachment.html From raymond at PROLOCATION.NET Mon Jun 16 22:37:40 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:35 2006 Subject: *side note* pyzor server ip has changed In-Reply-To: <200306162136.h5GLaWY32640@white-dev.quatro.com> Message-ID: Hi Brent, > It looks like the pyzor server ip changed today. Anyone using it should > "pyzor discover" to get the new ip. > > https://sourceforge.net/mailarchive/forum.php?thread_id=2581923 > 11> &forum_id=8711 Thanks, i think most of us, including me, missed that one :) [root@vmx01 .pyzor]# more servers 66.92.49.157:24441 For the lazy people, thats the new server addy. Bye, Raymond. From marco at MUW.EDU Mon Jun 16 22:49:06 2003 From: marco at MUW.EDU (Marco Obaid) Date: Thu Jan 12 21:18:35 2006 Subject: *side note* pyzor server ip has changed In-Reply-To: References: Message-ID: <1055800146.3eee3b52191fd@webmail.MUW.Edu> Hi, > [root@vmx01 .pyzor]# more servers > 66.92.49.157:24441 > Thanks guys. I don't think it would be a bad idea to run 'pyzor discover' as a nightly cron job. Marco _________________________________________________________________ This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail For the latest MUW Events, visit http://www.MUW.Edu/calendar From raymond at PROLOCATION.NET Mon Jun 16 22:52:28 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:35 2006 Subject: *side note* pyzor server ip has changed In-Reply-To: <1055800146.3eee3b52191fd@webmail.MUW.Edu> Message-ID: Hi! > > [root@vmx01 .pyzor]# more servers > > 66.92.49.157:24441 > Thanks guys. I don't think it would be a bad idea to run 'pyzor discover' as a > nightly cron job. True. Or simply subscribe to their mailinglist... http://lists.sourceforge.net/lists/listinfo/pyzor-announce Traffic is ultra low on the announcelist. At least i wont miss next announcements now :) Bye, Raymond. From mailscanner at ecs.soton.ac.uk Mon Jun 16 23:01:12 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:35 2006 Subject: spam black/white lists case sensitive? In-Reply-To: <200306160942.06823.Denis.Beauchemin@USherbrooke.ca> References: <5.2.1.1.2.20030614173941.045be3f8@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030614172259.0245ed70@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030614173941.045be3f8@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030616230053.03ea2008@imap.ecs.soton.ac.uk> It should all be case-insensitive. At 14:42 16/06/2003, you wrote: >Julian, > >Does it mean that everything I write in my white/black lists should be in >lower case? > >Denis > >Le Samedi 14 Juin 2003 12:41, vous avez ?crit : > > At 17:29 14/06/2003, you wrote: > > >RedHat's sendmail-8.12.8-5.80 that comes with RH8.0 > > > > > >On Sat, 14 Jun 2003, Julian Field wrote: > > > > What MTA are you using? > > > > > > > > At 17:05 14/06/2003, you wrote: > > > > >I'm using MS 4.20-3 and noticed that some blacklisted mail is not > > > > > being tagged / filtered. > > > > > > > > > >My spam blacklist is all in lowercase, whereas the sender's domain > > > > > name uses uppercase letters as well. > > > > > > > > > >I have this in my blacklist file: > > > > >From: @globalautoindustry.com yes > > > > > > > > > >The spammer is sending mail from @GlobalAutoIndustry.com > > > > > > > > > >Are these lists case sensitive? > > > > Before it stores the sender address of the mail, it converts it to > > lower-case: $message->{from} = lc($from); > > -- > > Julian Field > > www.MailScanner.info > > Professional Support Services at www.MailScanner.biz > > MailScanner thanks transtec Computers for their support > >-- >Denis Beauchemin, analyste >Universit? de Sherbrooke, S.T.I. >T: 819.821.8000x2252 F: 819.821.8045 -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From steve.freegard at LBSLTD.CO.UK Mon Jun 16 23:10:21 2003 From: steve.freegard at LBSLTD.CO.UK (Steve Freegard) Date: Thu Jan 12 21:18:35 2006 Subject: Announce: MailWatch for MailScanner 0.2 (was MailScanner-Con sole ) Message-ID: <67D9E7698329D411936E00508B6590B90277394C@neelix.lbsltd.co.uk> Hi Evert, Sorry - but I forgot to copy the create.sql file into the distribution directory before I created the tarball. Please find it attached (Raymond - you'll need this too, sorry!). Kind regards, Steve. -- Steve Freegard Systems Manager Littlehampton Book Services Ltd. -----Original Message----- From: Evert Jan van Ramselaar To: MAILSCANNER@JISCMAIL.AC.UK Sent: 16/06/03 18:37 Subject: Re: Announce: MailWatch for MailScanner 0.2 (was MailScanner-Console ) Steve Freegard wrote: > Hi All, > > I've just uploaded a new version to > http://www.smf.f2s.com/mailscanner/ Hey there, About to install this and give it a try. Anyway, I can't seem to find 'create.sql' in this distribution. Is this the same query as explained on http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/95.html ? -- Evert Jan van Ramselaar Van Ramselaar Info Tech -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete the message from your mailbox. This footnote also confirms that this email message has been swept by MailScanner (www.mailscanner.info) for the presence of computer viruses. -------------- next part -------------- A non-text attachment was scrubbed... Name: create.sql Type: application/octet-stream Size: 1992 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030616/0a6a2715/create.obj From mkipness at GENIANT.COM Tue Jun 17 00:33:47 2003 From: mkipness at GENIANT.COM (Max Kipness) Date: Thu Jan 12 21:18:35 2006 Subject: Question about spam.actions.rules (Update) Message-ID: <036A6BCC9FD10749AD3CE32255AF49A6017CF586@dalsxc01.geniant.net> I would also move HighScoreSpamActions, correct? Thanks, Max > -----Original Message----- > From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > Sent: Monday, June 16, 2003 1:04 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Question about spam.actions.rules (Update) > > > At 18:03 16/06/2003, you wrote: > >Seems like it doesn't work regardles of whether I add the individual > >email addresses before or after the entire domain rule. It's > processing > >both. Anyway around this? > > A quick hack is to edit > /usr/lib/MailScanner/MailScanner/ConfigDefs.pl. > Look for the "SpamActions" line (note it is very long). It is > currently in the "[All,YesNo]" section. Move it to the > "[First,YesNo]" section. > > Then restart MailScanner. > > Anyone got any objections to me making this change in the > main distribution? Or are there loads of you about there > using the "all matching rules" feature of Spam Actions rulesets? > > >Hello - > > > >I'm trying to deliver to certain domains, but not to certain > >individuals at a domain. I have one person that does not want to > >receive tagged email, all the others do. > > > >Is this the right order to achieve this? Or should I have the > >individual at the bottom of the list: > > > >To: user1@domain1.com delete > >To: user2@domain1.com delete > > > >To: *@domain2.com forward spam@domain2.com > >To: *@domain1.com deliver > >FromOrTo: default deliver > > > >Thanks, > >Max > > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > From mkipness at GENIANT.COM Tue Jun 17 02:21:54 2003 From: mkipness at GENIANT.COM (Max Kipness) Date: Thu Jan 12 21:18:35 2006 Subject: Question about spam.actions.rules (Update) Message-ID: <036A6BCC9FD10749AD3CE32255AF49A6017CF588@dalsxc01.geniant.net> I actually moved both HighScoreSpamActions as well as SpamActions and it seems to be working great. I like the idea of having rules run from top to bottom with a default rule at the end, sort of like access-list functionality of Cisco routers. Thanks for the fix Julian! Max > -----Original Message----- > From: Max Kipness > Sent: Monday, June 16, 2003 6:34 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Question about spam.actions.rules (Update) > > > I would also move HighScoreSpamActions, correct? > > Thanks, > Max > > > -----Original Message----- > > From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > > Sent: Monday, June 16, 2003 1:04 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Question about spam.actions.rules (Update) > > > > > > At 18:03 16/06/2003, you wrote: > > >Seems like it doesn't work regardles of whether I add the > individual > > >email addresses before or after the entire domain rule. It's > > processing > > >both. Anyway around this? > > > > A quick hack is to edit > > /usr/lib/MailScanner/MailScanner/ConfigDefs.pl. > > Look for the "SpamActions" line (note it is very long). It is > > currently in the "[All,YesNo]" section. Move it to the > > "[First,YesNo]" section. > > > > Then restart MailScanner. > > > > Anyone got any objections to me making this change in the > > main distribution? Or are there loads of you about there > > using the "all matching rules" feature of Spam Actions rulesets? > > > > >Hello - > > > > > >I'm trying to deliver to certain domains, but not to certain > > >individuals at a domain. I have one person that does not want to > > >receive tagged email, all the others do. > > > > > >Is this the right order to achieve this? Or should I have the > > >individual at the bottom of the list: > > > > > >To: user1@domain1.com delete > > >To: user2@domain1.com delete > > > > > >To: *@domain2.com forward spam@domain2.com > > >To: *@domain1.com deliver > > >FromOrTo: default deliver > > > > > >Thanks, > > >Max > > > > -- > > Julian Field > > www.MailScanner.info > > Professional Support Services at www.MailScanner.biz > > MailScanner thanks transtec Computers for their support > > > From evertjan at VANRAMSELAAR.NL Tue Jun 17 06:23:27 2003 From: evertjan at VANRAMSELAAR.NL (Evert Jan van Ramselaar) Date: Thu Jan 12 21:18:35 2006 Subject: Announce: MailWatch for MailScanner 0.2 (was MailScanner-Con sole ) In-Reply-To: <67D9E7698329D411936E00508B6590B90277394C@neelix.lbsltd.co.uk> References: <67D9E7698329D411936E00508B6590B90277394C@neelix.lbsltd.co.uk> Message-ID: <5588.194.151.195.222.1055827407.squirrel@mail.vanramselaar.nl> Steve Freegard said: > Sorry - but I forgot to copy the create.sql file into the distribution > directory before I created the tarball. > > Please find it attached (Raymond - you'll need this too, sorry!). Great, thanks! Will implement this later today. -- Evert Jan van Ramselaar Van Ramselaar Info Tech From kfliong at WOFS.COM Tue Jun 17 07:25:34 2003 From: kfliong at WOFS.COM (kfliong) Date: Thu Jan 12 21:18:35 2006 Subject: anyone getting this? In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0EBF652@pascal.priv.bmrb.co .uk> Message-ID: <5.2.1.1.0.20030617142513.02505cb8@192.168.10.2> Yes, I notice the typo and changed the U to I but still doesn't work. Any idea? At 08:17 AM 6/16/2003 +0100, you wrote: >Sorry there was a typo in there, should have been ^TTIAdv\(doc\)\.exe$ > > > -----Original Message----- > > From: kfliong [mailto:kfliong@WOFS.COM] > > Sent: 16 June 2003 04:40 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: anyone getting this? > > > > > > Nope... adding this line > > > > ^TTUAdv\(doc\)\.exe$ > > > > doesn't work. > > > > Anyone? > > > > At 11:12 AM 6/13/2003 +0100, you wrote: > > > > I need to allow this file - > > > > TTIAdv(doc).exe to go through because it is not a virus. > > > > > > > > I have tried adding this line : > > > > > > > > allow TTIAdv(doc).exe$ - - > > > > > > > > into the beginning of the list. Of course I have checked > > to make sure > > > > there's tabs instead of spaces. How come it doesn't work? I > > > > still get those > > > > files filtered as {virus?}. > > > > > >Its a perl regular expression IIRC. I think you need > > >^TTUAdv\(doc\)\.exe$ but some perl RE guru may know better. see man > > >perlre for more details. > > > > > > > > > > > >BMRB International > > >http://www.bmrb.co.uk > > >+44 (0)20 8566 5000 > > >_________________________________________________________________ > > >This message (and any attachment) is intended only for the > > >recipient and may contain confidential and/or privileged > > >material. If you have received this in error, please contact the > > >sender and delete this message immediately. Disclosure, copying > > >or other action taken in respect of this email or in > > >reliance on it is prohibited. BMRB International Limited > > >accepts no liability in relation to any personal emails, or > > >content of any email which does not directly relate to our > > >business. > > > > > >BMRB International >http://www.bmrb.co.uk >+44 (0)20 8566 5000 >_________________________________________________________________ >This message (and any attachment) is intended only for the >recipient and may contain confidential and/or privileged >material. If you have received this in error, please contact the >sender and delete this message immediately. Disclosure, copying >or other action taken in respect of this email or in >reliance on it is prohibited. BMRB International Limited >accepts no liability in relation to any personal emails, or >content of any email which does not directly relate to our >business. From steve.douglas at SBIINCORPORATED.COM Tue Jun 17 08:01:34 2003 From: steve.douglas at SBIINCORPORATED.COM (Steve Douglas) Date: Thu Jan 12 21:18:35 2006 Subject: Port Message-ID: <3963522F0E71474CB14C0FF54A6914F701115029@omar.schtre.com> Due to a total failure and McAfee blowing up last week I rebuilt my gateway again over the weekend. I have RedHat v9, installed all the perl modules recommended by the MailScanner Quick Install notes, and installed the "rpm" of MailScanner. I have completely turned the IP tables off. When ever I audit the gateway, I show the correct ports open for other services. However, I am unable to show port 25 for nothing. My mailsend is configured with forwarding to my private email server under applicable domain names. Am I missing something? I have done everything by the book, but am missing something here. If I perform a netstat -top and nothing shows up in the way of MailScanner nor sendmail. Something is deadly wrong. . When I issue the "check_mailscanner (with debug activated) I receive the following: Starting MailScanner... In Debugging mode, not forking... Any advice is appreciated. Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030617/f583d13d/attachment.html From mike at ZANKER.ORG Tue Jun 17 08:43:11 2003 From: mike at ZANKER.ORG (Mike Zanker) Date: Thu Jan 12 21:18:35 2006 Subject: Announce: MailWatch for MailScanner 0.2 (was MailScanner-Con sole ) In-Reply-To: <67D9E7698329D411936E00508B6590B90277394C@neelix.lbsltd.co.uk> References: <67D9E7698329D411936E00508B6590B90277394C@neelix.lbsltd.co.u k> Message-ID: <166771531.1055839391@mallard.open.ac.uk> On 16 June 2003 23:10 +0100 Steve Freegard wrote: > Sorry - but I forgot to copy the create.sql file into the distribution > directory before I created the tarball. Thanks for this - I have created the database and logging works fine. However, I'm struggling with a VIRUS_REGEX for Sophos. The output is typically: ">>> Virus 'W32/Gibe-D' found in file ./h5F5Y0U18034/MeCLBuITR.exe" so the virus name and file name are the other way round. Has anybody got round this? (It would be too much work to use SophosSAVI.) Thanks, Mike. From kfliong at WOFS.COM Tue Jun 17 09:08:39 2003 From: kfliong at WOFS.COM (kfliong) Date: Thu Jan 12 21:18:35 2006 Subject: Announce: MailWatch for MailScanner 0.2 (was MailScanner-Console ) In-Reply-To: <67D9E7698329D411936E00508B6590B902793C5A@neelix.lbsltd.co. uk> Message-ID: <5.2.1.1.0.20030617160626.024c1cf8@192.168.10.2> I manage to upgrade it with some customization especially on the CustomConfig.pm file. Anyway, it works great. BTW, I would suggest that you change the installation path from mailscanner to mailwatch and any other name that is mailscanner. This would avoid any confusion with MailScanner. Keep up the good work!! At 06:10 PM 6/16/2003 +0100, you wrote: >Hi All, > >I've just uploaded a new version to >http://www.smf.f2s.com/mailscanner/ - >see the Change Log for >the details. > >Kind regards, >Steve. > >-- >Steve Freegard >Systems Manager >Littlehampton Book Services Ltd. >Tel: +44 (0)1903 82 8594 >Fax: +44 (0)1903 82 8620 > >-- >This email and any files transmitted with it are confidential and intended >solely for the use of the individual or entity to whom they are addressed. >If you have received this email in error please notify the sender and >delete the message from your mailbox. > >This footnote also confirms that this email message has been swept by >MailScanner (www.mailscanner.info) for the presence of computer viruses. From steve.freegard at LBSLTD.CO.UK Tue Jun 17 09:18:03 2003 From: steve.freegard at LBSLTD.CO.UK (Steve Freegard) Date: Thu Jan 12 21:18:35 2006 Subject: Announce: MailWatch for MailScanner 0.2 (was MailScanner-Con sole ) Message-ID: <67D9E7698329D411936E00508B6590B902793C5E@neelix.lbsltd.co.uk> Hi Mike, The regex works against the report field on the database which contains all the reports from MailScanner joined together, so it will be slightly different to what you see in the maillog. If you look at the message detail for an infected message and look at the 'Report:' field, you'll see what I mean. Try this for the regex: '/Sophos: (\S+) found in file (.+)/' - and see if that does the trick. Kind regards, Steve -- Steve Freegard Systems Manager Littlehampton Book Services Ltd. -----Original Message----- From: Mike Zanker [mailto:mike@ZANKER.ORG] Sent: 17 June 2003 08:43 To: MAILSCANNER@JISCMAIL.AC.UK On 16 June 2003 23:10 +0100 Steve Freegard wrote: > Sorry - but I forgot to copy the create.sql file into the distribution > directory before I created the tarball. Thanks for this - I have created the database and logging works fine. However, I'm struggling with a VIRUS_REGEX for Sophos. The output is typically: ">>> Virus 'W32/Gibe-D' found in file ./h5F5Y0U18034/MeCLBuITR.exe" so the virus name and file name are the other way round. Has anybody got round this? (It would be too much work to use SophosSAVI.) Thanks, Mike. -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete the message from your mailbox. This footnote also confirms that this email message has been swept by MailScanner (www.mailscanner.info) for the presence of computer viruses. From kfliong at WOFS.COM Tue Jun 17 09:25:30 2003 From: kfliong at WOFS.COM (kfliong) Date: Thu Jan 12 21:18:35 2006 Subject: Legal Implications was(Re: Announce: MailScanner-Console-0.1) In-Reply-To: References: <84CFA712F666B44A94CE6BE116BAF4B0B4EA47@mail.winnefox.org> Message-ID: <5.2.1.1.0.20030617162032.024b9fd8@192.168.10.2> I don't see much problem about privacy issues here. The main reason is because you only see, from, subject, to and so on and not the contents or the attachments. So, we won't know what are the contents. Thus still protecting the user's privacy. Secondly, for those who are really concerned, they could draft out an agreement to let their users know that their emails will be monitored for spam and virus. And that the contents and attachments will not be viewed thus maintaining privacy up to a certain limit. It they don't like it, they can use web based emails like yahoomail or hotmail for their personal emails which is up to their discretion since it's not work related. At 08:45 PM 6/16/2003 +0200, you wrote: >On Montag, Juni 16, 2003, at 08:27 Uhr, Jody Cleveland wrote: > >>>I've written a web based front-end to MailScanner using a >>>modified &SQLLogging routine, PHP, MySQL and JpGraph. >> >>I was looking at this, and I think it looks fantastic. I have one >>question though regarding privacy. I'm going to pitch this to my boss, >>and my network admin brought up a good point. "This program will tell >>us, at a glance, who is talking to who and about what." >> >>Does anyone else see any privacy concerns with this? >I can only speak for some of us, But let me try to explain the situation >for most European union members. >In Austria electronic communication is protected by the telecommunications >act an the postal secrecy law. Which basically means the following. > >If you are 100% sure that your employees pass only work related Mail >messages via you corporate network you may review the mail traffic, you >may even view the body of each message because that is believed to be >within right of use of the company. This means that you do not even >necessarily need consent from your employees. Here comes the bog but, as >soon as only a SINGLE message which is private passes over your corporate >network NO message may be reviewed without EXPLICIT consent of the whole >body of employees. > >However there is no real application for this yet because it has never >been discussed in a court of law. The basic rule is, that you need to bind >your employees explicitly to a contract which states "You may not send or >receive _any_ private messages here at work". Since most companies do not >have such a policy in place and it does not seem very feasible you may >neither archive mail messages, nor review the contents of mail messages on >your corporate network without prior consent of the employees. > >I hope that helps > >-d > >-----BEGIN GEEK CODE BLOCK----- >Version: 3.12 >GCC d+ s: a-- C+ UB++++ P+ L++ E--- W N+ o+++ K w-- >O M+ V++ PS PE Y++ PGP++++ t+ 5 X- R+ tv-- b++++ DI D+ >G e++++ h+ r++ y++ >------END GEEK CODE BLOCK------ > > > From steve.douglas at SBIINCORPORATED.COM Tue Jun 17 08:01:34 2003 From: steve.douglas at SBIINCORPORATED.COM (Steve Douglas) Date: Thu Jan 12 21:18:35 2006 Subject: Port Message-ID: <3963522F0E71474CB14C0FF54A6914F701115029@omar.schtre.com> Due to a total failure and McAfee blowing up last week I rebuilt my gateway again over the weekend. I have RedHat v9, installed all the perl modules recommended by the MailScanner Quick Install notes, and installed the "rpm" of MailScanner. I have completely turned the IP tables off. When ever I audit the gateway, I show the correct ports open for other services. However, I am unable to show port 25 for nothing. My mailsend is configured with forwarding to my private email server under applicable domain names. Am I missing something? I have done everything by the book, but am missing something here. If I perform a netstat -top and nothing shows up in the way of MailScanner nor sendmail. Something is deadly wrong. When I issue the "check_mailscanner (with debug activated) I receive the following: Starting MailScanner... In Debugging mode, not forking... Any advice is appreciated. Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030617/f583d13d/attachment-0001.html From Krishna_shekhar at GMX.NET Tue Jun 17 10:00:18 2003 From: Krishna_shekhar at GMX.NET (Krishna) Date: Thu Jan 12 21:18:35 2006 Subject: MailScanner with Trend Micro In-Reply-To: <00c701c33440$516264e0$ad0110ac@x173cpt> References: <5.2.1.1.0.20030616234437.00a71eb0@pop.gmx.net> Message-ID: <5.2.1.1.0.20030617015552.00a63218@pop.gmx.net> Hi, I got trend installed now and works alright without MailScanner. There is a small fix for it see here http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionID=14256 I am using SpamAssassin with procmail. I don' t think I need MailScanner since SpamAssassin is executed by procmail for every incoming mail and is currently reading user preferences from a SQL database and now recently switched to Trend. regards Krishna http://www.KrisinDigitalAge.com http://www.epassione.com At 02:48 PM 6/16/2003 -0500, you wrote: >I'm not try to be rude but, isn't Trend Micro Viruswall gateway already >catching your SMTP, HTTP, and FTP Internet traffic? If so the all you need >is for Mailscanner to kick spam. I'm no expert, but wouldn't Trend Micro's >ServerProtect be closer to what you want to use (possibly cheaper)? From mike at ZANKER.ORG Tue Jun 17 09:31:00 2003 From: mike at ZANKER.ORG (Mike Zanker) Date: Thu Jan 12 21:18:35 2006 Subject: Announce: MailWatch for MailScanner 0.2 (was MailScanner-Con sole ) In-Reply-To: <67D9E7698329D411936E00508B6590B902793C5E@neelix.lbsltd.co.uk> References: <67D9E7698329D411936E00508B6590B902793C5E@neelix.lbsltd.co.u k> Message-ID: <169640593.1055842260@mallard.open.ac.uk> On 17 June 2003 09:18 +0100 Steve Freegard wrote: > The regex works against the report field on the database which > contains all the reports from MailScanner joined together, so it will > be slightly different to what you see in the maillog. If you look at > the message detail for an infected message and look at the 'Report:' > field, you'll see what I mean. This is the Report: field for an infected message: Report: >>> Virus 'EICAR-AV-Test' found in file ./h5H8NBg22318/eicar_com.zip/eicar.com > Try this for the regex: '/Sophos: (\S+) found in file (.+)/' - and > see if that does the trick. I'm actually using this at the moment: define(VIRUS_REGEX, '/(>>>) Virus \'(.+)\' found/'); and it seems to be extracting the virus name correctly - at least it appears as just EICAR-AV-Test in the various reports and the box at the top right of the main page. The (>>>) is to make sure that the virus name ends up as the second element of your array. Regards, Mike. From steve.freegard at LBSLTD.CO.UK Tue Jun 17 09:40:10 2003 From: steve.freegard at LBSLTD.CO.UK (Steve Freegard) Date: Thu Jan 12 21:18:35 2006 Subject: Port Message-ID: <67D9E7698329D411936E00508B6590B902793C64@neelix.lbsltd.co.uk> Hi Steve, I'm also using RH9, but using Sophos SAVI and Clam instead of McAfee. I recall from Julian's notes that for McAfee you need to stop MailScanner with 'service MailScanner stop' and add 'export LD_ASSUME_KERNEL=2.2.5' into the top of '/etc/rc.d/init.d/MailScanner' for McAfee to work correctly. On the sendmail side, you'll also need to edit '/etc/mail/sendmail.mc' change the DAEMON_OPTIONS line to read 'DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl' as by default RH9 has 'Addr=127.0.0.1' in this to only allow connections to the mta from localhost (which isn't much good for a mail hub!). Once you've fixed this line run: 'make -C /etc/mail', then 'service MailScanner start'. Hope this helps. Kind regards, Steve -- Steve Freegard Systems Manager Littlehamptob Book Services Ltd. _____ From: Steve Douglas [mailto:steve.douglas@SBIINCORPORATED.COM] Sent: 17 June 2003 08:02 To: MAILSCANNER@JISCMAIL.AC.UK Due to a total failure and McAfee blowing up last week I rebuilt my gateway again over the weekend. I have RedHat v9, installed all the perl modules recommended by the MailScanner Quick Install notes, and installed the "rpm" of MailScanner. I have completely turned the IP tables off. When ever I audit the gateway, I show the correct ports open for other services. However, I am unable to show port 25 for nothing. My mailsend is configured with forwarding to my private email server under applicable domain names. Am I missing something? I have done everything by the book, but am missing something here. If I perform a netstat -top and nothing shows up in the way of MailScanner nor sendmail. Something is deadly wrong. . When I issue the "check_mailscanner (with debug activated) I receive the following: Starting MailScanner... In Debugging mode, not forking... Any advice is appreciated. Thanks -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete the message from your mailbox. This footnote also confirms that this email message has been swept by MailScanner (www.mailscanner.info) for the presence of computer viruses. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030617/f7770bb1/attachment.html From steve.freegard at LBSLTD.CO.UK Tue Jun 17 09:45:34 2003 From: steve.freegard at LBSLTD.CO.UK (Steve Freegard) Date: Thu Jan 12 21:18:35 2006 Subject: Announce: MailWatch for MailScanner 0.2 (was MailScanner-Con sole ) Message-ID: <67D9E7698329D411936E00508B6590B902793C66@neelix.lbsltd.co.uk> Mike, Thanks for this - glad it's working now. I'll add your regex to the source for the next version. Cheers, Steve. -----Original Message----- From: Mike Zanker [mailto:mike@ZANKER.ORG] Sent: 17 June 2003 09:31 To: MAILSCANNER@JISCMAIL.AC.UK On 17 June 2003 09:18 +0100 Steve Freegard wrote: > The regex works against the report field on the database which > contains all the reports from MailScanner joined together, so it will > be slightly different to what you see in the maillog. If you look at > the message detail for an infected message and look at the 'Report:' > field, you'll see what I mean. This is the Report: field for an infected message: Report: >>> Virus 'EICAR-AV-Test' found in file ./h5H8NBg22318/eicar_com.zip/eicar.com > Try this for the regex: '/Sophos: (\S+) found in file (.+)/' - and > see if that does the trick. I'm actually using this at the moment: define(VIRUS_REGEX, '/(>>>) Virus \'(.+)\' found/'); and it seems to be extracting the virus name correctly - at least it appears as just EICAR-AV-Test in the various reports and the box at the top right of the main page. The (>>>) is to make sure that the virus name ends up as the second element of your array. Regards, Mike. -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete the message from your mailbox. This footnote also confirms that this email message has been swept by MailScanner (www.mailscanner.info) for the presence of computer viruses. From steve.freegard at LBSLTD.CO.UK Tue Jun 17 10:13:06 2003 From: steve.freegard at LBSLTD.CO.UK (Steve Freegard) Date: Thu Jan 12 21:18:35 2006 Subject: MailWatch 0.2 buglet Message-ID: <67D9E7698329D411936E00508B6590B902793C6B@neelix.lbsltd.co.uk> Hi Mike, Glad you like it. I've just realised that I've got the same bug - please find the attached status.php file which fixes the problem. Cheers, Steve. -----Original Message----- From: Mike Zanker [mailto:mike@zanker.org] Sent: 17 June 2003 10:04 To: Steve Freegard Hi Steve, just found a little bug - multiple recipients (To column on status page) are showing like this: mike@zanker.org
alan@zanker.org Great utility, though - I can see it being VERY useful. Regards, Mike. -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete the message from your mailbox. This footnote also confirms that this email message has been swept by MailScanner (www.mailscanner.info) for the presence of computer viruses. -------------- next part -------------- A non-text attachment was scrubbed... Name: status.php Type: application/octet-stream Size: 4551 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030617/9d635cb5/status.obj From maxsec at TOTALISE.CO.UK Tue Jun 17 10:23:39 2003 From: maxsec at TOTALISE.CO.UK (Martin Hepworth) Date: Thu Jan 12 21:18:35 2006 Subject: MailWatch 0.2 In-Reply-To: <67D9E7698329D411936E00508B6590B902793C6B@neelix.lbsltd.co.uk> References: <67D9E7698329D411936E00508B6590B902793C6B@neelix.lbsltd.co.uk> Message-ID: <3EEEDE1B.5090007@totalise.co.uk> Steve looks like a nice little util. I have a couple of questions 1) according to the 'blurb' it logs all the mail into the DB. How do I clean this out as right now we get about 23,000 emails per week, that vast majority (>80%) are spam. So I really don't want to keep these forever. 2) also in the blurb the front end only shows the last 50, anything in the pipeline to look at them all, ie navigate around the stored emails, via date, from, to etc... so I can see what got tagged as spam incorrectly and 'release' them to the user if I only quaranteen the email and don't forward spam? -- Martin (at home) From steve.freegard at LBSLTD.CO.UK Tue Jun 17 11:00:40 2003 From: steve.freegard at LBSLTD.CO.UK (Steve Freegard) Date: Thu Jan 12 21:18:35 2006 Subject: MailWatch 0.2 Message-ID: <67D9E7698329D411936E00508B6590B902793C71@neelix.lbsltd.co.uk> Hi Martin, Answers to your questions: 1) It logs mail information into the DB, such as Message ID, From, To, Subject, SA Reports, Viruses found etc. *except* the message body and attachments. The information is used purely for reporting purposes only. At the moment the only way to clean the database out is to manually delete the data by writing an SQL statement to do so. I had planned to put some features in eventually to housekeep the database after a certain period/size to condense the detail data into summary data, but that won't appear for a while yet as all the reports will need to be re-written and will take a bit of planning first. 2) You can already look around your data using the 'Message Listing' report - but this doesn't enable you to release mails from quarantine because the actual message is not contained in the database. I will be looking at introducing a feature to be able to read the quaratine files from /var/spool/MailScanner/quarantine and release then in a future version. Kind regards, Steve. -- Steve Freegard Systems Manager Littlehampton Book Services Ltd. -----Original Message----- From: Martin Hepworth [mailto:maxsec@TOTALISE.CO.UK] Sent: 17 June 2003 10:24 To: MAILSCANNER@JISCMAIL.AC.UK Steve looks like a nice little util. I have a couple of questions 1) according to the 'blurb' it logs all the mail into the DB. How do I clean this out as right now we get about 23,000 emails per week, that vast majority (>80%) are spam. So I really don't want to keep these forever. 2) also in the blurb the front end only shows the last 50, anything in the pipeline to look at them all, ie navigate around the stored emails, via date, from, to etc... so I can see what got tagged as spam incorrectly and 'release' them to the user if I only quaranteen the email and don't forward spam? -- Martin (at home) -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete the message from your mailbox. This footnote also confirms that this email message has been swept by MailScanner (www.mailscanner.info) for the presence of computer viruses. From maxsec at TOTALISE.CO.UK Tue Jun 17 11:21:46 2003 From: maxsec at TOTALISE.CO.UK (Martin Hepworth) Date: Thu Jan 12 21:18:35 2006 Subject: MailWatch 0.2 In-Reply-To: <67D9E7698329D411936E00508B6590B902793C71@neelix.lbsltd.co.uk> References: <67D9E7698329D411936E00508B6590B902793C71@neelix.lbsltd.co.uk> Message-ID: <3EEEEBBA.80707@totalise.co.uk> Steve thanks for this.. Right now I'm up to my ears in moving half the company from two buildings down to one (include a server room move!). But once I've completed this (4 weeks) I'll give you a shout and see if I scrub up my php/mysql skills and help out if you want. I'm trying to get rid of Clearswift's MimeSweeper product as it's a complete sod to manage/upgrade etc so I'll figure out what extra features I really need from it and then I'll pop them over to see if we can work on them together.. -- martin (at home) Steve Freegard wrote: > Hi Martin, > > Answers to your questions: > > 1) It logs mail information into the DB, such as Message ID, From, To, > Subject, SA Reports, Viruses found etc. *except* the message body and > attachments. The information is used purely for reporting purposes only. > At the moment the only way to clean the database out is to manually delete > the data by writing an SQL statement to do so. I had planned to put some > features in eventually to housekeep the database after a certain period/size > to condense the detail data into summary data, but that won't appear for a > while yet as all the reports will need to be re-written and will take a bit > of planning first. > > 2) You can already look around your data using the 'Message Listing' report > - but this doesn't enable you to release mails from quarantine because the > actual message is not contained in the database. I will be looking at > introducing a feature to be able to read the quaratine files from > /var/spool/MailScanner/quarantine and release then in a future version. > > Kind regards, > Steve. > > -- > Steve Freegard > Systems Manager > Littlehampton Book Services Ltd. From mailscanner at ecs.soton.ac.uk Tue Jun 17 11:13:35 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:35 2006 Subject: Legal Implications was(Re: Announce: MailScanner-Console-0.1) In-Reply-To: <5.2.1.1.0.20030617162032.024b9fd8@192.168.10.2> References: <84CFA712F666B44A94CE6BE116BAF4B0B4EA47@mail.winnefox.org> Message-ID: <5.2.0.9.2.20030617111203.03e19e78@imap.ecs.soton.ac.uk> The From, To and Subject are all considered private information in the EU. People's privacy is therefore protected under the Human Rights Act (and its equivalent in other EU countries). Here in the EU we have *much* stricter laws about this than you do in the US. At 09:25 17/06/2003, you wrote: >I don't see much problem about privacy issues here. The main reason is >because you only see, from, subject, to and so on and not the contents or >the attachments. So, we won't know what are the contents. Thus still >protecting the user's privacy. > >Secondly, for those who are really concerned, they could draft out an >agreement to let their users know that their emails will be monitored for >spam and virus. And that the contents and attachments will not be viewed >thus maintaining privacy up to a certain limit. It they don't like it, they >can use web based emails like yahoomail or hotmail for their personal >emails which is up to their discretion since it's not work related. > > >At 08:45 PM 6/16/2003 +0200, you wrote: > >>On Montag, Juni 16, 2003, at 08:27 Uhr, Jody Cleveland wrote: >> >>>>I've written a web based front-end to MailScanner using a >>>>modified &SQLLogging routine, PHP, MySQL and JpGraph. >>> >>>I was looking at this, and I think it looks fantastic. I have one >>>question though regarding privacy. I'm going to pitch this to my boss, >>>and my network admin brought up a good point. "This program will tell >>>us, at a glance, who is talking to who and about what." >>> >>>Does anyone else see any privacy concerns with this? >>I can only speak for some of us, But let me try to explain the situation >>for most European union members. >>In Austria electronic communication is protected by the telecommunications >>act an the postal secrecy law. Which basically means the following. >> >>If you are 100% sure that your employees pass only work related Mail >>messages via you corporate network you may review the mail traffic, you >>may even view the body of each message because that is believed to be >>within right of use of the company. This means that you do not even >>necessarily need consent from your employees. Here comes the bog but, as >>soon as only a SINGLE message which is private passes over your corporate >>network NO message may be reviewed without EXPLICIT consent of the whole >>body of employees. >> >>However there is no real application for this yet because it has never >>been discussed in a court of law. The basic rule is, that you need to bind >>your employees explicitly to a contract which states "You may not send or >>receive _any_ private messages here at work". Since most companies do not >>have such a policy in place and it does not seem very feasible you may >>neither archive mail messages, nor review the contents of mail messages on >>your corporate network without prior consent of the employees. >> >>I hope that helps >> >>-d >> >>-----BEGIN GEEK CODE BLOCK----- >>Version: 3.12 >>GCC d+ s: a-- C+ UB++++ P+ L++ E--- W N+ o+++ K w-- >>O M+ V++ PS PE Y++ PGP++++ t+ 5 X- R+ tv-- b++++ DI D+ >>G e++++ h+ r++ y++ >>------END GEEK CODE BLOCK------ >> >> -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Tue Jun 17 11:11:07 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:35 2006 Subject: Port In-Reply-To: <3963522F0E71474CB14C0FF54A6914F701115029@omar.schtre.com> Message-ID: <5.2.0.9.2.20030617111028.04098e98@imap.ecs.soton.ac.uk> At 08:01 17/06/2003, you wrote: >Due to a total failure and McAfee blowing up last week I rebuilt my >gateway again over the weekend. I have RedHat v9, installed all the perl >modules recommended by the MailScanner Quick Install notes, and installed >the "rpm" of MailScanner. I have completely turned the IP tables >off. When ever I audit the gateway, I show the correct ports open for >other services. However, I am unable to show port 25 for nothing. My >mailsend is configured with forwarding to my private email server under >applicable domain names. > > > >Am I missing something? I have done everything by the book, but am >missing something here. If I perform a netstat -top and nothing shows up >in the way of MailScanner nor sendmail. Something is deadly wrong. . > > > >When I issue the "check_mailscanner (with debug activated) I receive the >following: > > > >Starting MailScanner... > >In Debugging mode, not forking... > > > >Any advice is appreciated. Thanks With "Debug = no", what happens when you service MailScanner start ? -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From o.pitzeier at UPTIME.AT Tue Jun 17 12:06:41 2003 From: o.pitzeier at UPTIME.AT (Oliver Pitzeier) Date: Thu Jan 12 21:18:35 2006 Subject: Black-/Whitelists in SQL Database (WAS: RE: SQL user options) In-Reply-To: <001901c33022$f99097d0$020b10ac@pitzeier.priv.at> Message-ID: <003401c334c0$886bfed0$020b10ac@pitzeier.priv.at> Hi folks! > > > OK. I did it. :-) I wrote some code (SQL_Backlist, > > > SQL_Whitelist), > > > which is - at least a bit - configurable trough variables in > > > CustomConfig.pm. You can imagine what it does... Exactly what I > > > wanted. :-) > > > > > > So... Is someone interested in this code? > > > > I would love to have that. Thanks! > > Please find it here: > http://filelister.linux-kernel.at/?current=/tarballs/MailScanner/ > Please keep in mind, that is is still some kind of beta stage... > I have it running here, but I wrote it this night in about 1 hour. :-) I just updated the above mentioned tarball. The SQL black-/whitelist stuff now supports wildcards (*, ?)... The webinterface for maintaining those "rules" still needs some time, but I found a contributor who is willing to write it - in PHP. I also updated the above Webinterface (http://filelister.linux-kernel.at/); If an error occurs, please let me know! Best regards, Oliver From P.Holzleitner at UNIDO.ORG Tue Jun 17 12:08:40 2003 From: P.Holzleitner at UNIDO.ORG (Peter HOLZLEITNER) Date: Thu Jan 12 21:18:35 2006 Subject: Changing Precedence to junk Message-ID: > WHY would you bounce spam? Well, for example - we have a rather low highscore threshold and bounce highscore spam. For the benefit of the two or three false positives per week, the bounce message explain how they can send their mail in for manual forwarding. On the MailScanner machine, I use a mailertable entry to send incoming mail to the internal server and point DS to a separate queue for the bounces. At ~6000 messages a day with ~15-18% detected spam, that junk queue has normally ~100-150 messages in it. --Peter -----Original Message----- From: mike@CAMAROSS.NET [mailto:mike@CAMAROSS.NET] Sent: Monday, June 09, 2003 4:32 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Changing Precedence to junk Mailman uses the precedence of either Bulk or List...can't remember which. My question is this...WHY would you bounce spam? The large percentage of spam you bounce more than likey comes from forged addresses. Therefore, attempting to bounce them just generates more useless traffic on the net and your boxen (IMHO of course). Mike > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jeff A. Earickson > Sent: Monday, June 09, 2003 8:45 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Changing Precedence to junk > > > Y'all, > > It would be good if the mailscanner virus warning messages > went out as 'Precedence: bulk'. I'm getting to the point > where I don't care if mailscanner sends out the warning > messages at all -- most go to the wrong person and are > useless. Whenever we write web-based email apps that > generate email, we always stick the 'Precedence: bulk' stuff > into the mailer scripts, to cut down on bounced emails. > > --- Jeff Earickson > > On Mon, 9 Jun 2003, John Ireland wrote: > > > Date: Mon, 9 Jun 2003 12:36:18 +0100 > > From: John Ireland > > Reply-To: MailScanner mailing list > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Changing Precedence to junk > > > > I spoke to Julian about this last week at at the JANET-CERT > meeting in > > London and I thought I would mail the list to see what > others thought > > of the idea. > > > > Our mail queue is continually filled with auto responder > mail replying > > to spam messages. These messages either time out or > bounce, spamming > > the user with more useless information. > > > > Most auto responders, such as vacation, will not respond to > mail with > > the 'Precedence: bulk' or 'Precedence: junk' line is > included in the > > header. So giving mailscanner the option of changing the > > 'Precedence:' header to junk would give a simple centrally managed > > solution. > > > > I know there are other solutions - ban auto responders, write a > > procmail wrapper for vacation, or hack the vacation code. > But there > > are users that need to use auto responders and there are auto > > responders over which the mail administrator has no control. > > > > Also, I know of no other program, other than 'vacation', > that uses the > > 'Precedence:' header. > > > > > > -- > > John Ireland Email: > mailto:J.Ireland@hgu.mrc.ac.uk > > MRC Human Genetics Unit > Tel. : +44-31-332-2471 > > Western General Hospital Fax. : +44-31-343-2620 > > Edinburgh, EH4 2XU, UK WWW : http://www.hgu.mrc.ac.uk > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: BDY.RTF Type: application/rtf Size: 4139 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030617/46f69f47/BDY.rtf From steve.freegard at LBSLTD.CO.UK Tue Jun 17 12:12:00 2003 From: steve.freegard at LBSLTD.CO.UK (Steve Freegard) Date: Thu Jan 12 21:18:35 2006 Subject: MailWatch 0.2 Message-ID: <67D9E7698329D411936E00508B6590B902793C73@neelix.lbsltd.co.uk> Hi Martin, >>> But once I've completed this (4 weeks) I'll give you a shout and >>> see if I scrub up my php/mysql skills and help out if you want. That'd be great - any help would be most appreciated. >>> I'm trying to get rid of Clearswift's MimeSweeper product as it's a >>> complete sod to manage/upgrade etc... Wow! - now that is a coincedence, this is *exactly* the reason I wrote MailWatch in the first place. We were using MIMEsweeper here and I wanted to move to MailScanner because I hated MIMEsweeper so much - but still required similar functionality to the MIMEsweeper console before we could make the switch as I'm the only person here with Unix skills. >>> so I'll figure out what extra features I really need from it and then I'll >>> pop them over to see if we can work on them together.. Okay. Cheers, Steve. Steve Freegard wrote: > Hi Martin, > > Answers to your questions: > > 1) It logs mail information into the DB, such as Message ID, From, To, > Subject, SA Reports, Viruses found etc. *except* the message body and > attachments. The information is used purely for reporting purposes only. > At the moment the only way to clean the database out is to manually delete > the data by writing an SQL statement to do so. I had planned to put some > features in eventually to housekeep the database after a certain period/size > to condense the detail data into summary data, but that won't appear for a > while yet as all the reports will need to be re-written and will take a bit > of planning first. > > 2) You can already look around your data using the 'Message Listing' report > - but this doesn't enable you to release mails from quarantine because the > actual message is not contained in the database. I will be looking at > introducing a feature to be able to read the quaratine files from > /var/spool/MailScanner/quarantine and release then in a future version. > > Kind regards, > Steve. > > -- > Steve Freegard > Systems Manager > Littlehampton Book Services Ltd. -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete the message from your mailbox. This footnote also confirms that this email message has been swept by MailScanner (www.mailscanner.info) for the presence of computer viruses. From vosburgh at DALSEMI.COM Tue Jun 17 12:32:17 2003 From: vosburgh at DALSEMI.COM (David Vosburgh) Date: Thu Jan 12 21:18:35 2006 Subject: logging problem References: Message-ID: <3EEEFC41.9070407@dalsemi.com> Back from vacation! The problem is that I'm not getting any MailScanner log messages in /var/adm/maillog. The maillog file exists and has all the normal sendmail type messages appearing as always. Dave Tony Finch wrote: >David Vosburgh wrote: > > >>Everything seems to be working as advertised, with the exception of >>logging. >> >> > >What is the problem? Does /var/adm/mailllog exist? (If not, touch it.) > >Tony. >-- >f.a.n.finch http://dotat.at/ >RATTRAY HEAD TO BERWICK ON TWEED: SOUTHWEST 3 OR 4 LOCALLY 5 ON THURSDAY >NIGHT, BECOMING MAINLY WEST TO NORTHWEST 2 OR 3 LATER FRIDAY. OCCASIONAL >SHOWERS WITH RISK OF THUNDER ON THURSDAY EVENING, MAINLY FAIR ON FRIDAY. GOOD >OCCASIONALLY MODERATE. SLIGHT. > > > From pecos at LENST.DET.UNIFI.IT Tue Jun 17 14:04:41 2003 From: pecos at LENST.DET.UNIFI.IT (Tommaso Pecorella) Date: Thu Jan 12 21:18:35 2006 Subject: MailScanner and inoculan configuration In-Reply-To: <3EEEFC41.9070407@dalsemi.com> Message-ID: <4208198A-A0C4-11D7-B916-000A957744AE@lenst.det.unifi.it> Hi, I just installedMailScanner and inoculan (the freeware CAI antivirus), but I have some problems. Everything seems ok, but all e-mails are marked as "Unscanned". How can I track down the problem ? Note that MailScanner seems to work fine, and inocucmd is working too. Thank you, Tommaso. PS: a little system infos: I have a "plain" RedHat 8.0 and I have installed all with root permissions. --- Tommaso Pecorella - Ph.D. CNIT Research Scientist Universit? di Firenze Unit email: tommaso.pecorella@cnit.it ?????? pecos@lenst.det.unifi.it phone1: +39-0574-440708 phone2: +39-055-4796485 mobile: +39-348-0176826 fax:??? +39-055-4796485 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/enriched Size: 711 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030617/76bac019/attachment.bin From steve.douglas at SBIINCORPORATED.COM Tue Jun 17 15:32:55 2003 From: steve.douglas at SBIINCORPORATED.COM (Steve Douglas) Date: Thu Jan 12 21:18:35 2006 Subject: Port Message-ID: <3963522F0E71474CB14C0FF54A6914F70111502C@omar.schtre.com> Julian, I have the debug on still and I am receiving the following at the console. Starting MailScanner... In Debugging mode, not forking... Syntax error in line 550, value "" for warnsenders is not one of allowed values "yes","no" at /usr/lib/MailScanner/MailScanner/Config.pm line 1322 I will refer to the config.pm file. I discovered two places in the advanced section of the conf file that provides debugging. I turned the second one on and the is what I receive. Steve Freegard: thanks for the valuable information. I will look at this. I appreciate your assessments. I am just chasing my tail at the moment. SD :-) > -----Original Message----- > From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > Sent: Tuesday, June 17, 2003 5:11 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Port > > At 08:01 17/06/2003, you wrote: > > >Due to a total failure and McAfee blowing up last week I rebuilt my > >gateway again over the weekend. I have RedHat v9, installed all the perl > >modules recommended by the MailScanner Quick Install notes, and installed > >the "rpm" of MailScanner. I have completely turned the IP tables > >off. When ever I audit the gateway, I show the correct ports open for > >other services. However, I am unable to show port 25 for nothing. My > >mailsend is configured with forwarding to my private email server under > >applicable domain names. > > > > > > > >Am I missing something? I have done everything by the book, but am > >missing something here. If I perform a netstat -top and nothing shows up > >in the way of MailScanner nor sendmail. Something is deadly wrong. . > > > > > > > >When I issue the "check_mailscanner (with debug activated) I receive the > >following: > > > > > > > >Starting MailScanner... > > > >In Debugging mode, not forking... > > > > > > > >Any advice is appreciated. Thanks > > With "Debug = no", what happens when you > service MailScanner start > ? > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support From FCaen at CI.LAKEWOOD.WA.US Tue Jun 17 15:36:40 2003 From: FCaen at CI.LAKEWOOD.WA.US (Francois Caen) Date: Thu Jan 12 21:18:35 2006 Subject: Legal Implications was(Re: Announce: MailScanner-Console-0.1) Message-ID: -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > The From, To and Subject are all considered private information in the EU. So... What about sendmail's plain old maillog??? Are you not allowed to look at it? Do you disable sendmail logging?? --------------------------------------------- Francois Caen Network Information Systems Engineer - Webmaster City of Lakewood, WA (253) 512-2269 NOTICE: The Information contained in this transmission is privileged and confidential. It is intended for the use of the individual or entity named above. If the reader of this message is not the intended addressee or other legitimate recipient, the reader is hereby notified that any consideration, dissemination or duplication of this communication is strictly prohibited. If the addressee has received this communication in error, please return it to the above address by mail and notify this office by telephone. City of Lakewood From steve.douglas at SBIINCORPORATED.COM Tue Jun 17 15:43:49 2003 From: steve.douglas at SBIINCORPORATED.COM (Steve Douglas) Date: Thu Jan 12 21:18:35 2006 Subject: Port Message-ID: <3963522F0E71474CB14C0FF54A6914F70111502D@omar.schtre.com> I looked at my config.pm file and syntax in line 1322 is as follows: # #Handle YesNo Values # sub ProcessYesNo { The above is line 1322 SD :-) > -----Original Message----- > From: Steve Douglas [mailto:steve.douglas@SBIINCORPORATED.COM] > Sent: Tuesday, June 17, 2003 9:33 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Port > > Julian, > I have the debug on still and I am receiving the following at the console. > Starting MailScanner... > In Debugging mode, not forking... > Syntax error in line 550, value "" for warnsenders is not one of allowed > values "yes","no" at /usr/lib/MailScanner/MailScanner/Config.pm line 1322 > > I will refer to the config.pm file. I discovered two places in the > advanced > section of the conf file that provides debugging. I turned the second one > on and the is what I receive. > > Steve Freegard: thanks for the valuable information. I will look at this. > > I appreciate your assessments. I am just chasing my tail at the moment. > > SD > :-) > > > -----Original Message----- > > From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > > Sent: Tuesday, June 17, 2003 5:11 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Port > > > > At 08:01 17/06/2003, you wrote: > > > > >Due to a total failure and McAfee blowing up last week I rebuilt my > > >gateway again over the weekend. I have RedHat v9, installed all the > perl > > >modules recommended by the MailScanner Quick Install notes, and > installed > > >the "rpm" of MailScanner. I have completely turned the IP tables > > >off. When ever I audit the gateway, I show the correct ports open for > > >other services. However, I am unable to show port 25 for nothing. My > > >mailsend is configured with forwarding to my private email server under > > >applicable domain names. > > > > > > > > > > > >Am I missing something? I have done everything by the book, but am > > >missing something here. If I perform a netstat -top and nothing shows > up > > >in the way of MailScanner nor sendmail. Something is deadly wrong. . > > > > > > > > > > > >When I issue the "check_mailscanner (with debug activated) I receive > the > > >following: > > > > > > > > > > > >Starting MailScanner... > > > > > >In Debugging mode, not forking... > > > > > > > > > > > >Any advice is appreciated. Thanks > > > > With "Debug = no", what happens when you > > service MailScanner start > > ? > > -- > > Julian Field > > www.MailScanner.info > > MailScanner thanks transtec Computers for their support From steve.freegard at LBSLTD.CO.UK Tue Jun 17 15:43:52 2003 From: steve.freegard at LBSLTD.CO.UK (Steve Freegard) Date: Thu Jan 12 21:18:36 2006 Subject: Port Message-ID: <67D9E7698329D411936E00508B6590B902793C9A@neelix.lbsltd.co.uk> Steve, Check your value for 'Notify Senders' in MailScanner.conf and make sure it's either 'yes' or 'no' or a ruleset - if it's ruleset then check the file for syntax/formatting errors. Hope this helps. Regards, Steve. -----Original Message----- From: Steve Douglas [mailto:steve.douglas@SBIINCORPORATED.COM] Sent: 17 June 2003 15:33 To: MAILSCANNER@JISCMAIL.AC.UK Julian, I have the debug on still and I am receiving the following at the console. Starting MailScanner... In Debugging mode, not forking... Syntax error in line 550, value "" for warnsenders is not one of allowed values "yes","no" at /usr/lib/MailScanner/MailScanner/Config.pm line 1322 I will refer to the config.pm file. I discovered two places in the advanced section of the conf file that provides debugging. I turned the second one on and the is what I receive. Steve Freegard: thanks for the valuable information. I will look at this. I appreciate your assessments. I am just chasing my tail at the moment. SD :-) > -----Original Message----- > From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > Sent: Tuesday, June 17, 2003 5:11 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Port > > At 08:01 17/06/2003, you wrote: > > >Due to a total failure and McAfee blowing up last week I rebuilt my > >gateway again over the weekend. I have RedHat v9, installed all the perl > >modules recommended by the MailScanner Quick Install notes, and installed > >the "rpm" of MailScanner. I have completely turned the IP tables > >off. When ever I audit the gateway, I show the correct ports open for > >other services. However, I am unable to show port 25 for nothing. My > >mailsend is configured with forwarding to my private email server under > >applicable domain names. > > > > > > > >Am I missing something? I have done everything by the book, but am > >missing something here. If I perform a netstat -top and nothing shows up > >in the way of MailScanner nor sendmail. Something is deadly wrong. . > > > > > > > >When I issue the "check_mailscanner (with debug activated) I receive the > >following: > > > > > > > >Starting MailScanner... > > > >In Debugging mode, not forking... > > > > > > > >Any advice is appreciated. Thanks > > With "Debug = no", what happens when you > service MailScanner start > ? > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete the message from your mailbox. This footnote also confirms that this email message has been swept by MailScanner (www.mailscanner.info) for the presence of computer viruses. From Q.G.Campbell at NEWCASTLE.AC.UK Tue Jun 17 16:33:59 2003 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:18:36 2006 Subject: Legal Implications was(Re: Announce: MailScanner-Console-0.1) Message-ID: <52E50E4D595DDE4D861117A1FB62E79D82012A@bond.ncl.ac.uk> > -----Original Message----- > From: Francois Caen [mailto:FCaen@CI.LAKEWOOD.WA.US] > Sent: 17 June 2003 15:37 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Legal Implications was(Re: Announce: > MailScanner-Console-0.1) > > > -----Original Message----- > From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > > > The From, To and Subject are all considered private > information in the > EU. > > So... What about sendmail's plain old maillog??? > Are you not allowed to look at it? Do you disable sendmail logging?? > It is a bit of a legal minefield in the UK. But, yes, you can look at Sendmail logs. To summarise... In the UK the Subject: line is considered "content" while the "To:", "From:", and other headers are considered to be "traffic data". Monitoring any "content" in the UK is "interception". Under the Regulation of Investigatory Powers Act 2000 it is a criminal offence to "intentionally and without lawfull authority" intercept any communication in the course of its transmission by a public telecommunications system. This also applies to a private telecommunications service but there are special exceptions in RIPA that give the necessary "lawfull authority" to certain people in an organsiation for purposes connected with the provision or operation of that service. The exceptions are very limited and the rules for legitimate interception are set out in the Telecommunications (Lawful Business Practice)(Interception of Communications) Regulations 2000. To answer your question about Sendmail logs, the "Subject:" line is not normally part of the logged information so we are only dealing there with "traffic data". Where an organisation like my University is only involved in operating a _private_ telecommunications service then we can do what we want with "traffic data" because it is not subject to RIPA in those circumstances. But a word of caution. The Sendmail logs of a private telecommunications service may be subject to the Data Protection Act! The latter applies because "To:", "From:" and related header records are considered "personal data" when they identify individuals. [A further word of caution. If you are using Sendmail as the MTA in a _public_ telecommunications service in the UK then what you do with the "traffic data" in the Sendmail logs is subject to RIPA.] The latest draft of "The Employment Practices Data Protection Code - Part3: Monitoring at Work" has just been released by the Office of the Information Commissioner (the old "Data Protection Registrar"). This explains about the legalities and limitations on monitoring and logging in the workplace where a private telecommunications service is being operated (includes telephones). [This Code of Practice does _not_ apply to any organisation operating a public telecommunications service.] Quentin --- PHONE: +44 191 222 8209 Computing Service, University of Newcastle FAX: +44 191 222 8765 Newcastle upon Tyne, United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." From FCaen at CI.LAKEWOOD.WA.US Tue Jun 17 16:39:25 2003 From: FCaen at CI.LAKEWOOD.WA.US (Francois Caen) Date: Thu Jan 12 21:18:36 2006 Subject: Legal Implications was(Re: Announce: MailScanner-Console-0.1) Message-ID: -----Original Message----- From: Quentin Campbell [mailto:Q.G.Campbell@NEWCASTLE.AC.UK] > It is a bit of a legal minefield in the UK. But, yes, you can look at Sendmail logs. To summarise... Thx for the detailed response. Here in the US, your information is private unless the RIAA think you may have MP3s. Then they can hack you or DDoS at will. But I'm getting off topic here :) Francois NOTICE: The Information contained in this transmission is privileged and confidential. It is intended for the use of the individual or entity named above. If the reader of this message is not the intended addressee or other legitimate recipient, the reader is hereby notified that any consideration, dissemination or duplication of this communication is strictly prohibited. If the addressee has received this communication in error, please return it to the above address by mail and notify this office by telephone. City of Lakewood From steve.douglas at SBIINCORPORATED.COM Tue Jun 17 16:58:26 2003 From: steve.douglas at SBIINCORPORATED.COM (Steve Douglas) Date: Thu Jan 12 21:18:36 2006 Subject: Port Message-ID: <3963522F0E71474CB14C0FF54A6914F70111502E@omar.schtre.com> Julian, MS starts and reports the following in my mail log: Jun 17 10:22:50 hprh MailScanner[28849]: Using locktype = flock Jun 17 10:52:46 hprh MailScanner[28835]: MailScanner child caught a SIGHUP Jun 17 10:52:46 hprh MailScanner[28834]: MailScanner child caught a SIGHUP Jun 17 10:52:46 hprh MailScanner[28849]: MailScanner child caught a SIGHUP Jun 17 10:52:46 hprh MailScanner[28832]: MailScanner child caught a SIGHUP Jun 17 10:52:46 hprh MailScanner[28833]: MailScanner child caught a SIGHUP Jun 17 10:53:01 hprh MailScanner[29488]: MailScanner E-Mail Virus Scanner version 4.21-9 starting... Jun 17 10:53:01 hprh MailScanner[29488]: lock.pl sees Config LockType = flock Jun 17 10:53:01 hprh MailScanner[29488]: lock.pl sees have_module = 0 Jun 17 10:53:01 hprh MailScanner[29488]: Using locktype = flock Jun 17 10:54:42 hprh MailScanner[29607]: MailScanner E-Mail Virus Scanner version 4.21-9 starting... Jun 17 10:54:42 hprh MailScanner[29607]: Using locktype = flock Jun 17 10:54:52 hprh MailScanner[29640]: MailScanner E-Mail Virus Scanner version 4.21-9 starting... Jun 17 10:54:52 hprh MailScanner[29640]: Using locktype = flock Jun 17 10:55:02 hprh MailScanner[29682]: MailScanner E-Mail Virus Scanner version 4.21-9 starting... Jun 17 10:55:02 hprh MailScanner[29682]: Using locktype = flock Jun 17 10:55:12 hprh MailScanner[29740]: MailScanner E-Mail Virus Scanner version 4.21-9 starting... Jun 17 10:55:12 hprh MailScanner[29740]: Using locktype = flock Jun 17 10:55:22 hprh MailScanner[29805]: MailScanner E-Mail Virus Scanner version 4.21-9 starting... Jun 17 10:55:22 hprh MailScanner[29805]: Using locktype = flock SD :-) > -----Original Message----- > From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > Sent: Tuesday, June 17, 2003 5:11 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Port > > At 08:01 17/06/2003, you wrote: > > >Due to a total failure and McAfee blowing up last week I rebuilt my > >gateway again over the weekend. I have RedHat v9, installed all the perl > >modules recommended by the MailScanner Quick Install notes, and installed > >the "rpm" of MailScanner. I have completely turned the IP tables > >off. When ever I audit the gateway, I show the correct ports open for > >other services. However, I am unable to show port 25 for nothing. My > >mailsend is configured with forwarding to my private email server under > >applicable domain names. > > > > > > > >Am I missing something? I have done everything by the book, but am > >missing something here. If I perform a netstat -top and nothing shows up > >in the way of MailScanner nor sendmail. Something is deadly wrong. . > > > > > > > >When I issue the "check_mailscanner (with debug activated) I receive the > >following: > > > > > > > >Starting MailScanner... > > > >In Debugging mode, not forking... > > > > > > > >Any advice is appreciated. Thanks > > With "Debug = no", what happens when you > service MailScanner start > ? > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support From steve.douglas at SBIINCORPORATED.COM Tue Jun 17 17:12:53 2003 From: steve.douglas at SBIINCORPORATED.COM (Steve Douglas) Date: Thu Jan 12 21:18:36 2006 Subject: Port Message-ID: <3963522F0E71474CB14C0FF54A6914F70111502F@omar.schtre.com> Hi Steve. I did your suggestions below and I still have no luck. Thanks for the information. Doesn't mailscanner require the SMTP port to be open. I have attempted numerous scans and port 25 is not available. Thanks. SD :-) -----Original Message----- From: Steve Freegard [mailto:steve.freegard@LBSLTD.CO.UK] Sent: Tuesday, June 17, 2003 3:40 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Port Hi Steve, I'm also using RH9, but using Sophos SAVI and Clam instead of McAfee. I recall from Julian's notes that for McAfee you need to stop MailScanner with 'service MailScanner stop' and add 'export LD_ASSUME_KERNEL=2.2.5' into the top of '/etc/rc.d/init.d/MailScanner' for McAfee to work correctly. On the sendmail side, you'll also need to edit '/etc/mail/sendmail.mc' change the DAEMON_OPTIONS line to read 'DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl' as by default RH9 has 'Addr=127.0.0.1' in this to only allow connections to the mta from localhost (which isn't much good for a mail hub!). Once you've fixed this line run: 'make -C /etc/mail', then 'service MailScanner start'. Hope this helps. Kind regards, Steve -- Steve Freegard Systems Manager Littlehamptob Book Services Ltd. _____ From: Steve Douglas [mailto:steve.douglas@SBIINCORPORATED.COM] Sent: 17 June 2003 08:02 To: MAILSCANNER@JISCMAIL.AC.UK Due to a total failure and McAfee blowing up last week I rebuilt my gateway again over the weekend. I have RedHat v9, installed all the perl modules recommended by the MailScanner Quick Install notes, and installed the "rpm" of MailScanner. I have completely turned the IP tables off. When ever I audit the gateway, I show the correct ports open for other services. However, I am unable to show port 25 for nothing. My mailsend is configured with forwarding to my private email server under applicable domain names. Am I missing something? I have done everything by the book, but am missing something here. If I perform a netstat -top and nothing shows up in the way of MailScanner nor sendmail. Something is deadly wrong. . When I issue the "check_mailscanner (with debug activated) I receive the following: Starting MailScanner... In Debugging mode, not forking... Any advice is appreciated. Thanks -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete the message from your mailbox. This footnote also confirms that this email message has been swept by MailScanner (www.mailscanner.info) for the presence of computer viruses. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030617/38241998/attachment.html From steve.freegard at LBSLTD.CO.UK Tue Jun 17 17:21:47 2003 From: steve.freegard at LBSLTD.CO.UK (Steve Freegard) Date: Thu Jan 12 21:18:36 2006 Subject: Port Message-ID: <67D9E7698329D411936E00508B6590B902793CAD@neelix.lbsltd.co.uk> Steve, Yes to be able to receive e-mail you'll need the SMTP port open. Can you do a 'telnet localhost 25' from the machine itself - do you get a connection? also, what output does the 'iptables --list' command give? Regards, Steve. _____ From: Steve Douglas [mailto:steve.douglas@SBIINCORPORATED.COM] Sent: 17 June 2003 17:13 To: MAILSCANNER@JISCMAIL.AC.UK Hi Steve. I did your suggestions below and I still have no luck. Thanks for the information. Doesn't mailscanner require the SMTP port to be open. I have attempted numerous scans and port 25 is not available. Thanks. SD :-) -----Original Message----- From: Steve Freegard [mailto:steve.freegard@LBSLTD.CO.UK] Sent: Tuesday, June 17, 2003 3:40 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Port Hi Steve, I'm also using RH9, but using Sophos SAVI and Clam instead of McAfee. I recall from Julian's notes that for McAfee you need to stop MailScanner with 'service MailScanner stop' and add 'export LD_ASSUME_KERNEL=2.2.5' into the top of '/etc/rc.d/init.d/MailScanner' for McAfee to work correctly. On the sendmail side, you'll also need to edit '/etc/mail/sendmail.mc' change the DAEMON_OPTIONS line to read 'DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl' as by default RH9 has 'Addr=127.0.0.1' in this to only allow connections to the mta from localhost (which isn't much good for a mail hub!). Once you've fixed this line run: 'make -C /etc/mail', then 'service MailScanner start'. Hope this helps. Kind regards, Steve -- Steve Freegard Systems Manager Littlehamptob Book Services Ltd. _____ From: Steve Douglas [mailto:steve.douglas@SBIINCORPORATED.COM] Sent: 17 June 2003 08:02 To: MAILSCANNER@JISCMAIL.AC.UK Due to a total failure and McAfee blowing up last week I rebuilt my gateway again over the weekend. I have RedHat v9, installed all the perl modules recommended by the MailScanner Quick Install notes, and installed the "rpm" of MailScanner. I have completely turned the IP tables off. When ever I audit the gateway, I show the correct ports open for other services. However, I am unable to show port 25 for nothing. My mailsend is configured with forwarding to my private email server under applicable domain names. Am I missing something? I have done everything by the book, but am missing something here. If I perform a netstat -top and nothing shows up in the way of MailScanner nor sendmail. Something is deadly wrong. . When I issue the "check_mailscanner (with debug activated) I receive the following: Starting MailScanner... In Debugging mode, not forking... Any advice is appreciated. Thanks -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete the message from your mailbox. This footnote also confirms that this email message has been swept by MailScanner (www.mailscanner.info) for the presence of computer viruses. -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete the message from your mailbox. This footnote also confirms that this email message has been swept by MailScanner (www.mailscanner.info) for the presence of computer viruses. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030617/e3a40b84/attachment.html From steve.douglas at SBIINCORPORATED.COM Tue Jun 17 17:52:21 2003 From: steve.douglas at SBIINCORPORATED.COM (Steve Douglas) Date: Thu Jan 12 21:18:36 2006 Subject: Port Message-ID: <3963522F0E71474CB14C0FF54A6914F701115030@omar.schtre.com> The service was not started. I was uncertain if it was supposed to run during startup. My original thought was that MailScanner stopped and started it as needed. I did connect via telnet as you suggested once the services is started up. Chain RH-Lokkit-0-50-INPUT Accept If protocol is TCP and destination port is 22 Accept If protocol is TCP and destination port is 25 Accept If protocol is TCP and destination port is 80 Accept If input interface is lo Run chain REJECT If protocol is TCP and destination port is 0:1023 Run chain REJECT If protocol is TCP and destination port is 2049 Run chain REJECT If protocol is UDP and destination port is 0:1023 Run chain REJECT If protocol is UDP and destination port is 2049 Run chain REJECT If protocol is TCP and destination port is 6000:6009 Run chain REJECT If protocol is TCP and destination port is 7100 -------------------------------- I reviewed my mail logs and I am getting some signs of life. I now have f-prot installed. I gave up on McAfee. Thanks for you suggestions! :-) ? -----Original Message----- From: Steve Freegard [mailto:steve.freegard@LBSLTD.CO.UK] Sent: Tuesday, June 17, 2003 11:22 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Port Steve, ? Yes to be able to receive e-mail you'll need the SMTP port open.? ? Can you do a 'telnet localhost 25' from the machine itself - do you get a connection??also, what output does the 'iptables --list' command give? ? Regards, Steve From kevins at BMRB.CO.UK Tue Jun 17 17:53:23 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:36 2006 Subject: Port In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB001175994@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB001175994@pascal.priv.bmrb.co.uk> Message-ID: <1055868804.13963.9.camel@bach.kevinspicer.co.uk> >Can you do a 'telnet localhost 25' from the machine itself - do you get >a connection? also, what output does the 'iptables --list' command give? netstat -a | grep smtp is usually a good choice too. ________________________________________________________________________ BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From steve.douglas at SBIINCORPORATED.COM Tue Jun 17 18:04:28 2003 From: steve.douglas at SBIINCORPORATED.COM (Steve Douglas) Date: Thu Jan 12 21:18:36 2006 Subject: Port Message-ID: <3963522F0E71474CB14C0FF54A6914F701115031@omar.schtre.com> Thanks. This is nice to have! SD :-) > -----Original Message----- > From: Kevin Spicer [mailto:kevins@BMRB.CO.UK] > Sent: Tuesday, June 17, 2003 11:53 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Port > > >Can you do a 'telnet localhost 25' from the machine itself - do you get > >a connection? also, what output does the 'iptables --list' command > give? > > netstat -a | grep smtp > is usually a good choice too. > > ________________________________________________________________________ > > > > > BMRB International > http://www.bmrb.co.uk > +44 (0)20 8566 5000 > _________________________________________________________________ > This message (and any attachment) is intended only for the > recipient and may contain confidential and/or privileged > material. If you have received this in error, please contact the > sender and delete this message immediately. Disclosure, copying > or other action taken in respect of this email or in > reliance on it is prohibited. BMRB International Limited > accepts no liability in relation to any personal emails, or > content of any email which does not directly relate to our > business. From mailscanner at ecs.soton.ac.uk Tue Jun 17 18:02:14 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:36 2006 Subject: MailScanner and inoculan configuration In-Reply-To: <4208198A-A0C4-11D7-B916-000A957744AE@lenst.det.unifi.it> References: <3EEEFC41.9070407@dalsemi.com> Message-ID: <5.2.1.1.2.20030617180126.025927a8@imap.ecs.soton.ac.uk> At 14:04 17/06/2003, you wrote: >Hi, I just installedMailScanner and inoculan (the freeware CAI antivirus), >but I have some problems. >Everything seems ok, but all e-mails are marked as "Unscanned". >How can I track down the problem ? >Note that MailScanner seems to work fine, and inocucmd is working too. >Thank you, Tommaso. >PS: a little system infos: I have a "plain" RedHat 8.0 and I have >installed all with root permissions. Do you have "Virus Scanning = yes" set, and "Virus Scanners = inoculan" set in MailScanner.conf? -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Tue Jun 17 18:03:59 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:36 2006 Subject: Port In-Reply-To: <3963522F0E71474CB14C0FF54A6914F70111502C@omar.schtre.com> Message-ID: <5.2.1.1.2.20030617180313.0232dd70@imap.ecs.soton.ac.uk> >Syntax error in line 550, value "" for warnsenders is not one of allowed >values "yes","no" What do you have set on line 550 of your MailScanner.conf? That's where it is telling you the error is. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Tue Jun 17 18:07:52 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:36 2006 Subject: Legal Implications was(Re: Announce: MailScanner-Console-0.1) In-Reply-To: Message-ID: <5.2.1.1.2.20030617180414.02514ec8@imap.ecs.soton.ac.uk> At 15:36 17/06/2003, you wrote: >-----Original Message----- >From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > > > The From, To and Subject are all considered private information in the >EU. > >So... What about sendmail's plain old maillog??? >Are you not allowed to look at it? Do you disable sendmail logging?? Under the Human Rights Act, we are not allowed to keep these logs for more than 6 months, and must set their permissions so that they can be used for nothing except system administration and fault diagnosis. For example, our senior management are not allowed near them. We may use the logs for the purposes of providing a service, but nothing else. Anyone wanting them, other than the relevant system administrators for that service, require a court order before we will release them. This does currently appear to conflict with the new version of the Data Protection Act, and the government depts and courts are still sorting out this problem. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From pecos at LENST.DET.UNIFI.IT Tue Jun 17 19:29:10 2003 From: pecos at LENST.DET.UNIFI.IT (Tommaso Pecorella) Date: Thu Jan 12 21:18:36 2006 Subject: MailScanner and inoculan configuration In-Reply-To: <5.2.1.1.2.20030617180126.025927a8@imap.ecs.soton.ac.uk> Message-ID: <9657FFB4-A0F1-11D7-86A8-000A957744AE@lenst.det.unifi.it> On Marted?, giu 17, 2003, at 19:02 Europe/Rome, Julian Field wrote: > At 14:04 17/06/2003, you wrote: >> Hi, I just installedMailScanner and inoculan (the freeware CAI >> antivirus), >> but I have some problems. >> Everything seems ok, but all e-mails are marked as "Unscanned". >> How can I track down the problem ? >> Note that MailScanner seems to work fine, and inocucmd is working too. >> Thank you, Tommaso. >> PS: a little system infos: I have a "plain" RedHat 8.0 and I have >> installed all with root permissions. > > Do you have "Virus Scanning = yes" set, and "Virus Scanners = > inoculan" set > in MailScanner.conf? Of course. I tried to put some debug code (actually a simple log message) in the inoculan wrapper, but it's not shown when MailScanner claims to be calling the antivirus. Any hint to go further in the debug ? Thanks, Tommaso ;-{)) --- Tommaso Pecorella - Ph.D. CNIT Research Scientist Universit? di Firenze Unit email: tommaso.pecorella@cnit.it ?????? pecos@lenst.det.unifi.it phone1: +39-0574-440708 phone2: +39-055-4796485 mobile: +39-348-0176826 fax:??? +39-055-4796485 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/enriched Size: 1192 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030617/b772b239/attachment.bin From steve.douglas at SBIINCORPORATED.COM Tue Jun 17 19:30:26 2003 From: steve.douglas at SBIINCORPORATED.COM (Steve Douglas) Date: Thu Jan 12 21:18:36 2006 Subject: Port Message-ID: <3963522F0E71474CB14C0FF54A6914F701115032@omar.schtre.com> Julian, I discovered the MailScanner.conf file was corrupted. I restored a backup of it that I made and it appears to be fixed. I am now having problems MX record for my test domain. Thank you. SD :-) > -----Original Message----- > From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > Sent: Tuesday, June 17, 2003 12:04 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Port > > >Syntax error in line 550, value "" for warnsenders is not one of allowed > >values "yes","no" > > What do you have set on line 550 of your MailScanner.conf? That's where it > is telling you the error is. > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Tue Jun 17 20:34:05 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:36 2006 Subject: MailScanner and inoculan configuration In-Reply-To: <9657FFB4-A0F1-11D7-86A8-000A957744AE@lenst.det.unifi.it> References: <5.2.1.1.2.20030617180126.025927a8@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030617202942.03547b60@imap.ecs.soton.ac.uk> At 19:29 17/06/2003, you wrote: >On Marted?, giu 17, 2003, at 19:02 Europe/Rome, Julian Field wrote: > >>At 14:04 17/06/2003, you wrote: >>>Hi, I just installedMailScanner and inoculan (the freeware CAI antivirus), >>>but I have some problems. >>>Everything seems ok, but all e-mails are marked as "Unscanned". >>>How can I track down the problem ? >>>Note that MailScanner seems to work fine, and inocucmd is working too. >>>Thank you, Tommaso. >>>PS: a little system infos: I have a "plain" RedHat 8.0 and I have >>>installed all with root permissions. >> >>Do you have "Virus Scanning = yes" set, and "Virus Scanners = inoculan" set >>in MailScanner.conf? > >Of course. > >I tried to put some debug code (actually a simple log message) in the >inoculan wrapper, but it's not shown when MailScanner claims to be calling >the antivirus. > >Any hint to go further in the debug ? For it to label them unscanned, the virus scanners will never be called. Just to confirm, you are getting X-MailScanner: Unscanned headers in your mail? I haven't ever seen this before, and am at a bit of a loss to know why. Can you check that the inoculan wrapper works? cd /tmp /usr/lib/MailScanner/inoculan-wrapper -nex -rev . (don't forget the "." on the end of that). -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From sevans at FOUNDATION.SDSU.EDU Tue Jun 17 20:43:22 2003 From: sevans at FOUNDATION.SDSU.EDU (Steve Evans) Date: Thu Jan 12 21:18:36 2006 Subject: Archiving Question Message-ID: <95B481BA6D181A4685081D263BF9A13A4534@mail.foundation.sdsu.edu> Under the setting Archive Mail I want to set it to a ruleset. So I have in MailScanner.conf Archive Mail = /etc/MailScanner/rules/archive.conf Then the archive.conf file is: to: username@domain.com forward@here.com from: username@domain.com forward@here.com default: no But it archives all mail to the archive.conf file as if it were a mbox file. What am I missing? Steve Evans SDSU Foundation (619) 594-0653 From mailscanner at ecs.soton.ac.uk Tue Jun 17 20:45:51 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:36 2006 Subject: Archiving Question In-Reply-To: <95B481BA6D181A4685081D263BF9A13A4534@mail.foundation.sdsu. edu> Message-ID: <5.2.1.1.2.20030617204515.03826008@imap.ecs.soton.ac.uk> At 20:43 17/06/2003, you wrote: >Under the setting Archive Mail I want to set it to a ruleset. > >So I have in MailScanner.conf > Archive Mail = /etc/MailScanner/rules/archive.conf > >Then the archive.conf file is: > to: username@domain.com forward@here.com > from: username@domain.com forward@here.com > default: no > >But it archives all mail to the archive.conf file as if it were a mbox >file. What am I missing? Rename the rules file to archive.conf.rules, then it will realise it's a ruleset and not an archive mbox. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at CARLO65.DE Tue Jun 17 20:49:25 2003 From: mailscanner at CARLO65.DE (Roland Ehle) Date: Thu Jan 12 21:18:36 2006 Subject: Forwarding infected messages Message-ID: <3EEF70C5.1030202@carlo65.de> Hi, for investigation purposes, I would like to have all infected messages forwarded to a certain address. How can I do this? Thanks for any ideas. Regards, Roland From mailscanner at ecs.soton.ac.uk Tue Jun 17 20:55:31 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:36 2006 Subject: Forwarding infected messages In-Reply-To: <3EEF70C5.1030202@carlo65.de> Message-ID: <5.2.1.1.2.20030617205431.037e41c0@imap.ecs.soton.ac.uk> Quarantine them, then write a script which regularly forwards the quarantine messages to an address. You can't do it directly I'm afraid. At 20:49 17/06/2003, you wrote: >Hi, > >for investigation purposes, I would like to have all infected messages >forwarded to a certain address. > >How can I do this? > >Thanks for any ideas. > >Regards, >Roland -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From FCaen at CI.LAKEWOOD.WA.US Tue Jun 17 15:36:40 2003 From: FCaen at CI.LAKEWOOD.WA.US (Francois Caen) Date: Thu Jan 12 21:18:36 2006 Subject: Legal Implications was(Re: Announce: MailScanner-Console-0.1) Message-ID: -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > The From, To and Subject are all considered private information in the EU. So... What about sendmail's plain old maillog??? Are you not allowed to look at it? Do you disable sendmail logging?? --------------------------------------------- Francois Caen Network Information Systems Engineer - Webmaster City of Lakewood, WA (253) 512-2269 NOTICE: The Information contained in this transmission is privileged and confidential. It is intended for the use of the individual or entity named above. If the reader of this message is not the intended addressee or other legitimate recipient, the reader is hereby notified that any consideration, dissemination or duplication of this communication is strictly prohibited. If the addressee has received this communication in error, please return it to the above address by mail and notify this office by telephone. City of Lakewood From pecos at LENST.DET.UNIFI.IT Wed Jun 18 00:02:57 2003 From: pecos at LENST.DET.UNIFI.IT (Tommaso Pecorella) Date: Thu Jan 12 21:18:36 2006 Subject: MailScanner and inoculan configuration In-Reply-To: <5.2.1.1.2.20030617202942.03547b60@imap.ecs.soton.ac.uk> Message-ID: On Marted?, giu 17, 2003, at 21:34 Europe/Rome, Julian Field wrote: > At 19:29 17/06/2003, you wrote: > > >> On Marted?, giu 17, 2003, at 19:02 Europe/Rome, Julian Field wrote: >> >>> At 14:04 17/06/2003, you wrote: >>>> Hi, I just installedMailScanner and inoculan (the freeware CAI >>>> antivirus), >>>> but I have some problems. >>>> Everything seems ok, but all e-mails are marked as "Unscanned". >>>> How can I track down the problem ? >>>> Note that MailScanner seems to work fine, and inocucmd is working >>>> too. >>>> Thank you, Tommaso. >>>> PS: a little system infos: I have a "plain" RedHat 8.0 and I have >>>> installed all with root permissions. >>> >>> Do you have "Virus Scanning = yes" set, and "Virus Scanners = >>> inoculan" set >>> in MailScanner.conf? >> >> Of course. >> >> I tried to put some debug code (actually a simple log message) in the >> inoculan wrapper, but it's not shown when MailScanner claims to be >> calling the antivirus. >> >> Any hint to go further in the debug ? > > For it to label them unscanned, the virus scanners will never be > called. Just to confirm, you are getting > X-MailScanner: Unscanned > headers in your mail? > > I haven't ever seen this before, and am at a bit of a loss to know why. > > Can you check that the inoculan wrapper works? > cd /tmp > /usr/lib/MailScanner/inoculan-wrapper -nex -rev . > (don't forget the "." on the end of that). I did a little debug session. The header (strnge one indeed) is: X-Mailscanner: Found to be clean, Found to be clean, Not scanned: please contact your Internet E-Mail Service Provider for details It's from a recent e-mail from the MAILSCANNER list. Please, let me know what it means. BTW, I found a little bug. It's a bug in inocucmd itself, however it seems to be a nasty one. If you launch inocucmd from the command line, you MUST launch it from the inocucmd directory, otherwise it does not find the virus data file. example: ---- begin right directory ----- [root@lenst tmp]# cd /usr/local/inoculan/ [root@lenst inoculan]# ./inocucmd Usage: ./inocucmd [ -options ] file|directory ... (Choose zero or one of FST, SEC or REV) -options: FST Fast scan (default) [...] file|directory ...: Specify at least one file or directory to scan Engine version: 43.00 2003/04/08 Data version: 43.48 2003/06/12 ---- end right directory ----- ---- begin WRONG directory ----- [root@lenst tmp]# /usr/local/inoculan/inocucmd Usage: /usr/local/inoculan/inocucmd [ -options ] file|directory ... (Choose zero or one of FST, SEC or REV) -options: FST Fast scan (default) [...] file|directory ...: Specify at least one file or directory to scan Error loading data Engine version: 43.00 2003/04/08 Data version: 02.67 1984/00/17 ---- end WRONG directory ----- Note that when you launch inocucmd from the /tmp directory (as an example), it claims that there is an error in loading data _and_ that the data version is 1984. Another example: [root@lenst pecos]# /usr/local/inoculan/inocucmd Decreto.gz ----------./Decreto.gz Failed to extract ./Decreto.gz:Decreto.rtf.scr Reason:10 Total Files Scanned: 1 Total Bytes Scanned: 70374 Total Viruses Found: 0 Total Infected Files Found: 0 Scan Type: Fast *** End Of Summary *** while [root@lenst inoculan]# ./inocucmd /home/pecos/Decreto.gz ----------/home/pecos/Decreto.gz [/home/pecos/Decreto.gz:Decreto.rtf.scr] was infected by virus [Win32/BugBear.B.Dropped.Worm] Total Files Scanned: 1 Total Bytes Scanned: 72192 Total Viruses Found: 1 Total Infected Files Found: 1 Scan Type: Fast *** End Of Summary *** Pretty nasty, isn't it ? Unfortunately I don't know exactly how and when the wrapper is called, so I can't provide a workaround right now, but I think that the solution is pretty strightforward. Thank you for your assistance, I hope to be able (with your help) to have MailScanner fully working as soon as possible. Best regards, Tommaso ;-{)) --- Tommaso Pecorella - Ph.D. CNIT Research Scientist Universit? di Firenze Unit email: tommaso.pecorella@cnit.it ?????? pecos@lenst.det.unifi.it phone1: +39-0574-440708 phone2: +39-055-4796485 mobile: +39-348-0176826 fax:??? +39-055-4796485 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/enriched Size: 4434 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030618/0d35f662/attachment.bin From pecos at LENST.DET.UNIFI.IT Tue Jun 17 14:04:41 2003 From: pecos at LENST.DET.UNIFI.IT (Tommaso Pecorella) Date: Thu Jan 12 21:18:36 2006 Subject: MailScanner and inoculan configuration Message-ID: <4208198A-A0C4-11D7-B916-000A957744AE@lenst.det.unifi.it> Hi, I just installedMailScanner and inoculan (the freeware CAI antivirus), but I have some problems. Everything seems ok, but all e-mails are marked as "Unscanned". How can I track down the problem ? Note that MailScanner seems to work fine, and inocucmd is working too. Thank you, Tommaso. PS: a little system infos: I have a "plain" RedHat 8.0 and I have installed all with root permissions. --- Tommaso Pecorella - Ph.D. CNIT Research Scientist Universit? di Firenze Unit email: tommaso.pecorella@cnit.it pecos@lenst.det.unifi.it phone1: +39-0574-440708 phone2: +39-055-4796485 mobile: +39-348-0176826 fax: +39-055-4796485 From mike at ZANKER.ORG Tue Jun 17 09:31:00 2003 From: mike at ZANKER.ORG (Mike Zanker) Date: Thu Jan 12 21:18:36 2006 Subject: Announce: MailWatch for MailScanner 0.2 (was MailScanner-Con sole ) In-Reply-To: <67D9E7698329D411936E00508B6590B902793C5E@neelix.lbsltd.co.uk> References: <67D9E7698329D411936E00508B6590B902793C5E@neelix.lbsltd.co.u k> Message-ID: <169640593.1055842260@mallard.open.ac.uk> On 17 June 2003 09:18 +0100 Steve Freegard wrote: > The regex works against the report field on the database which > contains all the reports from MailScanner joined together, so it will > be slightly different to what you see in the maillog. If you look at > the message detail for an infected message and look at the 'Report:' > field, you'll see what I mean. This is the Report: field for an infected message: Report: >>> Virus 'EICAR-AV-Test' found in file /h5H8NBg22318/eicar_com.zip/eicar.com > Try this for the regex: '/Sophos: (\S+) found in file (.+)/' - and > see if that does the trick. I'm actually using this at the moment: define(VIRUS_REGEX, '/(>>>) Virus \'(.+)\' found/'); and it seems to be extracting the virus name correctly - at least it appears as just EICAR-AV-Test in the various reports and the box at the top right of the main page. The (>>>) is to make sure that the virus name ends up as the second element of your array. Regards, Mike. From steve.freegard at LBSLTD.CO.UK Tue Jun 17 10:13:06 2003 From: steve.freegard at LBSLTD.CO.UK (Steve Freegard) Date: Thu Jan 12 21:18:36 2006 Subject: MailWatch 0.2 buglet Message-ID: <67D9E7698329D411936E00508B6590B902793C6B@neelix.lbsltd.co.uk> Hi Mike, Glad you like it. I've just realised that I've got the same bug - please find the attached status.php file which fixes the problem. Cheers, Steve. -----Original Message----- From: Mike Zanker [mailto:mike@zanker.org] Sent: 17 June 2003 10:04 To: Steve Freegard Hi Steve, just found a little bug - multiple recipients (To column on status page) are showing like this: mike@zanker.org
alan@zanker.org Great utility, though - I can see it being VERY useful. Regards, Mike. -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete the message from your mailbox. This footnote also confirms that this email message has been swept by MailScanner (www.mailscanner.info) for the presence of computer viruses. -------------- next part -------------- A non-text attachment was scrubbed... Name: status.php Type: application/octet-stream Size: 4549 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030617/9d635cb5/status-0001.obj From steve.freegard at LBSLTD.CO.UK Tue Jun 17 09:45:34 2003 From: steve.freegard at LBSLTD.CO.UK (Steve Freegard) Date: Thu Jan 12 21:18:36 2006 Subject: Announce: MailWatch for MailScanner 0.2 (was MailScanner-Con sole ) Message-ID: <67D9E7698329D411936E00508B6590B902793C66@neelix.lbsltd.co.uk> Mike, Thanks for this - glad it's working now. I'll add your regex to the source for the next version. Cheers, Steve. -----Original Message----- From: Mike Zanker [mailto:mike@ZANKER.ORG] Sent: 17 June 2003 09:31 To: MAILSCANNER@JISCMAIL.AC.UK On 17 June 2003 09:18 +0100 Steve Freegard wrote: > The regex works against the report field on the database which > contains all the reports from MailScanner joined together, so it will > be slightly different to what you see in the maillog. If you look at > the message detail for an infected message and look at the 'Report:' > field, you'll see what I mean. This is the Report: field for an infected message: Report: >>> Virus 'EICAR-AV-Test' found in file /h5H8NBg22318/eicar_com.zip/eicar.com > Try this for the regex: '/Sophos: (\S+) found in file (.+)/' - and > see if that does the trick. I'm actually using this at the moment: define(VIRUS_REGEX, '/(>>>) Virus \'(.+)\' found/'); and it seems to be extracting the virus name correctly - at least it appears as just EICAR-AV-Test in the various reports and the box at the top right of the main page. The (>>>) is to make sure that the virus name ends up as the second element of your array. Regards, Mike. -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete the message from your mailbox. This footnote also confirms that this email message has been swept by MailScanner (www.mailscanner.info) for the presence of computer viruses. From P.Holzleitner at UNIDO.ORG Tue Jun 17 12:08:40 2003 From: P.Holzleitner at UNIDO.ORG (Peter HOLZLEITNER) Date: Thu Jan 12 21:18:36 2006 Subject: Changing Precedence to junk Message-ID: > WHY would you bounce spam? Well, for example - we have a rather low highscore threshold and bounce highscore spam. For the benefit of the two or three false positives per week, the bounce message explain how they can send their mail in for manual forwarding. On the MailScanner machine, I use a mailertable entry to send incoming mail to the internal server and point DS to a separate queue for the bounces. At ~6000 messages a day with ~15-18% detected spam, that junk queue has normally ~100-150 messages in it. --Peter -----Original Message----- From: mike@CAMAROSS.NET [mailto:mike@CAMAROSS.NET] Sent: Monday, June 09, 2003 4:32 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Changing Precedence to junk Mailman uses the precedence of either Bulk or List...can't remember which. My question is this...WHY would you bounce spam? The large percentage of spam you bounce more than likey comes from forged addresses. Therefore, attempting to bounce them just generates more useless traffic on the net and your boxen (IMHO of course). Mike > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jeff A. Earickson > Sent: Monday, June 09, 2003 8:45 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Changing Precedence to junk > > > Y'all, > > It would be good if the mailscanner virus warning messages > went out as 'Precedence: bulk'. I'm getting to the point > where I don't care if mailscanner sends out the warning > messages at all -- most go to the wrong person and are > useless. Whenever we write web-based email apps that > generate email, we always stick the 'Precedence: bulk' stuff > into the mailer scripts, to cut down on bounced emails. > > --- Jeff Earickson > > On Mon, 9 Jun 2003, John Ireland wrote: > > > Date: Mon, 9 Jun 2003 12:36:18 +0100 > > From: John Ireland > > Reply-To: MailScanner mailing list > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Changing Precedence to junk > > > > I spoke to Julian about this last week at at the JANET-CERT > meeting in > > London and I thought I would mail the list to see what > others thought > > of the idea. > > > > Our mail queue is continually filled with auto responder > mail replying > > to spam messages. These messages either time out or > bounce, spamming > > the user with more useless information. > > > > Most auto responders, such as vacation, will not respond to > mail with > > the 'Precedence: bulk' or 'Precedence: junk' line is > included in the > > header. So giving mailscanner the option of changing the > > 'Precedence:' header to junk would give a simple centrally managed > > solution. > > > > I know there are other solutions - ban auto responders, write a > > procmail wrapper for vacation, or hack the vacation code. > But there > > are users that need to use auto responders and there are auto > > responders over which the mail administrator has no control. > > > > Also, I know of no other program, other than 'vacation', > that uses the > > 'Precedence:' header. > > > > > > -- > > John Ireland Email: > mailto:J.Ireland@hgu.mrc.ac.uk > > MRC Human Genetics Unit > Tel. : +44-31-332-2471 > > Western General Hospital Fax. : +44-31-343-2620 > > Edinburgh, EH4 2XU, UK WWW : http://www.hgu.mrc.ac.uk > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: BDY.RTF Type: application/rtf Size: 4139 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030617/46f69f47/BDY-0001.rtf From kfliong at WOFS.COM Wed Jun 18 04:01:18 2003 From: kfliong at WOFS.COM (kfliong) Date: Thu Jan 12 21:18:36 2006 Subject: filename.rules.conf usage In-Reply-To: <3EEA6A46.1090506@hpi.com> References: Message-ID: <5.2.1.1.0.20030618105552.02544c50@192.168.10.2> Hi, I have just removed denying of .exe files in filename.rules.conf in mailscanner. I know I doing this is very dangerous but I really need to allow EODSmt(doc).exe file to go through mailscanner. I still can't find how to do it. Some suggestions that I get doesn't work. And I am really tired of going to the quarantine and extracting the file and emailing it manually to the recipient everyday. I also found out that I can't copy the file directly because linux doesn't like "(" in the filename. When I copy, I have to use EODSmt* or EOD* but not EODSmt(doc).*. Please could someone tell me how to make an "allow" in filename.rules.conf before a nasty .exe virus infect my system! :( Thanks in advance. From kfliong at WOFS.COM Wed Jun 18 04:07:54 2003 From: kfliong at WOFS.COM (kfliong) Date: Thu Jan 12 21:18:36 2006 Subject: Legal Implications was(Re: Announce: MailScanner-Console-0.1) In-Reply-To: <5.2.1.1.2.20030617180414.02514ec8@imap.ecs.soton.ac.uk> References: Message-ID: <5.2.1.1.0.20030618110357.02523288@192.168.10.2> It's impossible to monitor mails for spamming and virus if The From, To and Subject are all considered private information. This is stupid. Whoever set those rules and allow them to pass the law are people who does not know anything about email administration. If it were my company, I would draft a letter for all employees to sign stating that their from, to and subject are monitored. That should overwrite the law in EU. Plus, if they aren't happy with it, then screw them. We don't need employees who does private things with their email that they are so afraid ppl will see their from, to and subject. That's my 2cents. At 06:07 PM 6/17/2003 +0100, you wrote: >At 15:36 17/06/2003, you wrote: >>-----Original Message----- >>From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] >> >> > The From, To and Subject are all considered private information in the >>EU. >> >>So... What about sendmail's plain old maillog??? >>Are you not allowed to look at it? Do you disable sendmail logging?? > >Under the Human Rights Act, we are not allowed to keep these logs for more >than 6 months, and must set their permissions so that they can be used for >nothing except system administration and fault diagnosis. For example, our >senior management are not allowed near them. We may use the logs for the >purposes of providing a service, but nothing else. Anyone wanting them, >other than the relevant system administrators for that service, require a >court order before we will release them. > >This does currently appear to conflict with the new version of the Data >Protection Act, and the government depts and courts are still sorting out >this problem. >-- >Julian Field >www.MailScanner.info >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support From Q.G.Campbell at NEWCASTLE.AC.UK Wed Jun 18 08:07:10 2003 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:18:36 2006 Subject: Legal Implications was(Re: Announce: MailScanner-Console-0.1) Message-ID: <52E50E4D595DDE4D861117A1FB62E79D82013E@bond.ncl.ac.uk> > -----Original Message----- > From: kfliong [mailto:kfliong@WOFS.COM] > Sent: 18 June 2003 04:08 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Legal Implications was(Re: Announce: > MailScanner-Console-0.1) > > > It's impossible to monitor mails for spamming and virus if > The From, To and Subject are all considered private information. > Not at all. It is possible to monitor e-mail in the workplace in the UK for spamming and viruses. The general approach that you must follow is set out in "The Employment Practices Data Protection Code - Part3: Monitoring at Work". This Code of Practice (CoP) says, among other things, that automated monitoring and detection of viruses and spam is preferred; that is, where the content is not seen by anyone else other than the sender and the recipient. Thus using MailScanner + SpamAssassin + A-V products when all are properly configured is perfectly legal in the UK. What you cannot do is randomly snoop on private e-mail and telephone calls by your employees just because you (the employer) think you have that right as boss to do it. As Julian has pointed out, the European Convention on Human Rights (ECHR) guarantees certain rights for individuals. Article 8 of the ECHR in particular is relevent here because it says that "Everyone has the right to respect for his private and family life, his home and his correspondence". The Data Protection Act 1998, the Regulation of Investigatory Powers Act 2000 and the Human Rights Act 1998 all give effect in UK law to the rights and freedoms guaranteed under the ECHR. For example the CoP referred to above on monitoring e-mail, etc, in the workplace is issued under Section 51 of the Data Protection Act. Quentin --- PHONE: +44 191 222 8209 Computing Service, University of Newcastle FAX: +44 191 222 8765 Newcastle upon Tyne, United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." From support at INVICTANET.CO.UK Wed Jun 18 08:26:52 2003 From: support at INVICTANET.CO.UK (InvictaNet Customer Support) Date: Thu Jan 12 21:18:36 2006 Subject: filename.rules.conf usage In-Reply-To: <5.2.1.1.0.20030618105552.02544c50@192.168.10.2> Message-ID: change the name of the file in the attachment Martyn Routley ----------------------------------------------------------------- InvictaNet - The Internet in Plain English, Guaranteed http://www.invictanet.co.uk martyn@support.invictanet.co.uk phone: 08707 440180 fax: 08707 440181 Ask us about our online Antivirus and Junk mail scanning service ----------------------------------------------------------------- -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of kfliong Sent: 18 June 2003 04:01 To: MAILSCANNER@JISCMAIL.AC.UK Subject: filename.rules.conf usage Hi, I have just removed denying of .exe files in filename.rules.conf in mailscanner. I know I doing this is very dangerous but I really need to allow EODSmt(doc).exe file to go through mailscanner. I still can't find how to do it. Some suggestions that I get doesn't work. And I am really tired of going to the quarantine and extracting the file and emailing it manually to the recipient everyday. I also found out that I can't copy the file directly because linux doesn't like "(" in the filename. When I copy, I have to use EODSmt* or EOD* but not EODSmt(doc).*. Please could someone tell me how to make an "allow" in filename.rules.conf before a nasty .exe virus infect my system! :( Thanks in advance. From evertjan at VANRAMSELAAR.NL Wed Jun 18 09:40:41 2003 From: evertjan at VANRAMSELAAR.NL (Evert Jan van Ramselaar) Date: Thu Jan 12 21:18:36 2006 Subject: Privacy in the workplace is a 'myth' Message-ID: <15743.194.151.195.222.1055925641.squirrel@mail.vanramselaar.nl> Slightly off-topic, but considering the recent topics about privacy, you might be interested in this topic on The Register: "Privacy in the workplace is a 'myth'" http://www.theregister.co.uk/content/6/31253.html -- Evert Jan van Ramselaar Van Ramselaar Info Tech From o.pitzeier at UPTIME.AT Wed Jun 18 10:00:05 2003 From: o.pitzeier at UPTIME.AT (Oliver Pitzeier) Date: Thu Jan 12 21:18:36 2006 Subject: Privacy in the workplace is a 'myth' In-Reply-To: <15743.194.151.195.222.1055925641.squirrel@mail.vanramselaar.nl> Message-ID: <000501c33578$032cc840$020b10ac@pitzeier.priv.at> > Slightly off-topic, but considering the recent topics about > privacy, you might be interested in this topic on The Register: > > "Privacy in the workplace is a 'myth'" > http://www.theregister.co.uk/content/6/31253.html Thanks... Good, 'shocking' article. :-) -Oliver From mailscanner at ecs.soton.ac.uk Wed Jun 18 14:19:10 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:36 2006 Subject: filename.rules.conf usage In-Reply-To: <5.2.1.1.0.20030618105552.02544c50@192.168.10.2> References: <3EEA6A46.1090506@hpi.com> Message-ID: <5.2.0.9.2.20030618141844.0391ecb0@imap.ecs.soton.ac.uk> Something like ^EODS.*\.exe$ would be better than allowing everything. At 04:01 18/06/2003, you wrote: >Hi, > >I have just removed denying of .exe files in filename.rules.conf in >mailscanner. > >I know I doing this is very dangerous but I really need to allow >EODSmt(doc).exe file to go through mailscanner. I still can't find how to >do it. Some suggestions that I get doesn't work. And I am really tired of >going to the quarantine and extracting the file and emailing it manually to >the recipient everyday. > >I also found out that I can't copy the file directly because linux doesn't >like "(" in the filename. When I copy, I have to use EODSmt* or EOD* but >not EODSmt(doc).*. > >Please could someone tell me how to make an "allow" in filename.rules.conf >before a nasty .exe virus infect my system! :( > >Thanks in advance. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From raymond at PROLOCATION.NET Wed Jun 18 15:14:19 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:36 2006 Subject: MailScanner-mrtg-0.05 Is (finally) out! In-Reply-To: <20030610085612.721a66e9.dlovelace@hotels.com> Message-ID: Hi! > Want to help with mailscanner-mrtg? I'm looking for a few good perl > scripters who would like to make their mark on the Open Source > community! Email dale@hotels.com and I will hook you up! Just to confirm. I upgraded to the last RH9 kernel (2.4.20-18.9bigmem) and now the counting of sendmail processes also runs again! :) Thanks! Raymond. From newsletters at PCSITES.COM Wed Jun 18 15:42:46 2003 From: newsletters at PCSITES.COM (Richard Ahlquist) Date: Thu Jan 12 21:18:36 2006 Subject: Announce: MailWatch for MailScanner 0.2 (was MailScanner-Con sole ) In-Reply-To: <67D9E7698329D411936E00508B6590B902793C66@neelix.lbsltd.co.uk> Message-ID: <00b701c335a7$e59d2ec0$76464d0a@MINE> While we are off and on topic here is one I kludged together for F-prot; define(VIRUS_REGEX, '/(.+) Infection: (\S+)/'); Mailwatch rocks, keep up the good work!! -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steve Freegard Sent: Tuesday, June 17, 2003 4:46 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Announce: MailWatch for MailScanner 0.2 (was MailScanner-Con sole ) Mike, Thanks for this - glad it's working now. I'll add your regex to the source for the next version. Cheers, Steve. -----Original Message----- From: Mike Zanker [mailto:mike@ZANKER.ORG] Sent: 17 June 2003 09:31 To: MAILSCANNER@JISCMAIL.AC.UK On 17 June 2003 09:18 +0100 Steve Freegard wrote: > The regex works against the report field on the database which > contains all the reports from MailScanner joined together, so it will > be slightly different to what you see in the maillog. If you look at > the message detail for an infected message and look at the 'Report:' > field, you'll see what I mean. This is the Report: field for an infected message: Report: >>> Virus 'EICAR-AV-Test' found in file ./h5H8NBg22318/eicar_com.zip/eicar.com > Try this for the regex: '/Sophos: (\S+) found in file (.+)/' - and > see if that does the trick. I'm actually using this at the moment: define(VIRUS_REGEX, '/(>>>) Virus \'(.+)\' found/'); and it seems to be extracting the virus name correctly - at least it appears as just EICAR-AV-Test in the various reports and the box at the top right of the main page. The (>>>) is to make sure that the virus name ends up as the second element of your array. Regards, Mike. -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete the message from your mailbox. This footnote also confirms that this email message has been swept by MailScanner (www.mailscanner.info) for the presence of computer viruses. From russ at FASTWEBWORK.COM Wed Jun 18 15:54:55 2003 From: russ at FASTWEBWORK.COM (Russ) Date: Thu Jan 12 21:18:36 2006 Subject: Mail processing from CustomConfig Message-ID: <0be001c335a9$963d97f0$0a01000a@TOSHLAP> Hi All, I would like to do some additional processing of mail via code in CustomConfig.pm. I have specified the function name in MailScanner.conf for Non Spam Actions and the function gets called but I have no clue on how to actually continue the processing (i.e., 'deliver') the mail after I have munged it. Can anyone shed some light? I am not a perl person....in fact have avoided learning it but I suspect it's time to bite the bullet. I know it's going to be something quite simple but it'd take me days to figure it out and I'm sure someone on this list can give me a clue! Thanks in advance. From mailscanner at ecs.soton.ac.uk Wed Jun 18 16:35:23 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:36 2006 Subject: Mail processing from CustomConfig In-Reply-To: <0be001c335a9$963d97f0$0a01000a@TOSHLAP> Message-ID: <5.2.0.9.2.20030618163341.03a2b970@imap.ecs.soton.ac.uk> What sort of processing are you trying to do? Alter the message, extract some more logging information about the message or what? If you make Non Spam Actions return the value "deliver" then the message will indeed be delivered as normal. If you have changed the attachments by that time, then be sure to set $message->{bodymodified} = 1 otherwise it will deliver exactly the same message body it received. At 15:54 18/06/2003, you wrote: >Hi All, > >I would like to do some additional processing of mail via >code in CustomConfig.pm. I have specified the function >name in MailScanner.conf for Non Spam Actions and >the function gets called but I have no clue on how to >actually continue the processing (i.e., 'deliver') the mail >after I have munged it. Can anyone shed some light? >I am not a perl person....in fact have avoided learning >it but I suspect it's time to bite the bullet. I know it's >going to be something quite simple but it'd take me days >to figure it out and I'm sure someone on this list can >give me a clue! > >Thanks in advance. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From steve.freegard at LBSLTD.CO.UK Wed Jun 18 17:10:00 2003 From: steve.freegard at LBSLTD.CO.UK (Steve Freegard) Date: Thu Jan 12 21:18:36 2006 Subject: Announce: MailWatch for MailScanner 0.2 (was MailScanner-Con sole ) Message-ID: <67D9E7698329D411936E00508B6590B902793CF8@neelix.lbsltd.co.uk> Richard, >>> here is one I kludged together for F-prot; define(VIRUS_REGEX, '/(.+) Infection: (\S+)/'); Thanks - added for the next version. >>> Mailwatch rocks, keep up the good work!! ;-)) Cheers, Steve. -----Original Message----- From: Richard Ahlquist [mailto:newsletters@PCSITES.COM] Sent: 18 June 2003 15:43 To: MAILSCANNER@JISCMAIL.AC.UK While we are off and on topic here is one I kludged together for F-prot; define(VIRUS_REGEX, '/(.+) Infection: (\S+)/'); Mailwatch rocks, keep up the good work!! -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steve Freegard Sent: Tuesday, June 17, 2003 4:46 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Announce: MailWatch for MailScanner 0.2 (was MailScanner-Con sole ) Mike, Thanks for this - glad it's working now. I'll add your regex to the source for the next version. Cheers, Steve. -----Original Message----- From: Mike Zanker [mailto:mike@ZANKER.ORG] Sent: 17 June 2003 09:31 To: MAILSCANNER@JISCMAIL.AC.UK On 17 June 2003 09:18 +0100 Steve Freegard wrote: > The regex works against the report field on the database which > contains all the reports from MailScanner joined together, so it will > be slightly different to what you see in the maillog. If you look at > the message detail for an infected message and look at the 'Report:' > field, you'll see what I mean. This is the Report: field for an infected message: Report: >>> Virus 'EICAR-AV-Test' found in file ./h5H8NBg22318/eicar_com.zip/eicar.com > Try this for the regex: '/Sophos: (\S+) found in file (.+)/' - and > see if that does the trick. I'm actually using this at the moment: define(VIRUS_REGEX, '/(>>>) Virus \'(.+)\' found/'); and it seems to be extracting the virus name correctly - at least it appears as just EICAR-AV-Test in the various reports and the box at the top right of the main page. The (>>>) is to make sure that the virus name ends up as the second element of your array. Regards, Mike. -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete the message from your mailbox. This footnote also confirms that this email message has been swept by MailScanner (www.mailscanner.info) for the presence of computer viruses. -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete the message from your mailbox. This footnote also confirms that this email message has been swept by MailScanner (www.mailscanner.info) for the presence of computer viruses. From steve.douglas at SBIINCORPORATED.COM Wed Jun 18 19:21:44 2003 From: steve.douglas at SBIINCORPORATED.COM (Steve Douglas) Date: Thu Jan 12 21:18:36 2006 Subject: Which Witch is Which Message-ID: <3963522F0E71474CB14C0FF54A6914F70111503E@omar.schtre.com> I have gone around and circles for three days. First I read a page that states the following: "Currently, your copy of sendmail will be started by a script such as /etc/init.d/mail or /etc/rc.d/init.d/sendmail. Somewhere in this script will be the command to start sendmail itself. This should look like this: sendmail -bd -q15m You should change this to the following two lines: sendmail -bd -OPrivacyOptions=noetrn -ODeliveryMode=queueonly -OQueueDirectory=/var/spool/mqueue.in sendmail -q15m Easier said than done! First I tried modifying the /etc/rc.d/init.d/sendmail script with no luck. Then I go to the /etc/rc.d/init.d/MailScanner file and it quickly tells me not to do it and go to the /etc/sysconfig/MailScanner file. No matter what I do nothing works. All I am trying to do is enter the two lines above but my eyes are cross-eyed at this point. To make matters worse, after I gave up using the fricken scripts I then entered the two commands manually, started the check_mailscanner scripted and every darned message I send that was clean to my server it get moved to the damned quarantine directory. ? ? From sevans at FOUNDATION.SDSU.EDU Wed Jun 18 19:59:41 2003 From: sevans at FOUNDATION.SDSU.EDU (Steve Evans) Date: Thu Jan 12 21:18:36 2006 Subject: FW: Archiving Question Message-ID: <95B481BA6D181A4685081D263BF9A13A453E@mail.foundation.sdsu.edu> Any ideas anyone? Steve Evans SDSU Foundation (619) 594-0653 -----Original Message----- From: Steve Evans Sent: Tuesday, June 17, 2003 12:43 PM To: Mailing List MailScanner (MAILSCANNER@JISCMAIL.AC.UK) Under the setting Archive Mail I want to set it to a ruleset. So I have in MailScanner.conf Archive Mail = /etc/MailScanner/rules/archive.conf Then the archive.conf file is: to: username@domain.com forward@here.com from: username@domain.com forward@here.com default: no But it archives all mail to the archive.conf file as if it were a mbox file. What am I missing? Steve Evans SDSU Foundation (619) 594-0653 From ryan at MARINOCRANE.COM Wed Jun 18 20:05:14 2003 From: ryan at MARINOCRANE.COM (Ryan Pitt) Date: Thu Jan 12 21:18:36 2006 Subject: FW: Archiving Question References: <95B481BA6D181A4685081D263BF9A13A453E@mail.foundation.sdsu.edu> Message-ID: <3EF0B7EA.6000407@marinocrane.com> I thought Julian had answered this one. Renaming the ruleset to archive.rules should do it. This is how I have mine set up and it works perfectly. My entries are similar to the following From: *@thisdomain.com mailbox@thatdomain.com To: *@thisdomain.com mailbox@thatdomain.com From: user@thisdomain.com mailbox@thatdomain.com To: user@thisdomain.com mailbox@thatdomain.com Steve Evans wrote: >Any ideas anyone? > > >Steve Evans >SDSU Foundation >(619) 594-0653 > >-----Original Message----- >From: Steve Evans >Sent: Tuesday, June 17, 2003 12:43 PM >To: Mailing List MailScanner (MAILSCANNER@JISCMAIL.AC.UK) > >Under the setting Archive Mail I want to set it to a ruleset. > >So I have in MailScanner.conf > Archive Mail = /etc/MailScanner/rules/archive.conf > >Then the archive.conf file is: > to: username@domain.com forward@here.com > from: username@domain.com forward@here.com > default: no > >But it archives all mail to the archive.conf file as if it were a mbox >file. What am I missing? > >Steve Evans >SDSU Foundation >(619) 594-0653 > > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From sevans at FOUNDATION.SDSU.EDU Wed Jun 18 20:16:46 2003 From: sevans at FOUNDATION.SDSU.EDU (Steve Evans) Date: Thu Jan 12 21:18:36 2006 Subject: FW: Archiving Question Message-ID: <95B481BA6D181A4685081D263BF9A13A4541@mail.foundation.sdsu.edu> I'm really sorry about that everyone. Totally missed it. Steve Evans SDSU Foundation (619) 594-0653 -----Original Message----- From: Ryan Pitt [mailto:ryan@MARINOCRANE.COM] Sent: Wednesday, June 18, 2003 12:05 PM To: MAILSCANNER@JISCMAIL.AC.UK I thought Julian had answered this one. Renaming the ruleset to archive.rules should do it. This is how I have mine set up and it works perfectly. My entries are similar to the following From: *@thisdomain.com mailbox@thatdomain.com To: *@thisdomain.com mailbox@thatdomain.com From: user@thisdomain.com mailbox@thatdomain.com To: user@thisdomain.com mailbox@thatdomain.com Steve Evans wrote: >Any ideas anyone? > > >Steve Evans >SDSU Foundation >(619) 594-0653 > >-----Original Message----- >From: Steve Evans >Sent: Tuesday, June 17, 2003 12:43 PM >To: Mailing List MailScanner (MAILSCANNER@JISCMAIL.AC.UK) > >Under the setting Archive Mail I want to set it to a ruleset. > >So I have in MailScanner.conf > Archive Mail = /etc/MailScanner/rules/archive.conf > >Then the archive.conf file is: > to: username@domain.com forward@here.com > from: username@domain.com forward@here.com > default: no > >But it archives all mail to the archive.conf file as if it were a mbox >file. What am I missing? > >Steve Evans >SDSU Foundation >(619) 594-0653 > > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailscanner at ecs.soton.ac.uk Wed Jun 18 20:22:12 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:36 2006 Subject: FW: Archiving Question In-Reply-To: <95B481BA6D181A4685081D263BF9A13A453E@mail.foundation.sdsu. edu> Message-ID: <5.2.1.1.2.20030618202131.03f9c3a0@imap.ecs.soton.ac.uk> I answered this yesterday. If for some reason you didn't receive the message, please check the list archive. At 19:59 18/06/2003, you wrote: >Any ideas anyone? > > >Steve Evans >SDSU Foundation >(619) 594-0653 > >-----Original Message----- >From: Steve Evans >Sent: Tuesday, June 17, 2003 12:43 PM >To: Mailing List MailScanner (MAILSCANNER@JISCMAIL.AC.UK) > >Under the setting Archive Mail I want to set it to a ruleset. > >So I have in MailScanner.conf > Archive Mail = /etc/MailScanner/rules/archive.conf > >Then the archive.conf file is: > to: username@domain.com forward@here.com > from: username@domain.com forward@here.com > default: no > >But it archives all mail to the archive.conf file as if it were a mbox >file. What am I missing? > >Steve Evans >SDSU Foundation >(619) 594-0653 -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Wed Jun 18 20:23:28 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:36 2006 Subject: Which Witch is Which In-Reply-To: <3963522F0E71474CB14C0FF54A6914F70111503E@omar.schtre.com> Message-ID: <5.2.1.1.2.20030618202228.03f0fd68@imap.ecs.soton.ac.uk> Are you installing one of the RPM distributions but reading the installation instructions for the tar distribution. That's what it sounds like to me. At 19:21 18/06/2003, you wrote: >I have gone around and circles for three days. > >First I read a page that states the following: > >"Currently, your copy of sendmail will be started by a script such as >/etc/init.d/mail or /etc/rc.d/init.d/sendmail. Somewhere in this >script will be the command to start sendmail itself. This should look >like this: >sendmail -bd -q15m >You should change this to the following two lines: >sendmail -bd -OPrivacyOptions=noetrn -ODeliveryMode=queueonly >-OQueueDirectory=/var/spool/mqueue.in >sendmail -q15m > >Easier said than done! > >First I tried modifying the /etc/rc.d/init.d/sendmail script with no luck. >Then I go to the /etc/rc.d/init.d/MailScanner file and it quickly tells me >not to do it and go to the /etc/sysconfig/MailScanner file. No matter what >I do nothing works. > >All I am trying to do is enter the two lines above but my eyes are >cross-eyed at this point. To make matters worse, after I gave up using the >fricken scripts I then entered the two commands manually, started the >check_mailscanner scripted and every darned message I send that was clean to >my server it get moved to the damned quarantine directory. > > > > > > -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From tsevy at EPX.COM Wed Jun 18 21:12:18 2003 From: tsevy at EPX.COM (Tom Sevy) Date: Thu Jan 12 21:18:36 2006 Subject: mis-marked spam messages Message-ID: <00c601c335d5$eb2989a0$bc0aa8c0@epx.com> Can messages that inadvertantly end up in /var/spool/mqueue/Spam/new folder be simply moved or copied to another location to be reprocessed? From mailscanner at ecs.soton.ac.uk Wed Jun 18 21:21:10 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:36 2006 Subject: mis-marked spam messages In-Reply-To: <00c601c335d5$eb2989a0$bc0aa8c0@epx.com> Message-ID: <5.2.1.1.2.20030618212040.03fbde50@imap.ecs.soton.ac.uk> At 21:12 18/06/2003, you wrote: >Can messages that inadvertantly end up in /var/spool/mqueue/Spam/new folder >be simply moved or copied to another location to be reprocessed? If you are storing them as raw queue files, then you can simply move them back into MailScanner's incoming queue. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From dwinkler at ALGORITHMICS.COM Wed Jun 18 21:29:19 2003 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:18:36 2006 Subject: More Spam on Backup MX Hosts Message-ID: <06EE2C86D3DAD5119A6C0060943F3C97055E7024@tormail1.algorithmics.com> Has anyone else noticed that a greater percentage of mail is spam on the backup MX hosts? Almost all the email received on my 3rd MX host is spam. Is this a deliberate strategy by spammers? Derek -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030618/f72e7e40/attachment.html From tsevy at EPX.COM Wed Jun 18 21:33:02 2003 From: tsevy at EPX.COM (Tom Sevy) Date: Thu Jan 12 21:18:36 2006 Subject: mis-marked spam messages Message-ID: <00d201c335d8$d0801990$bc0aa8c0@epx.com> At 21:12 18/06/2003, you wrote: >Can messages that inadvertantly end up in /var/spool/mqueue/Spam/new folder >be simply moved or copied to another location to be reprocessed? If you are storing them as raw queue files, then you can simply move them back into MailScanner's incoming queue. -- Can you (Julian) tell me how to determine if they are in the raw queue file format? The file names appear to be listed as 1055815268.5820_0.uxbr where .uxbr is the local host name. From nejc.skoberne at guest.arnes.si Wed Jun 18 21:35:32 2003 From: nejc.skoberne at guest.arnes.si (Nejc Skoberne) Date: Thu Jan 12 21:18:36 2006 Subject: More Spam on Backup MX Hosts In-Reply-To: <06EE2C86D3DAD5119A6C0060943F3C97055E7024@tormail1.algorithmics.com> References: <06EE2C86D3DAD5119A6C0060943F3C97055E7024@tormail1.algorithmics.com> Message-ID: <1886178762.20030618223532@guest.arnes.si> Hi. > Has anyone else noticed that a greater percentage of mail is spam on the > backup MX hosts? I also noticed that. -- Nejc Skoberne Grajska 5 SI-5220 Tolmin E-mail: nejc.skoberne@guest.arnes.si From mkipness at GENIANT.COM Wed Jun 18 21:39:13 2003 From: mkipness at GENIANT.COM (Max Kipness) Date: Thu Jan 12 21:18:36 2006 Subject: Strange Spam "Actions" Message-ID: <036A6BCC9FD10749AD3CE32255AF49A6017CF5C3@dalsxc01.geniant.net> Hello - I just noticed that I have emails in the /var/spool/MailScanner/....../spam folder. This is odd considering that I have no store actions in spam.actions.rules. I then did some grepping of the logs and it seems like around 35-40 emails a day are going to this ../spam folder. The logs specify: Jun 18 04:44:55 manhattan MailScanner[24460]: Spam Actions: message h5I9ioWq026384 actions are store Why would this happen? I only have various domains with actions deliver, delete, or forward. The other thing is that in this spam directory, the messages do not have the {Spam?} subject headers. Max -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030618/52dfe260/attachment.html From mailscanner at ecs.soton.ac.uk Wed Jun 18 21:39:53 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:36 2006 Subject: mis-marked spam messages In-Reply-To: <00d201c335d8$d0801990$bc0aa8c0@epx.com> Message-ID: <5.2.1.1.2.20030618213857.03f1ce98@imap.ecs.soton.ac.uk> At 21:33 18/06/2003, you wrote: >At 21:12 18/06/2003, you wrote: > > >Can messages that inadvertantly end up in /var/spool/mqueue/Spam/new folder > > >be simply moved or copied to another location to be reprocessed? > >If you are storing them as raw queue files, then you can simply move them > >back into MailScanner's incoming queue. > >-- > >Can you (Julian) tell me how to determine if they are in the raw queue file >format? There is an option in MailScanner.conf that sets this. Look for "Raw" or "Queue" and you'll find it. >The file names appear to be listed as 1055815268.5820_0.uxbr where .uxbr is >the local host name. That's odd, what is creating those filenames? Which MTA are you using? -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mike at CAMAROSS.NET Wed Jun 18 21:41:25 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:18:36 2006 Subject: More Spam on Backup MX Hosts In-Reply-To: <06EE2C86D3DAD5119A6C0060943F3C97055E7024@tormail1.algorithmics.com> Message-ID: <002601c335d9$fcb43630$9c01a8c0@home.middlefinger.net> Yes...it's a common tactic by a lot of Spamware to hit lower priority MX records first in hopes that they will be less secure than the primaries. Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Derek Winkler Sent: Wednesday, June 18, 2003 3:29 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: More Spam on Backup MX Hosts Has anyone else noticed that a greater percentage of mail is spam on the backup MX hosts? Almost all the email received on my 3rd MX host is spam. Is this a deliberate strategy by spammers? Derek From mike at CAMAROSS.NET Wed Jun 18 21:43:05 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:18:36 2006 Subject: Strange Spam "Actions" In-Reply-To: <036A6BCC9FD10749AD3CE32255AF49A6017CF5C3@dalsxc01.geniant.net> Message-ID: <002701c335da$37f658e0$9c01a8c0@home.middlefinger.net> grep all of your rules and MailScanner.conf for 'store' and make sure you didn't miss something. I've never had this happen on any of my installations. Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Max Kipness Sent: Wednesday, June 18, 2003 3:39 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Strange Spam "Actions" Hello - I just noticed that I have emails in the /var/spool/MailScanner/....../spam folder. This is odd considering that I have no store actions in spam.actions.rules. I then did some grepping of the logs and it seems like around 35-40 emails a day are going to this ../spam folder. The logs specify: Jun 18 04:44:55 manhattan MailScanner[24460]: Spam Actions: message h5I9ioWq026384 actions are store Why would this happen? I only have various domains with actions deliver, delete, or forward. The other thing is that in this spam directory, the messages do not have the {Spam?} subject headers. Max From russ at FASTWEBWORK.COM Wed Jun 18 21:45:25 2003 From: russ at FASTWEBWORK.COM (Russ) Date: Thu Jan 12 21:18:36 2006 Subject: Mail processing from CustomConfig References: <5.2.0.9.2.20030618163341.03a2b970@imap.ecs.soton.ac.uk> Message-ID: <0ce601c335da$8d1f0970$0a01000a@TOSHLAP> Julian, Thanks for the prompt reply. Actually, what I am attempting to do is a proof of concept for permission based white listing on a per user basis. I.e, if the mail gets to Non Spam Actions then MailScanner (and spamassassin, DCC, razor2) thinks it's ham. This traps better than 99% of the spam but there are those users that simple want *none*. So, in order to occomodate them I'd like to implement a mechanism to where I store the message in a data store, send a "reply to this" tagged email to the sender and when I get a reply back (if I do) then put the mail back into the loop to be delivered. There are products out there (TDMA comes to mind) that do this but I *like* MailScanner and want to provide the permission stuff only for those users that want it. I have no idea if I can accomplish this within the confines of the CustomConfig.pm code as I refuse to touch anything else. So the real question is can I do this? I don't want to waste my time (or the good folks on this list's time) if it is not feasible. Thanks.. russ.... ----- Original Message ----- From: "Julian Field" To: Sent: Wednesday, June 18, 2003 11:35 AM Subject: Re: Mail processing from CustomConfig > What sort of processing are you trying to do? Alter the message, extract > some more logging information about the message or what? If you make Non > Spam Actions return the value "deliver" then the message will indeed be > delivered as normal. > > If you have changed the attachments by that time, then be sure to set > $message->{bodymodified} = 1 otherwise it will deliver exactly the same > message body it received. > > At 15:54 18/06/2003, you wrote: > >Hi All, > > > >I would like to do some additional processing of mail via > >code in CustomConfig.pm. I have specified the function > >name in MailScanner.conf for Non Spam Actions and > >the function gets called but I have no clue on how to > >actually continue the processing (i.e., 'deliver') the mail > >after I have munged it. Can anyone shed some light? > >I am not a perl person....in fact have avoided learning > >it but I suspect it's time to bite the bullet. I know it's > >going to be something quite simple but it'd take me days > >to figure it out and I'm sure someone on this list can > >give me a clue! > > > >Thanks in advance. > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > From mikea at MIKEA.ATH.CX Wed Jun 18 21:50:52 2003 From: mikea at MIKEA.ATH.CX (mikea) Date: Thu Jan 12 21:18:36 2006 Subject: More Spam on Backup MX Hosts In-Reply-To: <002601c335d9$fcb43630$9c01a8c0@home.middlefinger.net>; from mike@CAMAROSS.NET on Wed, Jun 18, 2003 at 03:41:25PM -0500 References: <06EE2C86D3DAD5119A6C0060943F3C97055E7024@tormail1.algorithmics.com> <002601c335d9$fcb43630$9c01a8c0@home.middlefinger.net> Message-ID: <20030618155052.A16569@mikea.ath.cx> On Wed, Jun 18, 2003 at 03:41:25PM -0500, Mike Kercher wrote: > Yes...it's a common tactic by a lot of Spamware to hit lower priority MX > records first in hopes that they will be less secure than the primaries. Much discussed on the SPAM-L list, and on a couple of private lists dealing with spam and responses to it. One countermeasure is to put your highest-priority MX host in as your lowest-priority MX as well. I've been told that some RFC says this is a bad thing, but I haven't been told _which_, and it does appear to work somewhat. Eventually, of course, the spammers will pick MX hosts at random from the list -- if they aren't doing it already. -- Mike Andrews mikea@mikea.ath.cx Tired old sysadmin since 1964 From dwinkler at ALGORITHMICS.COM Wed Jun 18 21:52:13 2003 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:18:36 2006 Subject: More Spam on Backup MX Hosts Message-ID: <06EE2C86D3DAD5119A6C0060943F3C97055E7025@tormail1.algorithmics.com> All of mine are configured the same, was just wondering if it might be worthwhile to put a rule in scoring emails on backup hosts a little higher. -----Original Message----- From: mikea [mailto:mikea@mikea.ath.cx] Sent: Wednesday, June 18, 2003 4:51 PM To: MAILSCANNER@jiscmail.ac.uk Subject: Re: More Spam on Backup MX Hosts On Wed, Jun 18, 2003 at 03:41:25PM -0500, Mike Kercher wrote: > Yes...it's a common tactic by a lot of Spamware to hit lower priority MX > records first in hopes that they will be less secure than the primaries. Much discussed on the SPAM-L list, and on a couple of private lists dealing with spam and responses to it. One countermeasure is to put your highest-priority MX host in as your lowest-priority MX as well. I've been told that some RFC says this is a bad thing, but I haven't been told _which_, and it does appear to work somewhat. Eventually, of course, the spammers will pick MX hosts at random from the list -- if they aren't doing it already. -- Mike Andrews mikea@mikea.ath.cx Tired old sysadmin since 1964 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030618/53fa885f/attachment.html From tsevy at EPX.COM Wed Jun 18 21:55:38 2003 From: tsevy at EPX.COM (Tom Sevy) Date: Thu Jan 12 21:18:36 2006 Subject: mis-marked spam messages Message-ID: <00df01c335db$f8ab9450$bc0aa8c0@epx.com> At 21:33 18/06/2003, you wrote: >At 21:12 18/06/2003, you wrote: > > >Can messages that inadvertantly end up in /var/spool/mqueue/Spam/new folder > > >be simply moved or copied to another location to be reprocessed? > >If you are storing them as raw queue files, then you can simply move them > >back into MailScanner's incoming queue. > >-- > >Can you (Julian) tell me how to determine if they are in the raw queue file >format? There is an option in MailScanner.conf that sets this. Look for "Raw" or "Queue" and you'll find it. >The file names appear to be listed as 1055815268.5820_0.uxbr where .uxbr is >the local host name. That's odd, what is creating those filenames? Which MTA are you using? -- sendmail What has lead to this is that I'm not getting well over half my incoming email. I just looked and see about 80 files in the /var/spool/mqueue/Spam/new directory.... From kusler at NSCL.MSU.EDU Wed Jun 18 22:04:12 2003 From: kusler at NSCL.MSU.EDU (Jay Kusler) Date: Thu Jan 12 21:18:37 2006 Subject: spamassassin no longer being called? Message-ID: I'm puzzled. Yesterday I upgraded spamassassin from 2.31 to 2.55 (and then to 2.60). It appears now that spamassassin is not being called any longer. All messages have the X-MailScanner-SpamCheck: with 'SpamAssassin (score=0, required 6)'. If I pipe the same message into spamassassin from the command line (spamassassin < message), then spamassassin's X-Spam-Status: header shows a score of something other than 0. Invoking spamassassin from a .procmailrc recipe also correctly scores the messages. I believe I have the right stuff set in MailScanner.conf: Log Spam = yes Use SpamAssassin = yes Check SpamAssassin If On Spam List = yes Always Include SpamAssassin Report = yes Spam Score = yes Spam Checks = yes Solaris 8 Postfix 2.0.11 MailScanner 4.21-9 Spamassassin 2.60 (same results with 2.55) Any ideas where I can look? Thanks Jay Kusler From mailscanner at ecs.soton.ac.uk Wed Jun 18 21:43:41 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:37 2006 Subject: Strange Spam "Actions" In-Reply-To: <036A6BCC9FD10749AD3CE32255AF49A6017CF5C3@dalsxc01.geniant. net> Message-ID: <5.2.1.1.2.20030618214300.03fa34e0@imap.ecs.soton.ac.uk> At 21:39 18/06/2003, you wrote: >Hello - > >I just noticed that I have emails in the >/var/spool/MailScanner/....../spam folder. This is odd considering that I >have no store actions in spam.actions.rules. I then did some grepping of >the logs and it seems like around 35-40 emails a day are going to this >../spam folder. The logs specify: > >Jun 18 04:44:55 manhattan MailScanner[24460]: Spam Actions: message >h5I9ioWq026384 actions are store > >Why would this happen? I only have various domains with actions deliver, >delete, or forward. The other thing is that in this spam directory, the >messages do not have the {Spam?} subject headers. What about High Scoring Spam Actions? The messages stored there are written long before any subject header alteration happens. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030618/e7faa7c7/attachment.html From mailscanner at ecs.soton.ac.uk Wed Jun 18 22:04:45 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:37 2006 Subject: Mail processing from CustomConfig In-Reply-To: <0ce601c335da$8d1f0970$0a01000a@TOSHLAP> References: <5.2.0.9.2.20030618163341.03a2b970@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030618220231.03ed16b0@imap.ecs.soton.ac.uk> It's probably quite possible, but don't expect me to answer any question ever raised by one of your customers who is using this system. If someone emails me a question, then asks me to confirm that I am not a spammer when I reply, I give up on them and don't bother. I would advise all your customers to make sure they pre-enable anyone they email as people responding to them won't put up with a challenge/response system. Sorry, but I find these systems a pain and I refuse to waste my time on them. Hope you understand. At 21:45 18/06/2003, you wrote: >Julian, > >Thanks for the prompt reply. > >Actually, what I am attempting to do is a proof of concept for permission >based white listing on a per user basis. I.e, if the mail gets to Non Spam >Actions >then MailScanner (and spamassassin, DCC, razor2) thinks it's ham. This >traps >better than 99% of the spam but there are those users that simple want >*none*. >So, in order to occomodate them I'd like to implement a mechanism to where I >store the message in a data store, send a "reply to this" tagged email to >the sender >and when I get a reply back (if I do) then put the mail back into the loop >to be >delivered. There are products out there (TDMA comes to mind) that do this >but I *like* MailScanner and want to provide the permission stuff only for >those >users that want it. I have no idea if I can accomplish this within the >confines of >the CustomConfig.pm code as I refuse to touch anything else. > >So the real question is can I do this? I don't want to waste my time (or >the good >folks on this list's time) if it is not feasible. > >Thanks.. > >russ.... > >----- Original Message ----- >From: "Julian Field" >To: >Sent: Wednesday, June 18, 2003 11:35 AM >Subject: Re: Mail processing from CustomConfig > > > > What sort of processing are you trying to do? Alter the message, extract > > some more logging information about the message or what? If you make Non > > Spam Actions return the value "deliver" then the message will indeed be > > delivered as normal. > > > > If you have changed the attachments by that time, then be sure to set > > $message->{bodymodified} = 1 otherwise it will deliver exactly the same > > message body it received. > > > > At 15:54 18/06/2003, you wrote: > > >Hi All, > > > > > >I would like to do some additional processing of mail via > > >code in CustomConfig.pm. I have specified the function > > >name in MailScanner.conf for Non Spam Actions and > > >the function gets called but I have no clue on how to > > >actually continue the processing (i.e., 'deliver') the mail > > >after I have munged it. Can anyone shed some light? > > >I am not a perl person....in fact have avoided learning > > >it but I suspect it's time to bite the bullet. I know it's > > >going to be something quite simple but it'd take me days > > >to figure it out and I'm sure someone on this list can > > >give me a clue! > > > > > >Thanks in advance. > > > > -- > > Julian Field > > www.MailScanner.info > > MailScanner thanks transtec Computers for their support > > -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mkipness at GENIANT.COM Wed Jun 18 22:08:43 2003 From: mkipness at GENIANT.COM (Max Kipness) Date: Thu Jan 12 21:18:37 2006 Subject: Strange Spam "Actions" Message-ID: <036A6BCC9FD10749AD3CE32255AF49A6017CF5C5@dalsxc01.geniant.net> Yes, that was it. I should have seen that on my own. Thanks Mike and Julian. Max -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] Sent: Wednesday, June 18, 2003 3:44 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Strange Spam "Actions" At 21:39 18/06/2003, you wrote: Hello - I just noticed that I have emails in the /var/spool/MailScanner/....../spam folder. This is odd considering that I have no store actions in spam.actions.rules. I then did some grepping of the logs and it seems like around 35-40 emails a day are going to this ../spam folder. The logs specify: Jun 18 04:44:55 manhattan MailScanner[24460]: Spam Actions: message h5I9ioWq026384 actions are store Why would this happen? I only have various domains with actions deliver, delete, or forward. The other thing is that in this spam directory, the messages do not have the {Spam?} subject headers. What about High Scoring Spam Actions? The messages stored there are written long before any subject header alteration happens. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030618/240ae27b/attachment.html From raymond at PROLOCATION.NET Wed Jun 18 22:10:00 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:37 2006 Subject: More Spam on Backup MX Hosts In-Reply-To: <06EE2C86D3DAD5119A6C0060943F3C97055E7024@tormail1.algorithmics.com> Message-ID: Hi! > Has anyone else noticed that a greater percentage of mail is spam on the > backup MX hosts? > > Almost all the email received on my 3rd MX host is spam. > Is this a deliberate strategy by spammers? Yes it is. but you can easilly fix that. Add a 4th MX in your zone, pointing to the IP of the 1st MX. So if spammers use that trick they will not end up where they want to be. bye, Raymond. From russ at FASTWEBWORK.COM Wed Jun 18 22:22:07 2003 From: russ at FASTWEBWORK.COM (Russ) Date: Thu Jan 12 21:18:37 2006 Subject: Mail processing from CustomConfig References: <5.2.0.9.2.20030618163341.03a2b970@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030618220231.03ed16b0@imap.ecs.soton.ac.uk> Message-ID: <0d1a01c335df$b1fa0ec0$0a01000a@TOSHLAP> Julian, Quite frankly I agree with you that challenge/response systems are a pain in the patoot. I'm simply repsonding to user requests and it behooves me to at least provide them with something they think they want and make sure they are aware of the negative side of such a system. And it will be easy enough to disable by simply making Non Spam Actions be 'deliver'. Russ... ----- Original Message ----- From: "Julian Field" To: Sent: Wednesday, June 18, 2003 5:04 PM Subject: Re: Mail processing from CustomConfig > It's probably quite possible, but don't expect me to answer any question > ever raised by one of your customers who is using this system. If someone > emails me a question, then asks me to confirm that I am not a spammer when > I reply, I give up on them and don't bother. I would advise all your > customers to make sure they pre-enable anyone they email as people > responding to them won't put up with a challenge/response system. Sorry, > but I find these systems a pain and I refuse to waste my time on them. Hope > you understand. > > At 21:45 18/06/2003, you wrote: > >Julian, > > > >Thanks for the prompt reply. > > > >Actually, what I am attempting to do is a proof of concept for permission > >based white listing on a per user basis. I.e, if the mail gets to Non Spam > >Actions > >then MailScanner (and spamassassin, DCC, razor2) thinks it's ham. This > >traps > >better than 99% of the spam but there are those users that simple want > >*none*. > >So, in order to occomodate them I'd like to implement a mechanism to where I > >store the message in a data store, send a "reply to this" tagged email to > >the sender > >and when I get a reply back (if I do) then put the mail back into the loop > >to be > >delivered. There are products out there (TDMA comes to mind) that do this > >but I *like* MailScanner and want to provide the permission stuff only for > >those > >users that want it. I have no idea if I can accomplish this within the > >confines of > >the CustomConfig.pm code as I refuse to touch anything else. > > > >So the real question is can I do this? I don't want to waste my time (or > >the good > >folks on this list's time) if it is not feasible. > > > >Thanks.. > > > >russ.... > > > >----- Original Message ----- > >From: "Julian Field" > >To: > >Sent: Wednesday, June 18, 2003 11:35 AM > >Subject: Re: Mail processing from CustomConfig > > > > > > > What sort of processing are you trying to do? Alter the message, extract > > > some more logging information about the message or what? If you make Non > > > Spam Actions return the value "deliver" then the message will indeed be > > > delivered as normal. > > > > > > If you have changed the attachments by that time, then be sure to set > > > $message->{bodymodified} = 1 otherwise it will deliver exactly the same > > > message body it received. > > > > > > At 15:54 18/06/2003, you wrote: > > > >Hi All, > > > > > > > >I would like to do some additional processing of mail via > > > >code in CustomConfig.pm. I have specified the function > > > >name in MailScanner.conf for Non Spam Actions and > > > >the function gets called but I have no clue on how to > > > >actually continue the processing (i.e., 'deliver') the mail > > > >after I have munged it. Can anyone shed some light? > > > >I am not a perl person....in fact have avoided learning > > > >it but I suspect it's time to bite the bullet. I know it's > > > >going to be something quite simple but it'd take me days > > > >to figure it out and I'm sure someone on this list can > > > >give me a clue! > > > > > > > >Thanks in advance. > > > > > > -- > > > Julian Field > > > www.MailScanner.info > > > MailScanner thanks transtec Computers for their support > > > > > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > From steve.douglas at SBIINCORPORATED.COM Thu Jun 19 00:36:09 2003 From: steve.douglas at SBIINCORPORATED.COM (Steve Douglas) Date: Thu Jan 12 21:18:37 2006 Subject: Number of SendMail Processes Message-ID: <3963522F0E71474CB14C0FF54A6914F701115044@omar.schtre.com> When the command service MailScanner start is issued I receive the correct number of processes for the MailScanner children. However when I issue the command ps -A |more I show there are three sendmail processes running. Does this sound correct? ? ? -------------- next part -------------- A non-text attachment was scrubbed... Name: Steve Douglas.vcf Type: application/octet-stream Size: 380 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030618/17bad4e5/SteveDouglas.obj From steve.douglas at SBIINCORPORATED.COM Thu Jun 19 00:37:24 2003 From: steve.douglas at SBIINCORPORATED.COM (Steve Douglas) Date: Thu Jan 12 21:18:37 2006 Subject: All SPAM Message-ID: <3963522F0E71474CB14C0FF54A6914F701115045@omar.schtre.com> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: Steve Douglas.vcf Type: application/octet-stream Size: 380 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030618/ac33b219/SteveDouglas.obj From mkettler at EVI-INC.COM Thu Jun 19 01:37:05 2003 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:18:37 2006 Subject: All SPAM In-Reply-To: <3963522F0E71474CB14C0FF54A6914F701115045@omar.schtre.com> Message-ID: <5.2.1.1.0.20030618203409.02598b28@xanadu.evi-inc.com> At 06:37 PM 6/18/2003 -0500, Steve Douglas wrote: >It appears all the incoming email coming to my gateway is marked as >100%. However, my test messages aren't SPAM. Is there anything I should >look at? Yes, look at the headers that mailscanner inserted. Why did does it say about why it tagged it? you should see something like: X-MailScanner-SpamCheck: not spam, SpamAssassin (score=1.5, required 5.5, BIG_FONT, EXCHANGE_SERVER, HTML_50_70, MIME_NULL_BLOCK, SPAM_PHRASE_03_05) From mkettler at EVI-INC.COM Thu Jun 19 01:44:29 2003 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:18:37 2006 Subject: Number of SendMail Processes In-Reply-To: <3963522F0E71474CB14C0FF54A6914F701115044@omar.schtre.com> Message-ID: <5.2.1.1.0.20030618203738.02596418@xanadu.evi-inc.com> At 06:36 PM 6/18/2003 -0500, Steve Douglas wrote: >When the command service MailScanner start is issued I receive the correct >number of processes for the MailScanner children. However when I issue the >command ps -A |more I show there are three sendmail processes running. Does >this sound correct? Provided the extra processes are delivery processes, yes... sendmail forks off extra processes while transferring mail. For example I get (some details changed for privacy and security reasons, including PIDs, SMTP IDs, and domain names) 1 ? S 0:04 sendmail: accepting connections 2 ? S 0:00 /usr/sbin/sendmail -q15m 3 ? S 0:00 sendmail: server blah.example.com 4 ? S 0:00 sendmail: server mail03.example.com 5 ? S 0:00 sendmail: server [1.1.1.1] cmd read 6 ? S 0:00 sendmail: ./h5FZFDs12724 example.com.: user ope 7 ? S 0:00 sendmail: ./h5K16Rq30494 stdin-01.example.com.: 8 ? S 0:00 sendmail: ./h5AYeBv01611 euclid.example.com. 9 ? S 0:00 sendmail: ./h5ZQoKf01417 mail.example.com. Only #1 and #2 were started by the startup scripts.. 3 - 9 were spawned to handle mail transfers. From kfliong at WOFS.COM Thu Jun 19 04:01:38 2003 From: kfliong at WOFS.COM (kfliong) Date: Thu Jan 12 21:18:37 2006 Subject: MailWatch 0.2 buglet In-Reply-To: <67D9E7698329D411936E00508B6590B902793C6B@neelix.lbsltd.co. uk> Message-ID: <5.2.1.1.0.20030619105933.024f56b0@192.168.10.2> I am not sure if you have corrected this bug to buglet but I found another bug to the buglet. The new status.php file contain bugs in 2 lines : echo " " . format_mail_size($row->size) "\n"; echo " " . $row->sascore "\n"; It should be : echo " " . format_mail_size($row->size) . "\n"; echo " " . $row->sascore . "\n"; Notice the dot (.) in the end of each line. I did those changes and my mailwatch stop giving error. At 10:13 AM 6/17/2003 +0100, you wrote: >Hi Mike, > >Glad you like it. > >I've just realised that I've got the same bug - please find the attached >status.php file which fixes the problem. > >Cheers, >Steve. > >-----Original Message----- >From: Mike Zanker [mailto:mike@zanker.org] >Sent: 17 June 2003 10:04 >To: Steve Freegard > >Hi Steve, > >just found a little bug - multiple recipients (To column on status >page) are showing like this: > >mike@zanker.org
alan@zanker.org > >Great utility, though - I can see it being VERY useful. > >Regards, > >Mike. > > >-- >This email and any files transmitted with it are confidential and >intended solely for the use of the individual or entity to whom they >are addressed. If you have received this email in error please notify >the sender and delete the message from your mailbox. > >This footnote also confirms that this email message has been swept by >MailScanner (www.mailscanner.info) for the presence of computer viruses. > From smohan at vsnl.com Thu Jun 19 04:17:43 2003 From: smohan at vsnl.com (S Mohan) Date: Thu Jan 12 21:18:37 2006 Subject: FW: Advantages to using Mailscanner for Spam Filtering only !? [WasRe: MailScanner with Trend Micro] Message-ID: <003701c33611$5a7d9770$2b405bca@18yamuna> Yes. A committed and excellent software architect as project/product owner that makes a difference in quality and response. Philosophically, MS does not try to reinvent the wheel but complements what a MTA does. Sane and good strategy (Most commercial products use a SMTP gateway - at least Trend Micro does). For this reason, MailScanner can run on the same system as the MTA without change of service ports which is required for most commercial gateways. This compartmentalization allows to take advantage of MTA features that best suits one's need in terms of performance, security etc which would be difficult to provide in a software that is not core deliverable in long term. Mohan -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Christopher Albert Sent: Tuesday, June 17, 2003 2:48 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Advantages to using Mailscanner for Spam Filtering only !? [WasRe: MailScanner with Trend Micro] Stephen >>/ >>I am using SpamAssassin with procmail. I don' t think I need >>MailScanner since SpamAssassin is executed by procmail for every >>incoming mail and is currently reading user preferences from a SQL >>database and now recently switched to Trend. / >> > I would disagree on several counts: > > 1. MailScanner calling SpamAssassin is much more efficient that > calling SpamAssassin from procmail 2. MailScanner will protect your > system and users from many more types of attack than SpamAssassin and > MicroTrend alone. 3. MailScanner can read SQL preferences from and SQL > database and look for some very nice enhancements in this area soon. > 4. MailScanner provides an "attachment" feature which spares your > users the nasty images and verbiage > I'd like to elaborate on this discussion by generalizing it to the question of "Why should I use Mailscanner if I just want to filter spam site-wide?". I ask this question first since I am planning to roll out a site-wide anti-spam solution for a large university, but the AV is already done at another tier, so MS's excellent capabilities to integrate multiple AV products is moot. Secondly, I've just started a collaborative document in progress at the Linux Documnentation Project for an Anti-Spam-Howto where I plan to have a section on site-wide spam filtering where MS will have an important place. As far as I can tell, the site-wide solutions for integrating Spamassassin(SA) on a largish site are MS, amavisd-new, and spamd, and possibly a milter solution, though I dont know how the latter extends across MTAs. Some of the advantages of MS, in addition to the ones Stephen mentioned above, are 1. MTA agnosticism -- in general software that spans platforms and applications tends to be more robust. 2. A meta-level of control over both the MTA and SA (for things like white/black lists and its extensible rules syntax). 3. Unified logging, including log analysis tools like the MS-mrtg and Mailwatch projects, in addition to the possibilities to support even more sophisticated cluster configurations implied by the move to SQL backend support. 4. The possibility of on the fly damage control -- even if AV is done at another tier MS allows the possibility of a second line of defense, perhaps long before an AV vendor releases a data file update. (Though recent viruses like polymorphic bugbear-b complicate everyones lives). 5. A large active community of users, and this excellent mailing list. Let me know if I have missed anything. Chris From smohan at vsnl.com Thu Jun 19 04:17:43 2003 From: smohan at vsnl.com (S Mohan) Date: Thu Jan 12 21:18:37 2006 Subject: FW: MailScanner with Trend Micro Message-ID: <003801c33611$5c558bc0$2b405bca@18yamuna> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/png Size: 819 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030619/2e8e224b/attachment.png From kusler at NSCL.MSU.EDU Thu Jun 19 05:15:47 2003 From: kusler at NSCL.MSU.EDU (Jay Kusler) Date: Thu Jan 12 21:18:37 2006 Subject: spamassassin no longer being called? In-Reply-To: References: Message-ID: <20030619041547.GA28061@nscl.msu.edu> On Wed, Jun 18, 2003 at 10:04:12PM +0100, Jay Kusler wrote: > Date: Wed, 18 Jun 2003 22:04:12 +0100 > Subject: spamassassin no longer being called? > From: Jay Kusler > To: MAILSCANNER@JISCMAIL.AC.UK > > I'm puzzled. > > Yesterday I upgraded spamassassin from 2.31 to 2.55 (and then to 2.60). It > appears now that > spamassassin is not being called any longer. All messages have the > X-MailScanner-SpamCheck: > with 'SpamAssassin (score=0, required 6)'. If I pipe the same message into > spamassassin from > the command line (spamassassin < message), then spamassassin's > X-Spam-Status: header shows > a score of something other than 0. Invoking spamassassin from a .procmailrc > recipe also correctly scores the messages. I believe I have the right stuff > set in MailScanner.conf: > Log Spam = yes > Use SpamAssassin = yes > Check SpamAssassin If On Spam List = yes > Always Include SpamAssassin Report = yes > Spam Score = yes > Spam Checks = yes > > Solaris 8 > Postfix 2.0.11 > MailScanner 4.21-9 > Spamassassin 2.60 (same results with 2.55) > > Any ideas where I can look? > > Thanks > > Jay Kusler ---end quoted text--- Nothing like answering your own post.... It turns out I had added a ruleset entry for 'Is Definitely Spam'. When I reverted to 'no', all the problems disappeared. Jay From john at TRADOC.FR Thu Jun 19 07:35:48 2003 From: john at TRADOC.FR (John Wilcock) Date: Thu Jan 12 21:18:37 2006 Subject: Mail processing from CustomConfig In-Reply-To: <5.2.1.1.2.20030618220231.03ed16b0@imap.ecs.soton.ac.uk> References: <5.2.0.9.2.20030618163341.03a2b970@imap.ecs.soton.ac.uk> <0ce601c335da$8d1f0970$0a01000a@TOSHLAP> <5.2.1.1.2.20030618220231.03ed16b0@imap.ecs.soton.ac.uk> Message-ID: <1am2fv49aoqqjsta3mcm5sbuujn06nukmp@tradoc.fr> On Wed, 18 Jun 2003 22:04:45 +0100, Julian Field wrote: > It's probably quite possible, but don't expect me to answer any question > ever raised by one of your customers who is using this system. If someone > emails me a question, then asks me to confirm that I am not a spammer when > I reply, I give up on them and don't bother. I would advise all your > customers to make sure they pre-enable anyone they email as people > responding to them won't put up with a challenge/response system. Couldn't agree more, but surely the solution in this case would be to *automatically* pre-enable them when the outgoing mail goes through the system. John. -- -- Over 2000 webcams from ski resorts around the world - http://www.snoweye.com/ -- Translate your technical documents and web pages - http://www.tradoc.fr/ From steve.freegard at LBSLTD.CO.UK Thu Jun 19 09:16:22 2003 From: steve.freegard at LBSLTD.CO.UK (Steve Freegard) Date: Thu Jan 12 21:18:37 2006 Subject: MailWatch 0.2 buglet Message-ID: <67D9E7698329D411936E00508B6590B902793CFA@neelix.lbsltd.co.uk> Hi, The '.' are present in the 0.2 tarball, and no-one else has reported this. Did you make your own changes to the code, as I can't think of anything else that would've caused this. Regards, Steve -----Original Message----- From: kfliong [mailto:kfliong@WOFS.COM] Sent: 19 June 2003 04:02 To: MAILSCANNER@JISCMAIL.AC.UK I am not sure if you have corrected this bug to buglet but I found another bug to the buglet. The new status.php file contain bugs in 2 lines : echo " " . format_mail_size($row->size) "\n"; echo " " . $row->sascore "\n"; It should be : echo " " . format_mail_size($row->size) . "\n"; echo " " . $row->sascore . "\n"; Notice the dot (.) in the end of each line. I did those changes and my mailwatch stop giving error. At 10:13 AM 6/17/2003 +0100, you wrote: >Hi Mike, > >Glad you like it. > >I've just realised that I've got the same bug - please find the attached >status.php file which fixes the problem. > >Cheers, >Steve. > >-----Original Message----- >From: Mike Zanker [mailto:mike@zanker.org] >Sent: 17 June 2003 10:04 >To: Steve Freegard > >Hi Steve, > >just found a little bug - multiple recipients (To column on status >page) are showing like this: > >mike@zanker.org
alan@zanker.org > >Great utility, though - I can see it being VERY useful. > >Regards, > >Mike. > > >-- >This email and any files transmitted with it are confidential and >intended solely for the use of the individual or entity to whom they >are addressed. If you have received this email in error please notify >the sender and delete the message from your mailbox. > >This footnote also confirms that this email message has been swept by >MailScanner (www.mailscanner.info) for the presence of computer viruses. > -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete the message from your mailbox. This footnote also confirms that this email message has been swept by MailScanner (www.mailscanner.info) for the presence of computer viruses. From kfliong at WOFS.COM Thu Jun 19 09:25:15 2003 From: kfliong at WOFS.COM (kfliong) Date: Thu Jan 12 21:18:37 2006 Subject: MailWatch 0.2 buglet In-Reply-To: <67D9E7698329D411936E00508B6590B902793CFA@neelix.lbsltd.co. uk> Message-ID: <5.2.1.1.0.20030619162427.024eef58@192.168.10.2> i got it from the status.php file that you send to Mike. At 09:16 AM 6/19/2003 +0100, you wrote: >Hi, > >The '.' are present in the 0.2 tarball, and no-one else has reported this. >Did you make your own changes to the code, as I can't think of anything else >that would've caused this. > >Regards, >Steve > > >-----Original Message----- >From: kfliong [mailto:kfliong@WOFS.COM] >Sent: 19 June 2003 04:02 >To: MAILSCANNER@JISCMAIL.AC.UK > >I am not sure if you have corrected this bug to buglet but I found another >bug to the buglet. > >The new status.php file contain bugs in 2 lines : > > echo " " . >format_mail_size($row->size) "\n"; > echo " " . >$row->sascore "\n"; > >It should be : > > echo " " . format_mail_size($row->size) . >"\n"; > echo " " . $row->sascore . >"\n"; > >Notice the dot (.) in the end of each line. I did those changes and my >mailwatch stop giving error. > >At 10:13 AM 6/17/2003 +0100, you wrote: > >Hi Mike, > > > >Glad you like it. > > > >I've just realised that I've got the same bug - please find the attached > >status.php file which fixes the problem. > > > >Cheers, > >Steve. > > > >-----Original Message----- > >From: Mike Zanker [mailto:mike@zanker.org] > >Sent: 17 June 2003 10:04 > >To: Steve Freegard > > > >Hi Steve, > > > >just found a little bug - multiple recipients (To column on status > >page) are showing like this: > > > >mike@zanker.org
alan@zanker.org > > > >Great utility, though - I can see it being VERY useful. > > > >Regards, > > > >Mike. > > > > > >-- > >This email and any files transmitted with it are confidential and > >intended solely for the use of the individual or entity to whom they > >are addressed. If you have received this email in error please notify > >the sender and delete the message from your mailbox. > > > >This footnote also confirms that this email message has been swept by > >MailScanner (www.mailscanner.info) for the presence of computer viruses. > > > >-- >This email and any files transmitted with it are confidential and >intended solely for the use of the individual or entity to whom they >are addressed. If you have received this email in error please notify >the sender and delete the message from your mailbox. > >This footnote also confirms that this email message has been swept by >MailScanner (www.mailscanner.info) for the presence of computer viruses. From Kevin.Spicer at BMRB.CO.UK Thu Jun 19 09:54:29 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:18:37 2006 Subject: Legal Implications was(Re: Announce: MailScanner-Console-0.1) Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0EBF667@pascal.priv.bmrb.co.uk> A coleague just sent me this link which seems to be relevent to the discussion here (for the UK at least). http://www.tolsonmessenger.co.uk/resource/faqs/emailprivacy.htm Much of this has been covered already but theres some detail about "THE TELECOMMUNICATIONS (Lawful Business Practice) (Interception of Communications) REGULATIONS 2000" which doesn't seem to heve been covered yet (unless I missed it). BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From steve.freegard at LBSLTD.CO.UK Thu Jun 19 09:58:29 2003 From: steve.freegard at LBSLTD.CO.UK (Steve Freegard) Date: Thu Jan 12 21:18:37 2006 Subject: MailWatch 0.2 buglet Message-ID: <67D9E7698329D411936E00508B6590B902793CFD@neelix.lbsltd.co.uk> Hi, I've just realised that there were duplicate posts to the mailing list from somewhere. If you look at my original post from Tuesday 10:14 GMT the '.' are present, however there were duplicated posts in the early hours of Wednesday morning which included my post containing the status.php file which has been mangled in some way and the '.' are missing... Cheers, Steve. -----Original Message----- From: kfliong [mailto:kfliong@WOFS.COM] Sent: 19 June 2003 09:25 To: MAILSCANNER@JISCMAIL.AC.UK i got it from the status.php file that you send to Mike. At 09:16 AM 6/19/2003 +0100, you wrote: >Hi, > >The '.' are present in the 0.2 tarball, and no-one else has reported this. >Did you make your own changes to the code, as I can't think of anything else >that would've caused this. > >Regards, >Steve > > >-----Original Message----- >From: kfliong [mailto:kfliong@WOFS.COM] >Sent: 19 June 2003 04:02 >To: MAILSCANNER@JISCMAIL.AC.UK > >I am not sure if you have corrected this bug to buglet but I found another >bug to the buglet. > >The new status.php file contain bugs in 2 lines : > > echo " " . >format_mail_size($row->size) "\n"; > echo " " . >$row->sascore "\n"; > >It should be : > > echo " " . format_mail_size($row->size) . >"\n"; > echo " " . $row->sascore . >"\n"; > >Notice the dot (.) in the end of each line. I did those changes and my >mailwatch stop giving error. > >At 10:13 AM 6/17/2003 +0100, you wrote: > >Hi Mike, > > > >Glad you like it. > > > >I've just realised that I've got the same bug - please find the attached > >status.php file which fixes the problem. > > > >Cheers, > >Steve. > > > >-----Original Message----- > >From: Mike Zanker [mailto:mike@zanker.org] > >Sent: 17 June 2003 10:04 > >To: Steve Freegard > > > >Hi Steve, > > > >just found a little bug - multiple recipients (To column on status > >page) are showing like this: > > > >mike@zanker.org
alan@zanker.org > > > >Great utility, though - I can see it being VERY useful. > > > >Regards, > > > >Mike. > > > > > >-- > >This email and any files transmitted with it are confidential and > >intended solely for the use of the individual or entity to whom they > >are addressed. If you have received this email in error please notify > >the sender and delete the message from your mailbox. > > > >This footnote also confirms that this email message has been swept by > >MailScanner (www.mailscanner.info) for the presence of computer viruses. > > > >-- >This email and any files transmitted with it are confidential and >intended solely for the use of the individual or entity to whom they >are addressed. If you have received this email in error please notify >the sender and delete the message from your mailbox. > >This footnote also confirms that this email message has been swept by >MailScanner (www.mailscanner.info) for the presence of computer viruses. -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete the message from your mailbox. This footnote also confirms that this email message has been swept by MailScanner (www.mailscanner.info) for the presence of computer viruses. From evertjan at VANRAMSELAAR.NL Thu Jun 19 11:44:36 2003 From: evertjan at VANRAMSELAAR.NL (Evert Jan van Ramselaar) Date: Thu Jan 12 21:18:37 2006 Subject: $reportword Message-ID: <28075.194.151.195.222.1056019476.squirrel@mail.vanramselaar.nl> Hello there, I'm using the latest stable version (RPM) with Sophos and F-Prot on Redhat 8. Isn't $reportword supposed to be substituted by something in this report? The following e-mail messages were found to have viruses in them: Sender: membership@iprimus.com.au IP Address: 203.21.133.123 Recipient: xxxxxxxx Subject: Thanks for registering MessageID: h5JADKRX012423 Report: Found dangerous IFrame tag in HTML message $reportword: >>> Virus 'W32/Bugbear-Dam' found in file ./h5JADKRX012423/septic letter.doc.exe /var/spool/MailScanner/incoming/27671/./h5JADKRX012423/septic letter.doc.exe Infection: W32/Bugbear.B@mm (corrupted) Executable DOS/Windows programs are dangerous in email (septic letter.doc.exe) -- Evert Jan van Ramselaar Van Ramselaar Info Tech From raymond at PROLOCATION.NET Thu Jun 19 11:49:48 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:37 2006 Subject: $reportword In-Reply-To: <28075.194.151.195.222.1056019476.squirrel@mail.vanramselaar.nl> Message-ID: Hi! > I'm using the latest stable version (RPM) with Sophos and F-Prot on Redhat 8. > Isn't $reportword supposed to be substituted by something in this report? I have seen the same, forgot to mention this.... Bye, Raymond. From mailscanner at ecs.soton.ac.uk Thu Jun 19 12:31:45 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:37 2006 Subject: Mail processing from CustomConfig In-Reply-To: <1am2fv49aoqqjsta3mcm5sbuujn06nukmp@tradoc.fr> References: <5.2.1.1.2.20030618220231.03ed16b0@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030618163341.03a2b970@imap.ecs.soton.ac.uk> <0ce601c335da$8d1f0970$0a01000a@TOSHLAP> <5.2.1.1.2.20030618220231.03ed16b0@imap.ecs.soton.ac.uk> Message-ID: <5.2.0.9.2.20030619122935.054c6d90@imap.ecs.soton.ac.uk> At 07:35 19/06/2003, you wrote: >On Wed, 18 Jun 2003 22:04:45 +0100, Julian Field wrote: > > It's probably quite possible, but don't expect me to answer any question > > ever raised by one of your customers who is using this system. If someone > > emails me a question, then asks me to confirm that I am not a spammer when > > I reply, I give up on them and don't bother. I would advise all your > > customers to make sure they pre-enable anyone they email as people > > responding to them won't put up with a challenge/response system. > >Couldn't agree more, but surely the solution in this case would be to >*automatically* pre-enable them when the outgoing mail goes through >the system. That could easily be done with a config option such as "Always Evaluated Last" which could be a Custom Function with the side effect that it catches mail going outbound from your users and adds the "To" address to the list of acceptable addresses when the mail reply comes back in. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Thu Jun 19 12:39:47 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:37 2006 Subject: $reportword In-Reply-To: <28075.194.151.195.222.1056019476.squirrel@mail.vanramselaa r.nl> Message-ID: <5.2.0.9.2.20030619123906.054bac18@imap.ecs.soton.ac.uk> Message.pm line 2007. Change my $rept = join(' $reportword: ', @everyrept); to my $rept = join(" $reportword: ", @everyrept); Sorry about that. At 11:44 19/06/2003, you wrote: >Hello there, > >I'm using the latest stable version (RPM) with Sophos and F-Prot on Redhat 8. >Isn't $reportword supposed to be substituted by something in this report? > > >The following e-mail messages were found to have viruses in them: > > Sender: membership@iprimus.com.au >IP Address: 203.21.133.123 > Recipient: xxxxxxxx > Subject: Thanks for registering > MessageID: h5JADKRX012423 > Report: Found dangerous IFrame tag in HTML message > $reportword: >>> Virus 'W32/Bugbear-Dam' found in file >./h5JADKRX012423/septic letter.doc.exe > /var/spool/MailScanner/incoming/27671/./h5JADKRX012423/septic >letter.doc.exe Infection: W32/Bugbear.B@mm (corrupted) > Executable DOS/Windows programs are dangerous in email (septic >letter.doc.exe) > >-- > Evert Jan van Ramselaar > Van Ramselaar Info Tech -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From evertjan at VANRAMSELAAR.NL Thu Jun 19 12:59:15 2003 From: evertjan at VANRAMSELAAR.NL (Evert Jan van Ramselaar) Date: Thu Jan 12 21:18:37 2006 Subject: $reportword In-Reply-To: <5.2.0.9.2.20030619123906.054bac18@imap.ecs.soton.ac.uk> References: <28075.194.151.195.222.1056019476.squirrel@mail.vanramselaa r.nl> <5.2.0.9.2.20030619123906.054bac18@imap.ecs.soton.ac.uk> Message-ID: <7272.194.151.195.222.1056023955.squirrel@mail.vanramselaar.nl> Julian Field said: > Message.pm line 2007. > Change > my $rept = join(' $reportword: ', @everyrept); > to > my $rept = join(" $reportword: ", @everyrept); Great, thanks. > Sorry about that. No hard feelings... :o) Thanks for the quick reply. -- Evert Jan van Ramselaar Van Ramselaar Info Tech From raymond at PROLOCATION.NET Thu Jun 19 13:04:02 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:37 2006 Subject: $reportword In-Reply-To: <7272.194.151.195.222.1056023955.squirrel@mail.vanramselaar.nl> Message-ID: Hi! > Great, thanks. > > > Sorry about that. > > No hard feelings... :o) Haha =) Changed the lines in my code, lets see if it doesnt pop up anymore in the reports :) Thanks Julian. Bye, Raymond. From mkipness at GENIANT.COM Thu Jun 19 14:17:47 2003 From: mkipness at GENIANT.COM (Max Kipness) Date: Thu Jan 12 21:18:37 2006 Subject: Blacklisting random domains Message-ID: <036A6BCC9FD10749AD3CE32255AF49A6017CF5D5@dalsxc01.geniant.net> Our domains get a lot of spam from domains similar to: @441.loopmail.com I'm guessing that this company may have others including 440.loopmail, etc. How can I remove all that include loopmail? Would it be: *@*loopmail.com or just *loopmail.com Thanks, Max -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030619/62f7f43c/attachment.html From mailscanner at ecs.soton.ac.uk Thu Jun 19 14:31:01 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:37 2006 Subject: Blacklisting random domains In-Reply-To: <036A6BCC9FD10749AD3CE32255AF49A6017CF5D5@dalsxc01.geniant. net> Message-ID: <5.2.0.9.2.20030619143043.056588a0@imap.ecs.soton.ac.uk> At 14:17 19/06/2003, you wrote: >Our domains get a lot of spam from domains similar to: > >@441.loopmail.com > >I'm guessing that this company may have others including 440.loopmail, >etc. How can I remove all that include loopmail? Would it be: > >*@*loopmail.com > >or just *loopmail.com Either :-) -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030619/13d65fbb/attachment.html From dwinkler at ALGORITHMICS.COM Thu Jun 19 15:29:01 2003 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:18:37 2006 Subject: Blacklisting random domains Message-ID: <06EE2C86D3DAD5119A6C0060943F3C97055E7027@tormail1.algorithmics.com> I believe that both of may include emails to someone@myloopmail.com or similar domains. You may want to use *.loopmail.com -----Original Message----- From: Max Kipness [mailto:mkipness@geniant.com] Sent: Thursday, June 19, 2003 9:18 AM To: MAILSCANNER@jiscmail.ac.uk Subject: Blacklisting random domains Our domains get a lot of spam from domains similar to: @441.loopmail.com I'm guessing that this company may have others including 440.loopmail, etc. How can I remove all that include loopmail? Would it be: *@*loopmail.com or just *loopmail.com Thanks, Max -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030619/f95999b7/attachment.html From mailscanner at ecs.soton.ac.uk Thu Jun 19 16:46:31 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:37 2006 Subject: Blacklisting random domains In-Reply-To: <06EE2C86D3DAD5119A6C0060943F3C97055E7027@tormail1.algorith mics.com> Message-ID: <5.2.0.9.2.20030619164607.048fc1c8@imap.ecs.soton.ac.uk> At 15:29 19/06/2003, you wrote: >I believe that both of may include emails to >someone@myloopmail.com or similar domains. In that case, you need 2 entries: loopmail.com and *.loopmail.com >-----Original Message----- >From: Max Kipness [mailto:mkipness@geniant.com] >Sent: Thursday, June 19, 2003 9:18 AM >To: MAILSCANNER@jiscmail.ac.uk >Subject: Blacklisting random domains > >Our domains get a lot of spam from domains similar to: > >@441.loopmail.com > >I'm guessing that this company may have others including 440.loopmail, >etc. How can I remove all that include loopmail? Would it be: > >*@*loopmail.com > >or just *loopmail.com > >Thanks, >Max > -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030619/b3de6a8d/attachment.html From damian at WORKGROUPSOLUTIONS.COM Thu Jun 19 18:05:23 2003 From: damian at WORKGROUPSOLUTIONS.COM (Damian Mendoza) Date: Thu Jan 12 21:18:37 2006 Subject: Whitelist problem Message-ID: Hi, I'm having a problem with a Whitelist entry. I cannot stop this message from being filtered by SpamAssassin. Of course, it is the bosses girlfriend which makes it very important. Any ideas? I'm running latest versions of MailScanner and SpamAssassin. MailScanner Whitelist Entry: From: suewbabe@cs.com yes Maillog: Jun 19 09:21:04 NDCSPAM sendmail[24723]: h5JEL3M4024723: from=, size=947, class=0, nrcpts=1, msgid=<133.21757f87.2c2320bc@cs.com>, proto=ESMTP, daemon=MTA, relay=imo-r02.mx.aol.com [152.163.225.98] Jun 19 09:21:04 NDCSPAM sendmail[24723]: h5JEL3M4024723: to=, delay=00:00:00, mailer=esmtp, pri=30443, stat=queued Jun 19 09:21:05 NDCSPAM MailScanner[23378]: New Batch: Scanning 1 messages, 1412 bytes Jun 19 09:21:05 NDCSPAM MailScanner[23378]: Spam Checks: Starting Jun 19 09:21:06 NDCSPAM MailScanner[23378]: Message h5JEL3M4024723 from 152.163.225.98 (cs.com) to ndc-inc.com is spam, SpamAssassin (score=5.2, required 4, BAYES_70, HTML_50_60, HTML_FONT_COLOR_UNSAFE, NO_REAL_NAME) Jun 19 09:21:06 NDCSPAM MailScanner[23378]: Spam Checks: Found 1 spam messages Message Header: Received: from imo-r02.mx.aol.com (imo-r02.mx.aol.com [152.163.225.98]) by NDCSPAM.spamgate.us (8.12.5/8.12.5) with ESMTP id h5JEL3M4024723 for >; Thu, 19 Jun 2003 09:21:04 -0500 Received: from SueWBabe@cs.com by imo-r02.mx.aol.com (mail_out_v36.3.) id s.133.21757f87 (4539) for >; Thu, 19 Jun 2003 10:20:45 -0400 (EDT) From: SueWBabe@cs.com Message-ID: <133.21757f87.2c2320bc@cs.com > Date: Thu, 19 Jun 2003 10:20:44 EDT Subject: Test To: jkeller@ndc-inc.com MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="part1_133.21757f87.2c2320bc_boundary" X-Mailer: 7.0 for Windows sub 8001 X-SpamGate: Found to be clean X-Message-is-Spam: spam, SpamAssassin (score=5.2, required 4, BAYES_70, HTML_50_60, HTML_FONT_COLOR_UNSAFE, NO_REAL_NAME) X-SpamGate-SpamScore: sssss Return-Path: SueWBabe@cs.com X-OriginalArrivalTime: 19 Jun 2003 14:17:38.0154 (UTC) FILETIME=[896E2CA0:01C3366D] Thanks, Damian From richard_cipher at YAHOO.COM Thu Jun 19 18:35:37 2003 From: richard_cipher at YAHOO.COM (Evert Ford) Date: Thu Jan 12 21:18:37 2006 Subject: Whitelist problem In-Reply-To: Message-ID: I would look at your 'MailScanner.conf' file and make sure it's pointing to the whitelist you are modifying. Also, make sure that the whitelist it is pointing at has the ending '.rules'. For example , in MailScanner.conf: Is Definitely Not Spam = /etc/MailScanner/rules/spam.whitelist.rules and then in /etc/MailScanner/rules/spam.whitelist.rules: From: suewbabe@cs.com yes Just my take on the situation. Your pathing may be different, depending on what system you are running it on. I am running MS on Redhat 7.2. I had a similar thing happen, and then i realized i left the 's' off of rules in 'spam.whitelist.rules' Evert Ford Computer Guy Westone Laboratories http://www.westone.com --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.483 / Virus Database: 279 - Release Date: 5/19/03 From mikea at MIKEA.ATH.CX Thu Jun 19 20:35:46 2003 From: mikea at MIKEA.ATH.CX (mikea) Date: Thu Jan 12 21:18:37 2006 Subject: unknown string spamassassin in language translation ? In-Reply-To: ; from copper_shotgun@HOTMAIL.COM on Tue, May 13, 2003 at 03:11:55PM +0100 References: Message-ID: <20030619143546.A21952@mikea.ath.cx> On Tue, May 13, 2003 at 03:11:55PM +0100, Richard Alexander wrote: > Everything seems to be okay, but i am receiving the following message in > my maillog: > > May 13 08:24:18 inet MailScanner[9485]: Looked up unknown string > spamassassin in language translation > file /etc/MailScanner/reports/en/languages.conf > > I couldn't find any posts mentioning the possible cause of this. And later you posted that you had found the problem. Care to share? TIA, -- Mike Andrews mikea@mikea.ath.cx Tired old sysadmin since 1964 From richard_cipher at YAHOO.COM Thu Jun 19 21:01:04 2003 From: richard_cipher at YAHOO.COM (Evert Ford) Date: Thu Jan 12 21:18:37 2006 Subject: unknown string spamassassin in language translation ? In-Reply-To: <20030619143546.A21952@mikea.ath.cx> Message-ID: Mike, I got this error also after I upgraded MailScanner on June 2. For me, at least, it went away when I swapped languages.conf with languages.conf.rpmnew. For those who aren't tired old sysadmins, i did the following: cd /etc/MailScanner/reports/en mv languages.conf languages.conf.old mv languages.conf.rpmnew languages.conf this, of course, doesn't take into account any custom changes people might make to languages.conf, which would have to be incorporated into the new 'languages.conf'. After a reload(service MailScanner reload) the error went away. Evert Ford Computer Guy Westone Laboratories http://www.westone.com -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of mikea Sent: Thursday, June 19, 2003 1:36 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: unknown string spamassassin in language translation ? On Tue, May 13, 2003 at 03:11:55PM +0100, Richard Alexander wrote: > Everything seems to be okay, but i am receiving the following message in > my maillog: > > May 13 08:24:18 inet MailScanner[9485]: Looked up unknown string > spamassassin in language translation > file /etc/MailScanner/reports/en/languages.conf > > I couldn't find any posts mentioning the possible cause of this. And later you posted that you had found the problem. Care to share? TIA, -- Mike Andrews mikea@mikea.ath.cx Tired old sysadmin since 1964 --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.483 / Virus Database: 279 - Release Date: 5/19/03 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.483 / Virus Database: 279 - Release Date: 5/19/03 From mikea at MIKEA.ATH.CX Thu Jun 19 21:04:12 2003 From: mikea at MIKEA.ATH.CX (mikea) Date: Thu Jan 12 21:18:37 2006 Subject: unknown string spamassassin in language translation ? In-Reply-To: ; from richard_cipher@YAHOO.COM on Thu, Jun 19, 2003 at 02:01:04PM -0600 References: <20030619143546.A21952@mikea.ath.cx> Message-ID: <20030619150412.B22129@mikea.ath.cx> On Thu, Jun 19, 2003 at 02:01:04PM -0600, Evert Ford wrote: > Mike, > > I got this error also after I upgraded MailScanner on June 2. For me, at > least, it went away when I swapped languages.conf with > languages.conf.rpmnew. > > For those who aren't tired old sysadmins, i did the following: > cd /etc/MailScanner/reports/en > mv languages.conf languages.conf.old > mv languages.conf.rpmnew languages.conf > > this, of course, doesn't take into account any custom changes people might > make to languages.conf, which would have to be incorporated into the new > 'languages.conf'. > > After a reload(service MailScanner reload) the error went away. Ah; the Linux way. I don't have the *.rpmnew files, since I'm running on FreeBSD. I just added "spamassassin" to the translation file, with a suitable translation. ;=). Thanks much. -- Mike Andrews mikea@mikea.ath.cx Tired old sysadmin since 1964 From cparker at SWATGEAR.COM Thu Jun 19 22:44:19 2003 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:18:37 2006 Subject: (mail == spam)?delete attachments:leave alone; Message-ID: <001BD19C96E6E64E8750D72C2EA0ECEE2B7C80@ati-ex-01.ati.local> Hi. Hopefully my subject line makes sense to everyone. I would like to know if MailScanner can be set up to remove attachments if the mail is identified as spam. I've received a lot of adware/spyware emails that are mostly identified as spam and they have .zip attachments, which by default are allowed through. I guess one way to do that would be if you can create a second attachment ruleset that would apply to spam emails. Any ideas? Chris. From lance at WARE.NET Thu Jun 19 23:19:08 2003 From: lance at WARE.NET (Lance Ware) Date: Thu Jan 12 21:18:37 2006 Subject: Outbound Mail Scanning Message-ID: <9F214F8D10934845A3664A21425C79FC6E6F30@dhcp5.ware.net> Is there a recommend way to setup Mail Scanner for outbound scanning? Specifically, I don't think we need spam scanning on the outbound, I'd also like to strip some headers if possible - or at least re-write the private IP and helo part which Outlook Express puts our local users machine name in. Any tips? Thanks, Lance -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030619/5ec649f9/attachment.html From mike at CAMAROSS.NET Thu Jun 19 23:31:22 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:18:37 2006 Subject: Outbound Mail Scanning In-Reply-To: <9F214F8D10934845A3664A21425C79FC6E6F30@dhcp5.ware.net> Message-ID: <001601c336b2$83a1bf40$9c01a8c0@home.middlefinger.net> In your MailScanner.conf, make Spam Checks = /etc/MailScanner/rules/your_ruleset.rule In your_ruleset.rule: From: *@your_domain.com no FromTo: default yes Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Lance Ware Sent: Thursday, June 19, 2003 5:19 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Outbound Mail Scanning Is there a recommend way to setup Mail Scanner for outbound scanning? Specifically, I don't think we need spam scanning on the outbound, I'd also like to strip some headers if possible - or at least re-write the private IP and helo part which Outlook Express puts our local users machine name in. Any tips? Thanks, Lance From smohan at VSNL.COM Fri Jun 20 04:20:31 2003 From: smohan at VSNL.COM (S Mohan) Date: Thu Jan 12 21:18:37 2006 Subject: Outbound Mail Scanning In-Reply-To: <001601c336b2$83a1bf40$9c01a8c0@home.middlefinger.net> Message-ID: <002301c336da$e8659e10$3b405bca@18yamuna> AFAIK, Mailscanner does not touch any header other than Subject. Header writing, IP address rewrites would be the MTA's job. Suggest you explore sendmail options and not Mailscanner. For avoiding spam scan, you can make a rule set by identifying From address containing your domain (assuming this is enforced). You can force your domain name in sendmail using masquerade facility. If not, you can try local IP in rules (I remember having seen IP address in rules somewhere). I may be wrong here. Mohan -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Lance Ware Sent: Thursday, June 19, 2003 5:19 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Outbound Mail Scanning Is there a recommend way to setup Mail Scanner for outbound scanning? Specifically, I don't think we need spam scanning on the outbound, I'd also like to strip some headers if possible - or at least re-write the private IP and helo part which Outlook Express puts our local users machine name in. Any tips? Thanks, Lance From forrie at FORRIE.COM Fri Jun 20 06:14:48 2003 From: forrie at FORRIE.COM (Forrest Aldrich) Date: Thu Jan 12 21:18:37 2006 Subject: Sendmail 8.12.x and MailScanner (rc.MailScanner) In-Reply-To: <5.2.0.9.2.20030619143043.056588a0@imap.ecs.soton.ac.uk> References: <036A6BCC9FD10749AD3CE32255AF49A6017CF5D5@dalsxc01.geniant. net> Message-ID: <5.2.1.1.2.20030620011308.03db4600@192.168.1.1> I'm about to upgrade our system from Sendmail-8.11.x to Sendmail-8.12.x. Curious about what different ways of configuring MailScanner are with this, in lieu of the fact that locally-submitted mail ends up in /var/spool/clientmqueue and inbound comes in to /var/spool/mqueue, etc. Forrest From evertjan at VANRAMSELAAR.NL Fri Jun 20 08:19:37 2003 From: evertjan at VANRAMSELAAR.NL (Evert Jan van Ramselaar) Date: Thu Jan 12 21:18:37 2006 Subject: [MailWatch for MS 0.2] Volume count in reports Message-ID: <28697.194.151.195.222.1056093577.squirrel@mail.vanramselaar.nl> Hi, (I hope we can still (ab)use this list for MailWatch related topics) Can the volume count in reports be changed from MB to KB? The mailflow on my mailserver isn't very big, so there are days where the total volume stays below 1MB, which makes the reports somewhat inaccurate. Counting in KBs would probably solve that for me. Maybe a user definable option in functions.php? Thanks. -- Evert Jan van Ramselaar Van Ramselaar Info Tech From raymond at PROLOCATION.NET Fri Jun 20 09:09:41 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:37 2006 Subject: [MailWatch for MS 0.2] Volume count in reports In-Reply-To: <28697.194.151.195.222.1056093577.squirrel@mail.vanramselaar.nl> Message-ID: Hi! > Can the volume count in reports be changed from MB to KB? > The mailflow on my mailserver isn't very big, so there are days where the > total volume stays below 1MB, which makes the reports somewhat inaccurate. > Counting in KBs would probably solve that for me. > > Maybe a user definable option in functions.php? Definable would be better i guess :) We do a around 15-20 gig mail or so daily currently. Bye, Raymond. From steve.freegard at LBSLTD.CO.UK Fri Jun 20 09:26:38 2003 From: steve.freegard at LBSLTD.CO.UK (Steve Freegard) Date: Thu Jan 12 21:18:37 2006 Subject: [MailWatch for MS 0.2] Volume count in reports Message-ID: <67D9E7698329D411936E00508B6590B902793D21@neelix.lbsltd.co.uk> Hi Evert/Raymond, There is already a format_mail_size function in functions.php which is used on the messages screens that automatically shows bytes, Kb, Mb, Gb or Tb as necessary. I'll convert the reports to use this function for the next version. Regards, Steve. -----Original Message----- From: Raymond Dijkxhoorn [mailto:raymond@PROLOCATION.NET] Sent: 20 June 2003 09:10 To: MAILSCANNER@JISCMAIL.AC.UK Hi! > Can the volume count in reports be changed from MB to KB? > The mailflow on my mailserver isn't very big, so there are days where the > total volume stays below 1MB, which makes the reports somewhat inaccurate. > Counting in KBs would probably solve that for me. > > Maybe a user definable option in functions.php? Definable would be better i guess :) We do a around 15-20 gig mail or so daily currently. Bye, Raymond. -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete the message from your mailbox. This footnote also confirms that this email message has been swept by MailScanner (www.mailscanner.info) for the presence of computer viruses. From evertjan at VANRAMSELAAR.NL Fri Jun 20 09:32:01 2003 From: evertjan at VANRAMSELAAR.NL (Evert Jan van Ramselaar) Date: Thu Jan 12 21:18:37 2006 Subject: [MailWatch for MS 0.2] Volume count in reports In-Reply-To: <67D9E7698329D411936E00508B6590B902793D21@neelix.lbsltd.co.uk> References: <67D9E7698329D411936E00508B6590B902793D21@neelix.lbsltd.co.uk> Message-ID: <45279.194.151.195.222.1056097921.squirrel@mail.vanramselaar.nl> Steve Freegard said: > There is already a format_mail_size function in functions.php which is > used > on the messages screens that automatically shows bytes, Kb, Mb, Gb or Tb > as > necessary. I'll convert the reports to use this function for the next > version. Great! Thanks Steve. I've been using MW4MS for some days now and I just love the interface. Keep up the good work! -- Evert Jan van Ramselaar Van Ramselaar Info Tech From maxsec at TOTALISE.CO.UK Fri Jun 20 10:10:25 2003 From: maxsec at TOTALISE.CO.UK (Martin Hepworth) Date: Thu Jan 12 21:18:37 2006 Subject: Outbound Mail Scanning In-Reply-To: <001601c336b2$83a1bf40$9c01a8c0@home.middlefinger.net> References: <001601c336b2$83a1bf40$9c01a8c0@home.middlefinger.net> Message-ID: <3EF2CF81.2070901@totalise.co.uk> hhmmm so how does this affect when from and to are @yourdomain.com. I've seen quite of spam where they use the lower priority MX and also send and from the recipient? The current product we use gets confused and sees it as 'from' out domain and therefore only applies outbound rules even though the message is itself inbound... -- Martin (at home) Mike Kercher wrote: > In your MailScanner.conf, make Spam Checks = > /etc/MailScanner/rules/your_ruleset.rule > > In your_ruleset.rule: > > From: *@your_domain.com no > FromTo: default yes > > Mike > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf > Of Lance Ware > Sent: Thursday, June 19, 2003 5:19 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Outbound Mail Scanning > > > > > Is there a recommend way to setup Mail Scanner for outbound scanning? > Specifically, I don't think we need spam scanning on the outbound, I'd also > like to strip some headers if possible - or at least re-write the private IP > and helo part which Outlook Express puts our local users machine name in. > Any tips? > Thanks, > Lance From Kevin.Spicer at BMRB.CO.UK Fri Jun 20 10:16:52 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:18:37 2006 Subject: Outbound Mail Scanning Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0EBF677@pascal.priv.bmrb.co.uk> Martin Hepworth wrote: > hhmmm > so how does this affect when from and to are @yourdomain.com. I've > seen quite of spam where they use the lower priority MX and also send > and from the recipient? The current product we use gets confused and > sees it as 'from' out domain and therefore only applies outbound > rules even though the message is itself inbound... You should, wherever possible, use IP addresses (or whole blocks of IP) to whitelist your internal servers (or clients if they send directly to the mail server) rather than From domains. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From mkipness at GENIANT.COM Fri Jun 20 13:49:09 2003 From: mkipness at GENIANT.COM (Max Kipness) Date: Thu Jan 12 21:18:37 2006 Subject: Random Hostnames? Message-ID: <036A6BCC9FD10749AD3CE32255AF49A6017CF5E4@dalsxc01.geniant.net> Has anybody dealt with spam email addresses like: 0w72ibo4i4w2@hotmail.com 59unzwyb2b@aol.com I figure if I add these to the blacklist it would do no good as these are probably randomly generated by some program. And as much as I'd like to ban the entire domains of aol.com and hotmail.com, I can't do this. Is there anyway of added something like regular expressions to pick out hostnames with patterns like this? Has anybody tackled this before? And if so, how. Thanks, Max -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030620/38c78bba/attachment.html From christopher.albert at MCGILL.CA Fri Jun 20 13:51:40 2003 From: christopher.albert at MCGILL.CA (chris albert) Date: Thu Jan 12 21:18:37 2006 Subject: Random Hostnames? In-Reply-To: <036A6BCC9FD10749AD3CE32255AF49A6017CF5E4@dalsxc01.geniant.net> References: <036A6BCC9FD10749AD3CE32255AF49A6017CF5E4@dalsxc01.geniant.net> Message-ID: <3EF3035C.3060501@mcgill.ca> Max Kipness wrote: > Has anybody dealt with spam email addresses like: > > 0w72ibo4i4w2@hotmail.com > 59unzwyb2b@aol.com > > I figure if I add these to the blacklist it would do no good as these > are probably randomly generated by some program. And as much as I'd > like to ban the entire domains of aol.com and hotmail.com, I can't do > this. > > Is there anyway of added something like regular expressions to pick > out hostnames with patterns like this? Has anybody tackled this > before? And if so, how. > > Thanks, > Max > Unfortunately, if they are random, the matching expression is * . I think you need to rely on SA to catch these kind of spam. Chris From Cleveland at MAIL.WINNEFOX.ORG Fri Jun 20 15:07:14 2003 From: Cleveland at MAIL.WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:18:37 2006 Subject: Should I install rpm or tarball of f-prot? Message-ID: <84CFA712F666B44A94CE6BE116BAF4B0B4EAA2@mail.winnefox.org> Hello all, I just purchased the Linux workstation version of f-prot. For downloading it, they offer a tarball and an rpm. I have redhat 9 installed on this server. As far as MailScanner goes, does it care if it's rpm or not? -- Jody Cleveland (cleveland@mail.winnefox.org) From raymond at PROLOCATION.NET Fri Jun 20 15:08:40 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:37 2006 Subject: Should I install rpm or tarball of f-prot? In-Reply-To: <84CFA712F666B44A94CE6BE116BAF4B0B4EAA2@mail.winnefox.org> Message-ID: Hi! > I just purchased the Linux workstation version of f-prot. For > downloading it, they offer a tarball and an rpm. I have redhat 9 > installed on this server. As far as MailScanner goes, does it care if > it's rpm or not? The RPM works just fine. The 4.x worked for me. Bye, Raymond. From zabriskw at ITECH.NET Fri Jun 20 15:21:49 2003 From: zabriskw at ITECH.NET (Kris Zabriskie) Date: Thu Jan 12 21:18:37 2006 Subject: sa-learn --rebuild Message-ID: <002701c33737$49ea59d0$0c02a8c0@itech.dom> When I try to run "sa-learn --rebuild" via crontab at midnight. I get this error: Failed to create default user preference file://.spamassassin/user_prefs ............................................................................ ............................................................................ .. expire_old_tokens: Out of memory during "large" request for 1052672 bytes, total sbrk() is 133331264 bytes at /usr/local/lib/perl5/site_perl/5.6.1/Mail/SpamAssassin/BayesStore.pm line 390. Does anyone have any ideas on what direction I should start looking in? As always, any help would greatly be appreciated. From mikew at CRUCIS.NET Fri Jun 20 16:00:55 2003 From: mikew at CRUCIS.NET (Mike Watson) Date: Thu Jan 12 21:18:37 2006 Subject: Should I install rpm or tarball of f-prot? In-Reply-To: <84CFA712F666B44A94CE6BE116BAF4B0B4EAA2@mail.winnefox.org> References: <84CFA712F666B44A94CE6BE116BAF4B0B4EAA2@mail.winnefox.org> Message-ID: <200306201000.59189.mikew@crucis.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday 20 June 2003 09:07 am, you wrote: > Hello all, > > I just purchased the Linux workstation version of f-prot. For > downloading it, they offer a tarball and an rpm. I have redhat 9 > installed on this server. As far as MailScanner goes, does it care if > it's rpm or not? I used the RPM and it worked just fine. Either should work for you. Mike W - -- Registered Linux - 256979 NRA Life ARS: W0TMW -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+8yGq5fq6h2uDDlQRAszfAKDNY1NqHAhiZg/S+npG/jQ+3h6j/QCg2tzc KnRcX1t63/BhGqsMwkqcZwo= =ICZh -----END PGP SIGNATURE----- From mailscanner at ecs.soton.ac.uk Fri Jun 20 15:25:42 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:37 2006 Subject: (mail == spam)?delete attachments:leave alone; In-Reply-To: <001BD19C96E6E64E8750D72C2EA0ECEE2B7C80@ati-ex-01.ati.local > Message-ID: <5.2.0.9.2.20030620152506.05527958@imap.ecs.soton.ac.uk> Cannot be easily done at the moment. You can turn the entire message into an attachment, so the final recipient users have to "click through" a warning message before they get to see the original message and its attachments. At 22:44 19/06/2003, you wrote: >Hi. > >Hopefully my subject line makes sense to everyone. > >I would like to know if MailScanner can be set up to remove attachments if >the mail is identified as spam. I've received a lot of adware/spyware >emails that are mostly identified as spam and they have .zip attachments, >which by default are allowed through. > >I guess one way to do that would be if you can create a second attachment >ruleset that would apply to spam emails. > >Any ideas? > > >Chris. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From steve.freegard at LBSLTD.CO.UK Fri Jun 20 16:21:59 2003 From: steve.freegard at LBSLTD.CO.UK (Steve Freegard) Date: Thu Jan 12 21:18:37 2006 Subject: Quarantine permissions Message-ID: <67D9E7698329D411936E00508B6590B902793D51@neelix.lbsltd.co.uk> Hi Julian, I've just been looking at putting a feature into MailWatch to release quarantined spam and/or blocked files that a few people have requested. I've still got a fair bit to do, but do have it working for the most part - but I have to manually keep chown/chmodding the quarantine files as root as Quarantine.pm creates the files/dirs mode 0700 root:root. To work correctly from MailWatch, ideally the dirs should be 0750 root:apache, and the files 0640 root:apache, but this will vary depending on people's local set-ups. Any chance that you could add a couple of options the MailScanner.conf to give the values for 'Quarantine Files Mode', 'Quarantine Dirs Mode' and 'Quarantine Owner/Group' or something similar? Kind regards, Steve -- Steve Freegard Systems Manager Littlehampton Book Services Ltd. Tel: +44 (0)1903 82 8594 Fax: +44 (0)1903 82 8620 -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete the message from your mailbox. This footnote also confirms that this email message has been swept by MailScanner (www.mailscanner.info) for the presence of computer viruses. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030620/0be5d91e/attachment.html From zabriskw at ITECH.NET Fri Jun 20 16:31:24 2003 From: zabriskw at ITECH.NET (Kris Zabriskie) Date: Thu Jan 12 21:18:38 2006 Subject: Quarantine permissions References: <67D9E7698329D411936E00508B6590B902793D51@neelix.lbsltd.co.uk> Message-ID: <00bf01c33741$024341f0$0c02a8c0@itech.dom> Steve, I am doing a VERY similar thing with PHP. It will retrieve e-mail from quarantine on a certain date. I am having trouble with the quarantine directory as well as the daily rotated out syslogs. I have been playing with a utility for Tru64 that allows you to set permissions, regardless of what something else tells it to be. You might want to see if your OS has an option like that. ----- Original Message ----- From: Steve Freegard To: MAILSCANNER@JISCMAIL.AC.UK Sent: Friday, June 20, 2003 11:21 AM Subject: Quarantine permissions Hi Julian, I've just been looking at putting a feature into MailWatch to release quarantined spam and/or blocked files that a few people have requested. I've still got a fair bit to do, but do have it working for the most part - but I have to manually keep chown/chmodding the quarantine files as root as Quarantine.pm creates the files/dirs mode 0700 root:root. To work correctly from MailWatch, ideally the dirs should be 0750 root:apache, and the files 0640 root:apache, but this will vary depending on people's local set-ups. Any chance that you could add a couple of options the MailScanner.conf to give the values for 'Quarantine Files Mode', 'Quarantine Dirs Mode' and 'Quarantine Owner/Group' or something similar? Kind regards, Steve -- Steve Freegard Systems Manager Littlehampton Book Services Ltd. Tel: +44 (0)1903 82 8594 Fax: +44 (0)1903 82 8620 -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete the message from your mailbox. This footnote also confirms that this email message has been swept by MailScanner (www.mailscanner.info) for the presence of computer viruses. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030620/486b4d28/attachment.html From AndreaC at GOTECH.IT Fri Jun 20 16:43:20 2003 From: AndreaC at GOTECH.IT (Andrea Cogliati) Date: Thu Jan 12 21:18:38 2006 Subject: MS Stress Test Message-ID: <463F0AFA3E2CEA4E807EC569C019E739140BB2@atlantis.gtub.corp> Guys, I have to carefully size the hardware for a MS installation and I'd like to set up a proper test environment. I'm looking for an SMTP stress test tool: any suggestion? Both Free software/Open source and Commercial solutions welcomed. Ciao, Andrea From vnarayan at HAVERFORD.EDU Fri Jun 20 16:45:16 2003 From: vnarayan at HAVERFORD.EDU (Vasantha Narayanan) Date: Thu Jan 12 21:18:38 2006 Subject: MailScanner processes die and don't restart Message-ID: <5.1.0.14.0.20030620113052.01a25be8@popmail.haverford.edu> Hi, We've 15 MailScanner processes running on our system. When a MailScanner process dies of old age, another one seems to restart almost immediately. But occasionally new ones don't seem to start after old one dies. And, even though I've "check_mailscanner" running in cron every 20 minutes, it has no effect, i.e, it does not start new processes because I think the "check_mailscanner" script is not designed to start MailScanner processes as long as some MailScanner processes are running. As a result what happens is, when such a situation arises, we've only about 3 MailScanner processes running and that is not enough to process all our mail. Hence a lot of mail gets held up in the incoming queue. To solve the problem, I've had to manually kill the remaining few MailScanner processes and then restart it using "check_mailscanner". But by then so much mail is in the queue that it takes a long time for the mail to get cleared resume normal mail processes. Is there a script that will keep track of how many processes are supposed to be running and if it is short of that, it will start that many more? Is there some other solution to this problem? Thanks. Vasantha From rc at ITSS.NERC.AC.UK Fri Jun 20 16:44:22 2003 From: rc at ITSS.NERC.AC.UK (Ron Campbell) Date: Thu Jan 12 21:18:38 2006 Subject: Quarantine permissions References: <67D9E7698329D411936E00508B6590B902793D51@neelix.lbsltd.co.uk> Message-ID: <3EF32BD6.1010804@itss.nerc.ac.uk> I changed the perms some time ago - changed the mkdir functions in Quarantine.pm and Message.pm so that directories are created with mode 755 instead of 700. also changed umask in mailscanner (Top level script) from 077 to 022 But it would be better to have it in Julian's source and a config option would also be nice. [Note we dont allow users near the box which runs MS.] Cheers ... Ron From carles at descom.es Fri Jun 20 16:54:30 2003 From: carles at descom.es (Carles Xavier Munyoz =?iso-8859-1?q?Bald=F3?=) Date: Thu Jan 12 21:18:38 2006 Subject: MS Stress Test In-Reply-To: <463F0AFA3E2CEA4E807EC569C019E739140BB2@atlantis.gtub.corp> References: <463F0AFA3E2CEA4E807EC569C019E739140BB2@atlantis.gtub.corp> Message-ID: <200306201754.37741.carles@descom.es> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 El Viernes, 20 de Junio de 2003 17:43, Andrea Cogliati escribi?: > I have to carefully size the hardware for a MS installation and I'd like > to > set up a proper test environment. I'm looking for an SMTP stress test > tool: > any suggestion? Hi, You may use the Postal/Rabid mail server benchmarks tools: http://sourceforge.net/projects/postal/ I used them to stress and test my email system (www.unlimitedmail.net) delivering millions of messages without any kind of problem. Greetings. - --- Carles Xavier Munyoz Bald? carles@unlimitedmail.org http://www.unlimitedmail.net/ - --- -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQA/AwUBPvMuNzvYAf7VZNaaEQIO5ACguRx8WvBzGzYxUHRlW8OzXVJ8M+MAoJp9 cr8rSA8E8DK6omY+iiAe77JE =B1bV -----END PGP SIGNATURE----- From mailscanner at ecs.soton.ac.uk Fri Jun 20 16:53:39 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:38 2006 Subject: MS Stress Test In-Reply-To: <463F0AFA3E2CEA4E807EC569C019E739140BB2@atlantis.gtub.corp> Message-ID: <5.2.0.9.2.20030620165036.03964630@imap.ecs.soton.ac.uk> I use an archive that I collected of several days worth of our real incoming mail traffic. I pump that from 1 server via SMTP into a test scanner server, which processes it and then sends it onto a 3rd server which sinks all the SMTP data it is sent. By varying the number of copies of the script the first server runs, I can vary the speed at which mail is sent to the test server. The first server measures the time taken for the whole test set to be transmitted and so produces a "messages per day" figure for each parallel process it runs. If the test server cannot handle the load, the queue starts growing as it can't keep up. It's not ideal by any means, but it's better than nothing and is based on real traffic. At 16:43 20/06/2003, you wrote: >Guys, > >I have to carefully size the hardware for a MS installation and I'd like >to >set up a proper test environment. I'm looking for an SMTP stress test >tool: >any suggestion? > >Both Free software/Open source and Commercial solutions welcomed. > >Ciao, > >Andrea -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Fri Jun 20 16:55:19 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:38 2006 Subject: MailScanner processes die and don't restart In-Reply-To: <5.1.0.14.0.20030620113052.01a25be8@popmail.haverford.edu> Message-ID: <5.2.0.9.2.20030620165420.046ca1f0@imap.ecs.soton.ac.uk> I have done some work on fixing this in the most recent versions, as this was proving to be a problem with Postfix. If the child processes didn't die nicely, they weren't being re-spawned. They now re-spawn regardless of how they die. That should have fixed this problem. At 16:45 20/06/2003, you wrote: >Hi, > >We've 15 MailScanner processes running on our system. When a MailScanner >process dies of old age, another one seems to restart almost >immediately. But occasionally new ones don't seem to start after old one >dies. And, even though I've "check_mailscanner" running in cron every 20 >minutes, it has no effect, i.e, it does not start new processes because I >think the "check_mailscanner" script is not designed to start MailScanner >processes as long as some MailScanner processes are running. As a result >what happens is, when such a situation arises, we've only about 3 >MailScanner processes running and that is not enough to process all our >mail. Hence a lot of mail gets held up in the incoming queue. To solve >the problem, I've had to manually kill the remaining few MailScanner >processes and then restart it using "check_mailscanner". But by then so >much mail is in the queue that it takes a long time for the mail to get >cleared resume normal mail processes. > >Is there a script that will keep track of how many processes are supposed >to be running and if it is short of that, it will start that many >more? Is there some other solution to this problem? > >Thanks. > >Vasantha -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From joan.bryan at KCL.AC.UK Fri Jun 20 17:06:45 2003 From: joan.bryan at KCL.AC.UK (Joan Bryan) Date: Thu Jan 12 21:18:38 2006 Subject: MailScanner processes die and don't restart In-Reply-To: <5.1.0.14.0.20030620113052.01a25be8@popmail.haverford.edu> References: <5.1.0.14.0.20030620113052.01a25be8@popmail.haverford.edu> Message-ID: Hello I just run a daily script to check the number of mailscanner processes running, below, and just restart mailscanner manually, if I get a message. I think it is mainly malformed messages that cause the mailscanner processes to die, and I haven't had any of these for ages and we have over 250k messages daily. #!/bin/sh # Check certain processes for falling over on mailserver UTILDIR=/usr/local/utils cd $UTILDIR ps -ef >t1 # # Check number of child mailscanners running # NOMSCANNERS=`grep "/usr/local/MailScanner/lib" t1 | wc | awk '{ print $1 }'` NOMSCANNERSREQ=`grep Child /usr/local/MailScanner/etc/MailScanner.conf | awk -F" " '{ print $4}'` if [ $NOMSCANNERS -lt $NOMSCANNERSREQ ]; then /usr/ucb/mail -s "Not enough mailscanners:$NOMSCANNERS available" sysadmin@kcl.ac.uk wrote: > Hi, > > We've 15 MailScanner processes running on our system. When a MailScanner > process dies of old age, another one seems to restart almost > immediately. But occasionally new ones don't seem to start after old one > dies. And, even though I've "check_mailscanner" running in cron every 20 > minutes, it has no effect, i.e, it does not start new processes because I > think the "check_mailscanner" script is not designed to start MailScanner > processes as long as some MailScanner processes are running. As a result > what happens is, when such a situation arises, we've only about 3 > MailScanner processes running and that is not enough to process all our > mail. Hence a lot of mail gets held up in the incoming queue. To solve > the problem, I've had to manually kill the remaining few MailScanner > processes and then restart it using "check_mailscanner". But by then so > much mail is in the queue that it takes a long time for the mail to get > cleared resume normal mail processes. > > Is there a script that will keep track of how many processes are supposed > to be running and if it is short of that, it will start that many > more? Is there some other solution to this problem? > > Thanks. > > Vasantha ---------------------- Joan Bryan Unix Systems Administrator Information Systems Telephone: +44 (0) 20 7848 2671 mailto:joan.bryan@kcl.ac.uk From raymond at PROLOCATION.NET Fri Jun 20 17:15:19 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:38 2006 Subject: MailScanner processes die and don't restart In-Reply-To: <5.2.0.9.2.20030620165420.046ca1f0@imap.ecs.soton.ac.uk> Message-ID: Hi! > was proving to be a problem with Postfix. If the child processes didn't die > nicely, they weren't being re-spawned. They now re-spawn regardless of how > they die. That should have fixed this problem. > >Is there a script that will keep track of how many processes are supposed > >to be running and if it is short of that, it will start that many > >more? Is there some other solution to this problem? Is someone else also seeing this, as i do, when i do a reload or service restart that all mailscanners get a defunc ... ? Or is this ment to be ? :) Bye, Raymond. From raymond at PROLOCATION.NET Fri Jun 20 17:16:44 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:38 2006 Subject: MS Stress Test In-Reply-To: <5.2.0.9.2.20030620165036.03964630@imap.ecs.soton.ac.uk> Message-ID: Hi! > I pump that from 1 server via SMTP into a test scanner server, which > processes it and then sends it onto a 3rd server which sinks all the SMTP > data it is sent. > By varying the number of copies of the script the first server runs, I can > vary the speed at which mail is sent to the test server. But in 'real' situations server load is also the slow connections of outside servers and so on, so there must be more then just a how-much-can-i-pump-in-an-hour :)) bye, Raymond. From symedeot at YAHOO.FR Fri Jun 20 17:09:26 2003 From: symedeot at YAHOO.FR (Sylvain MEDEOT) Date: Thu Jan 12 21:18:38 2006 Subject: MailScanner issue with postfix Message-ID: Hi, I am setting up MailScanner on a Mandrake 7.2 mail server with Postfix. I followed step by step the installation procedure (/etc/postfix, /etc/postfix.in, modifications of main.cf and master.cf). This is not the first mail server I am protecting with MailScanner... But this is the oldest one since I had no problems with newest releases of Mandrake... This server is running postfix-19991231_pl08-5mdk. After the installation of MailScanner (everything fine) with McAfee, I can send and receive mails as usually... But, the mails are never scanned... Nothing special in the logs : Jun 20 17:51:19 intranet MailScanner[1182]: MailScanner E-Mail Virus Scanner version 4.21-9 starting... Jun 20 17:51:19 intranet MailScanner[1182]: Using locktype = flock If I try manually to run /var/lib/MailScanner/mcafee-wrapper eicar.com, it works... But the mails are never scanned ! In fact, I am sure that this script is never called by MailScanner since I replaced it with a different one to trace what was really happening... Of course, /etc/MailScanner/MailScanner.conf includes the following lines : Virus Scanning = yes Virus Scanners = mcafee and /usr/lib/MailScanner/mcafee-wrapper is pointing to PackageDir=/usr/local/uvscan prog=uvscan # `basename $0` datDIR=$PackageDir ls /usr/local/uvscan -l gives the following : drwxr-xr-x 2 postfix root 4096 jun 20 09:54 4272/ lrwxrwxrwx 1 postfix root 14 jun 20 09:54 clean.dat -> 4272/clean.dat -r--r--r-- 1 postfix root 10469 jun 20 09:17 contact.txt -r--r--r-- 1 postfix root 466306 jun 20 09:17 e4240upg.pdf lrwxrwxrwx 1 postfix root 17 jun 20 09:54 internet.dat -> 4272/internet.dat lrwxrwxrwx 1 postfix root 15 jun 20 09:17 liblnxfv.so - > ./liblnxfv.so.4* -r-xr-xr-x 1 postfix root 2593332 jun 20 09:17 liblnxfv.so.4* -r--r--r-- 1 postfix root 1056 jun 20 09:17 license.dat -r--r--r-- 1 postfix root 1705 jun 20 09:17 license.txt -r--r--r-- 1 postfix root 37721 jun 20 09:17 messages.dat lrwxrwxrwx 1 postfix root 14 jun 20 09:54 names.dat -> 4272/names.dat -r--r--r-- 1 postfix root 16222 jun 20 09:17 readme.txt lrwxrwxrwx 1 postfix root 13 jun 20 09:54 scan.dat -> 4272/scan.dat -r--r--r-- 1 postfix root 5546 jun 20 09:17 signlic.txt -r-xr-xr-x 1 postfix root 6342 jun 20 09:18 uninstall-uvscan* -r-xr-xr-x 1 postfix root 126711 jun 20 09:17 uvscan* -r--r--r-- 1 postfix root 13385 jun 20 09:18 uvscan.1 Any idea ? Many thanks in advance, Sylvain MEDEOT Ville de Pontoise - France From mailscanner at ecs.soton.ac.uk Fri Jun 20 17:17:55 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:38 2006 Subject: MailScanner processes die and don't restart In-Reply-To: References: <5.2.0.9.2.20030620165420.046ca1f0@imap.ecs.soton.ac.uk> Message-ID: <5.2.0.9.2.20030620171709.100230d0@imap.ecs.soton.ac.uk> At 17:15 20/06/2003, you wrote: >Hi! > > > was proving to be a problem with Postfix. If the child processes didn't die > > nicely, they weren't being re-spawned. They now re-spawn regardless of how > > they die. That should have fixed this problem. > > > >Is there a script that will keep track of how many processes are supposed > > >to be running and if it is short of that, it will start that many > > >more? Is there some other solution to this problem? > >Is someone else also seeing this, as i do, when i do a reload or service >restart that all mailscanners get a defunc ... ? Or is this ment to be ? You should see a load defunct for about 5 to 10 seconds, at which point they should disappear. While they are defunct, the parent process is cleaning up after them so it leaves your filesystem nice and tidy. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Fri Jun 20 17:20:16 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:38 2006 Subject: MailScanner issue with postfix In-Reply-To: Message-ID: <5.2.0.9.2.20030620171931.1002ecb0@imap.ecs.soton.ac.uk> But is it actually picking up the messages and then putting them in the outgoing queue? Or is it leaving them in the incoming queue (/var/spool/postfix.in/deferred) and never collecting them? At 17:09 20/06/2003, you wrote: >Hi, > >I am setting up MailScanner on a Mandrake 7.2 mail server with Postfix. I >followed step by step the installation procedure >(/etc/postfix, /etc/postfix.in, modifications of main.cf and master.cf). > >This is not the first mail server I am protecting with MailScanner... But >this is the oldest one since I had no problems with newest releases of >Mandrake... > >This server is running postfix-19991231_pl08-5mdk. After the installation >of MailScanner (everything fine) with McAfee, I can send and receive mails >as usually... But, the mails are never scanned... > >Nothing special in the logs : >Jun 20 17:51:19 intranet MailScanner[1182]: MailScanner E-Mail Virus >Scanner version 4.21-9 starting... >Jun 20 17:51:19 intranet MailScanner[1182]: Using locktype = flock > >If I try manually to run /var/lib/MailScanner/mcafee-wrapper eicar.com, it >works... But the mails are never scanned ! > >In fact, I am sure that this script is never called by MailScanner since I >replaced it with a different one to trace what was really happening... > >Of course, /etc/MailScanner/MailScanner.conf includes the following lines : > >Virus Scanning = yes >Virus Scanners = mcafee > >and /usr/lib/MailScanner/mcafee-wrapper is pointing to > >PackageDir=/usr/local/uvscan >prog=uvscan # `basename $0` >datDIR=$PackageDir > >ls /usr/local/uvscan -l gives the following : > >drwxr-xr-x 2 postfix root 4096 jun 20 09:54 4272/ >lrwxrwxrwx 1 postfix root 14 jun 20 09:54 clean.dat -> >4272/clean.dat >-r--r--r-- 1 postfix root 10469 jun 20 09:17 contact.txt >-r--r--r-- 1 postfix root 466306 jun 20 09:17 e4240upg.pdf >lrwxrwxrwx 1 postfix root 17 jun 20 09:54 internet.dat -> >4272/internet.dat >lrwxrwxrwx 1 postfix root 15 jun 20 09:17 liblnxfv.so - > > ./liblnxfv.so.4* >-r-xr-xr-x 1 postfix root 2593332 jun 20 09:17 liblnxfv.so.4* >-r--r--r-- 1 postfix root 1056 jun 20 09:17 license.dat >-r--r--r-- 1 postfix root 1705 jun 20 09:17 license.txt >-r--r--r-- 1 postfix root 37721 jun 20 09:17 messages.dat >lrwxrwxrwx 1 postfix root 14 jun 20 09:54 names.dat -> >4272/names.dat >-r--r--r-- 1 postfix root 16222 jun 20 09:17 readme.txt >lrwxrwxrwx 1 postfix root 13 jun 20 09:54 scan.dat -> >4272/scan.dat >-r--r--r-- 1 postfix root 5546 jun 20 09:17 signlic.txt >-r-xr-xr-x 1 postfix root 6342 jun 20 09:18 uninstall-uvscan* >-r-xr-xr-x 1 postfix root 126711 jun 20 09:17 uvscan* >-r--r--r-- 1 postfix root 13385 jun 20 09:18 uvscan.1 > >Any idea ? > >Many thanks in advance, > >Sylvain MEDEOT >Ville de Pontoise - France -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From raymond at PROLOCATION.NET Fri Jun 20 17:26:33 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:38 2006 Subject: MailScanner processes die and don't restart In-Reply-To: <5.2.0.9.2.20030620171709.100230d0@imap.ecs.soton.ac.uk> Message-ID: Hi! > >Is someone else also seeing this, as i do, when i do a reload or service > >restart that all mailscanners get a defunc ... ? Or is this ment to be ? > You should see a load defunct for about 5 to 10 seconds, at which point > they should disappear. While they are defunct, the parent process is > cleaning up after them so it leaves your filesystem nice and tidy. Okay! So it wont loose mail either when i see a defunc ... Thanks for explaining. bye, Raymond. From mailscanner at ecs.soton.ac.uk Fri Jun 20 17:28:34 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:38 2006 Subject: MailScanner processes die and don't restart In-Reply-To: References: <5.2.0.9.2.20030620171709.100230d0@imap.ecs.soton.ac.uk> Message-ID: <5.2.0.9.2.20030620172727.052b79b0@imap.ecs.soton.ac.uk> At 17:26 20/06/2003, you wrote: >Hi! > > > >Is someone else also seeing this, as i do, when i do a reload or service > > >restart that all mailscanners get a defunc ... ? Or is this ment to be ? > > > You should see a load defunct for about 5 to 10 seconds, at which point > > they should disappear. While they are defunct, the parent process is > > cleaning up after them so it leaves your filesystem nice and tidy. > >Okay! So it wont loose mail either when i see a defunc ... No, it won't. >Thanks for explaining. It's extremely difficult for MailScanner to actually lose mail. It never ever takes overall responsibility for a message. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From vnarayan at HAVERFORD.EDU Fri Jun 20 19:37:41 2003 From: vnarayan at HAVERFORD.EDU (Vasantha Narayanan) Date: Thu Jan 12 21:18:38 2006 Subject: MailScanner processes die and don't restart In-Reply-To: <5.2.0.9.2.20030620165420.046ca1f0@imap.ecs.soton.ac.uk> References: <5.1.0.14.0.20030620113052.01a25be8@popmail.haverford.edu> Message-ID: <5.1.0.14.0.20030620143534.019f3bf0@popmail.haverford.edu> Thanks. I'll get the most recent version. In the interim I'll use Joan Bryan's script. Vasantha At 04:55 PM 6/20/2003 +0100, you wrote: >I have done some work on fixing this in the most recent versions, as this >was proving to be a problem with Postfix. If the child processes didn't die >nicely, they weren't being re-spawned. They now re-spawn regardless of how >they die. That should have fixed this problem. > >At 16:45 20/06/2003, you wrote: >>Hi, >> >>We've 15 MailScanner processes running on our system. When a MailScanner >>process dies of old age, another one seems to restart almost >>immediately. But occasionally new ones don't seem to start after old one >>dies. And, even though I've "check_mailscanner" running in cron every 20 >>minutes, it has no effect, i.e, it does not start new processes because I >>think the "check_mailscanner" script is not designed to start MailScanner >>processes as long as some MailScanner processes are running. As a result >>what happens is, when such a situation arises, we've only about 3 >>MailScanner processes running and that is not enough to process all our >>mail. Hence a lot of mail gets held up in the incoming queue. To solve >>the problem, I've had to manually kill the remaining few MailScanner >>processes and then restart it using "check_mailscanner". But by then so >>much mail is in the queue that it takes a long time for the mail to get >>cleared resume normal mail processes. >> >>Is there a script that will keep track of how many processes are supposed >>to be running and if it is short of that, it will start that many >>more? Is there some other solution to this problem? >> >>Thanks. >> >>Vasantha > >-- >Julian Field >www.MailScanner.info >MailScanner thanks transtec Computers for their support From carl.boberg at NRM.SE Fri Jun 20 19:35:29 2003 From: carl.boberg at NRM.SE (Carl Boberg) Date: Thu Jan 12 21:18:38 2006 Subject: MailWatch regexp f-secure Message-ID: <1056134129.3ef353f193194@webmail.nrm.se> FYI: Regexp for F-Secure Anti-Virus for i386-linux Release 4.15 define(VIRUS_REGEX, '/Iinfection: (\S+)/'); Yes, it is logging with a big i in "Iinfection". I wonder why? I think the newer F-Secure versions loggs a bit different though... I love this new interface :-) Keep up the good work! / Carl From support at INVICTANET.CO.UK Fri Jun 20 21:16:37 2003 From: support at INVICTANET.CO.UK (InvictaNet Customer Support) Date: Thu Jan 12 21:18:38 2006 Subject: No subject Message-ID: http://nl2.vnunet.com/News/1141756 The bit that really makes me laugh is: "The Committee also gave the FTC, which blames the worst varieties of spam on overseas spammers, the greater powers that it demanded to track down offenders." Overseas spammers? - They all operate from the us don't they? Martyn Routley ----------------------------------------------------------------- InvictaNet - The Internet in Plain English, Guaranteed http://www.invictanet.co.uk martyn@support.invictanet.co.uk phone: 08707 440180 fax: 08707 440181 Ask us about our online Antivirus and Junk mail scanning service ----------------------------------------------------------------- From mkettler at EVI-INC.COM Fri Jun 20 21:42:23 2003 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:18:38 2006 Subject: (FTC, spammers, US vs overseas) In-Reply-To: Message-ID: <5.2.1.1.0.20030620163840.018bc4c8@xanadu.evi-inc.com> I hope you don't mind that I added a subject... posting subject-less emails to a mailing list is kind of a pet peeve of mine.. At 09:16 PM 6/20/2003 +0100, InvictaNet Customer Support wrote: >Overseas spammers? - They all operate from the us don't they? I don't know.. I'm a US resident and I question wether or not Boca Raton, Florida can be reasonably considered to be part of the US :) From daniel at ZAJD.COM Sat Jun 21 01:32:43 2003 From: daniel at ZAJD.COM (Daniel Zajd) Date: Thu Jan 12 21:18:38 2006 Subject: MailWatch and McAfee Message-ID: I just have to say, Great work!! But I need some help. How should the expression for McAfee look like? The log look like this: Jun 21 02:15:54 mail2 MailScanner[6710]: New Batch: Scanning 1 messages, 62658 bytes Jun 21 02:15:54 mail2 MailScanner[6710]: Spam Checks: Starting Jun 21 02:16:00 mail2 MailScanner[6710]: Virus and Content Scanning: Starting Jun 21 02:16:03 mail2 MailScanner[6710]: McAfee said "/dev/shm/6710/h5L0FoD9006755/dr.scr" Jun 21 02:16:03 mail2 MailScanner[6710]: McAfee said " Found the W32/Ganda@MM virus !!!" Jun 21 02:16:03 mail2 MailScanner[6710]: /h5L0FoD9006755/dr.scr Found the W32/Ganda@MM virus !!! Jun 21 02:16:04 mail2 MailScanner[6710]: Virus Scanning: McAfee found 1 infections Jun 21 02:16:04 mail2 MailScanner[6710]: Virus Scanning: Found 1 viruses Jun 21 02:16:04 mail2 MailScanner[6710]: Filename Checks: Possible virus hidden in a screensaver (dr.scr) And MailWatch show: Report: /h5L0FoD9006755/dr.scr Found the W32/Ganda@MM virus !!! Windows Screensavers are often used to hide viruses (dr.scr) //Daniel Zajd Mailsystem Sweden -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030621/ba360b40/attachment.html From tgfurnish at HERFF-JONES.COM Sat Jun 21 01:57:31 2003 From: tgfurnish at HERFF-JONES.COM (Trever Furnish) Date: Thu Jan 12 21:18:38 2006 Subject: $reportword In-Reply-To: <5.2.0.9.2.20030619123906.054bac18@imap.ecs.soton.ac.uk> References: <5.2.0.9.2.20030619123906.054bac18@imap.ecs.soton.ac.uk> Message-ID: <3EF3AD7B.1010409@herff-jones.com> Is there somewhere that little fixes such as this one are being noted in a list? I caught this one and saved the message, but this particular fix isn't in the 4.21-9 version I downloaded off the site today. I'm just wondering if there are others that I should know about ... is the list archive the only means of figuring out the answer to that question? -t. Julian Field wrote: > Message.pm line 2007. > Change > my $rept = join(' $reportword: ', @everyrept); > to > my $rept = join(" $reportword: ", @everyrept); > > Sorry about that. > > At 11:44 19/06/2003, you wrote: > >Hello there, > > > >I'm using the latest stable version (RPM) with Sophos and F-Prot on > Redhat 8. > >Isn't $reportword supposed to be substituted by something in this > report? > > > > > >The following e-mail messages were found to have viruses in them: > > > > Sender: membership@iprimus.com.au > >IP Address: 203.21.133.123 > > Recipient: xxxxxxxx > > Subject: Thanks for registering > > MessageID: h5JADKRX012423 > > Report: Found dangerous IFrame tag in HTML message > > $reportword: >>> Virus 'W32/Bugbear-Dam' found in file > >./h5JADKRX012423/septic letter.doc.exe > > > /var/spool/MailScanner/incoming/27671/./h5JADKRX012423/septic > >letter.doc.exe Infection: W32/Bugbear.B@mm (corrupted) > > Executable DOS/Windows programs are dangerous in email > (septic > >letter.doc.exe) > > > >-- > > Evert Jan van Ramselaar > > Van Ramselaar Info Tech > > -- > Julian Field > www.MailScanner.info > MailScanner thanks transtec Computers for their support > From tgfurnish at HERFF-JONES.COM Sat Jun 21 04:21:18 2003 From: tgfurnish at HERFF-JONES.COM (Trever Furnish) Date: Thu Jan 12 21:18:38 2006 Subject: suggested sa install notes update: turn off iptables Message-ID: <3EF3CF2E.50505@herff-jones.com> I'm sure this is something I would have been aware of if I weren't doing an initial, crash-through-it-as-fast-as-possible install of MailScanner + SpamAssassin and had actually take the time to properly understand spamassassin, but that's what I'm doing, so... Make test for spamassassin (at least the 'stable' version, 2.55), will fail if the system is sufficiently locked down with iptables or ipchains. The initial spamc test takes a long, long time, then the spamc_B test fails with "Not found: spamflag = X-Spam-Flag: YES", then the spamc_c test hangs, then... well then I got bored and killed it, so I dunno. But /sbin/iptables/stop allows the tests to complete. Guess now I'm going to have to actually go read up on spamassassin to see what the heck it needs. :-) But it might be useful for you to add a note suggesting the reader turn off iptables/ipchains in the install guide located here: http://www.sng.ecs.soton.ac.uk/mailscanner/install/spamassassin.shtml -t. From symedeot at YAHOO.FR Sat Jun 21 06:16:19 2003 From: symedeot at YAHOO.FR (Sylvain MEDEOT) Date: Thu Jan 12 21:18:38 2006 Subject: MailScanner issue with postfix Message-ID: Hi, Well, that may be the problem. How can I check that ? Anyway, if the messages are not put in the outgoing queue, can they be delivered anyway ? By looking into /var/spool/postfix and /var/spool/postfix.in, I've also seen that I have in both a subdirectory (postfix-postfix.in)/deferred and (postfix-postfix.in)/defer... Is it normal ? If I delete them, they are created again when postfix starts... I tried to replace in MailScanner.conf the line Incoming Queue Dir = /var/spool/postfix.in/deferred by Incoming Queue Dir = /var/spool/postfix.in/defer but no success... I think is it picking up the messages and then putting them in the outgoing queue since Sylvain MEDEOT Ville de Pontoise On Fri, 20 Jun 2003 17:20:16 +0100, Julian Field wrote: >But is it actually picking up the messages and then putting them in the >outgoing queue? >Or is it leaving them in the incoming queue >(/var/spool/postfix.in/deferred) and never collecting them? > >At 17:09 20/06/2003, you wrote: >>Hi, >> >>I am setting up MailScanner on a Mandrake 7.2 mail server with Postfix. I >>followed step by step the installation procedure >>(/etc/postfix, /etc/postfix.in, modifications of main.cf and master.cf). >> >>This is not the first mail server I am protecting with MailScanner... But >>this is the oldest one since I had no problems with newest releases of >>Mandrake... >> >>This server is running postfix-19991231_pl08-5mdk. After the installation >>of MailScanner (everything fine) with McAfee, I can send and receive mails >>as usually... But, the mails are never scanned... >> >>Nothing special in the logs : >>Jun 20 17:51:19 intranet MailScanner[1182]: MailScanner E-Mail Virus >>Scanner version 4.21-9 starting... >>Jun 20 17:51:19 intranet MailScanner[1182]: Using locktype = flock >> >>If I try manually to run /var/lib/MailScanner/mcafee-wrapper eicar.com, it >>works... But the mails are never scanned ! >> >>In fact, I am sure that this script is never called by MailScanner since I >>replaced it with a different one to trace what was really happening... >> >>Of course, /etc/MailScanner/MailScanner.conf includes the following lines : >> >>Virus Scanning = yes >>Virus Scanners = mcafee >> >>and /usr/lib/MailScanner/mcafee-wrapper is pointing to >> >>PackageDir=/usr/local/uvscan >>prog=uvscan # `basename $0` >>datDIR=$PackageDir >> >>ls /usr/local/uvscan -l gives the following : >> >>drwxr-xr-x 2 postfix root 4096 jun 20 09:54 4272/ >>lrwxrwxrwx 1 postfix root 14 jun 20 09:54 clean.dat -> >>4272/clean.dat >>-r--r--r-- 1 postfix root 10469 jun 20 09:17 contact.txt >>-r--r--r-- 1 postfix root 466306 jun 20 09:17 e4240upg.pdf >>lrwxrwxrwx 1 postfix root 17 jun 20 09:54 internet.dat -> >>4272/internet.dat >>lrwxrwxrwx 1 postfix root 15 jun 20 09:17 liblnxfv.so - >> > ./liblnxfv.so.4* >>-r-xr-xr-x 1 postfix root 2593332 jun 20 09:17 liblnxfv.so.4* >>-r--r--r-- 1 postfix root 1056 jun 20 09:17 license.dat >>-r--r--r-- 1 postfix root 1705 jun 20 09:17 license.txt >>-r--r--r-- 1 postfix root 37721 jun 20 09:17 messages.dat >>lrwxrwxrwx 1 postfix root 14 jun 20 09:54 names.dat -> >>4272/names.dat >>-r--r--r-- 1 postfix root 16222 jun 20 09:17 readme.txt >>lrwxrwxrwx 1 postfix root 13 jun 20 09:54 scan.dat -> >>4272/scan.dat >>-r--r--r-- 1 postfix root 5546 jun 20 09:17 signlic.txt >>-r-xr-xr-x 1 postfix root 6342 jun 20 09:18 uninstall-uvscan* >>-r-xr-xr-x 1 postfix root 126711 jun 20 09:17 uvscan* >>-r--r--r-- 1 postfix root 13385 jun 20 09:18 uvscan.1 >> >>Any idea ? >> >>Many thanks in advance, >> >>Sylvain MEDEOT >>Ville de Pontoise - France > >-- >Julian Field >www.MailScanner.info >MailScanner thanks transtec Computers for their support From raymond at PROLOCATION.NET Sat Jun 21 08:25:28 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:38 2006 Subject: $reportword In-Reply-To: <3EF3AD7B.1010409@herff-jones.com> Message-ID: Hi! That will be in the NEXT stabile release... On Fri, 20 Jun 2003, Trever Furnish wrote: > Is there somewhere that little fixes such as this one are being noted in > a list? I caught this one and saved the message, but this particular > fix isn't in the 4.21-9 version I downloaded off the site today. I'm > just wondering if there are others that I should know about ... is the > list archive the only means of figuring out the answer to that question? > > -t. > > > Julian Field wrote: > > > Message.pm line 2007. > > Change > > my $rept = join(' $reportword: ', @everyrept); > > to > > my $rept = join(" $reportword: ", @everyrept); > > > > Sorry about that. > > > > At 11:44 19/06/2003, you wrote: > > >Hello there, > > > > > >I'm using the latest stable version (RPM) with Sophos and F-Prot on > > Redhat 8. > > >Isn't $reportword supposed to be substituted by something in this > > report? > > > > > > > > >The following e-mail messages were found to have viruses in them: > > > > > > Sender: membership@iprimus.com.au > > >IP Address: 203.21.133.123 > > > Recipient: xxxxxxxx > > > Subject: Thanks for registering > > > MessageID: h5JADKRX012423 > > > Report: Found dangerous IFrame tag in HTML message > > > $reportword: >>> Virus 'W32/Bugbear-Dam' found in file > > >./h5JADKRX012423/septic letter.doc.exe > > > > > /var/spool/MailScanner/incoming/27671/./h5JADKRX012423/septic > > >letter.doc.exe Infection: W32/Bugbear.B@mm (corrupted) > > > Executable DOS/Windows programs are dangerous in email > > (septic > > >letter.doc.exe) > > > > > >-- > > > Evert Jan van Ramselaar > > > Van Ramselaar Info Tech > > > > -- > > Julian Field > > www.MailScanner.info > > MailScanner thanks transtec Computers for their support > > > From raymond at PROLOCATION.NET Sat Jun 21 08:30:28 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:38 2006 Subject: [clamav-announce] Clam AntiVirus 0.60 (fwd) Message-ID: FYI. I'll test later on today if the current wrapper still works :) ---------- Forwarded message ---------- Date: Sat, 21 Jun 2003 05:36:06 +0200 (CEST) From: Tomasz Kojm Reply-To: announce@clamav.elektrapro.com To: announce@clamav.elektrapro.com Subject: [clamav-announce] Clam AntiVirus 0.60 0.60 ---- Hello again... This is a new, (very?) stable release of Clam AntiVirus. 0.60 was developed and stabilized for over seven months and many people had contributed to the final release. This version introduces many enhancements and a new program: clamav-milter written by ClamAV developer Nigel Horne. This is a mail scanner for Sendmail/milter written entirely in C, which uses clamd for virus scanning. Clamav-milter and clamd duet is a powerful solution for systems where high performance is required. Please check clamdoc for more detail. Many people get confused with ClamAV database status because of the OpenAntiVirus update information at: http://openantivirus.org/latest.php (last update at 17 October, 2002). The ClamAV virus database contains the OAV database (with some signatures fixed or removed) but we develop it independently of the OAV project. Our database is updated frequently (on average 4-5 times a week). You can help (or join) us - will find some basic but useful instructions at http://clamav.elektrapro.com/doc/signatures.pdf News from ClamAV world: -) New email address for virus submitting: virus@clamav.elektrapro.com You don't need to encrypt a virus sample, but if your system doesn't allow you to send infected files just put it into an encrypted zip archive (password: virus) Special thanks to Nicholas Chua, Diego D'Ambra, Hrvoje Habjanic, Nigel Kukard and Chris van Meerendonk for a big number of samples submitted. -) New mailing list: virusdb@clamav.elektrapro.com After each update an email with subject "[clamav-virusdb] Update" and a list of viruses added is sent to it. You can set up a procmail rule for freshclam to react on such a mails (and update the database just after an update). -) New official mirrors: + clamav.ozforces.com: database mirror updated manually (thanks to Andrew ) + clamav.essentkabel.com: full (automatic) mirror of clamav.elektrapro.com (thanks to Chris van Meerendonk ) + clamav.linux-sxs.org: database mirror - rsync from clamav.ozforces.com (thanks to Douglas J Hunley ) Freshclam will automatically use them when the main server is not accessible. -) Official port in FreeBSD available ! (maintained by Masahiro Teramoto ) -) Unofficial port for OpenBSD is available at: http://www.activeintra.net/openbsd/article.php?id=5 (maintained by Flinn Mueller ) -) there are many new programs that use ClamAV, eg. mod_clamav (Apache virus scanning filter), clamdmail or Sagator. You will find more info in clamdoc. Changes: -) libclamav: + fixed buffer overflow in unrarlib (patch by Robbert Kouprie ) + various mbox code updates (fixed memory leak; added support for decoding viruses sent in message bodies, detection of viruses that put their payloads after the end of message marker (thanks to Stephen White for the bug report and useful CGI tools); + zziplib updated to 0.10.81 (some problems with older version were reported by Martin Schitter) + direct scanning of mbox/maildir files (new directive CL_MAIL) + file scanner optimization (patch by Hendrik Muhs ) + bzip2 support + faster detection of malformed Zip archives (eg. 'Zip of Death'), they are reported as a viruses + fixed strcasecmp() compile problem in zziplib on Free/NetBSD and others -) clamd: + fixed descriptor leak in directory scanner - it was causing random clamd crashes and locks, especially on highly loaded servers. Reported by Kristof Petr . + fixed crash with archive scanning on BSD (increased thread stack size) (Nigel Horne) + fixed CONTSCAN command (used by clamdscan) - it had archive support disabled (hardcoded) + fixed SelfCheck option (there was a logic bug, and the option was disabled) it now checks a databases time stamps and reloads them if needed. + fixed possible writing to undefined descriptors (bug found by Brian May ) + new STREAM command (scanning data on socket) and directives: StreamSaveToDisk (save stream to disk to allow scanning within archives), StreamMaxLength. This option allows scanning data on socket (might be sent from another host), currently only clamav-milter uses this. + new ScanMail directive for scanning into mbox/Maildir files + new directive: ArchiveLimitMemoryUsage (limit memory usage with bzip2) + new directive: AllowSupplementaryGroups (feature requested by Exiscan users) + syslog support (LogSyslog) (patch by Hrvoje Habjanic ) + fixed parser segfault with extra space between option and argument in config file (Magnus Ekdahl ) -) clamscan: + fixed --remove option (didn't work when the file was scanned with an internal unpacker) (patch by Damien Curtain ) + --move option for moving infected files into a specified directory (by Damien Curtain ) + --mbox enables a direct support for mbox files (ex. clamscan --mbox /var/spool/mail) + fixed --log (-l) option + fixed -i option (patch by Magnus Ekdahl ) + enabled default archive limits (max-files = 500, max-size = 10M, max-recursion = 5) + use arj instead of non-free unarj (patch by Magnus Ekdahl) + use unzoo instead of non-free zoo (patch by Magnus Ekdahl) + removed thread support freshclam: + mirror support (implemented by Damien Curtain ) + --proxy-user: proxy authorization support (implemented by Gernot Tenchio ) + new options --on-error-execute, --on-update-execute (ex. freshclam -d -c 6 --on-error-execute "sendsms 23332243 Can't update virus database"). Idea by Douglas J Hunley configure: + --disable-cr (don't link with C reentrant library (needed on some newer versions of OpenBSD)) -) Enhanced AIX (thanks to Mike Loewen ) and Tru64 support (thanks to Christophe Varoqui ) -) documentation: + included how-to in Portugese by Alexandre de Jesus Marcolino + clamdoc.pdf and system manual updates Many thanks to Luca 'NERvOus' Gibelli from ElektraPro for his support, to Ken McKittrick from USA DataNet for a fully accessible FreeBSD box and to mailing list subscribers for a constructive discussions. -- Tomasz Kojm June 21, 2003 Best regards, Tomasz Kojm -- oo ..... zolw@konarski.edu.pl (\/)\......... http://www.konarski.edu.pl/~zolw \..........._ I nie zapomnij kliknac w brzuszek... //\ /\\ <- C. Amboinensis www.pajacyk.pl --------------------------------------------------------------------- To unsubscribe, e-mail: announce-unsubscribe@clamav.elektrapro.com For additional commands, e-mail: announce-help@clamav.elektrapro.com From ryanb at AACRAO.ORG Sat Jun 21 08:39:23 2003 From: ryanb at AACRAO.ORG (Ryan Bingham) Date: Thu Jan 12 21:18:38 2006 Subject: OT: "greylisting" - looking for opinions Message-ID: <00be01c337c8$3c511700$f8240340@kh06s9> Sorry to crosspost for those of you who are on the SAtalk list, but I'd be interested to get your opinions on the concept of "greylisting" as a spamfighting tool (I apologize also if this has been brought up on the list before). To summarize, it involves initially rejecting an SMTP session from an unknown source (this is oversimplifying -- it's rather more that the entire SMTP session is "unfamiliar") in the expectation that a legitimate SMTP host will try again a short time later while a spamming host will not. Here's a link to a fuller treatment: http://projects.puremagic.com/greylisting/ Ryan -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030621/61c457ca/attachment.html From mailscanner at ecs.soton.ac.uk Sat Jun 21 08:35:13 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:38 2006 Subject: $reportword In-Reply-To: <3EF3AD7B.1010409@herff-jones.com> References: <5.2.0.9.2.20030619123906.054bac18@imap.ecs.soton.ac.uk> <5.2.0.9.2.20030619123906.054bac18@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030621083204.042ad0b0@imap.ecs.soton.ac.uk> I produce a new stable version once a month, that incorporates all previous fixes. I also produce unstable beta versions during the month, pretty much as and when I want to. This is only a cosmetic bugfix so I'm not going to rush out a fixed version, I've got better things to do :-) By the way, there probably won't be a new version at the start of August as I'm spending most of July travelling across Canada (without email, hurray! ;-> At 01:57 21/06/2003, you wrote: >Is there somewhere that little fixes such as this one are being noted in >a list? I caught this one and saved the message, but this particular >fix isn't in the 4.21-9 version I downloaded off the site today. I'm >just wondering if there are others that I should know about ... is the >list archive the only means of figuring out the answer to that question? > >-t. > > >Julian Field wrote: > >>Message.pm line 2007. >>Change >> my $rept = join(' $reportword: ', @everyrept); >>to >> my $rept = join(" $reportword: ", @everyrept); >> >>Sorry about that. >> >>At 11:44 19/06/2003, you wrote: >> >Hello there, >> > >> >I'm using the latest stable version (RPM) with Sophos and F-Prot on >>Redhat 8. >> >Isn't $reportword supposed to be substituted by something in this >>report? >> > >> > >> >The following e-mail messages were found to have viruses in them: >> > >> > Sender: membership@iprimus.com.au >> >IP Address: 203.21.133.123 >> > Recipient: xxxxxxxx >> > Subject: Thanks for registering >> > MessageID: h5JADKRX012423 >> > Report: Found dangerous IFrame tag in HTML message >> > $reportword: >>> Virus 'W32/Bugbear-Dam' found in file >> >./h5JADKRX012423/septic letter.doc.exe >> > >>/var/spool/MailScanner/incoming/27671/./h5JADKRX012423/septic >> >letter.doc.exe Infection: W32/Bugbear.B@mm (corrupted) >> > Executable DOS/Windows programs are dangerous in email >>(septic >> >letter.doc.exe) >> > >> >-- >> > Evert Jan van Ramselaar >> > Van Ramselaar Info Tech >> >>-- >>Julian Field >>www.MailScanner.info >>MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Sat Jun 21 08:36:46 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:38 2006 Subject: suggested sa install notes update: turn off iptables In-Reply-To: <3EF3CF2E.50505@herff-jones.com> Message-ID: <5.2.1.1.2.20030621083539.042c6e48@imap.ecs.soton.ac.uk> MailScanner doesn't ever use spamc or spamd, so I always skip those tests anyway: perl Makefile.PL make rm t/spamc* rm t/spamd* make test make install At 04:21 21/06/2003, you wrote: >I'm sure this is something I would have been aware of if I weren't doing >an initial, crash-through-it-as-fast-as-possible install of MailScanner >+ SpamAssassin and had actually take the time to properly understand >spamassassin, but that's what I'm doing, so... > >Make test for spamassassin (at least the 'stable' version, 2.55), will >fail if the system is sufficiently locked down with iptables or >ipchains. The initial spamc test takes a long, long time, then the >spamc_B test fails with "Not found: spamflag = X-Spam-Flag: YES", then >the spamc_c test hangs, then... well then I got bored and killed it, so >I dunno. > >But /sbin/iptables/stop allows the tests to complete. Guess now I'm >going to have to actually go read up on spamassassin to see what the >heck it needs. :-) > >But it might be useful for you to add a note suggesting the reader turn >off iptables/ipchains in the install guide located here: > >http://www.sng.ecs.soton.ac.uk/mailscanner/install/spamassassin.shtml > >-t. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Sat Jun 21 08:38:58 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:38 2006 Subject: MailScanner issue with postfix In-Reply-To: Message-ID: <5.2.1.1.2.20030621083722.042acac0@imap.ecs.soton.ac.uk> At 06:16 21/06/2003, you wrote: >Hi, > >Well, that may be the problem. How can I check that ? Anyway, if the >messages are not put in the outgoing queue, can they be delivered anyway ? Do a du -ks /var/spool/postfix.in/deferred and du -ks /var/spool/postfix/incoming and see where all the files are. >By looking into /var/spool/postfix and /var/spool/postfix.in, I've also >seen that I have in both a subdirectory (postfix-postfix.in)/deferred and >(postfix-postfix.in)/defer... Is it normal ? If I delete them, they are >created again when postfix starts... Yes, "defer" is different from "deferred". >I tried to replace in MailScanner.conf the line >Incoming Queue Dir = /var/spool/postfix.in/deferred > >by > >Incoming Queue Dir = /var/spool/postfix.in/defer I guarantee that won't work, that's why the install instructions tell you to use "deferred". >I think is it picking up the messages and then putting them in the >outgoing queue since since? >Sylvain MEDEOT >Ville de Pontoise > >On Fri, 20 Jun 2003 17:20:16 +0100, Julian Field > wrote: > > >But is it actually picking up the messages and then putting them in the > >outgoing queue? > >Or is it leaving them in the incoming queue > >(/var/spool/postfix.in/deferred) and never collecting them? > > > >At 17:09 20/06/2003, you wrote: > >>Hi, > >> > >>I am setting up MailScanner on a Mandrake 7.2 mail server with Postfix. I > >>followed step by step the installation procedure > >>(/etc/postfix, /etc/postfix.in, modifications of main.cf and master.cf). > >> > >>This is not the first mail server I am protecting with MailScanner... But > >>this is the oldest one since I had no problems with newest releases of > >>Mandrake... > >> > >>This server is running postfix-19991231_pl08-5mdk. After the installation > >>of MailScanner (everything fine) with McAfee, I can send and receive mails > >>as usually... But, the mails are never scanned... > >> > >>Nothing special in the logs : > >>Jun 20 17:51:19 intranet MailScanner[1182]: MailScanner E-Mail Virus > >>Scanner version 4.21-9 starting... > >>Jun 20 17:51:19 intranet MailScanner[1182]: Using locktype = flock > >> > >>If I try manually to run /var/lib/MailScanner/mcafee-wrapper eicar.com, it > >>works... But the mails are never scanned ! > >> > >>In fact, I am sure that this script is never called by MailScanner since I > >>replaced it with a different one to trace what was really happening... > >> > >>Of course, /etc/MailScanner/MailScanner.conf includes the following >lines : > >> > >>Virus Scanning = yes > >>Virus Scanners = mcafee > >> > >>and /usr/lib/MailScanner/mcafee-wrapper is pointing to > >> > >>PackageDir=/usr/local/uvscan > >>prog=uvscan # `basename $0` > >>datDIR=$PackageDir > >> > >>ls /usr/local/uvscan -l gives the following : > >> > >>drwxr-xr-x 2 postfix root 4096 jun 20 09:54 4272/ > >>lrwxrwxrwx 1 postfix root 14 jun 20 09:54 clean.dat -> > >>4272/clean.dat > >>-r--r--r-- 1 postfix root 10469 jun 20 09:17 contact.txt > >>-r--r--r-- 1 postfix root 466306 jun 20 09:17 e4240upg.pdf > >>lrwxrwxrwx 1 postfix root 17 jun 20 09:54 internet.dat -> > >>4272/internet.dat > >>lrwxrwxrwx 1 postfix root 15 jun 20 09:17 liblnxfv.so - > >> > ./liblnxfv.so.4* > >>-r-xr-xr-x 1 postfix root 2593332 jun 20 09:17 liblnxfv.so.4* > >>-r--r--r-- 1 postfix root 1056 jun 20 09:17 license.dat > >>-r--r--r-- 1 postfix root 1705 jun 20 09:17 license.txt > >>-r--r--r-- 1 postfix root 37721 jun 20 09:17 messages.dat > >>lrwxrwxrwx 1 postfix root 14 jun 20 09:54 names.dat -> > >>4272/names.dat > >>-r--r--r-- 1 postfix root 16222 jun 20 09:17 readme.txt > >>lrwxrwxrwx 1 postfix root 13 jun 20 09:54 scan.dat -> > >>4272/scan.dat > >>-r--r--r-- 1 postfix root 5546 jun 20 09:17 signlic.txt > >>-r-xr-xr-x 1 postfix root 6342 jun 20 09:18 uninstall-uvscan* > >>-r-xr-xr-x 1 postfix root 126711 jun 20 09:17 uvscan* > >>-r--r--r-- 1 postfix root 13385 jun 20 09:18 uvscan.1 > >> > >>Any idea ? > >> > >>Many thanks in advance, > >> > >>Sylvain MEDEOT > >>Ville de Pontoise - France > > > >-- > >Julian Field > >www.MailScanner.info > >MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Sat Jun 21 08:47:12 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:38 2006 Subject: OT: "greylisting" - looking for opinions In-Reply-To: <00be01c337c8$3c511700$f8240340@kh06s9> Message-ID: <5.2.1.1.2.20030621084520.04302ec8@imap.ecs.soton.ac.uk> This can't really be done with MailScanner as it does not involve itself in the SMTP service at all. There are already plenty of programs out there which are very good at doing this (ie. the MTAs) so I don't want to try to write my own. MailScanner is only involved once the entire message has been collected and queued. At 08:39 21/06/2003, you wrote: >Sorry to crosspost for those of you who are on the SAtalk list, but I'd be >interested to get your opinions on the concept of "greylisting" as a >spamfighting tool (I apologize also if this has been brought up on the >list before). To summarize, it involves initially rejecting an SMTP >session from an unknown source (this is oversimplifying -- it's rather >more that the entire SMTP session is "unfamiliar") in the expectation that >a legitimate SMTP host will try again a short time later while a spamming >host will not. > >Here's a link to a fuller treatment: > >http://projects.puremagic.com/greylisting/ > >Ryan -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030621/4e3610c6/attachment.html From ryanb at AACRAO.ORG Sat Jun 21 08:55:43 2003 From: ryanb at AACRAO.ORG (Ryan Bingham) Date: Thu Jan 12 21:18:38 2006 Subject: OT: "greylisting" - looking for opinions References: <5.2.1.1.2.20030621084520.04302ec8@imap.ecs.soton.ac.uk> Message-ID: <00e001c337ca$84bbfda0$f8240340@kh06s9> Julian wrote: >> This can't really be done with MailScanner as it does not >> involve itself in the SMTP service at all. >> There are already plenty of programs out there which >> are very good at doing this (ie. the MTAs) so I don't >> want to try to write my own. MailScanner is only >> involved once the entire message has been collected and queued. I don't know Julian, I think I'm probably not alone in thinking that you could write a pretty kickass MTA. :-) In any case, I wasn't proposing it as a MailScanner feature, but just wondering what people on here thought of the concept of "greylisting" in general. There seems to be something not quite right about it which I can't put my finger on. Off to Canada, eh? Ryan -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030621/5531c929/attachment.html From kevins at BMRB.CO.UK Sat Jun 21 10:13:34 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:38 2006 Subject: OT: "greylisting" - looking for opinions In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB001175A10@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB001175A10@pascal.priv.bmrb.co.uk> Message-ID: <1056186822.31508.8.camel@bach.kevinspicer.co.uk> >On Sat, 2003-06-21 at 08:39, Ryan Bingham wrote: >Sorry to crosspost for those of you who are on the SAtalk list, but I'd >be interested to get your opinions on the concept of "greylisting" as >a spamfighting tool (I apologize also if this has been brought up on >the list before). To summarize, it involves initially rejecting an >SMTP session from an unknown source (this is oversimplifying -- it's >rather more that the entire SMTP session is "unfamiliar") in the > expectation that a legitimate SMTP host will try again a short time >later while a spamming host will not. This was covered in some depth yesterday on Slashdot.org. As I see it there are two problems, the initial hour delay for the first message with a given 'triplet' (try explaining to users that email isn't instant!) and the ease with which the system could be circumvented [ For example a spam tool could make two passes through its list, an hour or so apart, just doing a HELO, MAIL and RCPT then aborting on the first run, because this doesn't send any mail its unlikely to get added to any blacklists until its into the second run, this would entirely defeat greylisting as far as I can see ]. I think it may be a useful short-term approach but is likely to only be successful for a short time. My other concern is that running it with SA would dramatically reduce the amount of spam that the Bayes filter gets to learn from, so it might even result in more spam getting through.:( BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From raymond at PROLOCATION.NET Sat Jun 21 13:08:36 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:38 2006 Subject: [clamav-announce] Clam AntiVirus 0.60 (fwd) In-Reply-To: Message-ID: H! > 0.60 > ---- Seems fine. Installed it on two of my boxes, and its catching up virusses... Also the auto update is running ok: Checking for a new database - started at Sat Jun 21 14:04:10 2003 viruses.db is up to date. Database updated (containing in total 7847 signatures). Database updated from mirror clamav.ozforces.com. It also can update from one of the mirrors now (automaticly) and thats nice since the main site isnt exactly what you call stabil :) Bye, Raymond. From support at INVICTANET.CO.UK Sun Jun 22 09:47:09 2003 From: support at INVICTANET.CO.UK (InvictaNet Customer Support) Date: Thu Jan 12 21:18:38 2006 Subject: FW: Urgent Message-ID: This is a new one on me! What is interesting is that SA only gives it 2.6 Martyn Routley ----------------------------------------------------------------- InvictaNet - The Internet in Plain English, Guaranteed http://www.invictanet.co.uk martyn@support.invictanet.co.uk phone: 08707 440180 fax: 08707 440181 Ask us about our online Antivirus and Junk mail scanning service ----------------------------------------------------------------- -----Original Message----- From: jlawman@macmail.com [mailto:jlawman@macmail.com] Sent: 21 June 2003 15:13 To: jlaw@themail.com Subject: Urgent Dear Friend. As you read this, I don't want you to feel sorry for me, because, I believe everyone will die someday. My name is James S. Lawman, a merchant . I have been diagnosed with Esophageal cancer which was discovered very late, due to my laxity in carrying for my health. It has defiled all forms of medicine, and right now I have only about a few months to live, according to medical experts. I have not particularly lived my life so well, as I never really cared for anyone not even myself but my business. Though I am very rich, I was never generous, I was always hostile to people and only focus on my business as that was the only thing I cared for. But now I regret all this as I now know that there is more to life than just wanting to have or make all the money in the world. I believe when God gives me a second chance to come to this world I would live my life a different way from how I have lived it. Now that God ! has called me, I have willed and given most of my properties and assets to my immediate and extended family members and as well as a few close friends. I want God to be merciful to me and accept my soul and so, I have decided to give alms to charity organizations, as I want this to be one of the last good deeds I do on earth. So far, I have distributed money to some charity organizations in the U.A.E, Algeria and Malaysia. Now that my health has deteriorated so badly, I cannot do this my self any more. I once asked members of my family to close one of my accounts and distribute the money which I have there to charity organization in Bulgaria and Pakistan, they refused and kept the money to themselves. Hence, I do not trust them anymore, as they seem not to be contended with what I have left for them. The last of my money which no one knows of is the huge cash deposit of twenty four million dollars that I have with a security company in Europe. I will want you to help me collect this deposit and dispatched it to charity organizations.email me at jlawman@balita.com I have set aside 10% for you for your time and patience. God be with you. James S. Lawman X-MailScanner-SpamCheck: not spam, SpamAssassin (score=2.6, required 5, DEAR_FRIEND, DEAR_SOMEBODY, NO_REAL_NAME, SPAM_PHRASE_02_03) X-MailScanner-SpamScore: ss From denis at CROOMBS.ORG Sun Jun 22 09:53:14 2003 From: denis at CROOMBS.ORG (Denis Croombs) Date: Thu Jan 12 21:18:38 2006 Subject: Deleting Spam Message-ID: <008201c3389b$b7c2d030$85b8fea9@Laptop> Is there any way of deleting Spam that has been marked as spam by Mailscanner as I do with SpamAssassin ? Thanks Denis From evertjan at VANRAMSELAAR.NL Sun Jun 22 10:18:01 2003 From: evertjan at VANRAMSELAAR.NL (Evert Jan van Ramselaar) Date: Thu Jan 12 21:18:38 2006 Subject: Deleting Spam In-Reply-To: <008201c3389b$b7c2d030$85b8fea9@Laptop> References: <008201c3389b$b7c2d030$85b8fea9@Laptop> Message-ID: <3EF57449.1000106@vanramselaar.nl> Denis Croombs wrote: > Is there any way of deleting Spam that has been marked as spam by > Mailscanner as I do with SpamAssassin ? In MailScanner.conf: # What to do with spam # -------------------- # # This is a list of actions to take when a message is spam. # It can be any combination of the following: # deliver - deliver the message as normal # delete - delete the message # store - store the message in the quarantine # bounce - send a rejection message back to the sender # forward user@domain.com - forward a copy of the message to user@domain.com # striphtml - convert all in-line HTML content to plain text. # You need to specify "deliver" as well for the # message to reach the original recipient. # attachment - Convert the original message into an attachment # of the message. This means the user has to take # an extra step to open the spam, and stops "web # bugs" very effectively. # # Note that the bounce message is created in such a way as to stop it # bouncing back to your site. # # This can also be the filename of a ruleset. #Spam Actions = store forward anonymous@ecs.soton.ac.uk bounce Spam Actions = deliver striphtml High Scoring Spam Actions = delete -- Evert Jan van Ramselaar Van Ramselaar Info Tech From raymond at PROLOCATION.NET Sun Jun 22 10:18:30 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:38 2006 Subject: Deleting Spam In-Reply-To: <008201c3389b$b7c2d030$85b8fea9@Laptop> Message-ID: Hi! > Is there any way of deleting Spam that has been marked as spam by > Mailscanner as I do with SpamAssassin ? Did you ever had a look in the config yet ? # This is a list of actions to take when a message is spam. # It can be any combination of the following: # deliver - deliver the message as normal # delete - delete the message # store - store the message in the quarantine # bounce - send a rejection message back to the sender # forward user@domain.com - forward a copy of the message to user@domain.com # striphtml - convert all in-line HTML content to plain text. # - You need to specify "deliver" as well for the # - message to reach the original recipient. # # Note that the bounce message is created in such a way as to stop it # bouncing back to your site. # # This can also be the filename of a ruleset. #Spam Actions = store forward anonymous@ecs.soton.ac.uk bounce Spam Actions = deliver Bye, Raymond. From mike at ZANKER.ORG Sun Jun 22 10:32:08 2003 From: mike at ZANKER.ORG (Mike Zanker) Date: Thu Jan 12 21:18:38 2006 Subject: FW: Urgent In-Reply-To: References: Message-ID: <52396781.1056277928@jemima.zanker.org> On 22 June 2003 09:47 +0100 InvictaNet Customer Support wrote: > This is a new one on me! > What is interesting is that SA only gives it 2.6 Please don't forward spam to the list. It's off topic for a start and can get you into people's blacklists if it reaches their thresholds. Mike. From support at INVICTANET.CO.UK Sun Jun 22 11:45:47 2003 From: support at INVICTANET.CO.UK (InvictaNet Customer Support) Date: Thu Jan 12 21:18:38 2006 Subject: FW: Urgent In-Reply-To: <52396781.1056277928@jemima.zanker.org> Message-ID: Mike Personally, I didn't think it was off topic - Guess what, I wouldn't have sent it if I thought it was. AFAIK there isn't a charter for this list. Perhaps Julian would like to consider one (or tell me where it is if there is one). If it gets me into someone's blacklist with one sending at a score of only 2.6, I probably don't want to send email to them again anyway. Your reply scored 2.2 - Should I put you in my blacklist? Martyn Routley ----------------------------------------------------------------- InvictaNet - The Internet in Plain English, Guaranteed http://www.invictanet.co.uk martyn@support.invictanet.co.uk phone: 08707 440180 fax: 08707 440181 Ask us about our online Antivirus and Junk mail scanning service ----------------------------------------------------------------- -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Mike Zanker Sent: 22 June 2003 10:32 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: FW: Urgent On 22 June 2003 09:47 +0100 InvictaNet Customer Support wrote: > This is a new one on me! > What is interesting is that SA only gives it 2.6 Please don't forward spam to the list. It's off topic for a start and can get you into people's blacklists if it reaches their thresholds. Mike. ------------------------------------------------- This message has been scanned for viruses and dangerous content by the http://www.anti84787.com MailScanner, and is believed to be clean. ------------------------------------------------- From mailscanner at ecs.soton.ac.uk Sun Jun 22 12:02:01 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:38 2006 Subject: FW: Urgent In-Reply-To: References: <52396781.1056277928@jemima.zanker.org> Message-ID: <5.2.1.1.2.20030622115749.023c1180@imap.ecs.soton.ac.uk> Now now, people. The correct mailing list for discussing SpamAssassin scores on particular messages is the satalk list run from Sourceforge. You will find plenty of people there willing to contribute their thoughts on how that message might be detected as spam in current and future versions of SpamAssassin. At 11:45 22/06/2003, you wrote: >Mike > >Personally, I didn't think it was off topic - Guess what, I wouldn't have >sent it if I thought it was. > >AFAIK there isn't a charter for this list. Perhaps Julian would like to >consider one (or tell me where it is if there is one). > >If it gets me into someone's blacklist with one sending at a score of only >2.6, I probably don't want to send email to them again anyway. > >Your reply scored 2.2 - Should I put you in my blacklist? > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >Behalf Of Mike Zanker >Sent: 22 June 2003 10:32 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: FW: Urgent > > >On 22 June 2003 09:47 +0100 InvictaNet Customer Support > wrote: > > > This is a new one on me! > > What is interesting is that SA only gives it 2.6 > >Please don't forward spam to the list. It's off topic for a start and >can get you into people's blacklists if it reaches their thresholds. > >Mike. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From rich at MAIL.WVNET.EDU Sun Jun 22 17:14:09 2003 From: rich at MAIL.WVNET.EDU (Richard Lynch) Date: Thu Jan 12 21:18:38 2006 Subject: HTML forms in e-mail Message-ID: <1056298449.1634.14.camel@localhost.localdomain> I have a couple of cases where people received spoofed e-mail messages containing forms for them to fill out credit card information. These messages appeared to be legitimate (e.g. from Earthlink or PayPal) asking the receiver to confirm the credit card info (including their ATM PIN number). Careful examination showed that the target IP addresses for the form action was not Earthlink or PayPal. These were fraudulent attempts at getting someone's credit card information. I'd like to disallow this sort of thing in e-mail. I could possibly code a spamassassin rule to trap
directives and mark it as spam or something like that. What I'd really like to do is alter the message such that it is rendered harmless by disabling the submit button or removing the directive. What would be the best approach to do this? Maybe a custom function? These are e-mail security threats and MailScanner seems the appropriate place to deal with them. I expect we'll start seeing more and more of this type of scam. Any ideas? Thanks. -- Richard Lynch From mailscanner at ecs.soton.ac.uk Sun Jun 22 17:55:47 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:38 2006 Subject: HTML forms in e-mail In-Reply-To: <1056298449.1634.14.camel@localhost.localdomain> Message-ID: <5.2.1.1.2.20030622174955.02523e98@imap.ecs.soton.ac.uk> It would be better (and probably more easily) done as an extension to SweepContent.pm. If you copy the call to FindExternalBody around line 122, you can add a call to a new function called something like "FindForms". Or else what would be easier is to add another parameter to FindMicrosoftExploits() to say whether forms are allowed or not. All you then need to do is edit SearchHTMLBody() around line 279. Adding another test to that is pretty simple. Let me know how you get on. At 17:14 22/06/2003, you wrote: >I have a couple of cases where people received spoofed e-mail messages >containing forms for them to fill out credit card information. These >messages appeared to be legitimate (e.g. from Earthlink or PayPal) >asking the receiver to confirm the credit card info (including their ATM >PIN number). Careful examination showed that the target IP addresses >for the form action was not Earthlink or PayPal. These were fraudulent >attempts at getting someone's credit card information. > >I'd like to disallow this sort of thing in e-mail. I could possibly >code a spamassassin rule to trap directives and mark it >as spam or something like that. What I'd really like to do is alter the >message such that it is rendered harmless by disabling the submit button >or removing the directive. What would be the best >approach to do this? Maybe a custom function? These are e-mail >security threats and MailScanner seems the appropriate place to deal >with them. I expect we'll start seeing more and more of this type of >scam. Any ideas? Thanks. > >-- >Richard Lynch -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Sun Jun 22 18:33:52 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:38 2006 Subject: Translation request Message-ID: <5.2.1.1.2.20030622183204.0252d9c0@imap.ecs.soton.ac.uk> I have added code to detect HTML "Form" tags in messages. When found, it produces a new report line in the replacement message. The "Form" tags can also be stripped out. Please can you translate this for me: Found a Form in HTML message Thanks! -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Sun Jun 22 18:54:04 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:38 2006 Subject: HTML forms in e-mail -- new 4.22-2 In-Reply-To: <5.2.1.1.2.20030622174955.02523e98@imap.ecs.soton.ac.uk> References: <1056298449.1634.14.camel@localhost.localdomain> Message-ID: <5.2.1.1.2.20030622185236.0238b4c8@imap.ecs.soton.ac.uk> Sounds a really good idea, and it has virtually no load impact at all (it's just 1 regexp lookup). I have just posted version 4.22-2 which includes an "Allow Form Tags" configuration option. Enjoy! At 17:55 22/06/2003, you wrote: >It would be better (and probably more easily) done as an extension to >SweepContent.pm. >If you copy the call to FindExternalBody around line 122, you can add a >call to a new function called something like "FindForms". > >Or else what would be easier is to add another parameter to >FindMicrosoftExploits() to say whether forms are allowed or not. >All you then need to do is edit SearchHTMLBody() around line 279. Adding >another test to that is pretty simple. > >Let me know how you get on. > >At 17:14 22/06/2003, you wrote: >>I have a couple of cases where people received spoofed e-mail messages >>containing forms for them to fill out credit card information. These >>messages appeared to be legitimate (e.g. from Earthlink or PayPal) >>asking the receiver to confirm the credit card info (including their ATM >>PIN number). Careful examination showed that the target IP addresses >>for the form action was not Earthlink or PayPal. These were fraudulent >>attempts at getting someone's credit card information. >> >>I'd like to disallow this sort of thing in e-mail. I could possibly >>code a spamassassin rule to trap directives and mark it >>as spam or something like that. What I'd really like to do is alter the >>message such that it is rendered harmless by disabling the submit button >>or removing the directive. What would be the best >>approach to do this? Maybe a custom function? These are e-mail >>security threats and MailScanner seems the appropriate place to deal >>with them. I expect we'll start seeing more and more of this type of >>scam. Any ideas? Thanks. >> >>-- >>Richard Lynch > >-- >Julian Field >www.MailScanner.info >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From Janssen at RZ.UNI-FRANKFURT.DE Sun Jun 22 19:05:08 2003 From: Janssen at RZ.UNI-FRANKFURT.DE (Michael Janssen) Date: Thu Jan 12 21:18:38 2006 Subject: Translation request - german In-Reply-To: <5.2.1.1.2.20030622183204.0252d9c0@imap.ecs.soton.ac.uk> Message-ID: On Sun, 22 Jun 2003, Julian Field wrote: > I have added code to detect HTML "Form" tags in messages. When found, it > produces a new report line in the replacement message. The "Form" tags can > also be stripped out. > > Please can you translate this for me: > Found a Form in HTML message Die Nachricht enthielt ein HTML Formular regards Michael From peter at UCGBOOK.COM Sun Jun 22 19:12:23 2003 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:18:38 2006 Subject: Translation request - Swedish In-Reply-To: <5.2.1.1.2.20030622183204.0252d9c0@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030622183204.0252d9c0@imap.ecs.soton.ac.uk> Message-ID: <3EF5F187.7010703@ucgbook.com> Swedish translation: "Meddelandet inneh?ll ett HTML formul?r" You added the code in less than 40 minutes from your first answer on the subject? Took me longer to translate one line of text... :) /Peter Bonivart --Unix lovers do it in the Sun Julian Field wrote: > I have added code to detect HTML "Form" tags in messages. When found, it > produces a new report line in the replacement message. The "Form" tags can > also be stripped out. > > Please can you translate this for me: > Found a Form in HTML message > > Thanks! > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > From hb at dfs.dk Sun Jun 22 19:21:01 2003 From: hb at dfs.dk (Henrik Bro) Date: Thu Jan 12 21:18:38 2006 Subject: SV: Translation request - Danish In-Reply-To: <3EF5F187.7010703@ucgbook.com> Message-ID: Danish traslation: "Meddelelsen indeholder en HTML formular" -----Oprindelig meddelelse----- Fra: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] P? vegne af Peter Bonivart Sendt: 22. juni 2003 20:12 Til: MAILSCANNER@JISCMAIL.AC.UK Emne: Re: Translation request - Swedish Swedish translation: "Meddelandet inneh?ll ett HTML formul?r" You added the code in less than 40 minutes from your first answer on the subject? Took me longer to translate one line of text... :) /Peter Bonivart --Unix lovers do it in the Sun Julian Field wrote: > I have added code to detect HTML "Form" tags in messages. When found, > it produces a new report line in the replacement message. The "Form" > tags can also be stripped out. > > Please can you translate this for me: > Found a Form in HTML message > > Thanks! > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > From raymond at PROLOCATION.NET Sun Jun 22 19:43:51 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:38 2006 Subject: Translation request - dutch In-Reply-To: <5.2.1.1.2.20030622183204.0252d9c0@imap.ecs.soton.ac.uk> Message-ID: Hi! On Sun, 22 Jun 2003, Julian Field wrote: > I have added code to detect HTML "Form" tags in messages. When found, it > produces a new report line in the replacement message. The "Form" tags can > also be stripped out. > > Please can you translate this for me: > Found a Form in HTML message Het bericht bevat een HTML formulier > > Thanks! > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > From dh at UPTIME.AT Sun Jun 22 19:46:21 2003 From: dh at UPTIME.AT (David) Date: Thu Jan 12 21:18:38 2006 Subject: Translation request In-Reply-To: <5.2.1.1.2.20030622183204.0252d9c0@imap.ecs.soton.ac.uk> Message-ID: On Sonntag, Juni 22, 2003, at 07:33 Uhr, Julian Field wrote: > I have added code to detect HTML "Form" tags in messages. When found, > it > produces a new report line in the replacement message. The "Form" tags > can > also be stripped out. > > Please can you translate this for me: > Found a Form in HTML message > In German. Once more please keep in mind that a literal translation is nearly impossible. Ein Formular wurde im HTML der Nachricht gefunden. - Face me and you shall surely perish. -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 186 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030622/fbe8f92f/PGP.bin From rich at MAIL.WVNET.EDU Sun Jun 22 21:45:55 2003 From: rich at MAIL.WVNET.EDU (Richard Lynch) Date: Thu Jan 12 21:18:38 2006 Subject: HTML forms in e-mail -- new 4.22-2 In-Reply-To: <5.2.1.1.2.20030622185236.0238b4c8@imap.ecs.soton.ac.uk> References: <1056298449.1634.14.camel@localhost.localdomain> <5.2.1.1.2.20030622185236.0238b4c8@imap.ecs.soton.ac.uk> Message-ID: <1056314755.1477.5.camel@localhost.localdomain> On Sun, 2003-06-22 at 13:54, Julian Field wrote: > Sounds a really good idea, and it has virtually no load impact at all (it's > just 1 regexp lookup). > > I have just posted version 4.22-2 which includes an "Allow Form Tags" > configuration option. > > Enjoy! > WOW! Julian, you're something else... really. I can't help but wonder how long it would have taken to get an IBM, Oracle, HP, or, heaven forbid, Microsoft, to provide a solution for this. Thank you a 1000 times and more. -- Richard Lynch From mailscanner at ecs.soton.ac.uk Sun Jun 22 21:59:24 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:38 2006 Subject: HTML forms in e-mail -- new 4.22-2 In-Reply-To: <1056314755.1477.5.camel@localhost.localdomain> References: <5.2.1.1.2.20030622185236.0238b4c8@imap.ecs.soton.ac.uk> <1056298449.1634.14.camel@localhost.localdomain> <5.2.1.1.2.20030622185236.0238b4c8@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030622215849.024d1da8@imap.ecs.soton.ac.uk> At 21:45 22/06/2003, you wrote: >On Sun, 2003-06-22 at 13:54, Julian Field wrote: > > Sounds a really good idea, and it has virtually no load impact at all (it's > > just 1 regexp lookup). > > > > I have just posted version 4.22-2 which includes an "Allow Form Tags" > > configuration option. > > > > Enjoy! > > > >WOW! Julian, you're something else... really. I can't help but wonder >how long it would have taken to get an IBM, Oracle, HP, or, heaven >forbid, Microsoft, to provide a solution for this. Thank you a 1000 >times and more. If we ever meet, you owe me a beer ;-) -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From ryanb at aacrao.org Sun Jun 22 23:21:25 2003 From: ryanb at aacrao.org (Ryan Bingham) Date: Thu Jan 12 21:18:38 2006 Subject: filtering file types vs. extensions In-Reply-To: <5.2.1.1.2.20030606191014.0287cc48@imap.ecs.soton.ac.uk> References: <5C0296D26910694BB9A9BBFC577E7AB0A4AD9A@pascal.priv.bmrb.co .uk> <5.2.1.1.2.20030606191014.0287cc48@imap.ecs.soton.ac.uk> Message-ID: <1056320438.6468.5.camel@hermes.aacrao.org> On Fri, 2003-06-06 at 14:16, Julian Field wrote: > Not a good start. > The latest File::MMagic module does not understand Linux /usr/share/magic > files. It complains a lot about them, which makes it useless. > So I will have to use the "file" command, with a timeout and all that c**p > to stop DoS attacks on the file command. > > Does everyone's "file" command output the filename followed by a ":" > followed by 1 or more spaces followed by the file type? Hi Julian, Just wondered how this ended up going. Did it prove more trouble than it's worth? Ryan From ryanb at aacrao.org Sun Jun 22 23:43:56 2003 From: ryanb at aacrao.org (Ryan Bingham) Date: Thu Jan 12 21:18:38 2006 Subject: OT: "greylisting" - looking for opinions In-Reply-To: <1056186822.31508.8.camel@bach.kevinspicer.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB001175A10@pascal.priv.bmrb.co.uk> <1056186822.31508.8.camel@bach.kevinspicer.co.uk> Message-ID: <1056321836.6468.21.camel@hermes.aacrao.org> Kevin, I tend to agree that it would be useful only for a short time until the spammers learn how to circumvent it. On your point that it would mean less spam for the Bayesian filters, I find myself in a similar situation with an RBL I'm testing. I've started using sbl.spamhaus.org to block spam at the SMTP gateway (after folks on SAtalk gave it the the thumbs up). So far it's been working great: I've seen at least a 1/3 drop in the amount of messages that MS and SA have to process. One side effect is that I'm now running a bit short on spam and Bayes is getting alot more ham than spam (even after adjusting the autolearn thresholds). It's kind of ironic that we need to get more spam in order to stop the spam from getting to us! :-) Ryan On Sat, 2003-06-21 at 05:13, Kevin Spicer wrote: > >On Sat, 2003-06-21 at 08:39, Ryan Bingham wrote: > >Sorry to crosspost for those of you who are on the SAtalk list, but I'd > >be interested to get your opinions on the concept of "greylisting" as > >a spamfighting tool (I apologize also if this has been brought up on > >the list before). To summarize, it involves initially rejecting an > >SMTP session from an unknown source (this is oversimplifying -- it's > >rather more that the entire SMTP session is "unfamiliar") in the > > expectation that a legitimate SMTP host will try again a short time > >later while a spamming host will not. > > This was covered in some depth yesterday on Slashdot.org. As I see it > there are two problems, the initial hour delay for the first message > with a given 'triplet' (try explaining to users that email isn't > instant!) and the ease with which the system could be circumvented [ For > example a spam tool could make two passes through its list, an hour or > so apart, just doing a HELO, MAIL and RCPT then aborting on the first > run, because this doesn't send any mail its unlikely to get added to any > blacklists until its into the second run, this would entirely defeat > greylisting as far as I can see ]. I think it may be a useful > short-term approach but is likely to only be successful for a short > time. My other concern is that running it with SA would dramatically > reduce the amount of spam that the Bayes filter gets to learn from, so > it might even result in more spam getting through.:( > > > > > BMRB International > http://www.bmrb.co.uk > +44 (0)20 8566 5000 > _________________________________________________________________ > This message (and any attachment) is intended only for the > recipient and may contain confidential and/or privileged > material. If you have received this in error, please contact the > sender and delete this message immediately. Disclosure, copying > or other action taken in respect of this email or in > reliance on it is prohibited. BMRB International Limited > accepts no liability in relation to any personal emails, or > content of any email which does not directly relate to our > business. From baldguy33165 at YAHOO.COM Mon Jun 23 04:11:31 2003 From: baldguy33165 at YAHOO.COM (Juan Quesada) Date: Thu Jan 12 21:18:38 2006 Subject: Translation request - Spanish In-Reply-To: <5.2.1.1.2.20030622183204.0252d9c0@imap.ecs.soton.ac.uk> Message-ID: <20030623031131.53591.qmail@web20802.mail.yahoo.com> This is a literal translation Encontró una forma en mensaje del HTML -- Julian Field wrote: > I have added code to detect HTML "Form" tags in > messages. When found, it > produces a new report line in the replacement > message. The "Form" tags can > also be stripped out. > > Please can you translate this for me: > Found a Form in HTML message > > Thanks! > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support __________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com From radislav.vrnata at porcela.cz Mon Jun 23 06:38:52 2003 From: radislav.vrnata at porcela.cz (Radislav Vrnata) Date: Thu Jan 12 21:18:38 2006 Subject: Translation request In-Reply-To: <5.2.1.1.2.20030622183204.0252d9c0@imap.ecs.soton.ac.uk> Message-ID: <3EF6AE8C.4892.199EA6@localhost> On 22 Jun 2003 at 18:33, Julian Field wrote: > I have added code to detect HTML "Form" tags in messages. When found, it > produces a new report line in the replacement message. The "Form" tags can > also be stripped out. > > Please can you translate this for me: > Found a Form in HTML message Hi, here is czech version: Nalezen formular v HTML zprave Radislav. > > Thanks! > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > From mailscanner at CARLO65.DE Mon Jun 23 06:59:38 2003 From: mailscanner at CARLO65.DE (Roland Ehle) Date: Thu Jan 12 21:18:38 2006 Subject: Supported Filetypes Message-ID: <3EF6974A.6030803@carlo65.de> Hi, I just had a strange error message on one of my installations and I wonder, if it is possible to do anything against it: Jun 22 21:26:42 gateway MailScanner[4495]: Could not check ./h5MJPU8I005634/Rock im Park 2003.rar/Rock im Park 2003\Metallica\06.jpg (format n ot supported) in the logfile and: Jun 22 21:26:42 gateway MailScanner[4495]: Could not check ./h5MJPU8I005634/Rock im Park 2003.rar (corrupt) Jun 22 21:26:43 gateway MailScanner[4495]: Virus Re-scanning: Sophos found 82 infections Jun 22 21:26:43 gateway MailScanner[4495]: Disinfection: Rescan found only 82 viruses Is it a Sophos problem, a MailScanner or a system one? Regards, Roland From P.G.M.Peters at UTWENTE.NL Mon Jun 23 08:30:38 2003 From: P.G.M.Peters at UTWENTE.NL (Peter Peters) Date: Thu Jan 12 21:18:38 2006 Subject: (fwd) Rejected posting to MAILSCANNER@JISCMAIL.AC.UK Message-ID: Hi, I got this message. On Fri, 20 Jun 2003 11:11:18 +0100, "L-Soft list server at JISCMAIL (1.8e)" wrote: >You are not authorized to send mail to the MAILSCANNER list from your >P.G.M.Peters@UTWENTE.NL account. You might be authorized to send to the list >from another of your accounts, or perhaps when using another mail program which >generates slightly different addresses, but LISTSERV has no way to associate >this other account or address with yours. If you need assistance or if you have >any question regarding the policy of the MAILSCANNER list, please contact the >list owners: MAILSCANNER-request@JISCMAIL.AC.UK. Since last week my address changed from p.g.m.peters@civ.utwente.nl to p.g.m.peters@utwente.nl. Could you please change that in de list? -- Peter Peters, senior netwerkbeheerder Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/civ From JEN at AH.DK Mon Jun 23 08:44:16 2003 From: JEN at AH.DK (Jan Elmqvist Nielsen) Date: Thu Jan 12 21:18:38 2006 Subject: Mailwatch for mailscanner 0.2 - create.sql Message-ID: Hi Am i missing something which many was in version 0.1? I can't find the script - create.sql - which creates the mailscanner database and tables! Could someone help me? /Jan Elmqvist Nielsen From raymond at PROLOCATION.NET Mon Jun 23 08:48:12 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:38 2006 Subject: Mailwatch for mailscanner 0.2 - create.sql In-Reply-To: Message-ID: Hi! > Am i missing something which many was in version 0.1? > > I can't find the script - create.sql - which creates the mailscanner > database and tables! Browse back on the list please, it was posted here not that long ago. Thanks, Raymond. From JEN at AH.DK Mon Jun 23 09:37:18 2003 From: JEN at AH.DK (Jan Elmqvist Nielsen) Date: Thu Jan 12 21:18:38 2006 Subject: Vedr.: Re: Mailwatch for mailscanner 0.2 - create.sql Message-ID: The only create.sql related I can find is this link/mail http://www.jiscmail.ac.uk/cgi-bin/wa.exe?A2=ind0306&L=mailscanner&P=R41925&I=-1 Which is an old mailscanner db /Jan >>> raymond@PROLOCATION.NET 23-06-2003 09:48:12 >>> Hi! > Am i missing something which many was in version 0.1? > > I can't find the script - create.sql - which creates the mailscanner > database and tables! Browse back on the list please, it was posted here not that long ago. Thanks, Raymond. From nejc.skoberne at guest.arnes.si Mon Jun 23 09:40:38 2003 From: nejc.skoberne at guest.arnes.si (Nejc Skoberne) Date: Thu Jan 12 21:18:38 2006 Subject: Vedr.: Re: Mailwatch for mailscanner 0.2 - create.sql In-Reply-To: References: Message-ID: <884629385.20030623104038@guest.arnes.si> Hi. > The only create.sql related I can find is this link/mail > http://www.jiscmail.ac.uk/cgi-bin/wa.exe?A2=ind0306&L=mailscanner&P=R41925&I=-1 I am attaching the file create.sql which was posted to the list (but don't know why there isn't a copy of it in the archives). -- Nejc Skoberne Grajska 5 SI-5220 Tolmin E-mail: nejc.skoberne@guest.arnes.si -------------- next part -------------- -- MySQL dump 8.22 -- -- Host: localhost Database: mailscanner --------------------------------------------------------- -- Server version 3.23.54 -- -- Current Database: mailscanner -- CREATE DATABASE /*!32312 IF NOT EXISTS*/ mailscanner; USE mailscanner; -- -- Table structure for table 'maillog' -- CREATE TABLE maillog ( timestamp timestamp(14) NOT NULL, id text, size bigint(20) default '0', from_address text, to_address text, subject text, clientip text, archive text, isspam tinyint(1) default '0', ishighspam tinyint(1) default '0', issaspam tinyint(1) default '0', isrblspam tinyint(1) default '0', spamwhitelisted tinyint(1) default '0', sascore decimal(7,2) default '0.00', spamreport text, virusinfected tinyint(1) default '0', nameinfected tinyint(1) default '0', otherinfected tinyint(1) default '0', report text, hostname text ) TYPE=MyISAM; -- -- Table structure for table 'maillog_pre' -- CREATE TABLE maillog_pre ( timestamp timestamp(14) NOT NULL, id text, size bigint(20) default '0', from_address text, to_address text, subject text, clientip text, archive text, isspam tinyint(1) default '0', ishighspam tinyint(1) default '0', issaspam tinyint(1) default '0', isrblspam tinyint(1) default '0', spamwhitelisted tinyint(1) default '0', sascore decimal(7,2) default '0.00', spamreport text, virusinfected tinyint(1) default '0', nameinfected tinyint(1) default '0', otherinfected tinyint(1) default '0', report text, hostname text ) TYPE=MyISAM; -- -- Table structure for table 'sa_rules' -- CREATE TABLE sa_rules ( rule varchar(100) NOT NULL default '', rule_desc varchar(200) NOT NULL default '', PRIMARY KEY (rule) ) TYPE=MyISAM; -- -- Table structure for table 'users' -- CREATE TABLE users ( username varchar(20) NOT NULL default '', password varchar(32) default NULL, fullname varchar(50) NOT NULL default '', PRIMARY KEY (username) ) TYPE=MyISAM; From mailscanner at ecs.soton.ac.uk Mon Jun 23 10:26:38 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:38 2006 Subject: filtering file types vs. extensions In-Reply-To: <1056320438.6468.5.camel@hermes.aacrao.org> References: <5.2.1.1.2.20030606191014.0287cc48@imap.ecs.soton.ac.uk> <5C0296D26910694BB9A9BBFC577E7AB0A4AD9A@pascal.priv.bmrb.co .uk> <5.2.1.1.2.20030606191014.0287cc48@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030623102444.02550008@imap.ecs.soton.ac.uk> At 23:21 22/06/2003, you wrote: >On Fri, 2003-06-06 at 14:16, Julian Field wrote: > > Not a good start. > > The latest File::MMagic module does not understand Linux /usr/share/magic > > files. It complains a lot about them, which makes it useless. > > So I will have to use the "file" command, with a timeout and all that c**p > > to stop DoS attacks on the file command. > > > > Does everyone's "file" command output the filename followed by a ":" > > followed by 1 or more spaces followed by the file type? > >Just wondered how this ended up going. Did it prove more trouble than >it's worth? I haven't done much more on this. I need to play around with the file command on a bunch of different OS's to see if the output format is vaguely consistent. If so, then it is possible and I'll take another look at this. Bear in mind that it will take noticeable CPU to do it, as it involves a "file" command for each batch of messages. Cheap compared to spam detection though. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Mon Jun 23 10:28:49 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:38 2006 Subject: Supported Filetypes In-Reply-To: <3EF6974A.6030803@carlo65.de> Message-ID: <5.2.1.1.2.20030623102807.033b04c0@imap.ecs.soton.ac.uk> At 06:59 23/06/2003, you wrote: >Hi, > >I just had a strange error message on one of my installations and I >wonder, if it is possible to do anything against it: > >Jun 22 21:26:42 gateway MailScanner[4495]: Could not check >./h5MJPU8I005634/Rock im Park 2003.rar/Rock im Park >2003\Metallica\06.jpg (format n >ot supported) > >in the logfile and: > >Jun 22 21:26:42 gateway MailScanner[4495]: Could not check >./h5MJPU8I005634/Rock im Park 2003.rar (corrupt) >Jun 22 21:26:43 gateway MailScanner[4495]: Virus Re-scanning: Sophos >found 82 infections >Jun 22 21:26:43 gateway MailScanner[4495]: Disinfection: Rescan found >only 82 viruses > >Is it a Sophos problem, a MailScanner or a system one? The current versions of Sophos don't support RAR version 3. Hassle Sophos tech support about it so they hurry up and implement this, it's been going on for months now. -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From symedeot at YAHOO.FR Mon Jun 23 10:37:59 2003 From: symedeot at YAHOO.FR (Sylvain MEDEOT) Date: Thu Jan 12 21:18:39 2006 Subject: MailScanner issue with postfix Message-ID: Many thanks for you help.. After some more testings, here is the current situation... My /etc/postfix.in/main.cf is like that : defer_transport = smtp local virtual relay defer_transports = smtp local virtual relay queue_directory = /var/spool/postfix.in queue_run_delay = 60 default_destination_recipient_limit = 100 initial_destination_concurrency = 10 minimal_backoff_time = 60 maximal_backoff_time = 400 empty_address_recipient = si04 default_process_limit = 100 error_notice_recipient = root transport_maps = hash:/etc/postfix/transport message_size_limit = 90240000 bounce_size_limit = 100000 recipient_canonical_maps = hash:/etc/postfix/canonical_sender In the manual, it is mentionned to add defer_transports = ... I already had a line defer_transport (no s) so I put both... My /etc/postfix.in/master.cf is like that : smtp inet n - n - - smtpd pickup fifo n n n 60 1 pickup cleanup unix - - n - 0 cleanup qmgr fifo n - n 300 1 qmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce smtp unix - - n - - smtp showq unix n - n - - showq error unix - - n - - error local unix - n n - - local cyrus unix - n n - - pipe flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} uucp unix - n n - - pipe flags=F user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=F. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient When I send messages, they are accepted : [root@intranet postfix.in]# du -ks /var/spool/postfix.in/deferred 368 /var/spool/postfix.in/deferred but nothing is delivered... [root@intranet postfix.in]# du -ks /var/spool/postfix/incoming 4 /var/spool/postfix/incoming nothing in the logs... Jun 23 11:19:58 intranet MailScanner[1934]: Using locktype = flock Jun 23 11:20:08 intranet MailScanner[1942]: MailScanner E-Mail Virus Scanner ver sion 4.21-9 starting... Jun 23 11:20:08 intranet MailScanner[1942]: Using locktype = flock Jun 23 11:20:18 intranet MailScanner[1950]: MailScanner E-Mail Virus Scanner ver sion 4.21-9 starting... Jun 23 11:20:18 intranet MailScanner[1950]: Using locktype = flock Jun 23 11:20:28 intranet MailScanner[1965]: MailScanner E-Mail Virus Scanner ver sion 4.21-9 starting... Jun 23 11:20:29 intranet MailScanner[1965]: Using locktype = flock My /etc/postfix/main.cf is : queue_directory = /var/spool/postfix and my /etc/postfix/master.cf # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (50) # ========================================================================== #smtp inet n - n - - smtpd pickup fifo n n n 60 1 pickup cleanup unix - - n - 0 cleanup qmgr fifo n - n 300 1 qmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce #smtp unix - - n - - smtp showq unix n - n - - showq error unix - - n - - error local unix - n n - - local cyrus unix - n n - - pipe flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} uucp unix - n n - - pipe flags=F user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) #bsmtp unix - n n - - pipe flags=F. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient Then, finally my /etc/MailScanner/MailScanner.conf Max Children = 5 Run As User = postfix Run As Group = postfix Incoming Queue Dir = /var/spool/postfix.in/deferred Outgoing Queue Dir = /var/spool/postfix/incoming Incoming Work Dir = /var/spool/MailScanner/incoming Quarantine Dir = /var/spool/MailScanner/quarantine PID file = /var/run/MailScanner.pid MTA = postfix Sendmail = /usr/sbin/sendmail Well, I m'in trouble... Why MailScanner don't take messages from /var/spool/postfix.in/deferred ? Any idea ? On Sat, 21 Jun 2003 08:38:58 +0100, Julian Field wrote: >At 06:16 21/06/2003, you wrote: >>Hi, >> >>Well, that may be the problem. How can I check that ? Anyway, if the >>messages are not put in the outgoing queue, can they be delivered anyway ? > >Do a > du -ks /var/spool/postfix.in/deferred >and > du -ks /var/spool/postfix/incoming >and see where all the files are. > >>By looking into /var/spool/postfix and /var/spool/postfix.in, I've also >>seen that I have in both a subdirectory (postfix-postfix.in)/deferred and >>(postfix-postfix.in)/defer... Is it normal ? If I delete them, they are >>created again when postfix starts... > >Yes, "defer" is different from "deferred". > >>I tried to replace in MailScanner.conf the line >>Incoming Queue Dir = /var/spool/postfix.in/deferred >> >>by >> >>Incoming Queue Dir = /var/spool/postfix.in/defer > >I guarantee that won't work, that's why the install instructions tell you >to use "deferred". > >>I think is it picking up the messages and then putting them in the >>outgoing queue since > >since? > > >>Sylvain MEDEOT >>Ville de Pontoise >> >>On Fri, 20 Jun 2003 17:20:16 +0100, Julian Field >> wrote: >> >> >But is it actually picking up the messages and then putting them in the >> >outgoing queue? >> >Or is it leaving them in the incoming queue >> >(/var/spool/postfix.in/deferred) and never collecting them? >> > >> >At 17:09 20/06/2003, you wrote: >> >>Hi, >> >> >> >>I am setting up MailScanner on a Mandrake 7.2 mail server with Postfix. I >> >>followed step by step the installation procedure >> >>(/etc/postfix, /etc/postfix.in, modifications of main.cf and master.cf). >> >> >> >>This is not the first mail server I am protecting with MailScanner... But >> >>this is the oldest one since I had no problems with newest releases of >> >>Mandrake... >> >> >> >>This server is running postfix-19991231_pl08-5mdk. After the installation >> >>of MailScanner (everything fine) with McAfee, I can send and receive mails >> >>as usually... But, the mails are never scanned... >> >> >> >>Nothing special in the logs : >> >>Jun 20 17:51:19 intranet MailScanner[1182]: MailScanner E-Mail Virus >> >>Scanner version 4.21-9 starting... >> >>Jun 20 17:51:19 intranet MailScanner[1182]: Using locktype = flock >> >> >> >>If I try manually to run /var/lib/MailScanner/mcafee-wrapper eicar.com, it >> >>works... But the mails are never scanned ! >> >> >> >>In fact, I am sure that this script is never called by MailScanner since I >> >>replaced it with a different one to trace what was really happening... >> >> >> >>Of course, /etc/MailScanner/MailScanner.conf includes the following >>lines : >> >> >> >>Virus Scanning = yes >> >>Virus Scanners = mcafee >> >> >> >>and /usr/lib/MailScanner/mcafee-wrapper is pointing to >> >> >> >>PackageDir=/usr/local/uvscan >> >>prog=uvscan # `basename $0` >> >>datDIR=$PackageDir >> >> >> >>ls /usr/local/uvscan -l gives the following : >> >> >> >>drwxr-xr-x 2 postfix root 4096 jun 20 09:54 4272/ >> >>lrwxrwxrwx 1 postfix root 14 jun 20 09:54 clean.dat -> >> >>4272/clean.dat >> >>-r--r--r-- 1 postfix root 10469 jun 20 09:17 contact.txt >> >>-r--r--r-- 1 postfix root 466306 jun 20 09:17 e4240upg.pdf >> >>lrwxrwxrwx 1 postfix root 17 jun 20 09:54 internet.dat -> >> >>4272/internet.dat >> >>lrwxrwxrwx 1 postfix root 15 jun 20 09:17 liblnxfv.so - >> >> > ./liblnxfv.so.4* >> >>-r-xr-xr-x 1 postfix root 2593332 jun 20 09:17 liblnxfv.so.4* >> >>-r--r--r-- 1 postfix root 1056 jun 20 09:17 license.dat >> >>-r--r--r-- 1 postfix root 1705 jun 20 09:17 license.txt >> >>-r--r--r-- 1 postfix root 37721 jun 20 09:17 messages.dat >> >>lrwxrwxrwx 1 postfix root 14 jun 20 09:54 names.dat -> >> >>4272/names.dat >> >>-r--r--r-- 1 postfix root 16222 jun 20 09:17 readme.txt >> >>lrwxrwxrwx 1 postfix root 13 jun 20 09:54 scan.dat -> >> >>4272/scan.dat >> >>-r--r--r-- 1 postfix root 5546 jun 20 09:17 signlic.txt >> >>-r-xr-xr-x 1 postfix root 6342 jun 20 09:18 uninstall- uvscan* >> >>-r-xr-xr-x 1 postfix root 126711 jun 20 09:17 uvscan* >> >>-r--r--r-- 1 postfix root 13385 jun 20 09:18 uvscan.1 >> >> >> >>Any idea ? >> >> >> >>Many thanks in advance, >> >> >> >>Sylvain MEDEOT >> >>Ville de Pontoise - France >> > >> >-- >> >Julian Field >> >www.MailScanner.info >> >MailScanner thanks transtec Computers for their support > >-- >Julian Field >www.MailScanner.info >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support From paul.hamilton at sme-ecom.co.uk Mon Jun 23 11:32:07 2003 From: paul.hamilton at sme-ecom.co.uk (Paul Hamilton) Date: Thu Jan 12 21:18:39 2006 Subject: SQL Logging Message-ID: <000001c33972$b324e360$fc32000a@4> Hi All, Calling upon the mailing lists experiences on this one, apologies it has already been discussed but our queries of the knowledge base yielded nothing that helped us. Set-up: Raq4i, MailScanner 4.19-9 SA 2.54 On implementing sql logging we're finding that MailScanner is making up to 10 entries for the same message into the Temp Log File, which are then being mirrored into our sql database when the information is flushed across from the Temp Log. Is this normal? if how do we stop it corrupting the results in the sql database. Thanks in advance. Regards Paul H. From m.sapsed at bangor.ac.uk Mon Jun 23 12:11:17 2003 From: m.sapsed at bangor.ac.uk (Martin Sapsed) Date: Thu Jan 12 21:18:39 2006 Subject: Translation request - welsh References: <5.2.1.1.2.20030622183204.0252d9c0@imap.ecs.soton.ac.uk> Message-ID: <3EF6E055.4020401@bangor.ac.uk> Julian Field wrote: > I have added code to detect HTML "Form" tags in messages. When found, it > produces a new report line in the replacement message. The "Form" tags can > also be stripped out. > > Please can you translate this for me: > Found a Form in HTML message Cafwyd ffurf mewn neges HTML Cheers, Martin -- Martin Sapsed Information Services "Who do you say I am?" University of Wales, Bangor Jesus of Nazareth From andersan at LTKALMAR.SE Mon Jun 23 12:12:26 2003 From: andersan at LTKALMAR.SE (Anders Andersson, IT) Date: Thu Jan 12 21:18:39 2006 Subject: SV: filtering file types vs. extensions Message-ID: <9F18B7DDBA88E544AB1F1995148916661CE614@lkl63.ltkalmar.se> > -----Ursprungligt meddelande----- > Fr?n: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > Skickat: den 23 juni 2003 11:27 > Till: MAILSCANNER@JISCMAIL.AC.UK > ?mne: Re: filtering file types vs. extensions > > > At 23:21 22/06/2003, you wrote: > >On Fri, 2003-06-06 at 14:16, Julian Field wrote: > > > Not a good start. > > > The latest File::MMagic module does not understand Linux > > > /usr/share/magic files. It complains a lot about them, > which makes > > > it useless. So I will have to use the "file" command, > with a timeout > > > and all that c**p to stop DoS attacks on the file command. > > > > > > Does everyone's "file" command output the filename > followed by a ":" > > > followed by 1 or more spaces followed by the file type? > > > >Just wondered how this ended up going. Did it prove more > trouble than > >it's worth? > > I haven't done much more on this. I need to play around with > the file command on a bunch of different OS's to see if the > output format is vaguely consistent. If so, then it is > possible and I'll take another look at this. Bear in mind > that it will take noticeable CPU to do it, as it involves a > "file" command for each batch of messages. Cheap compared to > spam detection though. Even if file wont be the best soultion in the world I know I would be glad to see such a option in mailscanner..... thats always what my boss complains about when he's been talking to Antigen :) /Anders > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > From keith at theargoncompany.com Mon Jun 23 12:45:11 2003 From: keith at theargoncompany.com (Keith Fernandez) Date: Thu Jan 12 21:18:39 2006 Subject: mails stuck in /var/spool/mqueue.in Message-ID: <200306231715.11239.keith@theargoncompany.com> Hi, I have MailScanner installed with SpamAssassin on a Cobalt RaQ 550. MailScanner works great, except that I see mail in /var/spool/mqueue.in stuck there from time to time. Any idea what these mails are, I sometimes do a restart of MailScanner if I make changes to the conf file. The version of MailScanner I am running is 4.14 Release 9 The version of sendmail is 8.11.6 Here is what my logs show. I really dont know why these mails are stuck here. Here is my mqueue.in dated May 23 -rw------- 1 root root 245760 May 23 12:21 dfh4N6pCB12556 -rw------- 1 root root 9 May 23 12:21 xfh4N6pCB12556 -rw------- 1 root root 1416 May 17 22:16 dfh4HGjUi00744 -rw------- 1 root root 5325 May 17 22:16 dfh4HGkCi01105 -rw------- 1 root root 0 May 17 22:12 dfh4HGggi32313 -rw------- 1 root root 131107 May 17 18:48 dfh4HDIVL32457 -rw------- 1 root root 0 May 7 13:44 dfh478Eme24576 -rw------- 1 root root 9 May 7 13:44 xfh478Eme24576 -rw------- 1 root root 466944 May 7 12:07 dfh476Zue18696 -rw------- 1 root root 276 May 7 12:05 xfh476Zue18696 -rw------- 1 root root 0 May 4 00:01 dfh43IVEo21411 -rw------- 1 root root 9 May 4 00:01 xfh43IVEo21411 Can anyone help me. Regards, Keith From chicks at CHICKS.NET Mon Jun 23 12:42:46 2003 From: chicks at CHICKS.NET (Christopher Hicks) Date: Thu Jan 12 21:18:39 2006 Subject: More Beer for Julian and his fine work on [MAILSCANNER] In-Reply-To: <5.2.1.1.2.20030622215849.024d1da8@imap.ecs.soton.ac.uk> Message-ID: On Sun, 22 Jun 2003, Julian Field wrote: > If we ever meet, you owe me a beer ;-) You can drink the bar dry Julian. I'm sure we can find enough extremely appreciative sysadmins to cover the tab. :) -- "The first rule of Perl club is you do not talk about Perl club." -- Chip Salzenberg From michele at BLACKNIGHTSOLUTIONS.COM Mon Jun 23 14:27:29 2003 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:18:39 2006 Subject: More Beer for Julian and his fine work on [MAILSCANNER] In-Reply-To: References: <5.2.1.1.2.20030622215849.024d1da8@imap.ecs.soton.ac.uk> Message-ID: <1297.213.140.31.170.1056374849.squirrel@www.blacknightsolutions.com> > On Sun, 22 Jun 2003, Julian Field wrote: >> If we ever meet, you owe me a beer ;-) > > You can drink the bar dry Julian. I'm sure we can find enough > extremely appreciative sysadmins to cover the tab. :) I'll second that! -- Mr. Michele Neylon Blacknight Solutions http://www.blacknightsolutions.com/ Shell hosting now available ######################################################### This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance to it is prohibited. From adkinss at OHIO.EDU Mon Jun 23 14:34:36 2003 From: adkinss at OHIO.EDU (Scott Adkins) Date: Thu Jan 12 21:18:39 2006 Subject: filtering file types vs. extensions In-Reply-To: <5.2.1.1.2.20030623102444.02550008@imap.ecs.soton.ac.uk> References: <5.2.1.1.2.20030606191014.0287cc48@imap.ecs.soton.ac.uk> <5C0296D26910694BB9A9BBFC577E7AB0A4AD9A@pascal.priv.bmrb.co .uk> <5.2.1.1.2.20030606191014.0287cc48@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030623102444.02550008@imap.ecs.soton.ac.uk> Message-ID: <860442460.1056360876@Callisto> As opposed to running the "file" command everytime, why not suck in the /etc/magic file and use it? That is all the file command really does... You can even provide your own version of the /etc/magic file (and allow a config option to be changed to use a different one if need be) so that you can support it on systems (like Windows) that don't have a /etc/magic file on hand, or has the file, but is rather weak. Anyways, saving on fork/execs at a cost of a little bit of persistant memory should be quite worth it... Scott --On Monday, June 23, 2003 10:26 AM +0100 Julian Field wrote: > At 23:21 22/06/2003, you wrote: >> On Fri, 2003-06-06 at 14:16, Julian Field wrote: >> > Not a good start. >> > The latest File::MMagic module does not understand Linux >> > /usr/share/magic files. It complains a lot about them, which makes it >> > useless. So I will have to use the "file" command, with a timeout and >> > all that c**p to stop DoS attacks on the file command. >> > >> > Does everyone's "file" command output the filename followed by a ":" >> > followed by 1 or more spaces followed by the file type? >> >> Just wondered how this ended up going. Did it prove more trouble than >> it's worth? > > I haven't done much more on this. I need to play around with the file > command on a bunch of different OS's to see if the output format is > vaguely consistent. If so, then it is possible and I'll take another look > at this. Bear in mind that it will take noticeable CPU to do it, as it > involves a "file" command for each batch of messages. Cheap compared to > spam detection though. > -- > Julian Field > www.MailScanner.info > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support -- +-----------------------------------------------------------------------+ Scott W. Adkins http://www.cns.ohiou.edu/~sadkins/ UNIX Systems Engineer mailto:adkinss@ohio.edu ICQ 7626282 Work (740)593-9478 Fax (740)593-1944 +-----------------------------------------------------------------------+ PGP Public Key available at http://www.cns.ohiou.edu/~sadkins/pgp/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 231 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030623/014f9223/attachment.bin From dh at UPTIME.AT Mon Jun 23 14:43:57 2003 From: dh at UPTIME.AT (David) Date: Thu Jan 12 21:18:39 2006 Subject: filtering file types vs. extensions In-Reply-To: <860442460.1056360876@Callisto> Message-ID: On Montag, Juni 23, 2003, at 03:34 Uhr, Scott Adkins wrote: > As opposed to running the "file" command everytime, why not suck in the > /etc/magic file and use it? That is all the file command really > does... > You can even provide your own version of the /etc/magic file (and allow > a config option to be changed to use a different one if need be) so > that > you can support it on systems (like Windows) that don't have a > /etc/magic > file on hand, or has the file, but is rather weak. > Would this be an option as well: http://search.cpan.org/author/KNOK/File-MMagic-1.19/MMagic.pm -- nee amata wo mitsukete soshite midoto wasrezu domma mi mumega itakutemo soba mi iru mo zutto...zutto...zutto -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 186 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030623/fde1ae45/attachment.bin From dot at DOTAT.AT Mon Jun 23 14:38:57 2003 From: dot at DOTAT.AT (Tony Finch) Date: Thu Jan 12 21:18:39 2006 Subject: MS Stress Test In-Reply-To: Message-ID: Andrea Cogliati wrote: > >I have to carefully size the hardware for a MS installation and I'd like >to set up a proper test environment. I'm looking for an SMTP stress test >tool: any suggestion? I can take a sample of real email going through our site and pass it to a test machine using a special Exim router (below). This is particularly useful for testing a small-scale development box (since I can send it a small proportion of our traffic); since we have several machines in our mail hub I can also test how a machine handles more than its expected load. # Deliver a duplicate of some proportion of all messages to a special # machine specified in the file /MAIL_TAP_INFO, if it exists. The # probability of sending a message is the reciprocal of the number in # the second colon-separated field in the file. The address data is # used to prevent redirected addresses from being tapped twice. The # originating host is recorded in an extra header. traffic_tap: unseen no_expn no_verify transport = smtp driver = manualroute require_files = /MAIL_TAP_INFO address_data = ${if!def:address_data{tapped}fail} route_data = ${extract{1}{:}{${readfile{/MAIL_TAP_INFO}{:}}}} condition = ${if!eq{a}{${expand:\${hash_1_${extract{2}{:}{${readfile{/MAIL_TAP_INFO}{:}}}}:\$message_headers\$message_body\}}}{no}{yes}} headers_add = ${if!def:sender_host_address{}{X-Orig-Remote-Host: $sender_host_address}} Tony. -- f.a.n.finch http://dotat.at/ FAIR ISLE: CYCLONIC BECOMING NORTHWEST 4 OR 5, OCCASIONALLY 6, BACKING SOUTHWEST 3 OR 4 IN SOUTHWEST LATER. RAIN. MODERATE OR POOR. From mikea at MIKEA.ATH.CX Mon Jun 23 15:06:58 2003 From: mikea at MIKEA.ATH.CX (mikea) Date: Thu Jan 12 21:18:39 2006 Subject: More Beer for Julian and his fine work on [MAILSCANNER] In-Reply-To: <1297.213.140.31.170.1056374849.squirrel@www.blacknightsolutions.com>; from michele@BLACKNIGHTSOLUTIONS.COM on Mon, Jun 23, 2003 at 02:27:29PM +0100 References: <5.2.1.1.2.20030622215849.024d1da8@imap.ecs.soton.ac.uk> <1297.213.140.31.170.1056374849.squirrel@www.blacknightsolutions.com> Message-ID: <20030623090657.A41311@mikea.ath.cx> On Mon, Jun 23, 2003 at 02:27:29PM +0100, Michele Neylon :: Blacknight Solutions wrote: > > On Sun, 22 Jun 2003, Julian Field wrote: > >> If we ever meet, you owe me a beer ;-) > > > > You can drink the bar dry Julian. I'm sure we can find enough > > extremely appreciative sysadmins to cover the tab. :) > I'll second that! Since Julian can handle beer, and can't handle steak, I'll amend my offer: s/a steak dinner/beer ad libitum/ s/the Cattlemens' Cafe/someplace that has beer, difficult though that may be in Oklahoma/ -- Mike Andrews mikea@mikea.ath.cx Tired old sysadmin since 1964 From mailscanner at ecs.soton.ac.uk Mon Jun 23 15:15:06 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:39 2006 Subject: mails stuck in /var/spool/mqueue.in In-Reply-To: <200306231715.11239.keith@theargoncompany.com> Message-ID: <5.2.0.9.2.20030623151411.04281268@imap.ecs.soton.ac.uk> If the files for a particular message id are quite old and particularly if the df file is 0 bytes, then just delete the files for that message id. They are usually left-overs from an incoming SMTP connection that broke half way through. At 12:45 23/06/2003, you wrote: >Hi, > >I have MailScanner installed with SpamAssassin on a Cobalt RaQ 550. >MailScanner works great, except that I see mail in /var/spool/mqueue.in stuck >there from time to time. >Any idea what these mails are, I sometimes do a restart of MailScanner if I >make changes to the conf file. > >The version of MailScanner I am running is 4.14 Release 9 >The version of sendmail is 8.11.6 > >Here is what my logs show. >I really dont know why these mails are stuck here. > >Here is my mqueue.in dated May 23 > >-rw------- 1 root root 245760 May 23 12:21 dfh4N6pCB12556 >-rw------- 1 root root 9 May 23 12:21 xfh4N6pCB12556 >-rw------- 1 root root 1416 May 17 22:16 dfh4HGjUi00744 >-rw------- 1 root root 5325 May 17 22:16 dfh4HGkCi01105 >-rw------- 1 root root 0 May 17 22:12 dfh4HGggi32313 >-rw------- 1 root root 131107 May 17 18:48 dfh4HDIVL32457 >-rw------- 1 root root 0 May 7 13:44 dfh478Eme24576 >-rw------- 1 root root 9 May 7 13:44 xfh478Eme24576 >-rw------- 1 root root 466944 May 7 12:07 dfh476Zue18696 >-rw------- 1 root root 276 May 7 12:05 xfh476Zue18696 >-rw------- 1 root root 0 May 4 00:01 dfh43IVEo21411 >-rw------- 1 root root 9 May 4 00:01 xfh43IVEo21411 > >Can anyone help me. > >Regards, >Keith -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Mon Jun 23 15:13:23 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:39 2006 Subject: filtering file types vs. extensions -- New 4.22-3 In-Reply-To: References: <860442460.1056360876@Callisto> Message-ID: <5.2.0.9.2.20030623150450.0442b008@imap.ecs.soton.ac.uk> At 14:43 23/06/2003, you wrote: >On Montag, Juni 23, 2003, at 03:34 Uhr, Scott Adkins wrote: > >>As opposed to running the "file" command everytime, why not suck in the >>/etc/magic file and use it? That is all the file command really does... >>You can even provide your own version of the /etc/magic file (and allow >>a config option to be changed to use a different one if need be) so that >>you can support it on systems (like Windows) that don't have a /etc/magic >>file on hand, or has the file, but is rather weak. >Would this be an option as well: > >http://search.cpan.org/author/KNOK/File-MMagic-1.19/MMagic.pm Unfortunately that module is rather old and doesn't support current Linux magic files, so it's no use. Reading in the magic file is not really possible either as different systems use very different formats in the magic file, and it would involve re-writing the GNU file command (which is about the best of the lot) in perl, which counts as re-inventing the wheel in my book. You may have noticed I don't tend to do that :-) So, sticking with the good old "file" command that is usually in /usr/bin/file (though you can configure the location and add command-line switches if necessary), I have written an implementation for you. Currently it isn't quite perfect as it relies on you being able to have very long commands for large batches of messages with lots of attachments. I will re-write this bit to put a limited number of attachments in each "file" command before it goes in the stable distribution. What I would really like is suggestions of what should go in the filetype.rules.conf file. Currently it is minimal (to put it mildly). By default it allows files that don't match any rule, just like the filename.rules.conf file. What other rules should I add to it? -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mikea at MIKEA.ATH.CX Mon Jun 23 15:18:22 2003 From: mikea at MIKEA.ATH.CX (mikea) Date: Thu Jan 12 21:18:39 2006 Subject: filtering file types vs. extensions In-Reply-To: <860442460.1056360876@Callisto>; from adkinss@OHIO.EDU on Mon, Jun 23, 2003 at 09:34:36AM -0400 References: <5.2.1.1.2.20030606191014.0287cc48@imap.ecs.soton.ac.uk> <5C0296D26910694BB9A9BBFC577E7AB0A4AD9A@pascal.priv.bmrb.co <5.2.1.1.2.20030606191014.0287cc48@imap.ecs.soton.ac.uk> <5.2.1.1.2.20030623102444.02550008@imap.ecs.soton.ac.uk> <860442460.1056360876@Callisto> Message-ID: <20030623091822.B41311@mikea.ath.cx> On Mon, Jun 23, 2003 at 09:34:36AM -0400, Scott Adkins wrote: > As opposed to running the "file" command everytime, why not suck in the > /etc/magic file and use it? That is all the file command really does... > You can even provide your own version of the /etc/magic file (and allow > a config option to be changed to use a different one if need be) so that > you can support it on systems (like Windows) that don't have a /etc/magic > file on hand, or has the file, but is rather weak. The FreeBSD I'm running doesn't use /etc/magic, and I don't even *have* one. Here's what it uses, extracted from `truss file `: stat("/home/mikea/.magic",0xbfbffc1c) ERR#2 'No such file or directory' open("/usr/share/misc/magic.mgc",0x0,05001241577) = 8 (0x8) This is FreeBSD 4.6-RELEASE. FreeBSD 4.3 uses /usr/share/misc/magic. FreeBSD 4.7 uses /usr/share/misc/magic.mgc. I can't get to any Linux boxes right now. -- Mike Andrews mikea@mikea.ath.cx Tired old sysadmin since 1964 From dh at UPTIME.AT Mon Jun 23 15:31:33 2003 From: dh at UPTIME.AT (David) Date: Thu Jan 12 21:18:39 2006 Subject: filtering file types vs. extensions -- New 4.22-3 In-Reply-To: <5.2.0.9.2.20030623150450.0442b008@imap.ecs.soton.ac.uk> Message-ID: <636ACB12-A587-11D7-AFD3-00039379E28A@uptime.at> > What I would really like is suggestions of what should go in the > filetype.rules.conf file. Currently it is minimal (to put it mildly). > By > default it allows files that don't match any rule, just like the > filename.rules.conf file. > What other rules should I add to it? > Personally I see this as a second layer check. If an attachment comes in which is clearly blocked by the extension (no matter if the conten type matches or file says it is something different), dump it. Only if it passes the extension test run the file test on it. Per defualt I would drop anything which is something different to what the extension would suggest that it is. For example. if it comes in as .doc and .doc is allowed through, but file says this .doc is of type MP3. Then drop that by default. At least that is how I would handle it. Maybe also scan based on domain or fromTo and so on... -d -- nee amata wo mitsukete soshite midoto wasrezu domma mi mumega itakutemo soba mi iru mo zutto...zutto...zutto -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 186 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030623/8d5ba10d/attachment.bin From FCaen at CI.LAKEWOOD.WA.US Mon Jun 23 15:44:25 2003 From: FCaen at CI.LAKEWOOD.WA.US (Francois Caen) Date: Thu Jan 12 21:18:39 2006 Subject: Translation request - French Message-ID: -----Original Message----- From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > Please can you translate this for me: > Found a Form in HTML message Didn't see anyone cover French. Formulaire HTML detecte dans le message --------------------------------------------- Francois Caen Network Information Systems Engineer - Webmaster City of Lakewood, WA (253) 512-2269 NOTICE: The Information contained in this transmission is privileged and confidential. It is intended for the use of the individual or entity named above. If the reader of this message is not the intended addressee or other legitimate recipient, the reader is hereby notified that any consideration, dissemination or duplication of this communication is strictly prohibited. If the addressee has received this communication in error, please return it to the above address by mail and notify this office by telephone. City of Lakewood From brent at WHITE-DEV.QUATRO.COM Mon Jun 23 15:45:43 2003 From: brent at WHITE-DEV.QUATRO.COM (Brent) Date: Thu Jan 12 21:18:39 2006 Subject: sending blacklisted entries to highscore action Message-ID: <200306231458.h5NEwVB13876@white-dev.quatro.com> I needed a way of sending blacklisted hosts to the highscore spam action and I think I found a really easy method: diff Message.pm Message.pm.new 309a310 > $this->{ishigh} = 1; Looks like that cause the highspam score action to be executed: Jun 23 10:48:31 dev-server MailScanner[13498]: New Batch: Scanning 1 messages, 963 bytes Jun 23 10:48:31 dev-server MailScanner[13498]: Spam Checks: Starting Jun 23 10:48:32 dev-server MailScanner[13498]: Message h5NEmSB13615 from xx.xxx.xxx.xxx (user@blacklistedhost.com) to devdomain.com.com is spam blacklisted) Jun 23 10:48:32 dev-server MailScanner[13498]: Spam Checks: Found 1 spam messages Jun 23 10:48:32 dev-server MailScanner[13498]: Spam Actions: message h5NEmSB13616 actions are spams@devdomain.com.com,forward Jun 23 10:48:32 dev-server MailScanner[13498]: Virus and Content Scanning: Starting Jun 23 10:48:32 dev-server MailScanner[13498]: Filename Checks: Allowing msg-13498-2.txt Jun 23 10:48:32 dev-server MailScanner[13498]: Uninfected: Delivered 1 messages Julian is this legit? Or am I going to cause problems with this? Thanks, Brent From mike at CAMAROSS.NET Mon Jun 23 15:50:22 2003 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:18:39 2006 Subject: More Beer for Julian and his fine work on [MAILSCANNER] In-Reply-To: <1297.213.140.31.170.1056374849.squirrel@www.blacknightsolutions.com> Message-ID: <001c01c33996$c66c9bb0$9c01a8c0@home.middlefinger.net> I guess we're going to have to pitch in and get him a new liver too! :) Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Michele Neylon :: Blacknight Solutions Sent: Monday, June 23, 2003 8:27 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: More Beer for Julian and his fine work on [MAILSCANNER] > On Sun, 22 Jun 2003, Julian Field wrote: >> If we ever meet, you owe me a beer ;-) > > You can drink the bar dry Julian. I'm sure we can find enough > extremely appreciative sysadmins to cover the tab. :) I'll second that! -- Mr. Michele Neylon Blacknight Solutions http://www.blacknightsolutions.com/ Shell hosting now available ######################################################### This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance to it is prohibited. From paul.hamilton at sme-ecom.co.uk Mon Jun 23 16:01:02 2003 From: paul.hamilton at sme-ecom.co.uk (Paul Hamilton) Date: Thu Jan 12 21:18:39 2006 Subject: SQL Logging Message-ID: <000101c33998$45e73b60$fc32000a@4> Further to our earlier email we are seeing numerous error entries in our maillog e.g. 'Jun 23 15:52:34 cobaltxxx MailScanner[20435]: Cannot insert row: ERROR: Bad timestamp external representation '505646.002.001.0001] HMCE EDCS Response Message' Jun 23 15:52:37 cobaltxxx last message repeated 6 times' is this because we are not using the latest CustomConfig?, does the latest file also address the problem of multiple entries for the same message being placed into the temp log? Are we missing something? **************************************************************************** ********** Hi All, Calling upon the mailing lists experiences on this one, apologies it has already been discussed but our queries of the knowledge base yielded nothing that helped us. Set-up: Raq4i, MailScanner 4.19-9 SA 2.54 On implementing sql logging we're finding that MailScanner is making up to 10 entries for the same message into the Temp Log File, which are then being mirrored into our sql database when the information is flushed across from the Temp Log. Is this normal? if how do we stop it corrupting the results in the sql database. Thanks in advance. Regards Paul H. From chicks at CHICKS.NET Mon Jun 23 15:14:40 2003 From: chicks at CHICKS.NET (Christopher Hicks) Date: Thu Jan 12 21:18:39 2006 Subject: More Beer for Julian and his fine work on [MAILSCANNER] In-Reply-To: <001c01c33996$c66c9bb0$9c01a8c0@home.middlefinger.net> Message-ID: On Mon, 23 Jun 2003, Mike Kercher wrote: > I guess we're going to have to pitch in and get him a new liver too! :) Step right up! You too can sponsor body parts for Julian! An extra hand might get e-mail responses out faster. An extra eye could look at a third screen! A million and one new possibilities! Oh my. -- "Never offend people with style when you can offend them with substance." - Sam Brown From mikea at MIKEA.ATH.CX Mon Jun 23 16:21:30 2003 From: mikea at MIKEA.ATH.CX (mikea) Date: Thu Jan 12 21:18:39 2006 Subject: More Beer for Julian and his fine work on [MAILSCANNER] In-Reply-To: ; from chicks@CHICKS.NET on Mon, Jun 23, 2003 at 10:14:40AM -0400 References: <001c01c33996$c66c9bb0$9c01a8c0@home.middlefinger.net> Message-ID: <20030623102130.A41690@mikea.ath.cx> On Mon, Jun 23, 2003 at 10:14:40AM -0400, Christopher Hicks wrote: > Step right up! You too can sponsor body parts for Julian! An extra hand > might get e-mail responses out faster. An extra eye could look at a third > screen! A million and one new possibilities! Oh my. OK, everybody, Let's All Give Julian A Hand! I'd also consider giving him a pat on the back, except I think that she might object. -- Mike Andrews mikea@mikea.ath.cx Tired old sysadmin since 1964 From mailscanner at ecs.soton.ac.uk Mon Jun 23 16:44:24 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:39 2006 Subject: sending blacklisted entries to highscore action In-Reply-To: <200306231458.h5NEwVB13876@white-dev.quatro.com> Message-ID: <5.2.0.9.2.20030623164402.0415fcf8@imap.ecs.soton.ac.uk> At 15:45 23/06/2003, you wrote: >I needed a way of sending blacklisted hosts to the highscore spam action and >I think I found a really easy method: > >diff Message.pm Message.pm.new >309a310 > > $this->{ishigh} = 1; > > >Looks like that cause the highspam score action to be executed: > >Jun 23 10:48:31 dev-server MailScanner[13498]: New Batch: Scanning 1 >messages, 963 bytes >Jun 23 10:48:31 dev-server MailScanner[13498]: Spam Checks: Starting >Jun 23 10:48:32 dev-server MailScanner[13498]: Message h5NEmSB13615 from >xx.xxx.xxx.xxx (user@blacklistedhost.com) to devdomain.com.com is spam >blacklisted) >Jun 23 10:48:32 dev-server MailScanner[13498]: Spam Checks: Found 1 spam >messages >Jun 23 10:48:32 dev-server MailScanner[13498]: Spam Actions: message >h5NEmSB13616 actions are spams@devdomain.com.com,forward >Jun 23 10:48:32 dev-server MailScanner[13498]: Virus and Content Scanning: >Starting >Jun 23 10:48:32 dev-server MailScanner[13498]: Filename Checks: Allowing >msg-13498-2.txt >Jun 23 10:48:32 dev-server MailScanner[13498]: Uninfected: Delivered 1 >messages > >Julian is this legit? Or am I going to cause problems with this? No, that should be fine. -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From mailscanner at ecs.soton.ac.uk Mon Jun 23 16:42:31 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:39 2006 Subject: More Beer for Julian and his fine work on [MAILSCANNER] In-Reply-To: <001c01c33996$c66c9bb0$9c01a8c0@home.middlefinger.net> References: <1297.213.140.31.170.1056374849.squirrel@www.blacknightsolutions.com> Message-ID: <5.2.0.9.2.20030623164018.0490cbe0@imap.ecs.soton.ac.uk> At 15:50 23/06/2003, you wrote: >I guess we're going to have to pitch in and get him a new liver too! :) A new liver that worked properly would actually be surprisingly helpful! (along with most of the rest of me, mine totally packed up 6 years ago but basically works okay now) -- Julian Field www.MailScanner.info MailScanner thanks transtec Computers for their support From JFalgout at CO.JEFFERSON.CO.US Mon Jun 23 16:54:56 2003 From: JFalgout at CO.JEFFERSON.CO.US (Jeff Falgout) Date: Thu Jan 12 21:18:39 2006 Subject: More Beer for Julian and his fine work on [MAILSCANNER] Message-ID: Body Parts, regular expressions, and Beer * Does it get any better?? >>> mikea@MIKEA.ATH.CX 6/23/2003 9:21:30 AM >>> On Mon, Jun 23, 2003 at 10:14:40AM -0400, Christopher Hicks wrote: > Step right up! You too can sponsor body parts for Julian! An extra hand > might get e-mail responses out faster. An extra eye could look at a third > screen! A million and one new possibilities! Oh my. OK, everybody, Let's All Give Julian A Hand! I'd also consider giving him a pat on the back, except I think that she might object. -- Mike Andrews mikea@mikea.ath.cx Tired old sysadmin since 1964 From Kevin at MICA.NET Mon Jun 23 16:54:28 2003 From: Kevin at MICA.NET (Kevin Hanser) Date: Thu Jan 12 21:18:39 2006 Subject: freshclam update hung w/MailScanner auto update Message-ID: <8B699873CEBA3543926B467E7680823203471A@sol.hq.mica.net> Hello, I am running MailScanner in conjunction with ClamAV and spamassassin on a couple mailservers. Last friday, I noticed that mail wasn't coming thru on one server, and after some investigation, I found out that the MailScanner ClamAV autoupdate and freshclam were hung for some reason, and because of it, MailScanner was queueing messages and not delivering them. I killed the hung processes, and MailScanner started back up. Today (monday), another server had done the exact same thing. The auto update script and freshclam were still running, and messages were being queued and not delivered. I'm not sure if this is an issue w/MailScanner or ClamAV, so I'm sending messages to both mailing lists to see if anybody has some insight into the problem. At the time, I was running ClamAV-0.54, and MailScanner 4.20-3. I noticed that updated versions of both are now available, so I've updated to ClamAV 0.60 and MailScanner 4.21-9 in hopes that one update or the other might fix the problem. I didn't find any specific mention of this problem in either program's changelog though... Has anybody else noticed this problem? Also, is there a way to have freshclam and/or MailScanner's autoupdate script timeout if it doesn't complete in a certain time frame? thx k -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030623/955c0afd/attachment.html From henker at SHCOM.US Mon Jun 23 17:18:58 2003 From: henker at SHCOM.US (Steffan Henke) Date: Thu Jan 12 21:18:39 2006 Subject: freshclam update hung w/MailScanner auto update In-Reply-To: <8B699873CEBA3543926B467E7680823203471A@sol.hq.mica.net> References: <8B699873CEBA3543926B467E7680823203471A@sol.hq.mica.net> Message-ID: On Mon, 23 Jun 2003, Kevin Hanser wrote: > Has anybody else noticed this problem? Also, is there a way to have > freshclam and/or MailScanner's autoupdate script timeout if it doesn't > complete in a certain time frame? Yes, I can confirm that, had the same issue last week. Upgraded clamav to 0.60 and keep an eye on the update processes now. Regards, Steffan From gerry at dorfam.ca Mon Jun 23 18:36:29 2003 From: gerry at dorfam.ca (Gerry Doris) Date: Thu Jan 12 21:18:39 2006 Subject: More Beer for Julian and his fine work on [MAILSCANNER] In-Reply-To: <5.2.0.9.2.20030623164018.0490cbe0@imap.ecs.soton.ac.uk> References: <1297.213.140.31.170.1056374849.squirrel@www.blacknightsolutions.com> <5.2.0.9.2.20030623164018.0490cbe0@imap.ecs.soton.ac.uk> Message-ID: <30801.129.80.22.143.1056389789.squirrel@tiger.dorfam.ca> > At 15:50 23/06/2003, you wrote: >>I guess we're going to have to pitch in and get him a new liver too! :) > > A new liver that worked properly would actually be surprisingly helpful! > (along with most of the rest of me, mine totally packed up 6 years ago but > basically works okay now) > -- > Julian Field Hmmm, a whole new trend in open source software. The software is provided free of charge except for body parts required to improve programmer efficency. Hopefully, Microsoft doesn't get wind of this...that would be truly frightening. Gerry From mailscanner at ecs.soton.ac.uk Mon Jun 23 18:46:38 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:39 2006 Subject: More Beer for Julian and his fine work on [MAILSCANNER] In-Reply-To: <30801.129.80.22.143.1056389789.squirrel@tiger.dorfam.ca> References: <5.2.0.9.2.20030623164018.0490cbe0@imap.ecs.soton.ac.uk> <1297.213.140.31.170.1056374849.squirrel@www.blacknightsolutions.com> <5.2.0.9.2.20030623164018.0490cbe0@imap.ecs.soton.ac.uk> Message-ID: <5.2.1.1.2.20030623184459.04f24eb0@imap.ecs.soton.ac.uk> At 18:36 23/06/2003, you wrote: > > At 15:50 23/06/2003, you wrote: > >>I guess we're going to have to pitch in and get him a new liver too! :) > > > > A new liver that worked properly would actually be surprisingly helpful! > > (along with most of the rest of me, mine totally packed up 6 years ago but > > basically works okay now) > > -- > > Julian Field > >Hmmm, a whole new trend in open source software. The software is provided >free of charge except for body parts required to improve programmer >efficency. Hopefully, Microsoft doesn't get wind of this...that would be >truly frightening. Well, we've had postcard-ware and pizza-ware (eg Samba), perhaps now we should have bodypart-ware? -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From gsmithe at OFALLON90.NET Mon Jun 23 19:06:34 2003 From: gsmithe at OFALLON90.NET (Gary Smithe) Date: Thu Jan 12 21:18:39 2006 Subject: More Beer for Julian and his fine work on [MAILSCANNER] Message-ID: hmmm... I'm picturing a Borg Scenario a la Star Trek... Didn't I see a picture of ol' Billy Gates in that light (resistance is futile...)? I say if we make programmer improvements, let them be cyber improvements. Gary -----Original Message----- From: Gerry Doris [mailto:gerry@DORFAM.CA] Sent: Mon 6/23/2003 12:36 PM To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Re: More Beer for Julian and his fine work on [MAILSCANNER] > At 15:50 23/06/2003, you wrote: >>I guess we're going to have to pitch in and get him a new liver too! :) > > A new liver that worked properly would actually be surprisingly helpful! > (along with most of the rest of me, mine totally packed up 6 years ago but > basically works okay now) > -- > Julian Field Hmmm, a whole new trend in open source software. The software is provided free of charge except for body parts required to improve programmer efficency. Hopefully, Microsoft doesn't get wind of this...that would be truly frightening. Gerry From mailscanner at ecs.soton.ac.uk Mon Jun 23 19:29:57 2003 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:18:39 2006 Subject: More Beer for Julian and his fine work on [MAILSCANNER] In-Reply-To: Message-ID: <5.2.1.1.2.20030623192915.04f29f18@imap.ecs.soton.ac.uk> At 19:06 23/06/2003, you wrote: >hmmm... I'm picturing a Borg Scenario a la Star Trek... If that wasn't a Photoshop Challenge, I don't know what is! Best entries get on the web site :-) > >Didn't I see a picture of ol' Billy Gates in that light (resistance is >futile...)? > >I say if we make programmer improvements, let them be cyber improvements. > >Gary > > -----Original Message----- > From: Gerry Doris [mailto:gerry@DORFAM.CA] > Sent: Mon 6/23/2003 12:36 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Cc: > Subject: Re: More Beer for Julian and his fine work on [MAILSCANNER] > > > > > At 15:50 23/06/2003, you wrote: > >>I guess we're going to have to pitch in and get him a new liver > too! :) > > > > A new liver that worked properly would actually be surprisingly > helpful! > > (along with most of the rest of me, mine totally packed up 6 > years ago but > > basically works okay now) > > -- > > Julian Field > > Hmmm, a whole new trend in open source software. The software is > provided > free of charge except for body parts required to improve programmer > efficency. Hopefully, Microsoft doesn't get wind of this...that > would be > truly frightening. > > Gerry > -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support From dwinkler at ALGORITHMICS.COM Mon Jun 23 19:34:08 2003 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:18:39 2006 Subject: More Beer for Julian and his fine work on [MAILSCANNER] Message-ID: <06EE2C86D3DAD5119A6C0060943F3C97055E7044@tormail1.algorithmics.com> http://www.mageworld.co.uk/graphics/bill-borg-banner.jpg http://ifaq.wap.org/posters/billgate.html http://pages.infinit.net/rave/gates.html http://www.ahajokes.com/crt202.html -----Original Message----- From: Julian Field [mailto:mailscanner@ecs.soton.ac.uk] Sent: Monday, June 23, 2003 2:30 PM To: MAILSCANNER@jiscmail.ac.uk Subject: Re: More Beer for Julian and his fine work on [MAILSCANNER] At 19:06 23/06/2003, you wrote: >hmmm... I'm picturing a Borg Scenario a la Star Trek... If that wasn't a Photoshop Challenge, I don't know what is! Best entries get on the web site :-) > >Didn't I see a picture of ol' Billy Gates in that light (resistance is >futile...)? > >I say if we make programmer improvements, let them be cyber improvements. > >Gary > > -----Original Message----- > From: Gerry Doris [mailto:gerry@DORFAM.CA] > Sent: Mon 6/23/2003 12:36 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Cc: > Subject: Re: More Beer for Julian and his fine work on [MAILSCANNER] > > > > > At 15:50 23/06/2003, you wrote: > >>I guess we're going to have to pitch in and get him a new liver > too! :) > > > > A new liver that worked properly would actually be surprisingly > helpful! > > (along with most of the rest of me, mine totally packed up 6 > years ago but > > basically works okay now) > > -- > > Julian Field > > Hmmm, a whole new trend in open source software. The software is > provided > free of charge except for body parts required to improve programmer > efficency. Hopefully, Microsoft doesn't get wind of this...that > would be > truly frightening. > > Gerry > -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030623/9f29761b/attachment.html From kevins at BMRB.CO.UK Mon Jun 23 20:32:58 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:39 2006 Subject: More Beer for Julian and his fine work on [MAILSCANNER] In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB001175A52@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB001175A52@pascal.priv.bmrb.co.uk> Message-ID: <1056396781.9340.1.camel@bach.kevinspicer.co.uk> On Mon, 2003-06-23 at 19:29, Julian Field wrote: >At 19:06 23/06/2003, you wrote: >>hmmm... I'm picturing a Borg Scenario a la Star Trek... >If that wasn't a Photoshop Challenge, I don't know what is! >Best entries get on the web site :-) >> >>Didn't I see a picture of ol' Billy Gates in that light (resistance is >>futile...)? >> Thats the logo that slashdot.org use to identify everyones favourite monopolist! BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From ragan_davis at COLSTATE.EDU Mon Jun 23 23:52:42 2003 From: ragan_davis at COLSTATE.EDU (Mack Ragan) Date: Thu Jan 12 21:18:39 2006 Subject: INFO: Automated df2mbox routine Message-ID: FYI -- In case anyone want's to know an easy way to automate creation of spam.yyyymmdd files, here's what I did: Create a shell script (named make_mbox or whatever u want) with the following lines: #!/bin/bash folder=`date +%Y%m%d` cd /var/spool/MailScanner/quarantine /usr/sbin/df2mbox $folder Make the file executable: chmod 0750 make_mbox Then, create a cron job (type "crontab -e"): 59 23 * * * /some_path_here/make_mbox This will generate a spam.yyyymmdd file near the end of each day so that you'll have something fairly complete to use when you come in the next morning. Note: All of the above assumes root user. Well, hope this helps someone! Suggestions welcomed! cya, mack From ree at THUNDERSTAR.NET Mon Jun 23 06:58:45 2003 From: ree at THUNDERSTAR.NET (Ron E.) Date: Thu Jan 12 21:18:39 2006 Subject: MailScanner & Razor false positive Message-ID: I'm hoping someone has an idea here - I had a couple of false positives recently that I wanted to look at a little more closely so I ran them through spamassassin manually with debug options, etc. The oddity is that manually the message only got a score of 3.10 and when the message originally was processed by MailScanner it got a score of 5. When I checked out the difference, I noticed that the manual process of the message resulted in the message not getting any points from Razor. When it was processed by MailScanner it got: RAZOR2_CF_RANGE_21_30 and RAZOR2_CHECK Anyone have any idea why the message would get a different score when run through manually and what the above two scored items indicate? The other rules that were triggered were pretty obvious but not the razor ones. TIA, Ron From tony.johansson at SVENSKAKYRKAN.SE Tue Jun 24 08:50:09 2003 From: tony.johansson at SVENSKAKYRKAN.SE (Tony Johansson) Date: Thu Jan 12 21:18:39 2006 Subject: Spam Blacklist Message-ID: <3C4F5084EF16D4119CE700508B6B8B10058D0D97@nt.svenskakyrkan.se> Hello, I've recently been tinkering with the "Is Definitely Spam" variable and the "&ByDomainSpamBlacklist" variable in CustomConfig.pm Domains that I blacklist get flagged as spam just fine, problem is that they also get delivered when I want to completly stop them. (atleast some of them) Is there a way to bump entries on the blacklist into triggering the "High Scoring Spam Actions" ? regards, Tony From steve.freegard at LBSLTD.CO.UK Tue Jun 24 11:28:36 2003 From: steve.freegard at LBSLTD.CO.UK (Steve Freegard) Date: Thu Jan 12 21:18:39 2006 Subject: MailWatch and McAfee Message-ID: <67D9E7698329D411936E00508B6590B902793DA5@neelix.lbsltd.co.uk> Hi Daniel, This should work: define(VIRUS_REGEX, '/(.+) Found the (\S+) virus !!!/'); I've added it to the code for the next version. Kind regards, Steve. _____ From: Daniel Zajd [mailto:daniel@ZAJD.COM] Sent: 21 June 2003 01:33 To: MAILSCANNER@JISCMAIL.AC.UK I just have to say, Great work!! But I need some help. How should the expression for McAfee look like? The log look like this: Jun 21 02:15:54 mail2 MailScanner[6710]: New Batch: Scanning 1 messages, 62658 bytes Jun 21 02:15:54 mail2 MailScanner[6710]: Spam Checks: Starting Jun 21 02:16:00 mail2 MailScanner[6710]: Virus and Content Scanning: Starting Jun 21 02:16:03 mail2 MailScanner[6710]: McAfee said "/dev/shm/6710/h5L0FoD9006755/dr.scr" Jun 21 02:16:03 mail2 MailScanner[6710]: McAfee said " Found the W32/Ganda@MM virus !!!" Jun 21 02:16:03 mail2 MailScanner[6710]: /h5L0FoD9006755/dr.scr Found the W32/Ganda@MM virus !!! Jun 21 02:16:04 mail2 MailScanner[6710]: Virus Scanning: McAfee found 1 infections Jun 21 02:16:04 mail2 MailScanner[6710]: Virus Scanning: Found 1 viruses Jun 21 02:16:04 mail2 MailScanner[6710]: Filename Checks: Possible virus hidden in a screensaver (dr.scr) And MailWatch show: Report: /h5L0FoD9006755/dr.scr Found the W32/Ganda@MM virus !!! Windows Screensavers are often used to hide viruses (dr.scr) //Daniel Zajd Mailsystem Sweden -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete the message from your mailbox. This footnote also confirms that this email message has been swept by MailScanner (www.mailscanner.info) for the presence of computer viruses. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030624/2b2e779d/attachment.html From steve.freegard at LBSLTD.CO.UK Tue Jun 24 11:49:14 2003 From: steve.freegard at LBSLTD.CO.UK (Steve Freegard) Date: Thu Jan 12 21:18:39 2006 Subject: Quarantine permissions Message-ID: <67D9E7698329D411936E00508B6590B902793DA7@neelix.lbsltd.co.uk> Hi Kris, Thanks for the info. I'm using PHP also - so far I've got a quarantine viewer which shows all the messages (date, from, to, subject, size, sascore, quarantine reason) and another bit which allows release of Spam messages and/or files caught by the filename rules using the pear Mail::MIME class. I've got it slightly easier as I'm reading the message info from MySQL and not the syslogs, so I don't have to worry about log rotation. Kind regards, Steve. _____ From: Kris Zabriskie [mailto:zabriskw@ITECH.NET] Sent: 20 June 2003 16:31 To: MAILSCANNER@JISCMAIL.AC.UK Steve, I am doing a VERY similar thing with PHP. It will retrieve e-mail from quarantine on a certain date. I am having trouble with the quarantine directory as well as the daily rotated out syslogs. I have been playing with a utility for Tru64 that allows you to set permissions, regardless of what something else tells it to be. You might want to see if your OS has an option like that. ----- Original Message ----- From: Steve Freegard To: MAILSCANNER@JISCMAIL.AC.UK Sent: Friday, June 20, 2003 11:21 AM Subject: Quarantine permissions Hi Julian, I've just been looking at putting a feature into MailWatch to release quarantined spam and/or blocked files that a few people have requested. I've still got a fair bit to do, but do have it working for the most part - but I have to manually keep chown/chmodding the quarantine files as root as Quarantine.pm creates the files/dirs mode 0700 root:root. To work correctly from MailWatch, ideally the dirs should be 0750 root:apache, and the files 0640 root:apache, but this will vary depending on people's local set-ups. Any chance that you could add a couple of options the MailScanner.conf to give the values for 'Quarantine Files Mode', 'Quarantine Dirs Mode' and 'Quarantine Owner/Group' or something similar? Kind regards, Steve -- Steve Freegard Systems Manager Littlehampton Book Services Ltd. Tel: +44 (0)1903 82 8594 Fax: +44 (0)1903 82 8620 -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete the message from your mailbox. This footnote also confirms that this email message has been swept by MailScanner (www.mailscanner.info) for the presence of computer viruses. -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete the message from your mailbox. This footnote also confirms that this email message has been swept by MailScanner (www.mailscanner.info) for the presence of computer viruses. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030624/07b7653e/attachment.html From brent at WHITE-DEV.QUATRO.COM Tue Jun 24 14:12:57 2003 From: brent at WHITE-DEV.QUATRO.COM (Brent) Date: Thu Jan 12 21:18:39 2006 Subject: Spam Blacklist In-Reply-To: <3C4F5084EF16D4119CE700508B6B8B10058D0D97@nt.svenskakyrkan.se> Message-ID: <200306241325.h5ODPpo01027@white-dev.quatro.com> Tony: See my post from yesterday, Subject: "sending blacklisted entries to highscore action". It has were to patch the Message.pm to accomplish that. Brent -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Tony Johansson Sent: Tuesday, June 24, 2003 3:50 AM To: MAILSCANNER@JISCMAIL.AC.UK Hello, I've recently been tinkering with the "Is Definitely Spam" variable and the "&ByDomainSpamBlacklist" variable in CustomConfig.pm Domains that I blacklist get flagged as spam just fine, problem is that they also get delivered when I want to completly stop them. (atleast some of them) Is there a way to bump entries on the blacklist into triggering the "High Scoring Spam Actions" ? regards, Tony From dean.plant at ROKE.CO.UK Tue Jun 24 14:30:26 2003 From: dean.plant at ROKE.CO.UK (Plant, Dean) Date: Thu Jan 12 21:18:39 2006 Subject: How do I release quarantined mail Message-ID: Can someone please advise the best way to release quarantined mail from MailScanner. The mails are stored in html format in /var/spool/MailScanner/quarantine/{date}/{mesg id} I am using MailScanner 4.21-9, rpm install on Redhat 8. Thanks Dean Plant -- Registered Office: Roke Manor Research Ltd, Siemens House, Oldbury, Bracknell, Berkshire. RG12 8FZ The information contained in this e-mail and any attachments is confidential to Roke Manor Research Ltd and must not be passed to any third party without permission. This communication is for information only and shall not create or change any contractual relationship. From MWeiner at AG.COM Tue Jun 24 14:44:08 2003 From: MWeiner at AG.COM (MW Mike Weiner (5028)) Date: Thu Jan 12 21:18:39 2006 Subject: MS and ClamAV Message-ID: Has anyone else noticed that the upgrade to clamav version 0.60 stops MailScanner from finding viruses?? Weird, but it seems the last upgrade I did, I havent seen a single virus. Any ideas what to look for??? Thanks in advance Michael Weiner From raymond at PROLOCATION.NET Tue Jun 24 14:53:13 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:39 2006 Subject: MS and ClamAV In-Reply-To: Message-ID: Hi! > Has anyone else noticed that the upgrade to clamav version 0.60 stops > MailScanner from finding viruses?? Weird, but it seems the last upgrade I > did, I havent seen a single virus. Any ideas what to look for??? Uhm nope... : Jun 24 14:10:17 vmx01 MailScanner[17105]: Virus Scanning: ClamAV found 1 infections Jun 24 14:38:25 vmx01 MailScanner[17776]: Virus Scanning: ClamAV found 1 infections Jun 24 15:42:10 vmx01 MailScanner[18055]: Virus Scanning: ClamAV found 1 infections And also the test zips with virusses i sended in after upgrading, as test, were noticed by Clam. Bye, Raymond. From steve.freegard at LBSLTD.CO.UK Tue Jun 24 14:53:22 2003 From: steve.freegard at LBSLTD.CO.UK (Steve Freegard) Date: Thu Jan 12 21:18:39 2006 Subject: MS and ClamAV Message-ID: <67D9E7698329D411936E00508B6590B902793DC8@neelix.lbsltd.co.uk> Mike, I haven't tried 0.60 yet - but have you tried testing it with eicar?? (www.eicar.com)?? Regards, Steve. -----Original Message----- From: MW Mike Weiner (5028) [mailto:MWeiner@AG.COM] Sent: 24 June 2003 14:44 To: MAILSCANNER@JISCMAIL.AC.UK Has anyone else noticed that the upgrade to clamav version 0.60 stops MailScanner from finding viruses?? Weird, but it seems the last upgrade I did, I havent seen a single virus. Any ideas what to look for??? Thanks in advance Michael Weiner -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete the message from your mailbox. This footnote also confirms that this email message has been swept by MailScanner (www.mailscanner.info) for the presence of computer viruses. From henker at SHCOM.US Tue Jun 24 14:54:43 2003 From: henker at SHCOM.US (Steffan Henke) Date: Thu Jan 12 21:18:39 2006 Subject: MS and ClamAV In-Reply-To: References: Message-ID: On Tue, 24 Jun 2003, MW Mike Weiner (5028) wrote: > Has anyone else noticed that the upgrade to clamav version 0.60 stops > MailScanner from finding viruses?? Weird, but it seems the last upgrade I > did, I havent seen a single virus. Any ideas what to look for??? I upgraded to 0.60 and fed it with the eicar test string which got detected properly. Have you restarted MailScanner ? Any other processes still running ? Regards, Steffan From dustin.baer at IHS.COM Tue Jun 24 15:09:10 2003 From: dustin.baer at IHS.COM (Dustin Baer) Date: Thu Jan 12 21:18:39 2006 Subject: How do I release quarantined mail References: Message-ID: <3EF85B86.9CA9585A@ihs.com> "Plant, Dean" wrote: > > Can someone please advise the best way to release quarantined mail from MailScanner. > > The mails are stored in html format in /var/spool/MailScanner/quarantine/{date}/{mesg id} If it isn't infected, you can zip it, uuencode it and send it back through MailScanner. Then all the recipient should need to do is unzip it: $ cd /var/spool/MailScanner/quarantine/[DATE]/[MSG ID] $ zip [MSG ID].zip *[MSG ID] $ uuencode [MSG ID].zip [MSG ID.zip | mailx -s "Requested zipped up version of [MSG ID]" [EMAIL ADDRESS] Example (probably need to do this as root): # cd /var/spool/MailScanner/quarantine/20030624/h5ODdpEY002821 # zip h5ODdpEY002821.zip *h5ODdpEY002821 # uuencode h5ODdpEY002821.zip h5ODdpEY002821.zip | mailx -s "Requested zipped version of h5ODdpEY002821" blah@blah.com Dustin Baer Unix Administrator/Postmaster Information Handling Services 15 Inverness Way East Englewood, CO 80112 303-397-2836 From dustin.baer at IHS.COM Tue Jun 24 15:13:44 2003 From: dustin.baer at IHS.COM (Dustin Baer) Date: Thu Jan 12 21:18:39 2006 Subject: How do I release quarantined mail References: <3EF85B86.9CA9585A@ihs.com> Message-ID: <3EF85C98.D0658CB6@ihs.com> Dustin Baer wrote: > > "Plant, Dean" wrote: > > > > Can someone please advise the best way to release quarantined mail from MailScanner. > > > > The mails are stored in html format in /var/spool/MailScanner/quarantine/{date}/{mesg id} > > If it isn't infected, you can zip it, uuencode it and send it back > through MailScanner. Then all the recipient should need to do is unzip > it: > > $ cd /var/spool/MailScanner/quarantine/[DATE]/[MSG ID] > $ zip [MSG ID].zip *[MSG ID] > $ uuencode [MSG ID].zip [MSG ID.zip | mailx -s "Requested zipped up > version of [MSG ID]" [EMAIL ADDRESS] > > Example (probably need to do this as root): > > # cd /var/spool/MailScanner/quarantine/20030624/h5ODdpEY002821 > # zip h5ODdpEY002821.zip *h5ODdpEY002821 > # uuencode h5ODdpEY002821.zip h5ODdpEY002821.zip | mailx -s "Requested > zipped version of h5ODdpEY002821" blah@blah.com Uh...actually...nevermind. I was thinking of just sending attachments through in that manner, i.e. zipping/uuencoding the attachment, not the whole df/qf message. SORRY! If the email is not infected, just put it in /var/spool/mqueue and let it go. Dustin From dean.plant at ROKE.CO.UK Tue Jun 24 15:38:28 2003 From: dean.plant at ROKE.CO.UK (Plant, Dean) Date: Thu Jan 12 21:18:39 2006 Subject: How do I release quarantined mail Message-ID: Dustin Baer wrote: > Dustin Baer wrote: >> >> "Plant, Dean" wrote: >>> >>> Can someone please advise the best way to release quarantined mail >>> from MailScanner. >>> >>> The mails are stored in html format in >>> /var/spool/MailScanner/quarantine/{date}/{mesg id} >> >> If it isn't infected, you can zip it, uuencode it and send it back >> through MailScanner. Then all the recipient should need to do is >> unzip it: >> >> $ cd /var/spool/MailScanner/quarantine/[DATE]/[MSG ID] $ zip [MSG >> ID].zip *[MSG ID] $ uuencode [MSG ID].zip [MSG ID.zip | mailx -s >> "Requested zipped up version of [MSG ID]" [EMAIL ADDRESS] >> >> Example (probably need to do this as root): >> >> # cd /var/spool/MailScanner/quarantine/20030624/h5ODdpEY002821 >> # zip h5ODdpEY002821.zip *h5ODdpEY002821 >> # uuencode h5ODdpEY002821.zip h5ODdpEY002821.zip | mailx -s >> "Requested zipped version of h5ODdpEY002821" blah@blah.com > > > Uh...actually...nevermind. I was thinking of just sending attachments > through in that manner, i.e. zipping/uuencoding the attachment, not > the whole df/qf message. SORRY! > > If the email is not infected, just put it in /var/spool/mqueue and let > it go. > > Dustin The format of the mail files in /var/spool/mqueue is a single df/qf file per message but in the quarantine folder each message is represented by a directory with an html file indside. How do I convert these files so it can be moved into /var/spool/mqueue. Thanks for your help Dean -- Registered Office: Roke Manor Research Ltd, Siemens House, Oldbury, Bracknell, Berkshire. RG12 8FZ The information contained in this e-mail and any attachments is confidential to Roke Manor Research Ltd and must not be passed to any third party without permission. This communication is for information only and shall not create or change any contractual relationship. From MWeiner at AG.COM Tue Jun 24 15:39:49 2003 From: MWeiner at AG.COM (MW Mike Weiner (5028)) Date: Thu Jan 12 21:18:39 2006 Subject: MS and ClamAV Message-ID: I even bounced the box to get everything resync'd and I still havent seen 1 virus, even though the maillog says that the Virus scanning was started per message, as in the following: Jun 24 10:36:05 spambox MailScanner[2319]: Virus and Content Scanning: Starting But nothing afterwards.... Any ideas? Michael Weiner -----Original Message----- From: Steffan Henke [mailto:henker@SHCOM.US] Sent: Tuesday, June 24, 2003 9:55 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MS and ClamAV On Tue, 24 Jun 2003, MW Mike Weiner (5028) wrote: > Has anyone else noticed that the upgrade to clamav version 0.60 stops > MailScanner from finding viruses?? Weird, but it seems the last upgrade I > did, I havent seen a single virus. Any ideas what to look for??? I upgraded to 0.60 and fed it with the eicar test string which got detected properly. Have you restarted MailScanner ? Any other processes still running ? Regards, Steffan From David.While at UCE.AC.UK Tue Jun 24 15:06:18 2003 From: David.While at UCE.AC.UK (David While) Date: Thu Jan 12 21:18:39 2006 Subject: MS and ClamAV Message-ID: <107DE25EC0216C45AEF670016024245F6EE1@exchangea.staff.uce.ac.uk> Nope No problems for me - I upgraded to 0.60 over the weekend and have detected BugBear and Klez since then. ----------------------------------------------------------------- David While Technical Development Manager Faculty of Computing, Information & English University of Central England Tel: 0121 331 6211 ----------------------------------------------------------------- -----Original Message----- From: MW Mike Weiner (5028) [mailto:MWeiner@AG.COM] Sent: 24 June 2003 14:44 To: MAILSCANNER@JISCMAIL.AC.UK Subject: MS and ClamAV Has anyone else noticed that the upgrade to clamav version 0.60 stops MailScanner from finding viruses?? Weird, but it seems the last upgrade I did, I havent seen a single virus. Any ideas what to look for??? Thanks in advance Michael Weiner From dustin.baer at IHS.COM Tue Jun 24 15:54:53 2003 From: dustin.baer at IHS.COM (Dustin Baer) Date: Thu Jan 12 21:18:39 2006 Subject: How do I release quarantined mail References: Message-ID: <3EF8663D.B22D8F2A@ihs.com> > >> "Plant, Dean" wrote: > >>> > >>> Can someone please advise the best way to release quarantined mail > >>> from MailScanner. > >>> > >>> The mails are stored in html format in > >>> /var/spool/MailScanner/quarantine/{date}/{mesg id} > > The format of the mail files in /var/spool/mqueue is a single df/qf > file per message but in the quarantine folder each message is > represented by a directory with an html file indside. How do I > convert these files so it can be moved into /var/spool/mqueue. > > Thanks for your help Ah...I see. I misread your original post. Someone else will have to step in to explain how to send a single HTML file through. I suppose you could uuencode it also. You might want to take a look at the following configuration lines in MailScanner.conf. It would make things easier for releasing quarantined email in the future. # When you quarantine an entire message, do you want to store it as # raw mail queue files (so you can easily send them onto users) or # as human-readable files (header then body in 1 file)? Quarantine Whole Messages As Queue Files = yes Dustin From thomas_duvally at BROWN.EDU Tue Jun 24 15:55:13 2003 From: thomas_duvally at BROWN.EDU (Thomas DuVally) Date: Thu Jan 12 21:18:39 2006 Subject: Virus not getting cleaned Message-ID: <1056466512.24956.1.camel@croithine> OK, here's my problem: I have hacked in support for Symantec Virus scanning in version 4.10-1 and using it in production. I wanted upgrade to the latest and greatest (4.20-3), but the code has changed just enough to make my hacking not work right. Scanning works, and I even get logging that the viruses are found, but them it delivers it as uninfected with no other error or report. I am at a loss. Where in the code does MS go from reading the output of the virus scanner, to deciding to remove or do anything to the attachment? And Julian, I'd give you my liver if you really need it, but I'd like to keep it for a while longer. How about a nice kidney? i don't really need two... Or an eye? Who needs depth perception when monitors are flat? -- Thomas DuVally Lead Sys. Prog. CIS, Brown Univ. 401.863.9466 From damian at WORKGROUPSOLUTIONS.COM Tue Jun 24 16:58:06 2003 From: damian at WORKGROUPSOLUTIONS.COM (Damian Mendoza) Date: Thu Jan 12 21:18:39 2006 Subject: whitelisted question Message-ID: Hi, I keep receiving these types of messages (whitelisted) which are bypassing MailScanner from tagging a message as SPAM. Is this coming from SpamAssassin or MailScanner? -Message-is-Spam: not spam (whitelisted), SpamAssassin (score=12.9, required 4, BAYES_50, CLICK_BELOW, COMPLETELY_FREE, CONSOLIDATE_DEBT, EXCUSE_14, HTML_60_70, HTML_FONT_BIG, HTML_FONT_COLOR_BLUE, HTML_FONT_COLOR_GREEN, HTML_FONT_COLOR_UNSAFE, HTML_LINK_CLICK_HERE, HTML_TABLE_THICK_BORDER, HTML_TAG_EXISTS_TBODY, MORTGAGE_BEST, OFFER, THE_BEST_RATE) Return-Path: chuw@svusd.k12.ca.us I thought it was related to the "Return-Path" but removed it from the MailScanner whitelist without success. Maillog file: ------------------------------------------------------------------- Jun 23 13:38:32 spamgate MailScanner[25654]: New Batch: Found 3 messages waiting Jun 23 13:38:32 spamgate MailScanner[25654]: New Batch: Forwarding 1 unscanned messages, 16705 bytes Jun 23 13:38:32 spamgate MailScanner[25654]: Spam Checks: Starting Jun 23 13:38:48 spamgate sendmail[32129]: h5NKcmxX032129: from=, size=1710, class=0, nrcpts=1, msgid=, proto=ESMTP, daemon=MTA, relay=gateway.svusd.k12.ca.us [198.188.250.254] Jun 23 13:38:48 spamgate sendmail[32129]: h5NKcmxX032129: to=, delay=00:00:00, mailer=esmtp, pri=30711, stat=queued Jun 23 13:38:48 spamgate sendmail[32129]: h5NKcmxY032129: from=, size=7493, class=0, nrcpts=8, msgid=, proto=ESMTP, daemon=MTA, relay=gateway.svusd.k12.ca.us [198.188.250.254] Jun 23 13:38:48 spamgate sendmail[32129]: h5NKcmxY032129: to=, delay=00:00:00, mailer=esmtp, pri=240785, stat=queued Jun 23 13:38:48 spamgate sendmail[32129]: h5NKcmxY032129: to=, delay=00:00:00, mailer=esmtp, pri=240785, stat=queued Jun 23 13:38:48 spamgate sendmail[32129]: h5NKcmxY032129: to=, delay=00:00:00, mailer=esmtp, pri=240785, stat=queued Jun 23 13:38:48 spamgate sendmail[32129]: h5NKcmxY032129: to=, delay=00:00:00, mailer=esmtp, pri=240785, stat=queued Jun 23 13:38:48 spamgate sendmail[32129]: h5NKcmxY032129: to=, delay=00:00:00, mailer=esmtp, pri=240785, stat=queued -- Jun 23 13:39:33 spamgate MailScanner[26160]: Unscanned: Delivered 2 messages Jun 23 13:39:33 spamgate MailScanner[26160]: Virus and Content Scanning: Starting Jun 23 13:39:34 spamgate sendmail[32145]: h5NKc7xX032123: to=, delay=00:01:27, xdelay=00:00:01, mailer=esmtp, pri=120669, relay=[10.1.254.3] [10.1.254.3], dsn=2.0.0, stat=Sent ( <4446458.1056400681181.JavaMail.accucast@agent0.sbml.cc> Queued mail for delivery) Jun 23 13:39:35 spamgate sendmail[32149]: h5NKcmxX032129: to=, delay=00:00:47, xdelay=00:00:02, mailer=esmtp, pri=120711, relay=[10.1.254.3] [10.1.254.3], dsn=2.0.0, stat=Sent ( Queued mail for delivery) Jun 23 13:39:35 spamgate sendmail[32145]: h5NKc7xY032123: to=, delay=00:01:27, xdelay=00:00:01, mailer=esmtp, pri=120773, relay=[10.1.254.3] [10.1.254.3], dsn=2.0.0, stat=Sent ( <96C3A3236C22FB4CB8DE1C59AD668DE6085850A7@alloy.oakleyworldwide.net> Queued mail for delivery) Jun 23 13:39:36 spamgate sendmail[32149]: h5NKcmxY032129: to=,,,,,,,, delay=00:00:48, xdelay=00:00:01, mailer=esmtp, pri=330785, relay=[10.1.254.3] [10.1.254.3], dsn=2.0.0, stat=Sent ( Queued mail for delivery) Any ideas? Thanks, Damian From Kevin.Spicer at BMRB.CO.UK Tue Jun 24 17:02:51 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:18:39 2006 Subject: whitelisted question Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0EBF68E@pascal.priv.bmrb.co.uk> Damian Mendoza wrote: > Hi, > > I keep receiving these types of messages (whitelisted) which > are bypassing MailScanner from tagging a message as SPAM. Is > this coming from SpamAssassin or MailScanner? > > -Message-is-Spam: not spam (whitelisted), SpamAssassin (score=12.9, > required 4, BAYES_50, CLICK_BELOW, COMPLETELY_FREE, > CONSOLIDATE_DEBT, EXCUSE_14, HTML_60_70, HTML_FONT_BIG, > HTML_FONT_COLOR_BLUE, HTML_FONT_COLOR_GREEN, > HTML_FONT_COLOR_UNSAFE, HTML_LINK_CLICK_HERE, > HTML_TABLE_THICK_BORDER, HTML_TAG_EXISTS_TBODY, > MORTGAGE_BEST, OFFER, THE_BEST_RATE) Return-Path: chuw@svusd.k12.ca.us > > Any ideas? > Thats being whitelisted by MailScanner, maybe the spambot gave the senders address as one in your whitelist? (note thats the envelope sender not the From header). If you haven't done so already its better to whitelist outgoing mail by IP rather than domain. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From peter at UCGBOOK.COM Tue Jun 24 17:37:52 2003 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:18:39 2006 Subject: MS and ClamAV In-Reply-To: References: Message-ID: <3EF87E60.3010404@ucgbook.com> Rebooting is the Microsoft way of dealing with problems, usually means you're clueless. :) Sorry, couldn't resist. ;) If you think you have a problem you can't just wait for it to happen. Please test with eicar.com as earlier posts have suggested. If you don't know it's a test file for virus scanners and can be found on: http://www.eicar.org/anti_virus_test_file.htm Run it like this first: # clamscan eicar.com eicar.com: Eicar-Test-Signature FOUND ----------- SCAN SUMMARY ----------- Known viruses: 8531 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.00 Mb I/O buffer size: 131072 bytes Time: 0.374 sec (0 m 0 s) If it works (like above) then feed it through your mail system from Yahoo or something. Let us know the results. /Peter Bonivart --Unix lovers do it in the Sun MW Mike Weiner (5028) wrote: > I even bounced the box to get everything resync'd and I still havent seen 1 > virus, even though the maillog says that the Virus scanning was started per > message, as in the following: > > Jun 24 10:36:05 spambox MailScanner[2319]: Virus and Content Scanning: > Starting > > But nothing afterwards.... > > Any ideas? > Michael Weiner From MWeiner at AG.COM Tue Jun 24 17:58:23 2003 From: MWeiner at AG.COM (MW Mike Weiner (5028)) Date: Thu Jan 12 21:18:39 2006 Subject: MS and ClamAV Message-ID: I have no issues running clamscan and it IS working, however, it appears when the checks are called for within MS, I see that logged, then nothing else. Michael Weiner -----Original Message----- From: Peter Bonivart [mailto:peter@UCGBOOK.COM] Sent: Tuesday, June 24, 2003 12:38 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MS and ClamAV Rebooting is the Microsoft way of dealing with problems, usually means you're clueless. :) Sorry, couldn't resist. ;) If you think you have a problem you can't just wait for it to happen. Please test with eicar.com as earlier posts have suggested. If you don't know it's a test file for virus scanners and can be found on: http://www.eicar.org/anti_virus_test_file.htm Run it like this first: # clamscan eicar.com eicar.com: Eicar-Test-Signature FOUND ----------- SCAN SUMMARY ----------- Known viruses: 8531 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.00 Mb I/O buffer size: 131072 bytes Time: 0.374 sec (0 m 0 s) If it works (like above) then feed it through your mail system from Yahoo or something. Let us know the results. /Peter Bonivart --Unix lovers do it in the Sun MW Mike Weiner (5028) wrote: > I even bounced the box to get everything resync'd and I still havent seen 1 > virus, even though the maillog says that the Virus scanning was started per > message, as in the following: > > Jun 24 10:36:05 spambox MailScanner[2319]: Virus and Content Scanning: > Starting > > But nothing afterwards.... > > Any ideas? > Michael Weiner From damian at WORKGROUPSOLUTIONS.COM Tue Jun 24 18:14:31 2003 From: damian at WORKGROUPSOLUTIONS.COM (Damian Mendoza) Date: Thu Jan 12 21:18:39 2006 Subject: whitelisted question Message-ID: Kevin, I did take out all references over the last month in the MailScanner whitelist to the domain - svusd.k12.ca.us, ca.us, etc. chuw@svusd.k12.ca.us is one of my users - They spoofed the Return-Path. I only filter messages incoming to the svusd.k12.ca.us domain. I'm sure this is happening to more users, I'm just not being told about it. How do I find the senders address that it could be using? I'll keep checking the "whitelist" Regards, Damian -----Original Message----- From: Spicer, Kevin [mailto:Kevin.Spicer@BMRB.CO.UK] Sent: Tuesday, June 24, 2003 9:03 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: whitelisted question Damian Mendoza wrote: > Hi, > > I keep receiving these types of messages (whitelisted) which > are bypassing MailScanner from tagging a message as SPAM. Is > this coming from SpamAssassin or MailScanner? > > -Message-is-Spam: not spam (whitelisted), SpamAssassin (score=12.9, > required 4, BAYES_50, CLICK_BELOW, COMPLETELY_FREE, > CONSOLIDATE_DEBT, EXCUSE_14, HTML_60_70, HTML_FONT_BIG, > HTML_FONT_COLOR_BLUE, HTML_FONT_COLOR_GREEN, > HTML_FONT_COLOR_UNSAFE, HTML_LINK_CLICK_HERE, > HTML_TABLE_THICK_BORDER, HTML_TAG_EXISTS_TBODY, > MORTGAGE_BEST, OFFER, THE_BEST_RATE) Return-Path: chuw@svusd.k12.ca.us > > Any ideas? > Thats being whitelisted by MailScanner, maybe the spambot gave the senders address as one in your whitelist? (note thats the envelope sender not the From header). If you haven't done so already its better to whitelist outgoing mail by IP rather than domain. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From Kevin.Spicer at BMRB.CO.UK Tue Jun 24 18:22:37 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:18:39 2006 Subject: whitelisted question Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0EBF68F@pascal.priv.bmrb.co.uk> > I only filter messages incoming to the svusd.k12.ca.us > domain. I'm sure this is happening to more users, I'm just not being > told about it. > > How do I find the senders address that it could be using? > Its probably in your mail log (might depend on the MTA you're using though, certainly it is for sendmail), you'll need to find the message ID from the recieved lines in the headers in order to match it up. Maybe you could post your whitelist, the relevent bits of headers and mail logs? It would probably be easier to help with a bit more information. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From gerry at dorfam.ca Tue Jun 24 19:04:25 2003 From: gerry at dorfam.ca (Gerry Doris) Date: Thu Jan 12 21:18:39 2006 Subject: MS and ClamAV In-Reply-To: <3EF87E60.3010404@ucgbook.com> References: <3EF87E60.3010404@ucgbook.com> Message-ID: <23855.129.80.22.133.1056477865.squirrel@tiger.dorfam.ca> > Rebooting is the Microsoft way of dealing with problems, usually means > you're clueless. :) Sorry, couldn't resist. ;) > > If you think you have a problem you can't just wait for it to happen. > Please test with eicar.com as earlier posts have suggested. If you don't > know it's a test file for virus scanners and can be found on: > > http://www.eicar.org/anti_virus_test_file.htm > > Run it like this first: > > # clamscan eicar.com > eicar.com: Eicar-Test-Signature FOUND > I tried to send the gz package of ClamAV .60 to my home server this morning from work. The older version of ClamAV flagged the ClamAV test file as a virus and yanked the gz file. Looks like just sending the package through your server is enough to trigger ClamAV if it's working! Gerry From steve.douglas at SBIINCORPORATED.COM Tue Jun 24 19:59:13 2003 From: steve.douglas at SBIINCORPORATED.COM (Steve Douglas) Date: Thu Jan 12 21:18:39 2006 Subject: DCC version Message-ID: <3963522F0E71474CB14C0FF54A6914F701115075@mail.gardenbotanika.com> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: Steve Douglas.vcf Type: application/octet-stream Size: 380 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030624/d667d7c5/SteveDouglas.obj From raymond at PROLOCATION.NET Tue Jun 24 20:15:49 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:39 2006 Subject: DCC version In-Reply-To: <3963522F0E71474CB14C0FF54A6914F701115075@mail.gardenbotanika.com> Message-ID: Hi! > Does anyone know which DCC, dccprog or dccm, version to use with > MailScanner? Last one works fine... 1.1.36 Bye, Raymond From steve.douglas at SBIINCORPORATED.COM Tue Jun 24 20:19:52 2003 From: steve.douglas at SBIINCORPORATED.COM (Steve Douglas) Date: Thu Jan 12 21:18:39 2006 Subject: DCC version Message-ID: <3963522F0E71474CB14C0FF54A6914F701115077@mail.gardenbotanika.com> Which did you use? There are two versions - either dccprog and a dccm. SD :-) > -----Original Message----- > From: Raymond Dijkxhoorn [mailto:raymond@PROLOCATION.NET] > Sent: Tuesday, June 24, 2003 2:16 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: DCC version > > Hi! > > > Does anyone know which DCC, dccprog or dccm, version to use with > > MailScanner? > > Last one works fine... 1.1.36 > > Bye, > Raymond From peter at UCGBOOK.COM Tue Jun 24 20:26:35 2003 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:18:40 2006 Subject: DCC version In-Reply-To: <3963522F0E71474CB14C0FF54A6914F701115077@mail.gardenbotanika.com> References: <3963522F0E71474CB14C0FF54A6914F701115077@mail.gardenbotanika.com> Message-ID: <3EF8A5EB.70608@ucgbook.com> This is from the INSTALL file that comes with SpamAssassin: -- - DCC http://www.rhyolite.com/anti-spam/dcc/ DCC (Distributed Checksum Clearinghouse) is a system similar to Razor. It supports fuzzy checksums and therefore detects some more spams than Razor does at the moment. To install it, download http://www.rhyolite.com/anti-spam/dcc/source/dcc-dccproc.tar.Z and perform the following steps: # tar xfvz dcc-dccproc.tar.Z # cd dcc-dccproc-X.X.X # ./configure && make && make install # cdcc 'info' The last command will give some output. One line of it should contain something like: dcc.rhyolite.com,- RTT+0 ms anon Note that MIMEDefang users may need to set the 'dcc_path' configuration setting, since MIMEDefang does not set a PATH by default. -- In /opt/MailScanner/etc/spam.assassin.prefs.conf I have: #score DCC_CHECK 0.0 dcc_path /usr/local/bin/dccproc As simple as that. You don't have to care about anything if you follow the above, SpamAssassin will know how to use it. ;) /Peter Bonivart --Unix lovers do it in the Sun Steve Douglas wrote: > Which did you use? There are two versions - either dccprog and a dccm. > > SD > :-) From steve.douglas at SBIINCORPORATED.COM Tue Jun 24 20:28:58 2003 From: steve.douglas at SBIINCORPORATED.COM (Steve Douglas) Date: Thu Jan 12 21:18:40 2006 Subject: DCC version Message-ID: <3963522F0E71474CB14C0FF54A6914F701115078@mail.gardenbotanika.com> Thanks!!! SD :-) > -----Original Message----- > From: Peter Bonivart [mailto:peter@UCGBOOK.COM] > Sent: Tuesday, June 24, 2003 2:27 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: DCC version > > This is from the INSTALL file that comes with SpamAssassin: > > -- > - DCC http://www.rhyolite.com/anti-spam/dcc/ > > DCC (Distributed Checksum Clearinghouse) is a system similar to > Razor. > It supports fuzzy checksums and therefore detects some more spams > than > Razor does at the moment. > > To install it, download > http://www.rhyolite.com/anti-spam/dcc/source/dcc-dccproc.tar.Z and > perform the following steps: > > # tar xfvz dcc-dccproc.tar.Z > # cd dcc-dccproc-X.X.X > # ./configure && make && make install > # cdcc 'info' > > The last command will give some output. One line of it should contain > something like: > > dcc.rhyolite.com,- RTT+0 ms anon > > Note that MIMEDefang users may need to set the 'dcc_path' > configuration setting, since MIMEDefang does not set a PATH by > default. > -- > > In /opt/MailScanner/etc/spam.assassin.prefs.conf I have: > > #score DCC_CHECK 0.0 > dcc_path /usr/local/bin/dccproc > > As simple as that. You don't have to care about anything if you follow > the above, SpamAssassin will know how to use it. ;) > > /Peter Bonivart > > --Unix lovers do it in the Sun > > Steve Douglas wrote: > > Which did you use? There are two versions - either dccprog and a dccm. > > > > SD > > :-) From tyler at beloit.edu Tue Jun 24 20:38:37 2003 From: tyler at beloit.edu (Tim Tyler) Date: Thu Jan 12 21:18:40 2006 Subject: Perl MIME error? Message-ID: <200306241938.h5OJcb722222@beloit.edu> Mailscanner experts, We are still running mailscanner 2.6 on an IBM aix system. We just upgraded our aix server from 4.3.3 to 5.1.0. We also upgraded perl5.6.0 up to 5.6.1. Now when we try to run mailscanner, it fails. It gives us the following error: Can't locate MIME/Base64.pm in @INC Then it runs a bunch of compile errors related to not finding MimeBase64 related files. We did not upgrade the perl Mime/base64. Do we need to upgrade Mime/base64? What is required from a Perl perpective to get mailscanner 2.6.x running again? Thanks! -tim Tim Tyler Network Engineer From denis at CROOMBS.ORG Tue Jun 24 20:52:16 2003 From: denis at CROOMBS.ORG (Denis Croombs) Date: Thu Jan 12 21:18:40 2006 Subject: False marking as spam ? Message-ID: <00ab01c33a8a$1d975260$85b8fea9@Laptop> False marking as spam ? Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0) X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Disposition-Notification-To: "xxxxx" X-MailScanner-Information: Please contact the ISP for more information X-MailScanner: Found to be clean X-MailScanner-SpamCheck: spam, ORDB-RBL, SpamAssassin (score=0, required 4.5) I have check the ordb site and the domain is NOT listed as an open relay, any ideas why this should happen. Denis From peter at UCGBOOK.COM Tue Jun 24 20:54:51 2003 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:18:40 2006 Subject: Perl MIME error? In-Reply-To: <200306241938.h5OJcb722222@beloit.edu> References: <200306241938.h5OJcb722222@beloit.edu> Message-ID: <3EF8AC8B.1010008@ucgbook.com> The new version of MailScanner (4.21-9) requires these Perl modules: http://www.sng.ecs.soton.ac.uk/mailscanner/install/perl.shtml I guess your new Perl does not contain the Base64-module. Check with: # find `perl -e 'print "@INC"'` -name "*.pm"|grep -i base64 This is what is returned on my server: /usr/lib/perl5/5.8.0/i386-linux-thread-multi/MIME/Base64.pm /usr/lib/perl5/5.8.0/i386-linux-thread-multi/MIME/Base64.pm /usr/lib/perl5/site_perl/5.8.0/MIME/Decoder/Base64.pm /usr/lib/perl5/site_perl/5.8.0/MIME/Decoder/Base64.pm /usr/lib/perl5/vendor_perl/5.8.0/MIME/Decoder/Base64.pm /usr/lib/perl5/vendor_perl/5.8.0/MIME/Decoder/Base64.pm If you don't have it, install with: # perl -MCPAN -e shell cpan> install MIME::Base64 /Peter Bonivart --Unix lovers do it in the Sun Tim Tyler wrote: > Mailscanner experts, > We are still running mailscanner 2.6 on an IBM aix > system. We just upgraded our aix server from 4.3.3 to > 5.1.0. We also upgraded perl5.6.0 up to 5.6.1. Now when we > try to run mailscanner, it fails. It gives us the following > error: > Can't locate MIME/Base64.pm in @INC > Then it runs a bunch of compile errors related to not > finding MimeBase64 related files. > We did not upgrade the perl Mime/base64. Do we need to > upgrade Mime/base64? What is required from a Perl > perpective to get mailscanner 2.6.x running again? > Thanks! -tim > > Tim Tyler > Network Engineer > From richard at HELPPLC.COM Tue Jun 24 20:57:40 2003 From: richard at HELPPLC.COM (Richard Sidlin) Date: Thu Jan 12 21:18:40 2006 Subject: var partition Message-ID: <003401c33a8a$e1b3f130$0b01a8c0@rich> The above partition is getting full. I have noticed that the /var/spool/MailScanner/quarantine directory is growing. I don't particularly want to keep these for more than a day or so. On the basis that my Linux skills are limited, which command can I use to delete the files/directories under this directory please. TIA Richard Sidlin -- This message has been scanned for viruses and dangerous content by the Help Internet Virus Spam Defence, and is believed to be clean. For details on having your email scanned email support@helpinternet.co.uk -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030624/938e64dc/attachment.html From dwinkler at ALGORITHMICS.COM Tue Jun 24 21:02:17 2003 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:18:40 2006 Subject: var partition Message-ID: <06EE2C86D3DAD5119A6C0060943F3C97055E7049@tormail1.algorithmics.com> http://www.sng.ecs.soton.ac.uk/mailscanner/files/contrib/clean_quarantine -----Original Message----- From: Richard Sidlin [mailto:richard@helpplc.com] Sent: Tuesday, June 24, 2003 3:58 PM To: MAILSCANNER@jiscmail.ac.uk Subject: var partition The above partition is getting full. I have noticed that the /var/spool/MailScanner/quarantine directory is growing. I don't particularly want to keep these for more than a day or so. On the basis that my Linux skills are limited, which command can I use to delete the files/directories under this directory please. TIA Richard Sidlin -- This message has been scanned for viruses and dangerous content by the Help Internet Virus Spam Defence, and is believed to be clean. For details on having your email scanned email support@helpinternet.co.uk -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030624/2bf82650/attachment.html From richard at HELPPLC.COM Tue Jun 24 21:22:01 2003 From: richard at HELPPLC.COM (Richard Sidlin) Date: Thu Jan 12 21:18:40 2006 Subject: var partition In-Reply-To: <06EE2C86D3DAD5119A6C0060943F3C97055E7049@tormail1.algorithmics.com> Message-ID: <003d01c33a8e$48c2aa30$0b01a8c0@rich> TVM -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Derek Winkler Sent: 24 June 2003 21:02 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: var partition http://www.sng.ecs.soton.ac.uk/mailscanner/files/contrib/clean_quarantin e -----Original Message----- From: Richard Sidlin [mailto:richard@helpplc.com] Sent: Tuesday, June 24, 2003 3:58 PM To: MAILSCANNER@jiscmail.ac.uk Subject: var partition The above partition is getting full. I have noticed that the /var/spool/MailScanner/quarantine directory is growing. I don't particularly want to keep these for more than a day or so. On the basis that my Linux skills are limited, which command can I use to delete the files/directories under this directory please. TIA Richard Sidlin -- This message has been scanned for viruses and dangerous content by the Help Internet Virus Spam Defence, and is believed to be clean. For details on having your email scanned email support@helpinternet.co.uk -- This message has been scanned for viruses and dangerous content by the Help Internet Virus Spam Defence, and is believed to be clean. For details on having your email scanned email support@helpinternet.co.uk -- This message has been scanned for viruses and dangerous content by the Help Internet Virus Spam Defence, and is believed to be clean. For details on having your email scanned email support@helpinternet.co.uk -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030624/2469bdb0/attachment.html From peter at UCGBOOK.COM Tue Jun 24 21:23:42 2003 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:18:40 2006 Subject: var partition In-Reply-To: <06EE2C86D3DAD5119A6C0060943F3C97055E7049@tormail1.algorithmics.com> References: <06EE2C86D3DAD5119A6C0060943F3C97055E7049@tormail1.algorithmics.com> Message-ID: <3EF8B34E.1050906@ucgbook.com> Seems a little complicated. Try this: # find /var/spool/MailScanner/quarantine/2* -mtime +7 -type d -exec echo rm -rf {} \; If it selects the files you want to delete you can put it in root's crontab (crontab -e). Use this line: find /var/spool/MailScanner/quarantine/2* -mtime +7 -type d -exec rm -rf {} \; > /dev/null 2>&1 Will not work after year 2999! ;) /Peter Bonivart --Unix lovers do it in the Sun Derek Winkler wrote: > http://www.sng.ecs.soton.ac.uk/mailscanner/files/contrib/clean_quarantine > > -----Original Message----- > *From:* Richard Sidlin [mailto:richard@helpplc.com] > *Sent:* Tuesday, June 24, 2003 3:58 PM > *To:* MAILSCANNER@jiscmail.ac.uk > *Subject:* var partition > > The above partition is getting full. I have noticed that the > /var/spool/MailScanner/quarantine directory is growing. I don't > particularly want to keep these for more than a day or so. On the > basis that my Linux skills are limited, which command can I use to > delete the files/directories under this directory please. > > TIA > > Richard Sidlin From raymond at PROLOCATION.NET Tue Jun 24 22:11:40 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:40 2006 Subject: Perl MIME error? In-Reply-To: <200306241938.h5OJcb722222@beloit.edu> Message-ID: Hi! > Can't locate MIME/Base64.pm in @INC > Then it runs a bunch of compile errors related to not > finding MimeBase64 related files. > We did not upgrade the perl Mime/base64. Do we need to > upgrade Mime/base64? What is required from a Perl > perpective to get mailscanner 2.6.x running again? > Thanks! -tim Install *ALL* the patches/fixes that come with the MailScanner distribution before you continue on a plain vanilla perl version. =) Bye, Raymond. From raymond at PROLOCATION.NET Tue Jun 24 22:14:44 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:40 2006 Subject: var partition In-Reply-To: <003401c33a8a$e1b3f130$0b01a8c0@rich> Message-ID: Hi! > The above partition is getting full. I have noticed that the > /var/spool/MailScanner/quarantine directory is growing. I don't > particularly want to keep these for more than a day or so. On the basis > that my Linux skills are limited, which command can I use to delete the > files/directories under this directory please. There comes a script with the MS install ... that can take care of this. Its called: clean.quarantine Inside the file edit the values: $disabled = 0; $quarantine_dir = '/var/spool/MailScanner/quarantine'; $days_to_keep = 14; bye, Raymond. From kevins at BMRB.CO.UK Tue Jun 24 22:26:58 2003 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:18:40 2006 Subject: False marking as spam ? In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB001175A74@pascal.priv.bmrb.co.uk> References: <5C0296D26910694BB9A9BBFC577E7AB001175A74@pascal.priv.bmrb.co.uk> Message-ID: <1056490018.11385.4.camel@bach.kevinspicer.co.uk> I have check the ordb site and the domain is NOT listed as an open relay, any ideas why this should happen. Its the IP of the mail server it came from thats important, as that might not necessarilybe what the domain resolves to Denis BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From denis at CROOMBS.ORG Tue Jun 24 22:30:03 2003 From: denis at CROOMBS.ORG (Denis Croombs) Date: Thu Jan 12 21:18:40 2006 Subject: False marking as spam ? References: <5C0296D26910694BB9A9BBFC577E7AB001175A74@pascal.priv.bmrb.co.uk> <1056490018.11385.4.camel@bach.kevinspicer.co.uk> Message-ID: <010801c33a97$c60fe8f0$85b8fea9@Laptop> Thanks, I forgot that as a posible reason (too many hours in front of the keyboard) ----- Original Message ----- From: "Kevin Spicer" To: Sent: Tuesday, June 24, 2003 10:26 PM Subject: Re: False marking as spam ? > I have check the ordb site and the domain is NOT listed as an open > relay, > any ideas why this should happen. > > Its the IP of the mail server it came from thats important, as that > might not necessarilybe what the domain resolves to > > Denis > > > > > > > BMRB International > http://www.bmrb.co.uk > +44 (0)20 8566 5000 > _________________________________________________________________ > This message (and any attachment) is intended only for the > recipient and may contain confidential and/or privileged > material. If you have received this in error, please contact the > sender and delete this message immediately. Disclosure, copying > or other action taken in respect of this email or in > reliance on it is prohibited. BMRB International Limited > accepts no liability in relation to any personal emails, or > content of any email which does not directly relate to our > business. From tyler at beloit.edu Tue Jun 24 23:18:34 2003 From: tyler at beloit.edu (Tim Tyler) Date: Thu Jan 12 21:18:40 2006 Subject: Perl MIME error? In-Reply-To: <3EF8AC8B.1010008@ucgbook.com> from "Peter Bonivart" at Jun 24, 2003 09:54:51 PM Message-ID: <200306242218.h5OMIZl32848@beloit.edu> Peter, Thanks! it worked. we upgraded to 5.8 and it contained the proper MIME Base64.pm stuff. Then we ran the perl -MCPAN -e shell and installed the other MIME tools modules such as Mail and IO that were needed. All is good again. Much thanks! Tim > >The new version of MailScanner (4.21-9) requires these Perl modules: > >http://www.sng.ecs.soton.ac.uk/mailscanner/install/perl.shtml > >I guess your new Perl does not contain the Base64-module. Check with: > ># find `perl -e 'print "@INC"'` -name "*.pm"|grep -i base64 > >This is what is returned on my server: > >/usr/lib/perl5/5.8.0/i386-linux-thread-multi/MIME/Base64.pm >/usr/lib/perl5/5.8.0/i386-linux-thread-multi/MIME/Base64.pm >/usr/lib/perl5/site_perl/5.8.0/MIME/Decoder/Base64.pm >/usr/lib/perl5/site_perl/5.8.0/MIME/Decoder/Base64.pm >/usr/lib/perl5/vendor_perl/5.8.0/MIME/Decoder/Base64.pm >/usr/lib/perl5/vendor_perl/5.8.0/MIME/Decoder/Base64.pm > >If you don't have it, install with: > ># perl -MCPAN -e shell >cpan> install MIME::Base64 > >/Peter Bonivart > >--Unix lovers do it in the Sun > >Tim Tyler wrote: >> Mailscanner experts, >> We are still running mailscanner 2.6 on an IBM aix >> system. We just upgraded our aix server from 4.3.3 to >> 5.1.0. We also upgraded perl5.6.0 up to 5.6.1. Now when we >> try to run mailscanner, it fails. It gives us the following >> error: >> Can't locate MIME/Base64.pm in @INC >> Then it runs a bunch of compile errors related to not >> finding MimeBase64 related files. >> We did not upgrade the perl Mime/base64. Do we need to >> upgrade Mime/base64? What is required from a Perl >> perpective to get mailscanner 2.6.x running again? >> Thanks! -tim >> >> Tim Tyler >> Network Engineer >> > -- Tim Tyler Network Manager - Beloit College tyler@beloit.edu From daniel at ZAJD.COM Tue Jun 24 23:57:21 2003 From: daniel at ZAJD.COM (Daniel Zajd) Date: Thu Jan 12 21:18:40 2006 Subject: MailWatch and McAfee / Request and error In-Reply-To: <67D9E7698329D411936E00508B6590B902793DA5@neelix.lbsltd.co.uk> Message-ID: Thanks Steve! The command works perfect! Error? My test server doesn?t have a lot of emails passing MailScanner and therefore not that much to store in the database and then for MailWatch to work with. When I tried to create graphs though ?Top Senders by Volume? or ?Top Recipients by Quantity? after just a few emails I got an error. Unable to create graphs. No data available. But there is! This happened until the size of the emails for an email address passed 1Mb. I get the feeling that none of the email addresses under 1Mb counts. Could that be the case? Request. I?d like to be able to have a list of email addresses not to show in the graphs. Example. I have one admin account on the top 10 list. I think that this email shouldn?t be there. Thanks, Daniel > Hi Daniel, > > This should work: define(VIRUS_REGEX, '/(.+) Found the (\S+) virus !!!/'); > > I've added it to the code for the next version. > > Kind regards, > Steve. > > > > From: Daniel Zajd [mailto:daniel@ZAJD.COM] > Sent: 21 June 2003 01:33 > To: MAILSCANNER@JISCMAIL.AC.UK > > I just have to say, Great work!! > > But I need some help. How should the expression for McAfee look like? > > The log look like this: > Jun 21 02:15:54 mail2 MailScanner[6710]: New Batch: Scanning 1 messages, 62658 > bytes > Jun 21 02:15:54 mail2 MailScanner[6710]: Spam Checks: Starting > Jun 21 02:16:00 mail2 MailScanner[6710]: Virus and Content Scanning: Starting > Jun 21 02:16:03 mail2 MailScanner[6710]: McAfee said > "/dev/shm/6710/h5L0FoD9006755/dr.scr" > Jun 21 02:16:03 mail2 MailScanner[6710]: McAfee said " Found the > W32/Ganda@MM virus !!!" > Jun 21 02:16:03 mail2 MailScanner[6710]: /h5L0FoD9006755/dr.scr Found > the W32/Ganda@MM virus !!! > Jun 21 02:16:04 mail2 MailScanner[6710]: Virus Scanning: McAfee found 1 > infections > Jun 21 02:16:04 mail2 MailScanner[6710]: Virus Scanning: Found 1 viruses > Jun 21 02:16:04 mail2 MailScanner[6710]: Filename Checks: Possible virus > hidden in a screensaver (dr.scr) > > And MailWatch show: > Report: /h5L0FoD9006755/dr.scr Found the W32/Ganda@MM virus !!! > Windows Screensavers are often used to hide viruses (dr.scr) > > //Daniel Zajd > Mailsystem Sweden > > -- > This email and any files transmitted with it are confidential and intended > solely for the use of the individual or entity to whom they are addressed. If > you have received this email in error please notify the sender and delete the > message from your mailbox. > > This footnote also confirms that this email message has been swept by > MailScanner (www.mailscanner.info) for the presence of computer viruses. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030625/ca124453/attachment.html From keith at theargoncompany.com Wed Jun 25 06:56:22 2003 From: keith at theargoncompany.com (Keith Fernandez) Date: Thu Jan 12 21:18:40 2006 Subject: mails stuck in /var/spool/mqueue.in In-Reply-To: <5.2.0.9.2.20030623151411.04281268@imap.ecs.soton.ac.uk> References: <5.2.0.9.2.20030623151411.04281268@imap.ecs.soton.ac.uk> Message-ID: <200306251126.22081.keith@theargoncompany.com> Thanks Julian, What if the df is not zero, what do I do? Regards, Keith > If the files for a particular message id are quite old and particularly if > the df file is 0 bytes, then just delete the files for that message id. > > They are usually left-overs from an incoming SMTP connection that broke > half way through. > > At 12:45 23/06/2003, you wrote: > >Hi, > > > >I have MailScanner installed with SpamAssassin on a Cobalt RaQ 550. > >MailScanner works great, except that I see mail in /var/spool/mqueue.in > > stuck there from time to time. > >Any idea what these mails are, I sometimes do a restart of MailScanner if > > I make changes to the conf file. > > > >The version of MailScanner I am running is 4.14 Release 9 > >The version of sendmail is 8.11.6 > > > >Here is what my logs show. > >I really dont know why these mails are stuck here. > > > >Here is my mqueue.in dated May 23 > > > >-rw------- 1 root root 245760 May 23 12:21 dfh4N6pCB12556 > >-rw------- 1 root root 9 May 23 12:21 xfh4N6pCB12556 > >-rw------- 1 root root 1416 May 17 22:16 dfh4HGjUi00744 > >-rw------- 1 root root 5325 May 17 22:16 dfh4HGkCi01105 > >-rw------- 1 root root 0 May 17 22:12 dfh4HGggi32313 > >-rw------- 1 root root 131107 May 17 18:48 dfh4HDIVL32457 > >-rw------- 1 root root 0 May 7 13:44 dfh478Eme24576 > >-rw------- 1 root root 9 May 7 13:44 xfh478Eme24576 > >-rw------- 1 root root 466944 May 7 12:07 dfh476Zue18696 > >-rw------- 1 root root 276 May 7 12:05 xfh476Zue18696 > >-rw------- 1 root root 0 May 4 00:01 dfh43IVEo21411 > >-rw------- 1 root root 9 May 4 00:01 xfh43IVEo21411 > > > >Can anyone help me. > > > >Regards, > >Keith From raymond at PROLOCATION.NET Wed Jun 25 07:35:46 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:40 2006 Subject: New version F-prot out ... Message-ID: Hi! F-PROT Antivirus for Linux, version 4.1.0 >From the CHANGED: Version 4.1.0 contains various bugfixes and improvements to the documentation and software. o Proxy support added to Updater o Various bugfixes made to the Preloadable Library Call Wrapper. It now works under Red Hat Linux 9. Although a workaround is needed to get around a bug in the NPTL (Native POSIX Thread Library) shipped with Red Hat Linux 9. To get around the bug, you must circumvent the version of libc inside /lib/tls/ and use the one in /lib// instead by defining the LD_ASSUME_KERNEL environment variable as "2.4.19". Example: LD_ASSUME_KERNEL="2.4.19" LD_PRELOAD="/usr/local/f-prot/tools/f-prot.so" smbd -D Tested it on two of my systems, works just fine. Bye, Raymond. From john at TRADOC.FR Wed Jun 25 09:16:02 2003 From: john at TRADOC.FR (John Wilcock) Date: Thu Jan 12 21:18:40 2006 Subject: How do I release quarantined mail In-Reply-To: <3EF85C98.D0658CB6@ihs.com> References: <3EF85B86.9CA9585A@ihs.com> <3EF85C98.D0658CB6@ihs.com> Message-ID: On Tue, 24 Jun 2003 08:13:44 -0600, Dustin Baer wrote: > If the email is not infected, just put it in /var/spool/mqueue and let > it go. What is the equivalent for a postfix setup? I thought I could just drop a file in /var/spool/postfix/incoming, but having actually needed to do so for the first time today I find this doesn't work. John. -- -- Over 2000 webcams from ski resorts around the world - http://www.snoweye.com/ -- Translate your technical documents and web pages - http://www.tradoc.fr/ From j.cormie at ABERTAY.AC.UK Wed Jun 25 12:26:37 2003 From: j.cormie at ABERTAY.AC.UK (Jason Cormie) Date: Thu Jan 12 21:18:40 2006 Subject: How do I release quarantined mail Message-ID: I tend to just zip it then send it via mutt, works for me. Jason D Cormie Information Services University of Abertay Dundee -----Original Message----- From: John Wilcock [mailto:john@TRADOC.FR] Sent: 25, June, 2003 09:16 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: How do I release quarantined mail On Tue, 24 Jun 2003 08:13:44 -0600, Dustin Baer wrote: > If the email is not infected, just put it in /var/spool/mqueue and let > it go. What is the equivalent for a postfix setup? I thought I could just drop a file in /var/spool/postfix/incoming, but having actually needed to do so for the first time today I find this doesn't work. John. -- -- Over 2000 webcams from ski resorts around the world - http://www.snoweye.com/ -- Translate your technical documents and web pages - http://www.tradoc.fr/ From a.essink at PUNTDOC.NET Wed Jun 25 13:03:30 2003 From: a.essink at PUNTDOC.NET (Arjen Essink) Date: Thu Jan 12 21:18:40 2006 Subject: SIGNOFF MAILSCANNER Message-ID: An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030625/bd217d00/attachment.html From steve.douglas at SBIINCORPORATED.COM Wed Jun 25 14:14:57 2003 From: steve.douglas at SBIINCORPORATED.COM (Steve Douglas) Date: Thu Jan 12 21:18:40 2006 Subject: Port 25 Message-ID: <3963522F0E71474CB14C0FF54A6914F70111507E@mail.gardenbotanika.com> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: Steve Douglas.vcf Type: application/octet-stream Size: 380 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030625/4a5139b4/SteveDouglas.obj From raymond at PROLOCATION.NET Wed Jun 25 14:18:09 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:40 2006 Subject: Port 25 In-Reply-To: <3963522F0E71474CB14C0FF54A6914F70111507E@mail.gardenbotanika.com> Message-ID: Hi! > Once I have MailScanner open is port 25 remain open remain open? Can you read back one more time and add a little more ? :) Thanks :) Raymond. From mikea at MIKEA.ATH.CX Wed Jun 25 14:20:06 2003 From: mikea at MIKEA.ATH.CX (mikea) Date: Thu Jan 12 21:18:40 2006 Subject: Port 25 In-Reply-To: <3963522F0E71474CB14C0FF54A6914F70111507E@mail.gardenbotanika.com>; from steve.douglas@SBIINCORPORATED.COM on Wed, Jun 25, 2003 at 08:14:57AM -0500 References: <3963522F0E71474CB14C0FF54A6914F70111507E@mail.gardenbotanika.com> Message-ID: <20030625082006.A50940@mikea.ath.cx> On Wed, Jun 25, 2003 at 08:14:57AM -0500, Steve Douglas wrote: > Once I have MailScanner open is port 25 remain open remain open? I'm not quite sure what you're asking here. Maybe you need more coffee; I know _I_ do. MailScanner itself doesn't open or close, or use, for that matter, TCP port 25. It depends on one instance of an MTA putting mail in a disk directory, and another instance of an MTA reading mail from a different disk directory. It reads mail files from the first directory, modifies the files in accordance with some rules and the results of program calls, and writes the (possibly modified) files in the second directory. Or that's the way I see it, anyway. -- Mike Andrews mikea@mikea.ath.cx Tired old sysadmin since 1964 From steve.douglas at SBIINCORPORATED.COM Wed Jun 25 14:30:06 2003 From: steve.douglas at SBIINCORPORATED.COM (Steve Douglas) Date: Thu Jan 12 21:18:40 2006 Subject: Port 25 Message-ID: <3963522F0E71474CB14C0FF54A6914F70111507F@mail.gardenbotanika.com> I am running RedHat version 9 with f-prot, dcc, and razor. I am using MailScanner version 4.21-9. When I started I use the command check_MailScanner and receive the following results in my mail log: - MailScanner child caught a SIGH - MailScanner child caught a SIGH - MailScanner E-Mail Virus Scanner version 4.21-9 starting... - Enabling SpamAssassin auto-whitelist functionality... - Using locktype = flock I get the above for each instance of child process that is running (five MailScanner instances when I do a "ps -A" My firewall is completely off for the moment to remove any potential barriers and scanning does not show port 25. In addition, when I send a test email nothing is forwarded. SD :-) > -----Original Message----- > From: mikea [mailto:mikea@MIKEA.ATH.CX] > Sent: Wednesday, June 25, 2003 8:20 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Port 25 > > On Wed, Jun 25, 2003 at 08:14:57AM -0500, Steve Douglas wrote: > > Once I have MailScanner open is port 25 remain open remain open? > > I'm not quite sure what you're asking here. Maybe you need more > coffee; I know _I_ do. > > MailScanner itself doesn't open or close, or use, for that matter, > TCP port 25. > > It depends on one instance of an MTA putting mail in a disk directory, > and another instance of an MTA reading mail from a different disk > directory. It reads mail files from the first directory, modifies the > files in accordance with some rules and the results of program calls, > and writes the (possibly modified) files in the second directory. > > Or that's the way I see it, anyway. > > -- > Mike Andrews > mikea@mikea.ath.cx > Tired old sysadmin since 1964 From john at TRADOC.FR Wed Jun 25 14:31:53 2003 From: john at TRADOC.FR (John Wilcock) Date: Thu Jan 12 21:18:40 2006 Subject: How do I release quarantined mail In-Reply-To: References: Message-ID: On Wed, 25 Jun 2003 12:26:37 +0100, Jason Cormie wrote: > I tend to just zip it then send it via mutt Yes, but that somewhat defeats the point of the "Quarantine Whole Messages As Queue Files = yes" option. There must be a clean way of doing this with postfix... John. -- -- Over 2000 webcams from ski resorts around the world - http://www.snoweye.com/ -- Translate your technical documents and web pages - http://www.tradoc.fr/ From raymond at PROLOCATION.NET Wed Jun 25 14:32:18 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:40 2006 Subject: Port 25 In-Reply-To: <3963522F0E71474CB14C0FF54A6914F70111507F@mail.gardenbotanika.com> Message-ID: Hi! > - Using locktype = flock > > I get the above for each instance of child process that is running (five > MailScanner instances when I do a "ps -A" > > My firewall is completely off for the moment to remove any potential > barriers and scanning does not show port 25. In addition, when I send a > test email nothing is forwarded. Is sendmail accepting mail ? (do a telnet tp port 25 for example) So you see any incomming entrys in your maillog ? Bye, Raymond. From steve.douglas at SBIINCORPORATED.COM Wed Jun 25 14:37:05 2003 From: steve.douglas at SBIINCORPORATED.COM (Steve Douglas) Date: Thu Jan 12 21:18:40 2006 Subject: Port 25 Message-ID: <3963522F0E71474CB14C0FF54A6914F701115081@mail.gardenbotanika.com> When I did this I received the following: 220 xxx.localhost.com ESMTP Sendmail 8.12.8/8.12.8; Wed, 25 Jun 2003 08:35:36 -050 0 SD :-) > -----Original Message----- > From: Raymond Dijkxhoorn [mailto:raymond@PROLOCATION.NET] > Sent: Wednesday, June 25, 2003 8:32 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Port 25 > > Hi! > > > - Using locktype = flock > > > > I get the above for each instance of child process that is running (five > > MailScanner instances when I do a "ps -A" > > > > My firewall is completely off for the moment to remove any potential > > barriers and scanning does not show port 25. In addition, when I send a > > test email nothing is forwarded. > > Is sendmail accepting mail ? (do a telnet tp port 25 for example) > So you see any incomming entrys in your maillog ? > > Bye, > Raymond. From raymond at PROLOCATION.NET Wed Jun 25 14:40:47 2003 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:18:40 2006 Subject: Port 25 In-Reply-To: <3963522F0E71474CB14C0FF54A6914F701115081@mail.gardenbotanika.com> Message-ID: Hi! > When I did this I received the following: > > 220 xxx.localhost.com ESMTP Sendmail 8.12.8/8.12.8; Wed, 25 Jun 2003 > 08:35:36 -050 > 0 Did you try this remote or on the box itself ? See you mail comming in at all in the log ? Please answer all of the questions of the original reply, only answering half wont help most of the time :) Thanks, Raymond. From mikea at MIKEA.ATH.CX Wed Jun 25 14:41:19 2003 From: mikea at MIKEA.ATH.CX (mikea) Date: Thu Jan 12 21:18:40 2006 Subject: Port 25 In-Reply-To: <3963522F0E71474CB14C0FF54A6914F70111507F@mail.gardenbotanika.com>; from steve.douglas@SBIINCORPORATED.COM on Wed, Jun 25, 2003 at 08:30:06AM -0500 References: <3963522F0E71474CB14C0FF54A6914F70111507F@mail.gardenbotanika.com> Message-ID: <20030625084119.A51064@mikea.ath.cx> On Wed, Jun 25, 2003 at 08:30:06AM -0500, Steve Douglas wrote: > I am running RedHat version 9 with f-prot, dcc, and razor. I am using > MailScanner version 4.21-9. > > When I started I use the command check_MailScanner and receive the following > results in my mail log: > - MailScanner child caught a SIGH > - MailScanner child caught a SIGH > - MailScanner E-Mail Virus Scanner version 4.21-9 starting... > - Enabling SpamAssassin auto-whitelist functionality... > - Using locktype = flock > > I get the above for each instance of child process that is running (five > MailScanner instances when I do a "ps -A" > > My firewall is completely off for the moment to remove any potential > barriers and scanning does not show port 25. In addition, when I send a > test email nothing is forwarded. Try doing `telnet 25`. If something answers and puts up a banner, then there's a listener on 25, which probably is your MTA. The banner will tell you what's there. Mine gives this: $ telnet 127.0.0.1 25 220- ESMTP 220- 220- 220-It is a violation of applicable law to send spam 220-to this server, and such violations may be prosecuted. 220- 220 Be aware: Oklahoma has Long Arm clauses in its computer crime statute. but I'm paranoid and nasty, and longer banners tend to do ugly things to badly-written ratware. I'm willing to do what I can to break ratware. If you don't get a connection, then probably sendmail (or exim or postfix or other_MTA) is not running, and you need to investigate that. Try the "ps" command; on FreeBSD it would be something like `ps awwwwux | grep -i mail` (without the "`") to catch all processes that have the character string "mail" in any combination of upper/lower case. If you get a connection but no banner, then *something* is listening on port 25, but it may not be an MTA. That *definitely* merits serious investigation, and the "netstat" command can be a great help. -- Mike Andrews mikea@mikea.ath.cx Tired old sysadmin since 1964 From steve.douglas at SBIINCORPORATED.COM Wed Jun 25 14:47:40 2003 From: steve.douglas at SBIINCORPORATED.COM (Steve Douglas) Date: Thu Jan 12 21:18:40 2006 Subject: Port 25 Message-ID: <3963522F0E71474CB14C0FF54A6914F701115082@mail.gardenbotanika.com> >Is sendmail accepting mail ? No it isn't when I send it something remotely. >(do a telnet tp port 25 for example) So you see any incomming entrys in >your maillog ? I am unable to telnet remotely to the box via port 25. When I perform the "netstat -a | grep smtp" I receive tcp 0 0 localhost.localdom:smtp *:* LISTEN When I enter "iptables --list" I receive Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination SD :-) > -----Original Message----- > From: Raymond Dijkxhoorn [mailto:raymond@PROLOCATION.NET] > Sent: Wednesday, June 25, 2003 8:41 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Port 25 > > Hi! > > > When I did this I received the following: > > > > 220 xxx.localhost.com ESMTP Sendmail 8.12.8/8.12.8; Wed, 25 Jun 2003 > > 08:35:36 -050 > > 0 > > Did you try this remote or on the box itself ? See you mail comming in at > all in the log ? > > Please answer all of the questions of the original reply, only answering > half wont help most of the time :) > > Thanks, > Raymond. From Kevin.Spicer at BMRB.CO.UK Wed Jun 25 14:51:24 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:18:40 2006 Subject: Port 25 Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0EBF694@pascal.priv.bmrb.co.uk> Steve Douglas wrote: >> Is sendmail accepting mail ? > No it isn't when I send it something remotely. > >> (do a telnet tp port 25 for example) So you see any incomming entrys >> in your maillog ? I am unable to telnet remotely to the box via >> port 25. > > When I perform the "netstat -a | grep smtp" I receive > tcp 0 0 localhost.localdom:smtp *:* LISTEN > That means that it's only bound to the loopback interface, IIRC correctly this is the default on RedHat 9. I think this was discussed recently on the list, check the archives. Once you've got it to listen you should see... tcp 0 0 0.0.0.0:smtp *:* LISTEN BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From dwinkler at ALGORITHMICS.COM Wed Jun 25 14:46:07 2003 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:18:40 2006 Subject: Port 25 Message-ID: <06EE2C86D3DAD5119A6C0060943F3C97055E704D@tormail1.algorithmics.com> RedHat's sendmail config by default only listens on 127.0.0.1 Try doing... netstat -an | grep :25 and see what addresses sendmail is listening on. To modify this, look at /etc/mail/sendmail.mc -----Original Message----- From: mikea [mailto:mikea@mikea.ath.cx] Sent: Wednesday, June 25, 2003 9:41 AM To: MAILSCANNER@jiscmail.ac.uk Subject: Re: Port 25 On Wed, Jun 25, 2003 at 08:30:06AM -0500, Steve Douglas wrote: > I am running RedHat version 9 with f-prot, dcc, and razor. I am using > MailScanner version 4.21-9. > > When I started I use the command check_MailScanner and receive the following > results in my mail log: > - MailScanner child caught a SIGH > - MailScanner child caught a SIGH > - MailScanner E-Mail Virus Scanner version 4.21-9 starting... > - Enabling SpamAssassin auto-whitelist functionality... > - Using locktype = flock > > I get the above for each instance of child process that is running (five > MailScanner instances when I do a "ps -A" > > My firewall is completely off for the moment to remove any potential > barriers and scanning does not show port 25. In addition, when I send a > test email nothing is forwarded. Try doing `telnet 25`. If something answers and puts up a banner, then there's a listener on 25, which probably is your MTA. The banner will tell you what's there. Mine gives this: $ telnet 127.0.0.1 25 220- ESMTP 220- 220- 220-It is a violation of applicable law to send spam 220-to this server, and such violations may be prosecuted. 220- 220 Be aware: Oklahoma has Long Arm clauses in its computer crime statute. but I'm paranoid and nasty, and longer banners tend to do ugly things to badly-written ratware. I'm willing to do what I can to break ratware. If you don't get a connection, then probably sendmail (or exim or postfix or other_MTA) is not running, and you need to investigate that. Try the "ps" command; on FreeBSD it would be something like `ps awwwwux | grep -i mail` (without the "`") to catch all processes that have the character string "mail" in any combination of upper/lower case. If you get a connection but no banner, then *something* is listening on port 25, but it may not be an MTA. That *definitely* merits serious investigation, and the "netstat" command can be a great help. -- Mike Andrews mikea@mikea.ath.cx Tired old sysadmin since 1964 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030625/9dfa43ba/attachment.html From steve.douglas at SBIINCORPORATED.COM Wed Jun 25 14:51:17 2003 From: steve.douglas at SBIINCORPORATED.COM (Steve Douglas) Date: Thu Jan 12 21:18:40 2006 Subject: Port 25 Message-ID: <3963522F0E71474CB14C0FF54A6914F701115083@mail.gardenbotanika.com> If you don't get a connection, then probably sendmail (or exim or > postfix or other_MTA) is not running, and you need to investigate that. > Try the "ps" command; on FreeBSD it would be something like > `ps awwwwux | grep -i mail` I received root 2011 0.0 0.3 5952 2560 ? S 08:17 0:00 [sendmail] smmsp 2016 0.0 0.3 5752 2300 ? S 08:17 0:00 [sendmail] root 2022 0.0 0.3 5844 2396 ? S 08:17 0:00 [sendmail] root 2343 0.0 1.7 14740 11220 ? S 08:21 0:00 /usr/bin/perl -I/ usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/MailScanner.conf root 2344 0.0 4.2 30656 27156 ? S 08:21 0:00 /usr/bin/perl -I/ usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/MailScanner.conf root 2347 0.0 4.2 30640 27136 ? S 08:22 0:00 /usr/bin/perl -I/ usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/MailScanner.conf root 2350 0.0 4.2 30640 27140 ? S 08:22 0:00 /usr/bin/perl -I/ usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/MailScanner.conf root 2355 0.0 4.2 30656 27156 ? S 08:22 0:00 /usr/bin/perl -I/ usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/MailScanner.conf root 2360 0.0 4.2 30636 27136 ? S 08:22 0:00 /usr/bin/perl -I/ usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/MailScanner.conf root 2828 0.0 0.1 3576 648 ttyp1 S 08:49 0:00 grep -i mail SD :-) > -----Original Message----- > From: mikea [mailto:mikea@MIKEA.ATH.CX] > Sent: Wednesday, June 25, 2003 8:41 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Port 25 > > On Wed, Jun 25, 2003 at 08:30:06AM -0500, Steve Douglas wrote: > > I am running RedHat version 9 with f-prot, dcc, and razor. I am using > > MailScanner version 4.21-9. > > > > When I started I use the command check_MailScanner and receive the > following > > results in my mail log: > > - MailScanner child caught a SIGH > > - MailScanner child caught a SIGH > > - MailScanner E-Mail Virus Scanner version 4.21-9 starting... > > - Enabling SpamAssassin auto-whitelist functionality... > > - Using locktype = flock > > > > I get the above for each instance of child process that is running (five > > MailScanner instances when I do a "ps -A" > > > > My firewall is completely off for the moment to remove any potential > > barriers and scanning does not show port 25. In addition, when I send a > > test email nothing is forwarded. > > Try doing `telnet 25`. If something answers and > puts up a banner, then there's a listener on 25, which probably is > your MTA. The banner will tell you what's there. > > Mine gives this: > > $ telnet 127.0.0.1 25 > 220- ESMTP > 220- > 220- > 220-It is a violation of applicable law to send spam > 220-to this server, and such violations may be prosecuted. > 220- > 220 Be aware: Oklahoma has Long Arm clauses in its computer crime > statute. > > but I'm paranoid and nasty, and longer banners tend to do ugly things to > badly-written ratware. I'm willing to do what I can to break ratware. > > If you don't get a connection, then probably sendmail (or exim or > postfix or other_MTA) is not running, and you need to investigate that. > Try the "ps" command; on FreeBSD it would be something like > `ps awwwwux | grep -i mail` > (without the "`") to catch all processes that have the character > string "mail" in any combination of upper/lower case. > > If you get a connection but no banner, then *something* is listening > on port 25, but it may not be an MTA. That *definitely* merits serious > investigation, and the "netstat" command can be a great help. > > -- > Mike Andrews > mikea@mikea.ath.cx > Tired old sysadmin since 1964 From steve.douglas at SBIINCORPORATED.COM Wed Jun 25 14:52:43 2003 From: steve.douglas at SBIINCORPORATED.COM (Steve Douglas) Date: Thu Jan 12 21:18:40 2006 Subject: Port 25 Message-ID: <3963522F0E71474CB14C0FF54A6914F701115084@mail.gardenbotanika.com> Did you try this remote or on the box itself ? See you mail comming in > at all in the log ? I do not see any mail coming in within the mail log. SD :-) > -----Original Message----- > From: Steve Douglas [mailto:steve.douglas@SBIINCORPORATED.COM] > Sent: Wednesday, June 25, 2003 8:48 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Port 25 > > >Is sendmail accepting mail ? > No it isn't when I send it something remotely. > > >(do a telnet tp port 25 for example) So you see any incomming entrys in > >your maillog ? I am unable to telnet remotely to the box via port 25. > > When I perform the "netstat -a | grep smtp" I receive > tcp 0 0 localhost.localdom:smtp *:* LISTEN > > When I enter "iptables --list" I receive > Chain INPUT (policy ACCEPT) > target prot opt source destination > > Chain FORWARD (policy ACCEPT) > target prot opt source destination > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > SD > :-) > > > > -----Original Message----- > > From: Raymond Dijkxhoorn [mailto:raymond@PROLOCATION.NET] > > Sent: Wednesday, June 25, 2003 8:41 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Port 25 > > > > Hi! > > > > > When I did this I received the following: > > > > > > 220 xxx.localhost.com ESMTP Sendmail 8.12.8/8.12.8; Wed, 25 Jun 2003 > > > 08:35:36 -050 > > > 0 > > > > Did you try this remote or on the box itself ? See you mail comming in > at > > all in the log ? > > > > Please answer all of the questions of the original reply, only answering > > half wont help most of the time :) > > > > Thanks, > > Raymond. From P.G.M.Peters at utwente.nl Wed Jun 25 14:55:32 2003 From: P.G.M.Peters at utwente.nl (Peter Peters) Date: Thu Jan 12 21:18:40 2006 Subject: mails stuck in /var/spool/mqueue.in In-Reply-To: <200306251126.22081.keith@theargoncompany.com> References: <5.2.0.9.2.20030623151411.04281268@imap.ecs.soton.ac.uk> <200306251126.22081.keith@theargoncompany.com> Message-ID: On Wed, 25 Jun 2003 11:26:22 +0530, you wrote: >What if the df is not zero, what do I do? You should at least also have a corresponding qf-file. If you have an corresponding xf-file this means the session did not end but there was some (but not enough) information exchanged. >> >-rw------- 1 root root 245760 May 23 12:21 dfh4N6pCB12556 >> >-rw------- 1 root root 9 May 23 12:21 xfh4N6pCB12556 >> >-rw------- 1 root root 1416 May 17 22:16 dfh4HGjUi00744 >> >-rw------- 1 root root 5325 May 17 22:16 dfh4HGkCi01105 >> >-rw------- 1 root root 0 May 17 22:12 dfh4HGggi32313 >> >-rw------- 1 root root 131107 May 17 18:48 dfh4HDIVL32457 >> >-rw------- 1 root root 0 May 7 13:44 dfh478Eme24576 >> >-rw------- 1 root root 9 May 7 13:44 xfh478Eme24576 >> >-rw------- 1 root root 466944 May 7 12:07 dfh476Zue18696 >> >-rw------- 1 root root 276 May 7 12:05 xfh476Zue18696 >> >-rw------- 1 root root 0 May 4 00:01 dfh43IVEo21411 >> >-rw------- 1 root root 9 May 4 00:01 xfh43IVEo21411 These can all be removed. -- Peter Peters, senior netwerkbeheerder Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/civ From dpowell at LSSI.NET Wed Jun 25 14:56:28 2003 From: dpowell at LSSI.NET (Darrin Powell) Date: Thu Jan 12 21:18:40 2006 Subject: spam.actions.rules question Message-ID: <1056549389.26809.24.camel@powell> Is it possible to bounce messages from an ip range using the spam.actions.rules ? Example: From: 81.112.0.0/17 bounce Thanks -- Darrin Powell LSSi Corp (919) 466-6803 www.lssi.net/~dpowell From mikea at MIKEA.ATH.CX Wed Jun 25 15:13:06 2003 From: mikea at MIKEA.ATH.CX (mikea) Date: Thu Jan 12 21:18:40 2006 Subject: SV: Port 25 In-Reply-To: <9F18B7DDBA88E544AB1F1995148916661CE625@lkl63.ltkalmar.se>; from andersan@LTKALMAR.SE on Wed, Jun 25, 2003 at 04:07:15PM +0200 References: <9F18B7DDBA88E544AB1F1995148916661CE625@lkl63.ltkalmar.se> Message-ID: <20030625091306.A51336@mikea.ath.cx> On Wed, Jun 25, 2003 at 04:07:15PM +0200, Anders Andersson, IT wrote: > > -----Ursprungligt meddelande----- > > Fr?n: mikea [mailto:mikea@MIKEA.ATH.CX] > > Skickat: den 25 juni 2003 15:41 > > Till: MAILSCANNER@JISCMAIL.AC.UK > > ?mne: Re: Port 25 > > Try doing `telnet 25`. If something answers > > and puts up a banner, then there's a listener on 25, which > > probably is your MTA. The banner will tell you what's there. > > > > Mine gives this: > > > > $ telnet 127.0.0.1 25 > > 220- ESMTP > > 220- > > 220- > > 220-It is a violation of applicable law to send spam > > 220-to this server, and such violations may be prosecuted. > > 220- > > 220 Be aware: Oklahoma has Long Arm clauses in its > > computer crime statute. > What did you add to get that message or maybe its not sendmail? Here's the relevant stuff from my /etc/mail/sendmail.cf: : # SMTP initial login message (old $e macro) : #O SmtpGreetingMessage=$j Sendmail $v/$Z; $b : # turns out to be : # 220 mikea.ath.cx ESMTP Sendmail 8.12.3/8.12.3; Sun, 11 May 2003 15:24:54 -0500 (CDT) : O SmtpGreetingMessage=\n\n\nIt is a violation of applicable law to send spam\nto this server, and such violations may be prosecuted.\n\nBe aware: Oklahoma has Long Arm clauses in its computer crime statute. Turns out that sendmail changes "\n" to CRLF in its banner. _Very_ handy. -- Mike Andrews mikea@mikea.ath.cx Tired old sysadmin since 1964 From Denis.Beauchemin at USHERBROOKE.CA Wed Jun 25 14:56:03 2003 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:18:40 2006 Subject: Translation request - French In-Reply-To: References: Message-ID: <1056549362.12686.4.camel@dbeauchemin.sti.usherbrooke.ca> I was on a small vacation... Fran?ois' translation is good but it lacks the accents: Formulaire HTML d?tect? dans ce courriel Denis PS: Julian, if you come close to Sherbrooke (about 150 km south-east of Montreal) in your Canadian vacation, I'll be glad to buy you beer! Le lun 23/06/2003 ? 10:44, Francois Caen a ?crit : > -----Original Message----- > From: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > > Please can you translate this for me: > > Found a Form in HTML message > > Didn't see anyone cover French. > Formulaire HTML detecte dans le message > > --------------------------------------------- > Francois Caen > Network Information Systems Engineer - Webmaster > City of Lakewood, WA > (253) 512-2269 > > > > NOTICE: The Information contained in this transmission is privileged and confidential. It is intended for the use of the individual or entity named above. If the reader of this message is not the intended addressee or other legitimate recipient, the reader is hereby notified that any consideration, dissemination or duplication of this communication is strictly prohibited. If the addressee has received this communication in error, please return it to the above address by mail and notify this office by telephone. > > > > > > City of Lakewood > -- Denis Beauchemin, analyste Universit?de Sherbrooke, S.T.I. T: 819.821.8000x2252 F: 819.821.8045 From andersan at LTKALMAR.SE Wed Jun 25 15:07:15 2003 From: andersan at LTKALMAR.SE (Anders Andersson, IT) Date: Thu Jan 12 21:18:40 2006 Subject: SV: Port 25 Message-ID: <9F18B7DDBA88E544AB1F1995148916661CE625@lkl63.ltkalmar.se> > -----Ursprungligt meddelande----- > Fr?n: mikea [mailto:mikea@MIKEA.ATH.CX] > Skickat: den 25 juni 2003 15:41 > Till: MAILSCANNER@JISCMAIL.AC.UK > ?mne: Re: Port 25 > > > On Wed, Jun 25, 2003 at 08:30:06AM -0500, Steve Douglas wrote: > > I am running RedHat version 9 with f-prot, dcc, and razor. > I am using > > MailScanner version 4.21-9. > > > > When I started I use the command check_MailScanner and receive the > > following results in my mail log: > > - MailScanner child caught a SIGH > > - MailScanner child caught a SIGH > > - MailScanner E-Mail Virus Scanner version 4.21-9 starting... > > - Enabling SpamAssassin auto-whitelist functionality... > > - Using locktype = flock > > > > I get the above for each instance of child process that is running > > (five MailScanner instances when I do a "ps -A" > > > > My firewall is completely off for the moment to remove any > potential > > barriers and scanning does not show port 25. In addition, > when I send > > a test email nothing is forwarded. > > Try doing `telnet 25`. If something answers > and puts up a banner, then there's a listener on 25, which > probably is your MTA. The banner will tell you what's there. > > Mine gives this: > > $ telnet 127.0.0.1 25 > 220- ESMTP > 220- > 220- > 220-It is a violation of applicable law to send spam > 220-to this server, and such violations may be prosecuted. > 220- > 220 Be aware: Oklahoma has Long Arm clauses in its > computer crime statute. What did you add to get that message or maybe its not sendmail? > > but I'm paranoid and nasty, and longer banners tend to do > ugly things to badly-written ratware. I'm willing to do what > I can to break ratware. > > If you don't get a connection, then probably sendmail (or > exim or postfix or other_MTA) is not running, and you need to > investigate that. Try the "ps" command; on FreeBSD it would > be something like > `ps awwwwux | grep -i mail` > (without the "`") to catch all processes that have the > character string "mail" in any combination of upper/lower case. > > If you get a connection but no banner, then *something* is > listening on port 25, but it may not be an MTA. That > *definitely* merits serious investigation, and the "netstat" > command can be a great help. > > -- > Mike Andrews > mikea@mikea.ath.cx > Tired old sysadmin since 1964 > From steve.douglas at SBIINCORPORATED.COM Wed Jun 25 15:04:48 2003 From: steve.douglas at SBIINCORPORATED.COM (Steve Douglas) Date: Thu Jan 12 21:18:40 2006 Subject: Port 25 Message-ID: <3963522F0E71474CB14C0FF54A6914F701115085@mail.gardenbotanika.com> Thank you everyone!! I have sendmail working now. SD :-) > -----Original Message----- > From: Steve Douglas [mailto:steve.douglas@SBIINCORPORATED.COM] > Sent: Wednesday, June 25, 2003 8:53 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Port 25 > > Did you try this remote or on the box itself ? See you mail comming in > > at all in the log ? > I do not see any mail coming in within the mail log. > > SD > :-) > > > > -----Original Message----- > > From: Steve Douglas [mailto:steve.douglas@SBIINCORPORATED.COM] > > Sent: Wednesday, June 25, 2003 8:48 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Port 25 > > > > >Is sendmail accepting mail ? > > No it isn't when I send it something remotely. > > > > >(do a telnet tp port 25 for example) So you see any incomming entrys in > > >your maillog ? I am unable to telnet remotely to the box via port 25. > > > > When I perform the "netstat -a | grep smtp" I receive > > tcp 0 0 localhost.localdom:smtp *:* LISTEN > > > > When I enter "iptables --list" I receive > > Chain INPUT (policy ACCEPT) > > target prot opt source destination > > > > Chain FORWARD (policy ACCEPT) > > target prot opt source destination > > > > Chain OUTPUT (policy ACCEPT) > > target prot opt source destination > > SD > > :-) > > > > > > > -----Original Message----- > > > From: Raymond Dijkxhoorn [mailto:raymond@PROLOCATION.NET] > > > Sent: Wednesday, June 25, 2003 8:41 AM > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Subject: Re: Port 25 > > > > > > Hi! > > > > > > > When I did this I received the following: > > > > > > > > 220 xxx.localhost.com ESMTP Sendmail 8.12.8/8.12.8; Wed, 25 Jun 2003 > > > > 08:35:36 -050 > > > > 0 > > > > > > Did you try this remote or on the box itself ? See you mail comming in > > at > > > all in the log ? > > > > > > Please answer all of the questions of the original reply, only > answering > > > half wont help most of the time :) > > > > > > Thanks, > > > Raymond. From andersan at LTKALMAR.SE Wed Jun 25 15:16:02 2003 From: andersan at LTKALMAR.SE (Anders Andersson, IT) Date: Thu Jan 12 21:18:40 2006 Subject: SV: SV: Port 25 Message-ID: <9F18B7DDBA88E544AB1F1995148916661CE626@lkl63.ltkalmar.se> > -----Ursprungligt meddelande----- > Fr?n: mikea [mailto:mikea@MIKEA.ATH.CX] > Skickat: den 25 juni 2003 16:13 > Till: MAILSCANNER@JISCMAIL.AC.UK > ?mne: Re: SV: Port 25 > > > On Wed, Jun 25, 2003 at 04:07:15PM +0200, Anders Andersson, IT wrote: > > > -----Ursprungligt meddelande----- > > > Fr?n: mikea [mailto:mikea@MIKEA.ATH.CX] > > > Skickat: den 25 juni 2003 15:41 > > > Till: MAILSCANNER@JISCMAIL.AC.UK > > > ?mne: Re: Port 25 > > > > Try doing `telnet 25`. If something answers > > > and puts up a banner, then there's a listener on 25, which > > > probably is your MTA. The banner will tell you what's there. > > > > > > Mine gives this: > > > > > > $ telnet 127.0.0.1 25 > > > 220- ESMTP > > > 220- > > > 220- > > > 220-It is a violation of applicable law to send spam > > > 220-to this server, and such violations may be prosecuted. > > > 220- > > > 220 Be aware: Oklahoma has Long Arm clauses in its > > > computer crime statute. > > > What did you add to get that message or maybe its not sendmail? > > Here's the relevant stuff from my /etc/mail/sendmail.cf: > > : # SMTP initial login message (old $e macro) > : #O SmtpGreetingMessage=$j Sendmail $v/$Z; $b > : # turns out to be > : # 220 mikea.ath.cx ESMTP Sendmail 8.12.3/8.12.3; Sun, > 11 May 2003 15:24:54 -0500 (CDT) > : O SmtpGreetingMessage=\n\n\nIt is a violation of applicable > law to send spam\nto this server, and such violations may be > prosecuted.\n\nBe aware: Oklahoma has Long Arm clauses in its > computer crime statute. Thanks a lot I will have to make a test on that after I figured out how to get TLS to work :) /Anders > > Turns out that sendmail changes "\n" to CRLF in its banner. > > _Very_ handy. > > -- > Mike Andrews > mikea@mikea.ath.cx > Tired old sysadmin since 1964 > From Kevin.Spicer at BMRB.CO.UK Wed Jun 25 15:19:18 2003 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:18:40 2006 Subject: Port 25 Message-ID: <5C0296D26910694BB9A9BBFC577E7AB0A4ADAE@pascal.priv.bmrb.co.uk> >> >> $ telnet 127.0.0.1 25 >> 220- ESMTP >> 220- >> 220- >> 220-It is a violation of applicable law to send spam >> 220-to this server, and such violations may be prosecuted. >> 220- 220 Be aware: Oklahoma has Long Arm clauses in its >> computer crime statute. > > What did you add to get that message or maybe its not sendmail? > You can change the banner message on sendmail with this in your sendmail.mc define(`confSMTP_LOGIN_MSG', `yourserver.yourdomain.com Your message here')dnl IIRC theres an RFC that says you should include the name of your mail server in the banner. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. From chuckl at NACS.NET Wed Jun 25 16:04:03 2003 From: chuckl at NACS.NET (Chuck Liggett) Date: Thu Jan 12 21:18:40 2006 Subject: Port 25 SMTP Standards In-Reply-To: <5C0296D26910694BB9A9BBFC577E7AB0A4ADAE@pascal.priv.bmrb.co.uk> Message-ID: True -- RFC821 does specify that the server hostname must be present as the first word in the reply following the reply code. Furthermore, when editing your SMTP Greeting reply, be aware that the entire length of the message, including the reply code and the trailing CR/LF must be less than or equal to 512 bytes. Failure to follow these may result in some problems. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Spicer, Kevin Sent: Wednesday, June 25, 2003 10:19 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Port 25 >> >> $ telnet 127.0.0.1 25 >> 220- ESMTP >> 220- >> 220- >> 220-It is a violation of applicable law to send spam >> 220-to this server, and such violations may be prosecuted. >> 220- 220 Be aware: Oklahoma has Long Arm clauses in its >> computer crime statute. > > What did you add to get that message or maybe its not sendmail? > You can change the banner message on sendmail with this in your sendmail.mc define(`confSMTP_LOGIN_MSG', `yourserver.yourdomain.com Your message here')dnl IIRC theres an RFC that says you should include the name of your mail server in the banner. From ka at PACIFIC.NET Wed Jun 25 16:07:00 2003 From: ka at PACIFIC.NET (Ken Anderson) Date: Thu Jan 12 21:18:40 2006 Subject: sql rulesets - how? Message-ID: <3EF9BA94.7050004@pacific.net> Hello, I'm new to the list. I searched for mysql support of rulesets and found a few references to modified versions of CustomConfig.pm and Config.pm, in the archives, but was unable to find the source. Is this posted anywhere, or can someone send them along. I'd like to try this modification. Thanks, Ken A. From FCaen at CI.LAKEWOOD.WA.US Wed Jun 25 16:38:41 2003 From: FCaen at CI.LAKEWOOD.WA.US (Francois Caen) Date: Thu Jan 12 21:18:40 2006 Subject: Translation request - French Message-ID: -----Original Message----- From: Denis Beauchemin [mailto:Denis.Beauchemin@USHERBROOKE.CA] > Fran?ois' translation is good but it lacks the accents: True. I use a qwerty keyboard. The internet is an international and mostly english-speaking world. I think accents are obsolete. They also turn into weird characters or codes with some software. > Formulaire HTML d?tect? dans ce courriel Arg! "Courriel"! That's so cheesy :-) I'm not a big fan of these fake French words designed to replace English technical terms. Like "'em?le", "c?d?rom",... :) Francois NOTICE: The Information contained in this transmission is privileged and confidential. It is intended for the use of the individual or entity named above. If the reader of this message is not the intended addressee or other legitimate recipient, the reader is hereby notified that any consideration, dissemination or duplication of this communication is strictly prohibited. If the addressee has received this communication in error, please return it to the above address by mail and notify this office by telephone. City of Lakewood From Denis.Beauchemin at USHERBROOKE.CA Wed Jun 25 16:52:59 2003 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:18:40 2006 Subject: Translation request - French In-Reply-To: References: Message-ID: <1056556378.12686.23.camel@dbeauchemin.sti.usherbrooke.ca> Le mer 25/06/2003 ? 11:38, Francois Caen a ?crit : > -----Original Message----- > From: Denis Beauchemin [mailto:Denis.Beauchemin@USHERBROOKE.CA] > > > Fran?ois' translation is good but it lacks the accents: > > True. I use a qwerty keyboard. The internet is an international and mostly english-speaking world. I think accents are obsolete. They also turn into weird characters or codes with some software. Well, reading French without accents can be quite difficult and result in big errors... > > Formulaire HTML d?tect? dans ce courriel > > Arg! "Courriel"! That's so cheesy :-) > I'm not a big fan of these fake French words designed to replace English technical terms. Like "'em?le", "c?d?rom",... Courriel comes from the words courrier and ?lectronique. I like it much more than m?l but I agree that c?d?rom and the like are pretty bad. Same thing for polluriel and pourriel (spam). Most people use pourriel but I prefer polluriel so my MS translations use it! 8-) Denis -- Denis Beauchemin, analyste Universit?de Sherbrooke, S.T.I. T: 819.821.8000x2252 F: 819.821.8045 From brent at WHITE-DEV.QUATRO.COM Wed Jun 25 16:54:06 2003 From: brent at WHITE-DEV.QUATRO.COM (Brent) Date: Thu Jan 12 21:18:40 2006 Subject: spam checks for per user@domain.com settings differ Message-ID: <200306251607.h5PG78Z24121@white-dev.quatro.com> Julian: I am testing out having per user settings and it works fine when an email is sent to just 1 user. However if an email is sent to 2 users at the same domain, To: and CC: and one user is configured to have spam checks and one is not then MailScanner takes the action of the To: user and ignores any settings for the user in the CC:. Is it designed to do it that way? Is the action only taken on the user/domain in the to: field with the cc /bcc ignored? Also what about if 2 users are in the To: field, what action is taken( I didn't have a chance to test that one). BTW I know all of that is confusing I hope you understand what I am explaining. :-) Thanks, Brent -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030625/fc092a0b/attachment.html From symedeot at YAHOO.FR Wed Jun 25 17:01:38 2003 From: symedeot at YAHOO.FR (Sylvain MEDEOT) Date: Thu Jan 12 21:18:40 2006 Subject: Postfix and MailScanner Message-ID: Hi, I am setting up MailScanner on a Mandrake 7.2 mail server with Postfix. I followed step by step the installation procedure (/etc/postfix, /etc/postfix.in, modifications of main.cf and master.cf). This is not the first mail server I am protecting with MailScanner... But this is the oldest one since I had no problems with newest releases of Mandrake... This server is running postfix-19991231_pl08-5mdk. After the installation of MailScanner (everything fine) with McAfee, I can send mails as usually... But, the mails remains in /etc/posftix.in/deferred. My /etc/postfix.in/main.cf is like that : defer_transport = smtp local virtual relay defer_transports = smtp local virtual relay queue_directory = /var/spool/postfix.in queue_run_delay = 60 default_destination_recipient_limit = 100 initial_destination_concurrency = 10 minimal_backoff_time = 60 maximal_backoff_time = 400 empty_address_recipient = si04 default_process_limit = 100 error_notice_recipient = root transport_maps = hash:/etc/postfix/transport message_size_limit = 90240000 bounce_size_limit = 100000 recipient_canonical_maps = hash:/etc/postfix/canonical_sender In the manual, it is mentionned to add defer_transports = ... I already had a line defer_transport (no s) so I put both... My /etc/postfix.in/master.cf is like that : smtp inet n - n - - smtpd pickup fifo n n n 60 1 pickup cleanup unix - - n - 0 cleanup qmgr fifo n - n 300 1 qmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce smtp unix - - n - - smtp showq unix n - n - - showq error unix - - n - - error local unix - n n - - local cyrus unix - n n - - pipe flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} uucp unix - n n - - pipe flags=F user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=F. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient When I send messages, they are accepted : [root@intranet postfix.in]# du -ks /var/spool/postfix.in/deferred 368 /var/spool/postfix.in/deferred but nothing is delivered... [root@intranet postfix.in]# du -ks /var/spool/postfix/incoming 4 /var/spool/postfix/incoming nothing in the logs... Jun 23 11:19:58 intranet MailScanner[1934]: Using locktype = flock Jun 23 11:20:08 intranet MailScanner[1942]: MailScanner E-Mail Virus Scanner ver sion 4.21-9 starting... Jun 23 11:20:08 intranet MailScanner[1942]: Using locktype = flock Jun 23 11:20:18 intranet MailScanner[1950]: MailScanner E-Mail Virus Scanner ver sion 4.21-9 starting... Jun 23 11:20:18 intranet MailScanner[1950]: Using locktype = flock Jun 23 11:20:28 intranet MailScanner[1965]: MailScanner E-Mail Virus Scanner ver sion 4.21-9 starting... Jun 23 11:20:29 intranet MailScanner[1965]: Using locktype = flock My /etc/postfix/main.cf is : queue_directory = /var/spool/postfix and my /etc/postfix/master.cf # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (50) # ========================================================================== #smtp inet n - n - - smtpd pickup fifo n n n 60 1 pickup cleanup unix - - n - 0 cleanup qmgr fifo n - n 300 1 qmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce #smtp unix - - n - - smtp showq unix n - n - - showq error unix - - n - - error local unix - n n - - local cyrus unix - n n - - pipe flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} uucp unix - n n - - pipe flags=F user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) #bsmtp unix - n n - - pipe flags=F. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient Then, finally my /etc/MailScanner/MailScanner.conf Max Children = 5 Run As User = postfix Run As Group = postfix Incoming Queue Dir = /var/spool/postfix.in/deferred Outgoing Queue Dir = /var/spool/postfix/incoming Incoming Work Dir = /var/spool/MailScanner/incoming Quarantine Dir = /var/spool/MailScanner/quarantine PID file = /var/run/MailScanner.pid MTA = postfix Sendmail = /usr/sbin/sendmail Well, I m'in trouble... Why MailScanner don't take messages from /var/spool/postfix.in/deferred ? Any idea of what is wrong in my installation ? Regards, Sylvain MEDEOT Ville de Pontoise From steve.freegard at LBSLTD.CO.UK Wed Jun 25 17:20:51 2003 From: steve.freegard at LBSLTD.CO.UK (Steve Freegard) Date: Thu Jan 12 21:18:40 2006 Subject: MailWatch and McAfee / Request and error Message-ID: <67D9E7698329D411936E00508B6590B902793E1C@neelix.lbsltd.co.uk> Hi Daniel, The problem you're having with the reports has been reported by several others - I think I've a workable solution which I'll test and release with 0.3. I'll have a think about your feature request and see what I can do, probably won't be able to do this until 0.4 though. Kind regards, Steve. _____ From: Daniel Zajd [mailto:daniel@ZAJD.COM] Sent: 24 June 2003 23:57 To: MAILSCANNER@JISCMAIL.AC.UK Thanks Steve! The command works perfect! Error? My test server doesn't have a lot of emails passing MailScanner and therefore not that much to store in the database and then for MailWatch to work with. When I tried to create graphs though "Top Senders by Volume" or "Top Recipients by Quantity" after just a few emails I got an error. Unable to create graphs. No data available. But there is! This happened until the size of the emails for an email address passed 1Mb. I get the feeling that none of the email addresses under 1Mb counts. Could that be the case? Request. I'd like to be able to have a list of email addresses not to show in the graphs. Example. I have one admin account on the top 10 list. I think that this email shouldn't be there. Thanks, Daniel Hi Daniel, This should work: define(VIRUS_REGEX, '/(.+) Found the (\S+) virus !!!/'); I've added it to the code for the next version. Kind regards, Steve. _____ From: Daniel Zajd [mailto:daniel@ZAJD.COM] Sent: 21 June 2003 01:33 To: MAILSCANNER@JISCMAIL.AC.UK I just have to say, Great work!! But I need some help. How should the expression for McAfee look like? The log look like this: Jun 21 02:15:54 mail2 MailScanner[6710]: New Batch: Scanning 1 messages, 62658 bytes Jun 21 02:15:54 mail2 MailScanner[6710]: Spam Checks: Starting Jun 21 02:16:00 mail2 MailScanner[6710]: Virus and Content Scanning: Starting Jun 21 02:16:03 mail2 MailScanner[6710]: McAfee said "/dev/shm/6710/h5L0FoD9006755/dr.scr" Jun 21 02:16:03 mail2 MailScanner[6710]: McAfee said " Found the W32/Ganda@MM virus !!!" Jun 21 02:16:03 mail2 MailScanner[6710]: /h5L0FoD9006755/dr.scr Found the W32/Ganda@MM virus !!! Jun 21 02:16:04 mail2 MailScanner[6710]: Virus Scanning: McAfee found 1 infections Jun 21 02:16:04 mail2 MailScanner[6710]: Virus Scanning: Found 1 viruses Jun 21 02:16:04 mail2 MailScanner[6710]: Filename Checks: Possible virus hidden in a screensaver (dr.scr) And MailWatch show: Report: /h5L0FoD9006755/dr.scr Found the W32/Ganda@MM virus !!! Windows Screensavers are often used to hide viruses (dr.scr) //Daniel Zajd Mailsystem Sweden -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete the message from your mailbox. This footnote also confirms that this email message has been swept by MailScanner (www.mailscanner.info) for the presence of computer viruses. -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete the message from your mailbox. This footnote also confirms that this email message has been swept by MailScanner (www.mailscanner.info) for the presence of computer viruses. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030625/d4f96ad1/attachment.html From mailscanner at LISTS.COM.AR Wed Jun 25 17:21:43 2003 From: mailscanner at LISTS.COM.AR (Mariano Absatz) Date: Thu Jan 12 21:18:40 2006 Subject: Translation request - Spanish In-Reply-To: <20030623031131.53591.qmail@web20802.mail.yahoo.com> References: <5.2.1.1.2.20030622183204.0252d9c0@imap.ecs.soton.ac.uk> Message-ID: <3EF9A1E7.22602.38D1EA@localhost> Yes... but for consistency with the current contents of languages.conf, and trying to be a little more international we should translate as: FoundForm = Se ha encontrado un formulario en un mnesaje HTML Here are the other two (from languages.conf): > FoundIFrame = Se ha encontrado un tag IFrame peligroso en un mensaje HTML > FoundObject = Se ha encontrado un Objeto con c?digo peligroso en un mensaje > HTML I guess "forma" is only used in Mexico and Puerto Rico... and I don't even know if it is a word in Spanis (except for another meaning) we don't use it in Argentina and I think they don't use it in Spain. I think "formulario" is the correct translation for "form". We're looking for the 4th meaning in: http://www.diccionarios.com/index.phtml?diccionario=dgle&query=formulario which isn't at all in: http://www.diccionarios.com/index.phtml?diccionario=dgle&query=forma El 22 Jun 2003 a las 20:11, Juan Quesada escribi?: > This is a literal translation > > > Encontr? una forma en mensaje del HTML > > -- Julian Field wrote: > > I have added code to detect HTML "Form" tags in > > messages. When found, it > > produces a new report line in the replacement > > message. The "Form" tags can > > also be stripped out. > > > > Please can you translate this for me: > > Found a Form in HTML message > > > > Thanks! > > -- > > Julian Field -- Mariano Absatz El Baby ---------------------------------------------------------- Did anyone see my lost carrier? From sylvain.phaneuf at IMSU.OXFORD.AC.UK Wed Jun 25 17:04:40 2003 From: sylvain.phaneuf at IMSU.OXFORD.AC.UK (Sylvain Phaneuf) Date: Thu Jan 12 21:18:40 2006 Subject: Translation request - French Message-ID: Sylvain =========================================================== Sylvain Phaneuf --- Computing Manager | phone : +44 (0)1865 221323 Information Management Services Unit - Medical Sciences Division Oxford University | email : sylvain.phaneuf@imsu.ox.ac.uk Room 3A25B John Radcliffe Hospital | fax : +44 (0) 1865 221322 Oxford OX3 9DU England =========================================================== >>> FCaen@CI.LAKEWOOD.WA.US 06/25/03 04:38pm >>> -----Original Message----- From: Denis Beauchemin [mailto:Denis.Beauchemin@USHERBROOKE.CA] >> > Fran?ois' translation is good but it lacks the accents: >> True. I use a qwerty keyboard. The internet is an international and mostly english-speaking world. I think accents are obsolete. 'Scuse me... accents are not obsolete. There are and must be used in several languages... From garyp at COAM.NET Wed Jun 25 18:42:46 2003 From: garyp at COAM.NET (GaryP) Date: Thu Jan 12 21:18:40 2006 Subject: MailScanner quit In-Reply-To: References: Message-ID: <20030625163947.M32015@coam.net> We've had MailScanner up and running for a very long time with little trouble. Sometime during the night MailScanner stopped running and I have been unable to get it back up again. I set it in DeBug mode and when I run check_mailscanner I get the following error message. check_MailScanner: line 113: 6903 File size limit exceeded$process $config Each time I run check_mailscanner the file size increases. I haven't a clue as to what this means? Any suggestions? Thanks, Gary ... From p.vanbrouwershaven at NETWORKING4ALL.COM Wed Jun 25 17:51:23 2003 From: p.vanbrouwershaven at NETWORKING4ALL.COM (Paul van Brouwershaven - Networking4all) Date: Thu Jan 12 21:18:40 2006 Subject: Shutdown MailScanner (Sendmail) Message-ID: <02ea01c33b39$ecd73f90$dd00a8c0@WINXP001> Hi, I've installed Redhat 7.3 with Sendmail 8.11.6 and MailScanner 4.20.3. When I try to shutdown or restart MailScanner sendmail gives the following error message: ======================================================================== Shutting down MailScanner daemons: MailScanner: [ OK ] incoming sendmail: Unknown option: 1 Usage: head [-options] ... -m use method for the request (default is 'HEAD') -f make request even if head believes method is illegal -b Use the specified URL as base -t Set timeout value -i